[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Multi-Tag-Cert Tag Creation and Validation
As my original example did not contain multiple chains leading to a common
authority (the verifier), I left out an important operational step when I
said
> In general, we collect only those tags whose tag-id appears in
> each remaining taglist, resulting in a set for each such tag-id.
> On each tagset (single tag-id) we conduct tag-wise intersection,
> reducing each set to a single tag.
We really need to take the resulting taglist-mesh and perform the above
(arm-waving) operation on each chain in the mesh, resulting in a CRCert-
like taglist for each chain. Wherever a tag-id appears in more than one
chainwise-taglist, we should select the tag with the GREATEST authority,
not the LEAST authority.
A quick illustration:
Root Principal PR delegates "spend-to-1000" to PA, and "spend-to-5000"
to PB. A principal PC has KPC certified by each of PA and PB.
PC, submitting to Root PR a request to spend 3000, must be authorized.
>____TONY____ (speaking for myself, as if)