[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


In SDSI, a group can be defined with (1) membership certs, or (2) group
definition certs (which give a formula for group membership).  As usual, the
default is that membership needs to be affirmatively established in one of
these two ways.  It is not required that the two approaches be consistent
(an issuer can make someone a member by issuing a group membership cert,
without having to modify the formula for the group definition).  

A membership cert can grant membership to a key, or to a name.  I don't
understand your question below regarding "person certs" vs "member certs",
unless you are just referring to the two ways membership certs can be issued.
They were both intended...

Let me know if this doesn't answer your question...

Date: Wed, 18 Dec 1996 11:49:49 -0500
To: rivest@theory.lcs.mit.edu (Ron Rivest)
From: Carl Ellison <cme@cybercash.com>
Cc: spki@c2.net


This brings up an interesting question about SDSI.

A SDSI cert issuer can define a group in two different ways: as a set of
<grp-name,mbr-name> member certs
<grp-name,key> person certs

I assume that wasn't intended (since we never discussed it before).

Do you see a problem with that?

 - Carl

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |