[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


MAY-DELEGATE still bothers me a little.  It's really a modifier on an <auth>
rahter than an <auth> of its own.

An SPKI cert can have multiple <auth> fields -- with the meaning that each
could have been expressed in a cert of its own, but if the issuer, subject
and validity are the same, they can also be lumped together under one
signature for convenience.  MAY-DELEGATE doesn't fit that model.


is defined to apply to all the <auth>s in a cert body.  That makes it a
modifier on the whole set of <auth>s rather than an <auth> of its own.
Perhaps it should be re-defined to mean that it applies only to the
following <auth> -- and is therefore written as:


but interpreted as

MAY-DELEGATE: <N>,<auth>

In our off-line discussions, preparing the draft draft, the delegation depth
was first a required field in each <auth>.  Maybe we need to put it back
that way.

Any strong preferences out there?

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |