[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Intersection of tag fields
Ron,
You wrote:
>Recall that a tag item is an object of the form
> ( tag
> ( t c1 c2 ... ck ) )
>where t is some specific tag-name like "ftp" or "spend" and the
>constraints c1 ... ck specify further conditions.
I believe the "contraints" c1 ... ck were previously (and more generously) labeled
"parameters". Since these may be defined by the issuer, I was hoping to address the
(now settled?) issue of "one tag per cert" by allowing for a contruct like:
( tag ( taglist tag1 tag2 ... tagn ) )
Specifically,
( tag ( taglist
( ta pa1 pa2 ... pan ) [ or ( tag ( ta pa1 ... pan ) ) ]
( tb pb1 pb2 ... pbn )
...
( tx px1 px2 ... pxn ) ) )
Is such a contruct to be supported? I envision that for some certs, esp lists like
names, phone numbers and addresses, such a structure allows for intersections better
than having to sign an opaque blob consigned to a "T_bundle".
In general, where the tags ta, tb, ...tx are identical, one is assured that the
consequent parameters are comparable. (hence some degree of built-in handling on the
part of generic spki-ware might not seem unreasonable:-)
Any real utility here?
____TONY____
Tony Bartoletti LL
SPI Project Leader LL LL
Computer Security Technology Center LL LL LL
Lawrence Livermore National Lab LL LL LL
PO Box 808, L - 303 LL LL LLLLLLLL
Livermore, CA 94551-9900 LL LLLLLLLL
email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL