[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Thoughts on the draft
-----BEGIN PGP SIGNED MESSAGE-----
In message <firstname.lastname@example.org>, Carl Ellison writ
>In general, if you have ((Certificate-data)(Sig 1)(Sig 2)(Sig 3)...(Sig n)),
>does the interpretation of the cert depend on the other signatures at all?
>If so, I believe we're in PolicyMaker domain. If not, then it looks like a
I would tend to think signatures are independent; even if we mandate
that you have to have K out of N, this is a policy/implementation
issue, since each signature will individually verify.
Otherwise we'd have to use partial signatures, where the algorithm
actually requires K out of N valid signatures to verify the whole
I guess this looks a lot like the MAY-DELEGATE situation, where it's
not enforcable by technology (maths/algorithms).
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----