[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tag-ids

To: spki@c2.net
Subject: Re: Tag-ids
From: azb@llnl.gov (Tony Bartoletti)
Date: Tue, 8 Apr 1997 18:30:58 -0700
Sender: owner-spki@c2.net

Ron Rivest wrote:
>(1) If A delegates to B and B delegates to C, it isn't necessary that
>    B know about his delegation from A at the time of B's delegation to C.

  [snip]

You are right.  I had not considered "delegation prior to authority".
That would make Tag-IDs, as I envisioned using them, *rather difficult*.
(Except in some very limited and closed hierarchies).

>(2) In the SDSI model, it is not the verifier who has to rummage around to
>    find the appropriate certificates, but the requestor.  This is important
>    for appropriately balancing the system workload, I think.  Particularly
>    if the certificates may be somewhere else (i.e. the verifier doesn't
>    have them in hand.)

I intentionally finessed that point.  I didn't think it mattered as far as
the diagrams were concerned.  Same tags would need to be compared somehow.
But that is another point that has not been addressed directly until now.

___TONY___ (reverting to plan B)

Prev by Date: Certificate chains
Next by Date: Re: Other *-forms for dates and times, and love
Prev by thread: Tag-ids
Next by thread: Certificate chains
Index(es):
- Main
- Thread