[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Delegate
At 11:26 AM -0800 12/17/96, Kent Crispin wrote:
>I agree with Bill that "delegate" is perhaps a misleading name for
>this flag, but "Final" seems a little strange to me, also.
>
>As I understand it, the meaning of this flag is "has permission to
>create a new certificate with the same or some subset of the
>privileges of this certificate". So I would call it the "CreateCert"
>permission bit.
I didn't like Final too much either. I "borrowed" it from lanugages like
Java. CreateCert sounds good.
>If your certificate has it, you can create new
>certificates; if it doesn't, you can't. Implicit is the idea that
>the new certificate could have less authority (including not having
>the "CreateCert" flag set.)
Instead, I would say that the verifier will accept this cert in the middle
of a chain of certs (for Boolean), or it will accept this cert if it is no
more than n from the start of the chain (for int). Again, I would like to
phrase the specification in terms of what the verifier will do, not what
the permission the user has.
-------------------------------------------------------------------------
Bill Frantz | I still read when I should | Periwinkle -- Consulting
(408)356-8506 | be doing something else. | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA
Follow-Ups:
References: