Re: Thoughts on the draft

["Angelos D. Keromytis" <angelos@gradine.cis.upenn.edu>]

-----BEGIN PGP SIGNED MESSAGE-----


In message <199608282138.QAA16422@entropy.sbc.com>, "Brian M. Thomas" writes:
>The philosophy we have been espousing is that every privilege is
>explicitly issued by one principal to another.  Yes, this does cause
>certificates to proliferate, but we tend to like this, because it more
>closely constrains the meaning of each certificate.
>
It all comes down to that then. I wonder how the rest of the group
feels about it. I can see pros and cons in it, so maybe some rough
poll is in order ?

>This is true, but the DUAL-SIG attribute exists specifically to support the
>case where the subject itself must sign.  This is the use that Carl points
>out in S3.13 on unwanted attributions.  I'm not entirely convinced on that
>either; perhaps Carl will defend it, but I don't think it argues generally
>for multiple issuer signatures.
> 
However, given that there is support for DUAL-SIGs, it wouldn't be too
much trouble adding support for multiple signatures. Also, since there
will be 2 signatures even in the current certificate format, you
probably need some additional field in the SIGNATURE attribute to
indicate the key.
- -Angelos


-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMiWqb70pBjh2h1kFAQHjkgP9ENrPTPV4tUE1L2oORCSnvh3BCRmKCsvc
/L8onLluWogb7rSwXt0qnmXsnIaOmn+fmfeieKGt5XdG7RgXaUq/y7FWTsGg3biN
AAav/lK8JC+beWTkdx3EW6LlwoFaj2HdBTqs//WlFkZ6mw2A2gwQ6WzogjSRRQxs
BrmbWRpBImY=
=JKau
-----END PGP SIGNATURE-----

---

Follow-Ups:

• Re: Thoughts on the draft
• From: Kent Crispin <kent@bywater.songbird.com>

References:

• Re: Thoughts on the draft
• From: "Brian M. Thomas" <bt0008@entropy.sbc.com>

---

• Prev by Date: RE: spec for wire format of SPKI cert
• Next by Date: Re: Thoughts on the draft
• Prev by thread: Re: Thoughts on the draft
• Next by thread: Re: Thoughts on the draft
• Index(es):
  • Main
  • Thread