[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cme@cybercash.com: Quick Survey: name certificate syntax]

> Another option would be to leave the basic format the same, but to have
> a "cert-type" field with a value of "def" or "auth", where "def" is for
> a name-cert, and "auth" is for an authorization.  The requirements would
> then be that a def could not have a tag field (it is implicitly (tag (*))),
> and could not have a delegate field (it implicitly allows delegation),
> whereas an auth must have a key (with no names) as an issuer, and 
> must have the tag and delegation fields specified...
> (cert
> 	(cert-type def)
> 	(issuer (name K1 alice))
> 	(subject (name K2 sam mother))
> 	<validity fields>...
> )
> (cert
> 	(cert-type auth)
> 	(issuer K1)
> 	(subject (name K2 sam mother))
> 	(tag (read-file foo))
> 	(propagate)
> 	<validity fields>...
> )
> 	Cheers,
> 	Ron

I like not changing the syntax of certs at all, and instead making 
the requirements be: any cert with a name as an issuer cannot have
a (propagate) or a (tag ...), and any cert with a key as an issuer
may have a (propagate) and must have a (tag ...).  This doesn't 
require changes to existing parsers, only the addition of a few 
static semantic checks afterwards.


Matt Fredette
fredette@bbnplanet.com, fredette@mit.edu, fredette@theory.lcs.mit.edu
"The first time the Rolling Stones played, three people came."