[LINK] Attribute Certs

Stephen Wilson swilson at lockstep.com.au
Mon Aug 16 15:31:38 AEST 2010


Yes, we're in furious agreement on most of this.  Pardon my pedantry, 
but I take "Attribute Certificate" (capitalised) to mean  specifically a 
type of certificate which does not contain a public key for its Subject, 
and therefore cannot be used on its own to create digital signatures.  
The orthodox "Attribute Certificate" had to be used in conjunction with 
an Identity Certificate.

Certainly, a Public Key Certificate can be constructed so as to only 
contain an "attribute", without divulging personal identity at all.  I 
just don't think we can call them "Attribute Certificates".  

Where we might disagree ...

X.509v3 is a standard, not a scheme.  As such, X.509v3 is not crippled.  
It can be used very effectively to convey non identifying attributes. 
It's a nice standard because clients and servers know well how to handle 
X.509 certificates.  It's only convention that X.509 certificates have 
to contain names. 

Disclosure time: Lockstep Technologies develops commercial solutions 
using anonymous X.509 certificates; see 

I do agree that the notion of Big CAs selling identity certificates is 

And finally, I would just point out that the assertion "currently over 
18" is, well, over engineeered, and should just be "over 18".  If you 
have ever been over 18, then you will thereafter always be "over 18".  ;-)



Roger Clarke wrote:
> [For clarity:  on the aspects that I know a bit about, Stephen and I 
> are mostly in furious agreement;  and on the aspects I know less 
> about, I'm getting a lot of value from this thread.]
> [This email is about one particular aspect.
> The general notion of an Attribute Certificate involves an assurance 
> from a (hopefully, credible) entity that the entity that signs 
> messages using a particular private key has a particular attribute.
> Examples of attributes for which this could be useful include 
> 'currently over 18', 'pensioner of type X', 'tradesman' (e.g. to 
> qualify for trade discounts), 'health care professional of type X', 
> 'JP' (e.g. for e-notarisation).
> It's entirely feasible to place reliance on Attribute Certificates 
> that do not disclose the identity of the holder.  Credentica / UProve 
> does that.
> At 14:35 +1000 16/8/10, Stephen Wilson wrote:
>> Roger mentioned Attribute Certificates.  My view is these are very minor
>> curiosities.  The classical Attribute Certificate (AC) ...  ACs failed
>> because no general purpose identity certificate eventuated
> I understand Stephen to be referring to the crippled X.509v3 scheme, 
> whereby a parent-cert could have child-certs, and child-certs could 
> include data about attributes of the identified individual.
> If so, then I agree that they were/are minor curiosities.
> But I certainly don't agree that the real concept of Attribute Certs 
> is a curiosity.  If there were ever an effective PKI to support dig 
> certs, real attribute certs could become very important.
> Subject to that clarification, I suspect Stephen and I may be in 
> furious agreement on this point too, but it isn't quite clear yet.
> That's because Stephen continued:
>> For those types of transactions that merit digital signatures (and not
>> all do obviously) it turns out to be much more elegent to use a special
>> purpose PK certificate embodying the authority information ('attribute')
>> of interest, than it is to use an AC and a separate identity certificate.
> Which leaves open the question as to whether the cert contains 
> attribute *and* identity data, or only anonymous attribute data.

More information about the Link mailing list