[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding/subtracting permissions

To: hal@rain.org
Subject: Re: Adding/subtracting permissions
From: Carl Ellison <cme@cybercash.com>
Date: Tue, 8 Apr 97 20:01:11 EDT
Cc: spki@c2.net
In-Reply-To: message from Hal Finney on Tue, 8 Apr 97 15:27:32 EST
Sender: owner-spki@c2.net

   Date: Tue, 8 Apr 97 15:27:32 EST
   From: Hal Finney <hal@rain.org>

   There are still some issues here which I don't fully understand.

   One idea I've seen discussed would have allowed a mix of negative and
   positive credentials in a single certificate.  You could have a cert with
   two tags:

	   (1) Keyholder is honest and trustworthy
	   (2) But he has bad breath

   By signing them jointly the issuer ensures that when the holder shows
   the cert the verifier gets both pieces of information.

   This does not work well though if, in the process of delegation, the
   two tags can be separated.

Even if the two tags could be validated by reduction, that process
would require the original cert holding both tags.  There's no way
to hide that information from the verifier.

Prev by Date: Re: Java programs, etc.
Next by Date: Tag-ids
Prev by thread: Re: Adding/subtracting permissions
Next by thread: Re: Other *-forms for dates and times, and love
Index(es):
- Main
- Thread