[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Adding/subtracting permissions
Date: Tue, 8 Apr 97 15:27:32 EST
From: Hal Finney <firstname.lastname@example.org>
There are still some issues here which I don't fully understand.
One idea I've seen discussed would have allowed a mix of negative and
positive credentials in a single certificate. You could have a cert with
(1) Keyholder is honest and trustworthy
(2) But he has bad breath
By signing them jointly the issuer ensures that when the holder shows
the cert the verifier gets both pieces of information.
This does not work well though if, in the process of delegation, the
two tags can be separated.
Even if the two tags could be validated by reduction, that process
would require the original cert holding both tags. There's no way
to hide that information from the verifier.