[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft

This may be a duplicate; my mailer crashed as I was sending it the first time.

> In message <199608282138.QAA16422@entropy.sbc.com>, "Brian M. Thomas" writes:
> >The philosophy we have been espousing is that every privilege is
> >explicitly issued by one principal to another.  Yes, this does cause
> >certificates to proliferate, but we tend to like this, because it more
> >closely constrains the meaning of each certificate.
> >
> It all comes down to that then. I wonder how the rest of the group
> feels about it. I can see pros and cons in it, so maybe some rough
> poll is in order ?

I would certainly like to hear some discussion on this, since it really
involves what to my mind are some basic structural and philosophical
issues.  Anyone with an opinion, speak up.

> However, given that there is support for DUAL-SIGs, it wouldn't be too
> much trouble adding support for multiple signatures. Also, since there
> will be 2 signatures even in the current certificate format, you
> probably need some additional field in the SIGNATURE attribute to
> indicate the key.
> - -Angelos

If there is a second signature, the key is that of the subject, which is
already in the certificate.


Brian Thomas - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                             bthomas@primary.net
One Bell Center,  Room 23Q1                   Tel: 314 235 3141
St. Louis, MO 63101                           Fax: 314 331 2755