[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(name,priv) elements

Following up my previous message --

when the (name,key) advocates speak, they usually wave their hands about the
usefulness of those names.  Some speak of ACLs [Access Control Lists],
sithout going into any details on how those lists are managed securely.

Whatever those ACLs are, they will consist of (name,priv) assignments in
some form.  Each of those assignments needs to be signed by someone with the
authority to delegate the priv in question.  That authority needs also to be
backed up by some (name,authority) or (key,authority) cert.

In other words, I believe the (name,priv) signed objects have all the
characteristics of capability certificates and need all the same machinery,
including chains of authorization.

 - Carl

P.S.  No, I'm not arguing for (name,key) certs -- just trying to make sure
that there's a full understanding of the work involved in [(name,key),
(name,priv)] when comparing it to the equivalent [(key,priv)].

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |