[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: single <auth> per cert (was Re: "auth" --> "tag" ?? )
A million monkeys operating under the pseudonym
"Steen Larsen <steen.larsen@ed.nce.sita.int>" typed:
>
> Bryce wrote:
>
> > I think this is correct Hal, and I think that this is the "way it
> > has to be". If I publish a cert asserting that you have my
> > permission to do X, and then you publish a cert asserting that Carl
> > has _your_ permission to do X, then the question of whether Carl has
> > _my_ permission to do X is dependent on what you and I mean by "X",
> > and specifically what you and I mean by intersecting two
> > "X"-permissions.
> >
> > The I-D, and Ron Rivest's ideas for tag intersection, are _some_
> > ways of computing this intersection, but in _general_ I think the
> > issuer(s) have to determine how to do it for _their_ certs.
> >
> Yes, issuers may decide how to do it for their certs. However, I think
> we need some standard tags and a generic extension mechanism. Something
> like MIME where a body like IANA is responsible for registering
> extensions.
Hm. It still seems to me that the natural thing to do, in
keeping with the SPKI precepts, is to declare that there are no
global meanings of tags, that trying to _make_ global meanings of
tags is going to get you into a can of worms, and that you can
accomplish what you want anyway by using local meanings of tags.
Note that a great way to publish what your tag means to you is
to publish a cert containing a URI of a tag definition...
So maybe what _we_ should do _now_ is to define the tag for
defining tags, as part of SPKI, and then define some _example_
tags which are not really part of the SPKI spec, but which give
them (and us!) an idea of how tags can be used.
Regards,
Bryce
I am not a cypherpunk. NOT speaking for DigiCash or any other
person or organization. No PGP sig follows.
Follow-Ups:
References: