[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Other *-forms for dates and times, and love

 A being named "Twirlip Of The Mists", but operating under the
 pseudonym "Ron Rivest <rivest@theory.lcs.mit.edu>" typed:
> While even-numbered minutes is a bit far-fetched, only weekdays, or
> only working hours, seems very reasonable.

I expect that a lot of uses of certificate delegation will surprise
us.  We should be careful to make it easy for developers to do things
we don't expect.

> We could add *-forms of
> the form:
>         (* days-of-week Sun Mon Tue Wed Thu Fri Sat)
> 		-- just list days of week when permission is granted
> 		-- corresponds to a set of dates of given day-of-week

This is syntactic sugar on top of

	(* ok-on-Sun ok-on-Mon ok-on-Tue ok-on-Wed ok-on-Thu
	ok-on-Fri ok-on-Sat)

, right?  And then the subject can make a delegation cert that says 

	(* ok-on-Sun ok-on-Mon ok-on-Tue)

And the generic "*-intersection" rules will do what the original
issuer and the delegator expect.

> 	(* time-of-day <start-time> <end-time>)
> 		-- for example (* time-of-day 09:00 05:00)

And this would be a _new_ special rule for tag-intersection, right?
Not covered by the generic "*-intersection" rule, and not general in
itself, but probably useful for lots of tasks.

> For general filters, one could escape to a Java program:
> 	(* program java <hash-of-java-program>)
> which accepts as input the canonical form of an S-expression, and returns
> true or false.

Interesting idea!  (But it needs to accept _two_ S-expressions and
return a third, doesn't it?)

This is basically the same as saying "meaning of tag intersection is
determined by the respective issuers, and must be agreed upon by all
of them", which can be implemented by IANA-style "Intersection Rule
Registry", SPKI-style "whatever all the parties agree to, and however
they can reach that agreement", Rivest's "hash of a Java program" or 
SPKI's "global names with random string appended to ensure 

Optionally, any of these implementations can be enhanced by
specifying generic (but not general) tag-intersection rules like
those proposed above.

Hm.  I'm thinking that someone _might_ actually invent a
tag-intersection rule that can't be codified in a Java program.

Something like "I hereby delegate my telnet capability to all those
people mentioned in the original certificate whom I love.".  :-)

Or "I delegate the authority to execute all of the programs 
mentioned in the original certificate as long as they terminate.".


Zooko the Wanderer

Disclaimers follow:  I am not a cypherpunk.  NOT speaking for 
DigiCash or any other person or organization.  No PGP sig follows.