[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple tags per cert

At 12:29 PM -0800 4/2/97, Ron Rivest wrote:
>Tony Bartoletti asked if it might be possible to have multiple tag
>fields per cert.  The original specs said no, there should be only
>one tag field per cert.  But the *-form technology (described in a
>previous note) allows one to do this cleanly.  This is a very pleasant
>side-effect that was not intended! Cool!

As a dumb sysadmin, I am beginning to think I need a tutorial on how to
compose tags so no hostile cert holder can amplify the authorizations given
by the tab by clever delegation.  Given this education, I like the idea
because it supports Hal's CRCert generation utility.

Bill Frantz       | I have taken a real job at | Periwinkle -- Consulting
(408)356-8506     | Electric Communities as a  | 16345 Englewood Ave.
frantz@netcom.com | capability security guru.  | Los Gatos, CA 95032, USA