[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )

Bryce wrote:

> I think this is correct Hal, and I think that this is the "way it
> has to be".  If I publish a cert asserting that you have my
> permission to do X, and then you publish a cert asserting that Carl
> has _your_ permission to do X, then the question of whether Carl has
> _my_ permission to do X is dependent on what you and I mean by "X",
> and specifically what you and I mean by intersecting two
> "X"-permissions.
> The I-D, and Ron Rivest's ideas for tag intersection, are _some_
> ways of computing this intersection, but in _general_ I think the
> issuer(s) have to determine how to do it for _their_ certs.
Yes, issuers may decide how to do it for their certs. However, I think
we need some standard tags and a generic extension mechanism. Something
like MIME where a body like IANA is responsible for registering

Tag intersection is indeed a very interesting idea. To some extent it
may be possible to define generic rules, but "tag definers" will
have to define specific rules for their tags.

Best regards



Steen Koefoed Larsen

SITA R&D Nice, France                | @ Home
E-mail: steen.larsen@ed.nce.sita.int | NEW E-mail: steen@who.net
Phone : +33 4            | GSM Mobile: +45 40512486
Fax   : +33 4            | or (French) +33 6 09090568

Disclaimer: This letter may reflect my personal opinion.
      "Liberty lies in the rights of that person whose views
       you find most odious"  - John Stuart Mill

Follow-Ups: References: