[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft



At 04:38 PM 8/28/96 -0500, Brian M. Thomas wrote:
>> It also seems that some support for multiple signatures is there
>> already, even if just to support the DUAL-SIG: attribute.
>
>This is true, but the DUAL-SIG attribute exists specifically to support the
>case where the subject itself must sign.  This is the use that Carl points
>out in S3.13 on unwanted attributions.  I'm not entirely convinced on that
>either; perhaps Carl will defend it, but I don't think it argues generally
>for multiple issuer signatures.

You're right.  We weren't thinking of multiple issuers of the same <auth> to
the same <subj> but rather of <auth>s which really need to be acknowledged
by the <subj> before they're considered valid.  I'm not sure how we'll tell
those apart.  That is, I don't know how write the user documentation
instructing people when to demand <subj> signatures.  If space and time
weren't an issue, I'd suggest we always have the <subj> sign every cert,
just to avoid having to write that user document.


 - Carl

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+