[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cme@cybercash.com: Quick Survey: name certificate syntax]
> Another option would be to leave the basic format the same, but to have
> a "cert-type" field with a value of "def" or "auth", where "def" is for
> a name-cert, and "auth" is for an authorization. The requirements would
> then be that a def could not have a tag field (it is implicitly (tag (*))),
> and could not have a delegate field (it implicitly allows delegation),
> whereas an auth must have a key (with no names) as an issuer, and
> must have the tag and delegation fields specified...
>
> (cert
> (cert-type def)
> (issuer (name K1 alice))
> (subject (name K2 sam mother))
> <validity fields>...
> )
> (cert
> (cert-type auth)
> (issuer K1)
> (subject (name K2 sam mother))
> (tag (read-file foo))
> (propagate)
> <validity fields>...
> )
>
> Cheers,
> Ron
I like not changing the syntax of certs at all, and instead making
the requirements be: any cert with a name as an issuer cannot have
a (propagate) or a (tag ...), and any cert with a key as an issuer
may have a (propagate) and must have a (tag ...). This doesn't
require changes to existing parsers, only the addition of a few
static semantic checks afterwards.
Matt
--
Matt Fredette
fredette@bbnplanet.com, fredette@mit.edu, fredette@theory.lcs.mit.edu
http://mit.edu/fredette/www
"The first time the Rolling Stones played, three people came."
References: