[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
A million monkeys operating under the pseudonym
"Hal Finney <hal@rain.org>" typed:
>
> Bryce, <bryce@digicash.com>, writes:
> > On to a more technical issue, I'm still trying to understand
> > the issues about having single or multiple <auth> (cum <tag>)
> > fields in a cert. But even without understanding the issues,
> > can I suggest that having only one is simpler, and is easier to
> > use in simple applications? Perhaps more complex applications
> > can (a) add a layer of abstraction on top of SPKI to handle
> > certs in bundles and/or (b) wait for SPKI 1.1.
>
> One point I don't fully understand relates to the certificate merging
> rules and to multiple authorization tags in a cert. When we merge a
> cert chain, we are suppose to intersect the auth tags. I never really
> knew what this intersection meant, but I had tentatively supposed that
> it referred to cases where there were multiple auth tags in a cert.
> The intersect would then be a matter of simply identifying those tags
> which match in all the certs being combined. This could be an automated
> process which would not require understanding the actual meaning of the
> tags.
>
> However, with one auth tag per cert this interpretation, shaky as it
> may have been, is certainly incorrect. In that case, I suppose the
> intersection is a semantic operation which is tag specific. For example,
> if the auth tag gave some authority to spend a certain amount of money,
> then the intersection might be a matter of choosing the minimum value
> specified in the tags.
>
> This would imply that there is no way for an automated process to
> perform the chain collapse unless it was armed with some understanding
> of the meaning of the auth tags, sufficient to identify what it meant
> to intersect them.
I think this is correct Hal, and I think that this is the "way it
has to be". If I publish a cert asserting that you have my
permission to do X, and then you publish a cert asserting that Carl
has _your_ permission to do X, then the question of whether Carl has
_my_ permission to do X is dependent on what you and I mean by "X",
and specifically what you and I mean by intersecting two
"X"-permissions.
The I-D, and Ron Rivest's ideas for tag intersection, are _some_
ways of computing this intersection, but in _general_ I think the
issuer(s) have to determine how to do it for _their_ certs.
Hm. I think that I am missing something. I need concrete
examples to clarify my thoughts...
Regards,
Bryce
I am not a cypherpunk. NOT speaking for DigiCash or any other
person or organization. No PGP sig follows.
Follow-Ups:
References: