[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Intersection of tag fields


You wrote:

>Recall that a tag item is an object of the form
>        ( tag
>         ( t c1 c2 ... ck  ) )
>where t is some specific tag-name like "ftp" or "spend" and the
>constraints c1 ... ck specify further conditions.

I believe the "contraints" c1 ... ck were previously (and more generously) labeled
"parameters".  Since these may be defined by the issuer, I was hoping to address the
(now settled?) issue of "one tag per cert" by allowing for a contruct like:

        ( tag ( taglist tag1 tag2 ... tagn ) )


        ( tag ( taglist
                ( ta pa1 pa2 ... pan )          [  or ( tag ( ta pa1 ... pan ) )  ]
                ( tb pb1 pb2 ... pbn )
                ( tx px1 px2 ... pxn ) ) )

Is such a contruct to be supported?  I envision that for some certs, esp lists like
names, phone numbers and addresses, such a structure allows for intersections better
than having to sign an opaque blob consigned to a "T_bundle".

In general, where the tags ta, tb, ...tx are identical, one is assured that the
consequent parameters are comparable.  (hence some degree of built-in handling on the
part of generic spki-ware might not seem unreasonable:-)

Any real utility here?


Tony Bartoletti                                             LL
SPI Project Leader                                       LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL