- From: peter williams <home_pw@msn.com>
- Date: Thu, 24 Mar 2011 18:14:48 -0700
- To: "'Henry Story'" <henry.story@bblfish.net>
- CC: "'WebID XG'" <public-xg-webid@w3.org>
- Message-ID: <SNT143-ds6F4E012A74954C18BC2BE92B90@phx.gbl>
Good place to start would be the X.509 standard at this point. Another place is the IETF PKIX standard. It's mostly created by the US government and lots of US military defense contractors - including the office systems vendors (like Microsoft, Netscape/Mozilla, Novell, IBM, etc). http://tools.ietf.org/html/rfc5280 section <http://tools.ietf.org/html/rfc5280%20section%204.2.1.10> 4.2.1.10 For example, " DNS name restrictions are expressed as host.example.com. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, www.host.example.com" I have not read it but there is likely to be good stuff at http://www.wiley.com/legacy/compbooks/catalog/39702-4.htm. Both are world experts, with lots of real world experience. its likely to be a book form of the PKIX specs, detailing some additional background from the various US government projects that folks used to help define the requirements for the IETF's profiling choices. If one wants to think like a phone company or defense dept doing secure comms, read the above. Alternatively, there is a Wikipedia article, which general rants on about the evils of PKI and certs, per usual. Other rants go on about signed XML too, though. So pick your poisen. if you are a user of Windows, one can also see what that platform supports at: http://technet.microsoft.com/en-us/library/cc780153(WS.10).aspx. .
Received on Friday, 25 March 2011 01:16:20 UTC