[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Thoughts on the draft
Angelos D. Keromytis allegedly said:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> In message <199608282138.QAA16422@entropy.sbc.com>, "Brian M. Thomas" writes:
> >The philosophy we have been espousing is that every privilege is
> >explicitly issued by one principal to another. Yes, this does cause
> >certificates to proliferate, but we tend to like this, because it more
> >closely constrains the meaning of each certificate.
> >
> It all comes down to that then. I wonder how the rest of the group
> feels about it. I can see pros and cons in it, so maybe some rough
> poll is in order ?
>
> >This is true, but the DUAL-SIG attribute exists specifically to support the
> >case where the subject itself must sign. This is the use that Carl points
> >out in S3.13 on unwanted attributions. I'm not entirely convinced on that
> >either; perhaps Carl will defend it, but I don't think it argues generally
> >for multiple issuer signatures.
> >
> However, given that there is support for DUAL-SIGs, it wouldn't be too
> much trouble adding support for multiple signatures. Also, since there
> will be 2 signatures even in the current certificate format, you
> probably need some additional field in the SIGNATURE attribute to
> indicate the key.
> - -Angelos
To be sure I understand: You are thinking of a multiple-signature cert
like this:
((Certificate-data)(Sig 1)(Sig 2)(Sig 3)...(Sig n)) where each Sig
applies only to the (Certificate-data), not any of the other Sigs.
This seems to build an odd relationship abetween the signers --
suppose Sig 2 decides that the certificate is no longer valid. What
does that mean as far as the other signers are concerned?
--
Kent Crispin "No reason to get excited",
kent@songbird.com,kc@llnl.gov the thief he kindly spoke...
PGP fingerprint: B6 04 CC 30 9E DE CD FE 6A 04 90 BB 26 77 4A 5E
Follow-Ups:
References: