[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clever delegation ??

To: frantz@netcom.com
Subject: Clever delegation ??
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Thu, 03 Apr 97 00:39:08 EST
Cc: spki@c2.net
Sender: owner-spki@c2.net


Bill Frantz says:
	I am beginning to think I need a tutorial on how to
	compose tags so no hostile cert holder can amplify the 
	authorizations given by the tag by clever delegation.  

The proposed algorithm for intersecting tags should ALWAYS produce a
tag T for the result of reducing a chain that is not more powerful
than any of the tags T1, ..., Tn of the chain.  This is because each
tag represent a set of S-expressions (each of which denotes an authorization)
and the tag represents a set containing a given S-expression S only if
each of the Ti's represent a set containing S.

That is not to say that one couldn't write an S-expression for a tag
that transferred more authority than you intended.  But further
sub-delegation can't increase the authority first delegated.

Ron Rivest

Follow-Ups:

Re: Clever delegation ??

From: Bill Frantz <frantz@netcom.com>

Prev by Date: Re: majordomo information
Next by Date: Re: Clever delegation ??
Prev by thread: Re: Typeability and screen space
Next by thread: Re: Clever delegation ??
Index(es):
- Main
- Thread