[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft

Angelos D. Keromytis allegedly said:
> In message <199608282138.QAA16422@entropy.sbc.com>, "Brian M. Thomas" writes:
> >The philosophy we have been espousing is that every privilege is
> >explicitly issued by one principal to another.  Yes, this does cause
> >certificates to proliferate, but we tend to like this, because it more
> >closely constrains the meaning of each certificate.
> >
> It all comes down to that then. I wonder how the rest of the group
> feels about it. I can see pros and cons in it, so maybe some rough
> poll is in order ?
> >This is true, but the DUAL-SIG attribute exists specifically to support the
> >case where the subject itself must sign.  This is the use that Carl points
> >out in S3.13 on unwanted attributions.  I'm not entirely convinced on that
> >either; perhaps Carl will defend it, but I don't think it argues generally
> >for multiple issuer signatures.
> > 
> However, given that there is support for DUAL-SIGs, it wouldn't be too
> much trouble adding support for multiple signatures. Also, since there
> will be 2 signatures even in the current certificate format, you
> probably need some additional field in the SIGNATURE attribute to
> indicate the key.
> - -Angelos

To be sure I understand: You are thinking of a multiple-signature cert
like this:

((Certificate-data)(Sig 1)(Sig 2)(Sig 3)...(Sig n))  where each Sig 
applies only to the (Certificate-data), not any of the other Sigs.  
This seems to build an odd relationship abetween the signers -- 
suppose Sig 2 decides that the certificate is no longer valid.  What 
does that mean as far as the other signers are concerned?

Kent Crispin				"No reason to get excited",
kent@songbird.com,kc@llnl.gov		the thief he kindly spoke...
PGP fingerprint:   B6 04 CC 30 9E DE CD FE  6A 04 90 BB 26 77 4A 5E

Follow-Ups: References: