[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKIX1 definition of a certificate

To: peter@xxxxxxxxxxxx
Subject: Re: PKIX1 definition of a certificate
From: George Capehart <gwc@xxxxxxxx>
Date: Wed, 24 Sep 1997 23:28:31 -0400
Cc: ietf-pkix@xxxxxxxxxx
Organization: Capehart Associates
References: <>

Peter Williams wrote:
> 
>  "(4) the term 'public key certificates' means a certification of
>    the determination of the origin of encrypted information through
>    verification of a persons public key by identifying the unique
>    characteristics of the key;"
> 
> Should we alter PKIX-1 to have this as the definition of a
> PKIX public key certificate (assuming someone knows what
> the above means).

Though I have no voting rights, I *do* have a strong interest in this
discussion.  I work for a large bank and we are in the process of
creating our CPS and are therefore wrestling with this issue.  IMHO, a
_public_key_certificate_ is an object that contains the EE's public key
along with some representation of degree of certainty the CA has that
the EE who presented the public key to be certified is also in
possession of the private part of the key pair and really is who they
represent themselves to be.

It seems to me that a cert is an object and "certification of the
determination of origin of . . ." is an action . . . at least
grammatically.  As far as what the phrase actually means, I'm not really
sure.  I diagrammed the sentence and working backwards, I get the
statement that, based on unique characteristics of some public key, that
key can be identified and through that identification, the origin of
some encrypted information can be determined.  Shortening that somewhat,
I get:  That by knowing the fingerprint of some public key, I can
determine and certify the origin of some encrypted data.  If that's what
is meant by a digital certificate, that doesn't get me where I want to
be.

> (One notes that the above would not seem to cover a PKIX
> DSA or ECC-DSA certificate validating a DSA/ECC-DSA digital
> signature.)

Or most anything else.  I still haven't figured out how something can be
a noun and a verb at the same time . . .

> 
> Peter.
-- 
/*
 *  George Capehart     email:  gwc@vnet.net     phone:  +1 704.866.9151
 *
 *  "If you push something hard enough, it will fall over."
 *                          Fudd's First Law of Opposition
 */

References:
- PKIX1 definition of a certificate
  - From: Peter Williams

Prev by Date: Re: Certificate Suspension
Next by Date: Re: PKIX1 definition of a certificate
Previous by thread: PKIX1 definition of a certificate
Next by thread: Re: PKIX1 definition of a certificate
Index(es):
- Date
- Thread