Re: Request for comments from x500 experts
Andrew.Findlay@brunel.ac.uk Fri, 02 August 1996 01:05 UTC
Received: from ietf.org by ietf.org id aa06402; 1 Aug 96 21:05 EDT
Received: from cnri by ietf.org id aa06398; 1 Aug 96 21:05 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa17332; 1 Aug 96 21:05 EDT
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.09498-0@haig.cs.ucl.ac.uk>; Fri, 2 Aug 1996 01:15:06 +0100
Received: from ceres.brunel.ac.uk by bells.cs.ucl.ac.uk with UK SMTP id <g.03648-0@bells.cs.ucl.ac.uk>; Fri, 2 Aug 1996 01:14:57 +0100
Received: from babbage.brunel.ac.uk by ceres.brunel.ac.uk with SMTP (PP); Thu, 1 Aug 1996 20:28:42 +0100
Sender: ietf-archive-request@ietf.org
From: Andrew.Findlay@brunel.ac.uk
Message-Id: <16302.199608011928@babbage.brunel.ac.uk>
Subject: Re: Request for comments from x500 experts
To: Allegre <allegre@issy.cnet.fr>
Date: Thu, 01 Aug 1996 20:28:41 +0100
Cc: osi-ds@cs.ucl.ac.uk
In-Reply-To: <9607300825.AA00222@detritus> from "Allegre" at Jul 30, 96 10:25:48 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Length: 1395
>For Public Switching Telecommunication Networks, >We are studying an architecture to offer several services to customers >in a multi providers environment. We would have liked to use an implementation >conformed to ITU-T Recommendation X500 series to ensure and support >the security of the services but it seems that we have to define >our own X500 extensions. Before, to select this kind of alternative, Why not use X.509 signatures? The Directory can store the certificates using standardised attributes, and each entry can have its associated public-secret key-pair and certificate. Then, any entity with access to the Directory can validate any user by sending them a challenge to be encrypted under the user's secret key. If the response can be decrypted with the public key shown in the certificate, and if the certificate itself has an acceptable signature then the user must be genuine. Existing smart-card chips are capable of doing public-key crypto at an acceptable speed for most requirements, and can be made to hold the secret key and process the validation. Andrew ---------------------------------------------------------------------------- | From Andrew Findlay at Brunel University, Uxbridge, UB8 3PH, UK | | Andrew.Findlay@brunel.ac.uk +44 1895 203066 or +44 1895 274000 x2512 | ----------------------------------------------------------------------------
- Request for comments from x500 experts Allegre
- Re: Request for comments from x500 experts Andrew.Findlay