[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New ID - Atomic Certificates

To: ietf-pkix@xxxxxxx
Subject: New ID - Atomic Certificates
From: r1naray@xxxxxxxxxx
Date: Fri, 9 Oct 1998 13:58:04 +0530
Cc: wford@xxxxxxxxxxxx, kent@xxxxxxx
Sender: owner-ietf-pkix@xxxxxxx


Hello,

I'd like to bring to the attention of the work group, an I-D I've just
submitted, that I hope will follow the standards track.

Though I'd have liked very much to have submitted it through the group, I
was told by the work group chairs that I'd best submit it as an Independent
Internet Draft and bring it to the attention of the work group.

The I-D can be accessed at:
http://www.ietf.org/internet-drafts/draft-raghu-atomic-certificates-00.txt

Thanks,
Regards,
Narayan Raghu
IBM Bangalore
India


ABSTRACT

The existing PKI has a few inherent limitations like:

  1. It is implicitly assumed that the two trading parties have ONE
  mutually trusted third party that can attest ALL of each
  party's attributes. It provides no mechanism to separate out the
  fields in a certificate for attestation by different Certification
  Authorities.

  2. This standard in no way gives the flexibility to expose only
  certain fields of a certificate to the other party.

This memo proposes a model which, while working well within the
X.509v3 framework, overcomes these limitations by
breaking up a certificate into pre-signed "unit attestations"
referred to as "Atomic Certificates" and packaging them in the
X.509v3 format only at the time of sending the certificate to the
other party.

http://www.ietf.org/internet-drafts/draft-raghu-atomic-certificates-00.txt

Prev by Date: RE: NEW Data type for certificate selection ?
Next by Date: RE: Common misconception #10. was RE: NEW Data type for certificate
Previous by thread: Re: DNS Name definition
Next by thread: Interesting(?) sample certificate
Index(es):
- Date
- Thread