[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(name,priv) elements
Following up my previous message --
when the (name,key) advocates speak, they usually wave their hands about the
usefulness of those names. Some speak of ACLs [Access Control Lists],
sithout going into any details on how those lists are managed securely.
Whatever those ACLs are, they will consist of (name,priv) assignments in
some form. Each of those assignments needs to be signed by someone with the
authority to delegate the priv in question. That authority needs also to be
backed up by some (name,authority) or (key,authority) cert.
In other words, I believe the (name,priv) signed objects have all the
characteristics of capability certificates and need all the same machinery,
including chains of authorization.
- Carl
P.S. No, I'm not arguing for (name,key) certs -- just trying to make sure
that there's a full understanding of the work involved in [(name,key),
(name,priv)] when comparing it to the equivalent [(key,priv)].
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+
Follow-Ups: