[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Ron Rivest wrote:
>(1) If A delegates to B and B delegates to C, it isn't necessary that
> B know about his delegation from A at the time of B's delegation to C.
You are right. I had not considered "delegation prior to authority".
That would make Tag-IDs, as I envisioned using them, *rather difficult*.
(Except in some very limited and closed hierarchies).
>(2) In the SDSI model, it is not the verifier who has to rummage around to
> find the appropriate certificates, but the requestor. This is important
> for appropriately balancing the system workload, I think. Particularly
> if the certificates may be somewhere else (i.e. the verifier doesn't
> have them in hand.)
I intentionally finessed that point. I didn't think it mattered as far as
the diagrams were concerned. Same tags would need to be compared somehow.
But that is another point that has not been addressed directly until now.
___TONY___ (reverting to plan B)