[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )

 A million monkeys operating under the pseudonym 
 "Hal Finney <hal@rain.org>" typed:
> Bryce, <bryce@digicash.com>, writes:
> > On to a more technical issue, I'm still trying to understand 
> > the issues about having single or multiple <auth> (cum <tag>) 
> > fields in a cert.  But even without understanding the issues, 
> > can I suggest that having only one is simpler, and is easier to
> > use in simple applications?  Perhaps more complex applications 
> > can (a) add a layer of abstraction on top of SPKI to handle 
> > certs in bundles and/or (b) wait for SPKI 1.1.
> One point I don't fully understand relates to the certificate merging
> rules and to multiple authorization tags in a cert.  When we merge a
> cert chain, we are suppose to intersect the auth tags.  I never really
> knew what this intersection meant, but I had tentatively supposed that
> it referred to cases where there were multiple auth tags in a cert.
> The intersect would then be a matter of simply identifying those tags
> which match in all the certs being combined.  This could be an automated
> process which would not require understanding the actual meaning of the
> tags.
> However, with one auth tag per cert this interpretation, shaky as it
> may have been, is certainly incorrect.  In that case, I suppose the
> intersection is a semantic operation which is tag specific.  For example,
> if the auth tag gave some authority to spend a certain amount of money,
> then the intersection might be a matter of choosing the minimum value
> specified in the tags.
> This would imply that there is no way for an automated process to
> perform the chain collapse unless it was armed with some understanding
> of the meaning of the auth tags, sufficient to identify what it meant
> to intersect them.

I think this is correct Hal, and I think that this is the "way it
has to be".  If I publish a cert asserting that you have my
permission to do X, and then you publish a cert asserting that Carl
has _your_ permission to do X, then the question of whether Carl has
_my_ permission to do X is dependent on what you and I mean by "X",
and specifically what you and I mean by intersecting two

The I-D, and Ron Rivest's ideas for tag intersection, are _some_
ways of computing this intersection, but in _general_ I think the
issuer(s) have to determine how to do it for _their_ certs.

Hm.  I think that I am missing something.  I need concrete 
examples to clarify my thoughts...



I am not a cypherpunk.  NOT speaking for DigiCash or any other
person or organization.  No PGP sig follows.

Follow-Ups: References: