From: Adam Shostack <adam@homeport.org>
To: jsw@netscape.com (Jeff Weinstein)
Message Hash: efc1d19dc6716d4f1dca453fe30b9e09c14a7b431a3ef7c970ae7b9d709e5a64
Message ID: <199510060035.UAA02995@homeport.org>
Reply To: <3074646C.2418@netscape.com>
UTC Datetime: 1995-10-06 00:32:26 UTC
Raw Date: Thu, 5 Oct 95 17:32:26 PDT
From: Adam Shostack <adam@homeport.org>
Date: Thu, 5 Oct 95 17:32:26 PDT
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: Certificate proposal
In-Reply-To: <3074646C.2418@netscape.com>
Message-ID: <199510060035.UAA02995@homeport.org>
MIME-Version: 1.0
Content-Type: text
Jeff Weinstein wrote:
| I think the old idea of a certificate just binding a name and
| a key is turning out to not be very useful. That is why Netscape
| Navigator 2.0 will support x509 version 3 certificates. They allow
| arbitrary attributes to be signed into a certificate. In this new
| world, you can think of a certificate as a way of binding a key with
| various arbitrary attributes, one of which may be(but is not
| required to be) a name.
I'm a bit behind on the X.509 discussion, but does version 3
resist the attack Ross Anderson mentions in his 'Robustness Principles'
paper in Crypto '95?
(The paper can be found in
ftp.cl.cam.ac.uk:/users/rja14/robustness.ps.Z The wcf.ps.Z is his
'Why Cryptosystems Fail' paper, and both are well worth reading.)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to October 1995
Return to “Wei Dai <weidai@eskimo.com>”