[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clever delegation ??

Bill Frantz says:
	I am beginning to think I need a tutorial on how to
	compose tags so no hostile cert holder can amplify the 
	authorizations given by the tag by clever delegation.  

The proposed algorithm for intersecting tags should ALWAYS produce a
tag T for the result of reducing a chain that is not more powerful
than any of the tags T1, ..., Tn of the chain.  This is because each
tag represent a set of S-expressions (each of which denotes an authorization)
and the tag represents a set containing a given S-expression S only if
each of the Ti's represent a set containing S.

That is not to say that one couldn't write an S-expression for a tag
that transferred more authority than you intended.  But further
sub-delegation can't increase the authority first delegated.

Ron Rivest