[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


In talking with Kent(?) Crispin (sp?)* after the SPKI BOF, he convinced me
of a solution to the "to allow or not allow delegation".  Since my problem
with the feature, is truth in advertising, rather than its presence in the
draft, we may be able to simply rename the problem away.

We now have it named and described in relation to what a certificate holder
(one whose public key was signed by an authority) can do with the
certificate.  If instead, we name it and describe it in terms of what the
verifier will do with the certificate, we are not implying that there is
protection against other forms of delegation.

One possibility would be to call it "Final".  (This name makes more sense
if the value is boolean rather than integer.)  If the value is integer, it
could be called something like MaxChainLength.  (You can see I've been
writing far too much Java code. :-) )

The description would be something like the maximum length of the chain of
certificates utilizing this certificate for authority which the verifier
will accept.

* If I screwed up you name, please accept my apologies and step forward for
the credit you deserve.

Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA