[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MAY-DELEGATE
MAY-DELEGATE still bothers me a little. It's really a modifier on an <auth>
rahter than an <auth> of its own.
An SPKI cert can have multiple <auth> fields -- with the meaning that each
could have been expressed in a cert of its own, but if the issuer, subject
and validity are the same, they can also be lumped together under one
signature for convenience. MAY-DELEGATE doesn't fit that model.
MAY-DELEGATE: <N>
is defined to apply to all the <auth>s in a cert body. That makes it a
modifier on the whole set of <auth>s rather than an <auth> of its own.
Perhaps it should be re-defined to mean that it applies only to the
following <auth> -- and is therefore written as:
MAY-DELEGATE: <N>
<auth>
but interpreted as
MAY-DELEGATE: <N>,<auth>
In our off-line discussions, preparing the draft draft, the delegation depth
was first a required field in each <auth>. Maybe we need to put it back
that way.
Any strong preferences out there?
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+
Follow-Ups: