Re: Request for comments from x500 experts Fri, 02 August 1996 01:05 UTC

Received: from by id aa06402; 1 Aug 96 21:05 EDT
Received: from cnri by id aa06398; 1 Aug 96 21:05 EDT
Received: from by CNRI.Reston.VA.US id aa17332; 1 Aug 96 21:05 EDT
Received: from by with local SMTP id <>; Fri, 2 Aug 1996 01:15:06 +0100
Received: from by with UK SMTP id <>; Fri, 2 Aug 1996 01:14:57 +0100
Received: from by with SMTP (PP); Thu, 1 Aug 1996 20:28:42 +0100
Message-Id: <>
Subject: Re: Request for comments from x500 experts
To: Allegre <>
Date: Thu, 1 Aug 1996 20:28:41 +0100 (BST)
In-Reply-To: <9607300825.AA00222@detritus> from "Allegre" at Jul 30, 96 10:25:48 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1395

>For Public Switching Telecommunication Networks,
>We are studying an architecture to offer several services to customers
>in a multi providers environment. We would have liked to use an implementation
>conformed to ITU-T Recommendation X500 series to ensure and support
>the security of the services but it seems that we have to define
>our own X500 extensions. Before, to select this kind of alternative, 

Why not use X.509 signatures? The Directory can store the certificates
using standardised attributes, and each entry can have its associated
public-secret key-pair and certificate. Then, any entity with access
to the Directory can validate any user by sending them a challenge
to be encrypted under the user's secret key. If the response can be
decrypted with the public key shown in the certificate, and if the
certificate itself has an acceptable signature then the user must be

Existing smart-card chips are capable of doing public-key crypto at an
acceptable speed for most requirements, and can be made to hold the
secret key and process the validation.


|      From Andrew Findlay at Brunel University, Uxbridge, UB8 3PH, UK     |
|     +44 1895 203066 or +44 1895 274000 x2512 |