[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
Bryce wrote:
> I think this is correct Hal, and I think that this is the "way it
> has to be". If I publish a cert asserting that you have my
> permission to do X, and then you publish a cert asserting that Carl
> has _your_ permission to do X, then the question of whether Carl has
> _my_ permission to do X is dependent on what you and I mean by "X",
> and specifically what you and I mean by intersecting two
> "X"-permissions.
>
> The I-D, and Ron Rivest's ideas for tag intersection, are _some_
> ways of computing this intersection, but in _general_ I think the
> issuer(s) have to determine how to do it for _their_ certs.
>
Yes, issuers may decide how to do it for their certs. However, I think
we need some standard tags and a generic extension mechanism. Something
like MIME where a body like IANA is responsible for registering
extensions.
Tag intersection is indeed a very interesting idea. To some extent it
may be possible to define generic rules, but "tag definers" will
probably
have to define specific rules for their tags.
Best regards
Steen
--
Steen Koefoed Larsen
SITA R&D Nice, France | @ Home
E-mail: steen.larsen@ed.nce.sita.int | NEW E-mail: steen@who.net
Phone : +33 4 92.96.63.67 | GSM Mobile: +45 40512486
Fax : +33 4 92.96.64.92 | or (French) +33 6 09090568
Disclaimer: This letter may reflect my personal opinion.
"Liberty lies in the rights of that person whose views
you find most odious" - John Stuart Mill
Follow-Ups:
References: