[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java programs, etc.
> I don't
> understand how "custom intersection algorithms" are supposed to be
> authorized, and how they are supposed to work.
Perhaps I don't understand the problem. Let me test my understanding
by making up a simple example.
What if you see a certificate:
(tag (may-eat-the-wigglies 12 blue)))
and you see another certificate:
(tag (may-eat-the-wigglies 0 blue)))
Now, if you are considering using this certificate chain as an
authorization allowing Alice to actually _do_ something, then
presumably you already have a certificate like:
and you already have talked to Twirlip and agreed on what this
authorization means. If it helps you, you might want to make
yourself a certificate
Um.. Or is that
(subject (tag may-give-out-wiggly-eating-auths))
(tag (PM-program "http://www.self.com/WigglyEating.PM")))
Or maybe just add the PM-program URL to your original cert, making it
Anyway... You can make a certificate which reminds you (and
incidentally informs others) of what the tag means.
But let's say you have _not_ made any deals with Twirlip, and you
do _not_ operate a server (like "wigglies.self.com") which needs to
decide on Alice's authorization. Instead you are an ISP who provides
net access and public key infrastructure for self.com. You have never
heard of Twirlip before but you would like, if possible, to collapse
this two-certificate chain into a single certificate before passing
it on to self.com.
This is the problem we are faced with, right? So you need to figure
out what the two issuers meant with their respective tags.
Please excuse me if I am being ignorant.
Zooko of the Mists
Disclaimers follow: I am not a cypherpunk. NOT speaking for
DigiCash or any other person or organization. No PGP sig follows.