[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Thoughts on the draft
At 04:38 PM 8/28/96 -0500, Brian M. Thomas wrote:
>> It also seems that some support for multiple signatures is there
>> already, even if just to support the DUAL-SIG: attribute.
>
>This is true, but the DUAL-SIG attribute exists specifically to support the
>case where the subject itself must sign. This is the use that Carl points
>out in S3.13 on unwanted attributions. I'm not entirely convinced on that
>either; perhaps Carl will defend it, but I don't think it argues generally
>for multiple issuer signatures.
You're right. We weren't thinking of multiple issuers of the same <auth> to
the same <subj> but rather of <auth>s which really need to be acknowledged
by the <subj> before they're considered valid. I'm not sure how we'll tell
those apart. That is, I don't know how write the user documentation
instructing people when to demand <subj> signatures. If space and time
weren't an issue, I'd suggest we always have the <subj> sign every cert,
just to avoid having to write that user document.
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+