[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding/subtracting permissions

   Date: Tue, 8 Apr 97 15:27:32 EST
   From: Hal Finney <hal@rain.org>

   There are still some issues here which I don't fully understand.

   One idea I've seen discussed would have allowed a mix of negative and
   positive credentials in a single certificate.  You could have a cert with
   two tags:

	   (1) Keyholder is honest and trustworthy
	   (2) But he has bad breath

   By signing them jointly the issuer ensures that when the holder shows
   the cert the verifier gets both pieces of information.

   This does not work well though if, in the process of delegation, the
   two tags can be separated.

Even if the two tags could be validated by reduction, that process
would require the original cert holding both tags.  There's no way
to hide that information from the verifier.