[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Multi-Tag-Cert Tag Creation and Validation
-----BEGIN PGP SIGNED MESSAGE-----
At 01:28 PM 4/17/97 -0700, Tony Bartoletti wrote:
>When I said "a single SPKI certificate may need to reference multiple
>authorizing certificates," I did not mean to imply a certificate would have
>multiple issuers. Rather, the signing key of the one issuer of cert CX
>may itself have been certified by different authorities for different tags.
>Where CX itself contains multiple tags, it would be neccessary for the
>supplicant to gather and present those certificates on the issuer key
>which support the capabilities asserted in the CX tags.
>
>Does this not seem reasonable?
Ah, yes. This seems reasonable. Of course, I still believe that normal tag
construction (e.g., a checking account spending permission which includes
bank and account # as parameters) will let 5-tuple reduction proceed in this
case.
Take, for example, intersection from right to left (request to root). In
this case, there are only single tags in the current resolution.
If you go left to right, there are multiple possible tags but a multi-tag
cert (if we allow it) would yield multiple working 5-tuples (one for each
parent thread).
In either case, I see no reason for concern.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBM1aP4lQXJENzYr45AQE2+AP/UUW64ohi6FVUXDas9Qwi6qjhnI+Ta06/
to+XoSDeEXsiGIKkF5nycuBC/d7qn0huUmwJ/QSZTnDQrAnl0MpY1Qp8MFLTxYV1
kCl6+t28UtEQTPLLvXroEIN55I7/dvdrM/58TBSJKDHiQmPoDC4eAgd1dSQtRFKO
44uFziS/EjE=
=d5ix
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: