W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

Re: rsa ontology in cert namespace

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 22 Nov 2011 16:30:42 +0100
Cc: Tim Berners-Lee <timbl@w3.org>, WebID XG <public-xg-webid@w3.org>
Message-Id: <0D09EA3C-2B49-4627-877D-1CA51C0C5EA5@bblfish.net>
To: Mo McRoberts <mo.mcroberts@bbc.co.uk>

On 22 Nov 2011, at 14:27, Mo McRoberts wrote:

> 
> On 22 Nov 2011, at 13:17, Tim Berners-Lee wrote:
> 
>> 
>> On 2011-11 -21, at 12:58, Henry Story wrote:
>> 
>>> If we move the rsa ontology to cert namespace we may need to add rsa prefixes, to distinguish an rsa parameter from a dsa or other parameter -- but perhaps we don't have to - I suppose this would be a good reason to have a DSA ontology, just to see if there are clashes. In any case here is what this would give the following 
>> 
>> Is there a sense in which the exponent of an RSA key and that of a DSA key are the same property and 
>> should just be cert:exponent?
> 
> You could take that view with the modulus — they are both integer values constituting the same thing, albeit as part of different sets of calculations (and I'm assuming there'll be cert:RSAPublicKey and cert:DSAPublicKey classes to differentiate them).
> 
> Given that, you could specify, covering the needs of both RSA & DSA:
> 
> cert:exponent (cert:RSAPublicKey)
> cert:modulus (cert:RSAPublicKey, cert:DSAPublicKey)
> cert:divisor (cert:DSAPublicKey)
> cert:generator (cert:DSAPublicKey)
> cert:keyValue (cert:DSAPublicKey) (I couldn't think of a better name)

ok, that's interesting. The good thing about this is that since cert:exponent will have as domain RSAPublicKey then one won't have to write out the type, as it will be inferred by the exponent in [ exponent... ; modulus ...] of an rsa key.

> 
> …which seems to be a pretty reasonable approach.

I think the proof of the pudding is going to be what kind of definition we come up for those relations and just how convoluted they are going to be. Well it looks like the only overlap is with cert:modulus. So it could be defined as:

cert:modulus rdfs:label "RSA or DSA key public modulus"@en;
  vs:term_status "unstable";
  rdfs:comment """
      The number known as the modulus in either an RSA Key or a DSA Key
   """@en;
  rdfs:domain :RSAPublicKey, DSAPublicKey;
  rdfs:range xsd:hexBinary, xsd:base64Binary .

Notice that here we have to choose to either use a binary to represent the modulus or an integer type. The binary makes sense for the rsa public modulus, which is usually a very big number. But I am not sure if the DSA modulus is also a big number in the same way. It would be pure luck if it were.

Now with respect to the other DSA fields should those be xsd:integer or xsd:hexBinary (or base64Binary) ? The way we have decided in the case of the rsa exponent is that there it is usually a small number, and (therefore?) that  it is usually shown as an integer in base10 notation.


Do things get nasty where we then to add Elliptic Curve Cryptography?

Henry


> M.
> 
> -- 
> Mo McRoberts - Technical Lead - The Space,
> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
> 
> 
> 
> http://www.bbc.co.uk/
> This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
> If you have received it in error, please delete it from your system.
> Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
> Please note that the BBC monitors e-mails sent or received.
> Further communication will signify your consent to this.
> 					

Social Web Architect
http://bblfish.net/
Received on Tuesday, 22 November 2011 15:31:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 22 November 2011 15:31:21 GMT