[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
A million monkeys operating under the pseudonym
"Steen Larsen <firstname.lastname@example.org>" typed:
> Bryce wrote:
> > I think this is correct Hal, and I think that this is the "way it
> > has to be". If I publish a cert asserting that you have my
> > permission to do X, and then you publish a cert asserting that Carl
> > has _your_ permission to do X, then the question of whether Carl has
> > _my_ permission to do X is dependent on what you and I mean by "X",
> > and specifically what you and I mean by intersecting two
> > "X"-permissions.
> > The I-D, and Ron Rivest's ideas for tag intersection, are _some_
> > ways of computing this intersection, but in _general_ I think the
> > issuer(s) have to determine how to do it for _their_ certs.
> Yes, issuers may decide how to do it for their certs. However, I think
> we need some standard tags and a generic extension mechanism. Something
> like MIME where a body like IANA is responsible for registering
Hm. It still seems to me that the natural thing to do, in
keeping with the SPKI precepts, is to declare that there are no
global meanings of tags, that trying to _make_ global meanings of
tags is going to get you into a can of worms, and that you can
accomplish what you want anyway by using local meanings of tags.
Note that a great way to publish what your tag means to you is
to publish a cert containing a URI of a tag definition...
So maybe what _we_ should do _now_ is to define the tag for
defining tags, as part of SPKI, and then define some _example_
tags which are not really part of the SPKI spec, but which give
them (and us!) an idea of how tags can be used.
I am not a cypherpunk. NOT speaking for DigiCash or any other
person or organization. No PGP sig follows.