[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Delegate
Carl Ellison allegedly said:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> At 03:29 PM 12/15/96 -0800, Bill Frantz wrote:
> >One possibility would be to call it "Final". (This name makes more sense
> >if the value is boolean rather than integer.) If the value is integer, it
> >could be called something like MaxChainLength. (You can see I've been
> >writing far too much Java code. :-) )
>
> I see no problem with either change. This leaves the question of boolean
> vs. integer. I can imagine a use for small integer values (e.g., my
> intention is to let him delegate to a temporary key of his own but not to a
> world of users) -- but back to your truth-in-advertising desire, the boolean
> makes a lot more sense.
>
> So - I think I'd opt for the boolean.
>
> How do others feel?
I agree with Bill that "delegate" is perhaps a misleading name for
this flag, but "Final" seems a little strange to me, also.
As I understand it, the meaning of this flag is "has permission to
create a new certificate with the same or some subset of the
privileges of this certificate". So I would call it the "CreateCert"
permission bit. If your certificate has it, you can create new
certificates; if it doesn't, you can't. Implicit is the idea that
the new certificate could have less authority (including not having
the "CreateCert" flag set.)
While I can imagine circumstances where a small integer value would
be meaningful, it's a real stretch. I vote for the boolean...
--
Kent Crispin "No reason to get excited",
kent@songbird.com,kc@llnl.gov the thief he kindly spoke...
PGP fingerprint: 5A 16 DA 04 31 33 40 1E 87 DA 29 02 97 A3 46 2F
Follow-Ups:
References: