Re: Intersection of tag fields

[azb@llnl.gov (Tony Bartoletti)]

Ron,

You wrote:

>Recall that a tag item is an object of the form
>        ( tag
>         ( t c1 c2 ... ck  ) )
>where t is some specific tag-name like "ftp" or "spend" and the
>constraints c1 ... ck specify further conditions.

I believe the "contraints" c1 ... ck were previously (and more generously) labeled
"parameters".  Since these may be defined by the issuer, I was hoping to address the
(now settled?) issue of "one tag per cert" by allowing for a contruct like:

        ( tag ( taglist tag1 tag2 ... tagn ) )

Specifically,

        ( tag ( taglist
                ( ta pa1 pa2 ... pan )          [  or ( tag ( ta pa1 ... pan ) )  ]
                ( tb pb1 pb2 ... pbn )
                ...
                ( tx px1 px2 ... pxn ) ) )

Is such a contruct to be supported?  I envision that for some certs, esp lists like
names, phone numbers and addresses, such a structure allows for intersections better
than having to sign an opaque blob consigned to a "T_bundle".

In general, where the tags ta, tb, ...tx are identical, one is assured that the
consequent parameters are comparable.  (hence some degree of built-in handling on the
part of generic spki-ware might not seem unreasonable:-)

Any real utility here?

____TONY____


Tony Bartoletti                                             LL
SPI Project Leader                                       LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL

---

• Prev by Date: Re: Light-weight certificate revocation lists ?
• Next by Date: *-forms in tags
• Prev by thread: meanings of tag fields (was Re: Intersection of tag fields )
• Next by thread: Re: Auth
• Index(es):
  • Main
  • Thread