[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Groups

To: rivest@theory.lcs.mit.edu (Ron Rivest)
Subject: Re: Groups
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 18 Dec 1996 15:35:08 -0500
Cc: spki@c2.net, blampson@microsoft.com
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 12:03 PM 12/18/96 EST, Ron Rivest wrote:
>
>In SDSI, a group can be defined with (1) membership certs, or (2) group
>definition certs (which give a formula for group membership).  As usual, the
>default is that membership needs to be affirmatively established in one of
>these two ways.  It is not required that the two approaches be consistent
>(an issuer can make someone a member by issuing a group membership cert,
>without having to modify the formula for the group definition).  
>
>A membership cert can grant membership to a key, or to a name.  I don't
>understand your question below regarding "person certs" vs "member certs",
>unless you are just referring to the two ways membership certs can be issued.
>They were both intended...
>
>Let me know if this doesn't answer your question...

Ron,

	I think you answered my question.

	After reading the SDSI paper, I had populated the SDSI name universe in my 
mind with individual names and group names -- somehow different but 
indistinguishable in practice.  I had distinguished them in my own mind 
based on the kind of certificate one finds using each.  A "person cert" was 
<name,key> defining a SDSI name as an individual.  A "member cert" was one 
declaring group membership.

	I hadn't considered the possibility that a group could be defined without 
referring to membership at all -- just by mapping the same name to multiple 
keys.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrhVT1QXJENzYr45AQGRtQP8CRhTMzM6l61TR4VJbkqNeZG8duQrBpTZ
YpT5iulHTM6k0ceE6gR7uojkziq/Iu2BnVRtGELhCmnIsnlG9uh6QZNGu+G7k4tO
njjzrDaAul5ANISHuJvbV/fw9se5FQd6Tk/8El1fiHTUCtECpmqeRLMhpddfYNgC
Sn1fQ3mLq6s=
=Ql+H
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Prev by Date: RE: Delegate
Next by Date: RE: Delegate
Prev by thread: Groups
Next by thread: FW: Delegate
Index(es):
- Main
- Thread