Certificate proposal & X509 clarifications

Carl Ellison cme at TIS.COM
Mon Oct 2 15:16:12 PDT 1995


-----BEGIN PGP SIGNED MESSAGE-----

>Date: Mon, 02 Oct 95 12:51:11 PST
>From: "baldwin" <baldwin at RSA.COM (Robert W. Baldwin)>


>	   The designers of version 1 of the X509 certificate format
>have realized that they need to allow issuers to attach all kinds
>of different attributes to a public key.  This lead to version 3
>of the X509 format, which provides for general extensions.

However, in true ASN.1 form, they called for these extensions to be tied to
object identifiers (defining the attribute being defined).  Therefore, you
have to get someone owning an OBJID tree branch to define meanings for you
- -- and you have to publish some worldwide book of mappings, etc.  To me,
this needs nothing more elaborate than text.  In fact, text is a fine
machine-independent coding.

[Thought experiment: imagine Postscript using ASN.1 coding rather than
ASCII.  How many Postscript printers would there be today?]

>	   Question: what's a good way to have the existing PGP public
>key infrastructure interoperate with the X509 infrastructure?

Answer: wait until X.509 dies under its own weight and let them ask how to
interoperate with PGP.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      cme at tis.com    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMHBj0VQXJENzYr45AQHVUAP/Xrb199NEwRoYydDGQK5l424k7neMRpp/
XZtU+7QO760v2YEPmf5EdWZ6S25wKLtaIVUhVr1MLyCRLyfRedXLdYzBqEVlHd2k
dGarIqkB/HOcmjYvZGxnYE+s2gLiTJ1FShgdWWGtC3qCMqlE3h4r5WuiGIotg/IL
WbzKq2oGzYA=
=qBPm
-----END PGP SIGNATURE-----






More information about the cypherpunks-legacy mailing list