[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft of SPKI certificate internet-draft

Apologies to those on the list who didn't get in on this discussion from
the first.  I don't think that it should be too hard jumping aboard, however.

cme@cybercash.com (Carl M. Ellison):
> frantz@netcom.com (Bill Frantz):
> >We seem to have a number of cert types, e.g. CRCert and Deleg cert.  These
> >seem to me to be really uses of the standard format.  We probably need a
> >place where all of these are specifically described.  Perhaps chapter 8,
> >examples is the right place.
> [...]
> How about you give this comment on the whole list and we can discuss it
> there? (at least get the discussion archived).  AFAIAC, there is only one
> certificate type.  CRCert is a process, not a certificate.  DELEG is an
> attribute of every cert.

I second the emotion; or should I say, first, since I mentioned earlier
that we did not perhaps make it clear that a CRCert is not a cert type
per se.  Actually, I thought that that was what Bill was saying.  If he
was, I'll agree and say that I'd like it to be clearer.

> >5.5, p32:  Add the following (or something like it) to the end of the
> >section:  "Designers should note that unless the surrounding system
> >provides mandatory access controls, effective delegation is generally
> >possible without using the formal path of certificate delegation."
> I can't understand these words the way they are here.  Can you rephrase what
> you mean?
> Are you just saying that if access control is loose, delegation may not be
> an issue?

I made no response to that because I thought you would understand it.
Since you didn't either, I'll pipe up and ask for clarification too.

> >Also, should the MAY-DELEGATE default be * instead of 0?  I'll just suggest
> >the change and then shut up :-).
> :)  Of course, I believe it needs to be 0 :)

I tend to side with Bill here, Carl; not because procedurally the permission
to delegate should not default to zero, but because parsing efficiency will
be improved if the more frequent option is the default.  So if a chain stops
at a non-delegatable cert(there wasn't a lot of discussion of this, but I
think it still holds), that means that only the last one in a chain will
be zero, and for chains of three or longer the zero-delegates will be in
the minority.  But I may be talking myself out of this, because we really
want to trade mostly in CRCerts, which will all be zero-delegate if I have
it right.  Someone else want to dig me out of this?

Brian Thomas - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                             bthomas@cdmnet.com(or primary.net)
One Bell Center,  Room 23Q1                   Tel: 314 235 3141
St. Louis, MO 63101                           Fax: 314 331 2755