On Tue, 10 Jan 1995, Jeff Thompson wrote:
perform crypto operations. How was it that the smart card was an
argument in favor of using issuer/serial as the recipient ID?
I'm a little behind because I'm on holidays (hi from Melbourne!). I
raised the smart card example to show that key selectors in a message
were a good idea because it allowed smart UA's to prompt the user to
insert the right one. This was in response to the suggestion that we
should do away with such things altogether (including issuer/serial)
and just say "the UA will try everything until one works".
Whether smart cards are identified by issuer/serial, arbitrary strings,
or the number of partridges in the recipient's pear tree is irrelevant,
as long as there is _some_ way of doing it. Bob is (I believe) arguing
that issuer/serial is enough. Maybe it is. I'd prefer a little more
flexibility in key naming conventions and I'd also prefer naming conventions
that are based on the bozo who owns the key, not the bozo who signed
the key.
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"