[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )

To: Hal Finney <hal@rain.org>
Subject: Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
From: Bryce <bryce@digicash.com>
Date: Wed, 02 Apr 1997 15:14:22 +0200
Cc: spki@c2.net
In-Reply-To: Your message of "Tue, 01 Apr 1997 16:50:43 -0800." <199704020050.QAA00612@crypt.hfinney.com>
Reply-To: bryce@digicash.com
Sender: owner-spki@c2.net

 A million monkeys operating under the pseudonym 
 "Hal Finney <hal@rain.org>" typed:
>
> Bryce, <bryce@digicash.com>, writes:
> > On to a more technical issue, I'm still trying to understand 
> > the issues about having single or multiple <auth> (cum <tag>) 
> > fields in a cert.  But even without understanding the issues, 
> > can I suggest that having only one is simpler, and is easier to
> > use in simple applications?  Perhaps more complex applications 
> > can (a) add a layer of abstraction on top of SPKI to handle 
> > certs in bundles and/or (b) wait for SPKI 1.1.
> 
> One point I don't fully understand relates to the certificate merging
> rules and to multiple authorization tags in a cert.  When we merge a
> cert chain, we are suppose to intersect the auth tags.  I never really
> knew what this intersection meant, but I had tentatively supposed that
> it referred to cases where there were multiple auth tags in a cert.
> The intersect would then be a matter of simply identifying those tags
> which match in all the certs being combined.  This could be an automated
> process which would not require understanding the actual meaning of the
> tags.
> 
> However, with one auth tag per cert this interpretation, shaky as it
> may have been, is certainly incorrect.  In that case, I suppose the
> intersection is a semantic operation which is tag specific.  For example,
> if the auth tag gave some authority to spend a certain amount of money,
> then the intersection might be a matter of choosing the minimum value
> specified in the tags.
> 
> This would imply that there is no way for an automated process to
> perform the chain collapse unless it was armed with some understanding
> of the meaning of the auth tags, sufficient to identify what it meant
> to intersect them.

I think this is correct Hal, and I think that this is the "way it
has to be".  If I publish a cert asserting that you have my
permission to do X, and then you publish a cert asserting that Carl
has _your_ permission to do X, then the question of whether Carl has
_my_ permission to do X is dependent on what you and I mean by "X",
and specifically what you and I mean by intersecting two
"X"-permissions.

The I-D, and Ron Rivest's ideas for tag intersection, are _some_
ways of computing this intersection, but in _general_ I think the
issuer(s) have to determine how to do it for _their_ certs.

Hm.  I think that I am missing something.  I need concrete 
examples to clarify my thoughts...

Regards,

Bryce

I am not a cypherpunk.  NOT speaking for DigiCash or any other
person or organization.  No PGP sig follows.

Follow-Ups:

Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )

From: Steen Larsen <steen.larsen@ed.nce.sita.int>

Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )

From: Carl Ellison <cme@cybercash.com>

References:

Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )

From: Hal Finney <hal@rain.org>

Prev by Date: Re: Light-weight certificate revocation lists ?
Next by Date: Re: Light-weight certificate revocation lists ?
Prev by thread: Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
Next by thread: Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
Index(es):
- Main
- Thread