[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple tags per cert

To: rivest@theory.lcs.mit.edu (Ron Rivest), spki@c2.net
Subject: Re: Multiple tags per cert
From: Bill Frantz <frantz@netcom.com>
Date: Wed, 2 Apr 1997 19:50:35 -0800
Cc: blampson@microsoft.com
In-Reply-To: <199704022029.AA24044@swan.lcs.mit.edu>
Sender: owner-spki@c2.net

At 12:29 PM -0800 4/2/97, Ron Rivest wrote:
>Tony Bartoletti asked if it might be possible to have multiple tag
>fields per cert.  The original specs said no, there should be only
>one tag field per cert.  But the *-form technology (described in a
>previous note) allows one to do this cleanly.  This is a very pleasant
>side-effect that was not intended! Cool!

As a dumb sysadmin, I am beginning to think I need a tutorial on how to
compose tags so no hostile cert holder can amplify the authorizations given
by the tab by clever delegation.  Given this education, I like the idea
because it supports Hal's CRCert generation utility.


-------------------------------------------------------------------------
Bill Frantz       | I have taken a real job at | Periwinkle -- Consulting
(408)356-8506     | Electric Communities as a  | 16345 Englewood Ave.
frantz@netcom.com | capability security guru.  | Los Gatos, CA 95032, USA

References:

Multiple tags per cert

From: rivest@theory.lcs.mit.edu (Ron Rivest)

Prev by Date: Re: Typeability and screen space
Next by Date: Re: serial numbers // push/pull CRL's
Prev by thread: Multiple tags per cert
Next by thread: serial numbers // push/pull CRL's
Index(es):
- Main
- Thread