[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MAY-DELEGATE

To: spki@c2.org
Subject: MAY-DELEGATE
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 12 Jul 1996 15:18:02 -0400
Sender: owner-spki@c2.org

MAY-DELEGATE still bothers me a little.  It's really a modifier on an <auth>
rahter than an <auth> of its own.

An SPKI cert can have multiple <auth> fields -- with the meaning that each
could have been expressed in a cert of its own, but if the issuer, subject
and validity are the same, they can also be lumped together under one
signature for convenience.  MAY-DELEGATE doesn't fit that model.

MAY-DELEGATE: <N>

is defined to apply to all the <auth>s in a cert body.  That makes it a
modifier on the whole set of <auth>s rather than an <auth> of its own.
Perhaps it should be re-defined to mean that it applies only to the
following <auth> -- and is therefore written as:

MAY-DELEGATE: <N>
<auth>

but interpreted as

MAY-DELEGATE: <N>,<auth>

In our off-line discussions, preparing the draft draft, the delegation depth
was first a required field in each <auth>.  Maybe we need to put it back
that way.

Any strong preferences out there?

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |
+--------------------------------------------------------------------------+

Follow-Ups:

Re: MAY-DELEGATE

From: Michael Richardson <mcr@milkyway.com>

Prev by Date: Re: draft of SPKI certificate internet-draft
Next by Date: *-CERT:
Prev by thread: Re: Ideas from the I&A Forum (DCE file permissions)
Next by thread: Re: MAY-DELEGATE
Index(es):
- Main
- Thread