[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Groups
-----BEGIN PGP SIGNED MESSAGE-----
At 12:03 PM 12/18/96 EST, Ron Rivest wrote:
>
>In SDSI, a group can be defined with (1) membership certs, or (2) group
>definition certs (which give a formula for group membership). As usual, the
>default is that membership needs to be affirmatively established in one of
>these two ways. It is not required that the two approaches be consistent
>(an issuer can make someone a member by issuing a group membership cert,
>without having to modify the formula for the group definition).
>
>A membership cert can grant membership to a key, or to a name. I don't
>understand your question below regarding "person certs" vs "member certs",
>unless you are just referring to the two ways membership certs can be issued.
>They were both intended...
>
>Let me know if this doesn't answer your question...
Ron,
I think you answered my question.
After reading the SDSI paper, I had populated the SDSI name universe in my
mind with individual names and group names -- somehow different but
indistinguishable in practice. I had distinguished them in my own mind
based on the kind of certificate one finds using each. A "person cert" was
<name,key> defining a SDSI name as an individual. A "member cert" was one
declaring group membership.
I hadn't considered the possibility that a group could be defined without
referring to membership at all -- just by mapping the same name to multiple
keys.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMrhVT1QXJENzYr45AQGRtQP8CRhTMzM6l61TR4VJbkqNeZG8duQrBpTZ
YpT5iulHTM6k0ceE6gR7uojkziq/Iu2BnVRtGELhCmnIsnlG9uh6QZNGu+G7k4tO
njjzrDaAul5ANISHuJvbV/fw9se5FQd6Tk/8El1fiHTUCtECpmqeRLMhpddfYNgC
Sn1fQ3mLq6s=
=Ql+H
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+