Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System (RFC2792)

IP.com Disclosure Number: IPCOM000003391D
Original Publication Date: 2000-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 6 page(s) / 12K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Blaze: AUTHOR [+3]

Abstract

This memo describes RSA and DSA key and signature encoding, and binary key encoding for version 2 of the KeyNote trust-management system.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 22% of the total text.

Network Working Group M. Blaze

Request for Comments: 2792 J. Ioannidis

Category: Informational AT&T Labs - Research

A. Keromytis

U. of Pennsylvania

March 2000

DSA and RSA Key and Signature Encoding for the

KeyNote Trust Management System

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This memo describes RSA and DSA key and signature encoding, and

binary key encoding for version 2 of the KeyNote trust-management

system.

1. Introduction

KeyNote is a simple and flexible trust-management system designed to

work well for a variety of large- and small-scale Internet-based

applications. It provides a single, unified language for both local

policies and credentials. KeyNote policies and credentials, called

`assertions', contain predicates that describe the trusted actions

permitted by the holders of specific public keys. KeyNote assertions

are essentially small, highly-structured programs. A signed

assertion, which can be sent over an untrusted network, is also

called a `credential assertion'. Credential assertions, which also

serve the role of certificates, have the same syntax as policy

assertions but are also signed by the principal delegating the trust.

For more details on KeyNote, see [BFIK99]. This document assumes

reader familiarity with the KeyNote system.

Cryptographic keys may be used in KeyNote to identify principals. To

facilitate interoperation between different implementations and to

allow for maximal flexibility, keys must be converted to a normalized

canonical form (depended on the public key algorithm used) for the

purposes of any internal comparisons between keys. For example, an

RSA [RSA78] key may be encoded in base64 ASCII in one credential, and

in hexadecimal ASCII in another. A KeyNote implementation must

internally convert the two encodings to a normalized form that allows

for comparison between them. Furthermore, the internal structure of

an encoded key must be known for an implementation to correctly

decode it.

In some applications, other types of values, such as a passphrase or

a random nonce, may be ...