[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: spec for wire format of SPKI cert

> >In other words, the limits on 
> >delegation in a cert are of the form "please don't delegate  
> >or we will punish you" rather than "you can't delegate  
> >because the mathematics and 
> >logic of the system prevent you from doing so". 
> This seems wrong  ... First, delegation should be explicit.  The ability to 
> delegate a privilege should be available only when explicitly granted. 
> Second, the logic of a system evaluating a set of authorization statements can 
> enforce the restrictions on delegation. 
> Paul 

I was waiting for some time to think about this one, but I think I agree
with Paul.  If I issue a privilege and say it can be delegated only once,
and someone presents me a chain starting with my MAY-DELEGATE:1 cert, the
next one had better say MAY-DELEGATE:0, or I won't accept it.

Perhaps you're thinking differently, Bill...?


Brian Thomas - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                             bthomas@primary.net
One Bell Center,  Room 23Q1                   Tel: 314 235 3141
St. Louis, MO 63101                           Fax: 314 331 2755