KeyAssertion

A KeyAssertion is one possible message body for an AssertionMessage. Here are the components of a KeyAssertion:

Start date

A CAKEDate containing the date on which the key begins to be valid. This is taken from the AssertionMessage's start date.

End date

A CAKEDate containing the date on which the key stops being valid for new messages. This is taken from the AssertionMessage's expire date, but in the v3 protocol, it will become an atrribute of KeyAssertion itself.

Drop-dead date

A CAKEDate containing the date on which the key is assumed to have been compromised, and all messages using that key are considered suspect. This currently is an attribute of KeyAssertion itself, but in the v3 protocol, it will be taken from AssertionMessage's expire date.

Key name

The PublicKey's KeyName, like 2BS2C2HOG62754DFYSMTNMNVFCZA7YQXRPRXNIOF67LNBZNZAK3A.

Key data

The actual data for the PublicKey. This must hash (using the DoubleSHA-256 algorithm) to the key name.

If KeyAssertion can be signed by another key, but any KeyAssertion that is not signed by the key the assertion is about is considered provisional. And if a KeyAssertion that is self-signed is available, that is used instead.

If two self-signed KeyAssertions are found that have different start dates, that key is considered to be compromised. If two self-signed KeyAssertions are found that have different end dates or drop-dead dates, the earliest end date or drop-dead date is used.

CAKE: KeyAssertion (last edited 2004-06-23 12:50:40 by cs24243187-40)