[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multi-Tag-Cert Tag Creation and Validation

Peter Williams wrote:
> >1.2 Every tag in a certificate you issue has a tag-id constructed
>>    of the form <some-cert-id>-<small-index> detailed below.
>>    HINT:  For a single-tag cert, the tag-id is simply the cert-id
>>           of the cert which grants your key-as-issuer authority.
>Are SPKI tags limited to a single parent in their construction form?
>Surely, the single-tag cert could need to reference multiple cert-id's
>which grant it authority or other privilege.

Certainly a single SPKI certificate may need to reference multiple
authorizing certificates, but I cannot see how the validation process
would be made to understand that a particular tag must be intersected
with a peer-set of parent tags up the chain (mesh).  It would seem that
you are positing a form where either a union, or a conjunction of tags
must be present.  In the latter case, that tag gaining authority may not
properly intersect with either parent, and in the former case, there may
not be an appropriate union. My brief example:

  PA has authority to delegate (spend up-to-5000 (accounts x y)) for a
  single purchase. PA decides to limit per-purchase spending on each account
  to 3000 by creating tags (spend up-to-3000 (accounts x)) and (spend up-to-3000
  (accounts y)) and certifying keys PB and PC each with one or both tags.

It is not clear to me what the proper union of these tags might be.
(But then you were probably arguing for a conjunction in any event.)

>Encoding a single hierarchy of authority through tag assignment practices
>is otherwise known as an ASN.1 object identifier.
>An SPKI goal is surely to get rid of such uni-hierarchical tag notions,
>not reinvent it!

I have to agree with you.  Ron Rivest pointed further pointed out that my
scheme would make it impossible for B to delegate a tag to C, prior to A
delegating to B.  The scheme simply meant to demonstrate how the neccessary
elements of a mesh could be identified more rapidly for validation.  Ron
subsequently made the point that the supplicant (key-holder) would likely be required to gather the needed cert-mesh elements for presentation, with key,
to the relying party, reducing the space of tag-matching that must be worked.

___TONY___ (speaking for myself, so say they)