RFC 2792 (rfc2792) - Page 1 of 7
DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System
Alternative Format: Original Text Document
Network Working Group M. Blaze
Request for Comments: 2792 J. Ioannidis
Category: Informational AT&T Labs - Research
A. Keromytis
U. of Pennsylvania
March 2000
DSA and RSA Key and Signature Encoding for the
KeyNote Trust Management System
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This memo describes RSA and DSA key and signature encoding, and
binary key encoding for version 2 of the KeyNote trust-management
system.
1. Introduction
KeyNote is a simple and flexible trust-management system designed to
work well for a variety of large- and small-scale Internet-based
applications. It provides a single, unified language for both local
policies and credentials. KeyNote policies and credentials, called
`assertions', contain predicates that describe the trusted actions
permitted by the holders of specific public keys. KeyNote assertions
are essentially small, highly-structured programs. A signed
assertion, which can be sent over an untrusted network, is also
called a `credential assertion'. Credential assertions, which also
serve the role of certificates, have the same syntax as policy
assertions but are also signed by the principal delegating the trust.
For more details on KeyNote, see [BFIK99]. This document assumes
reader familiarity with the KeyNote system.
Cryptographic keys may be used in KeyNote to identify principals. To
facilitate interoperation between different implementations and to
allow for maximal flexibility, keys must be converted to a normalized
canonical form (depended on the public key algorithm used) for the
purposes of any internal comparisons between keys. For example, an
Blaze, et al. Informational
