[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: Carl Ellison <cme@cybercash.com>*Subject*: Re: intersection()*From*: Peter Williams <peter@verisign.com>*Date*: Fri, 18 Apr 1997 12:15:20 -0700*Cc*: <spki@c2.net>

At 02:24 AM 4/18/97 -0400, Carl Ellison wrote: >Peter, > > I don't know how you built this message, but it came through in 2-point >type, or so, and my eyes aren't that good. > > - Carl > Half my battles with quality are actually caused by the fact that my entire day-day system is an ever-continuing beta release. I'm an eternal empirical scientist! One day my spelling checker works, next day it doesn't; next day the mailbox is trashed, next moment the mouse cease to work... The other half is just me. I was using IE4 preview's "outlook" beta-program, testing out its secure mail stuff. Ive gone back to trusty old Eudora for you (on what must now be a beta-grade win95+ platform given how many system dlls have changed in the last 7 days). Find below is what I sent. FYI. if one reads SPKI cert format ID and uses and implications of definitions of terms from Trusted Systems type work of the late 70s, the material and model is very precise and very carefully modeled as a protection design, I would judge. I really misjudged this initiative; hope I can make up for such bad judgement and early skepticism, in the deployment and piloting phases! Peter. ----- 3 questions. (a) Is the notion of "SPKI certificate" limited to signed 5-tuples of the form <Self, a,b,c,d>. Another name for this is a CRC (3.3.3 draft 25 Mar) What is a signed value <x,a, b, c, d> where x != self, if its not a "spki certificate". (b) 3.3.3 says "...one can sign that generated body, using "a" private key of Self." Can the private key selected really be different from the key referenced by X? (c) 3.3.1 the notion of intersection is not introduced for auth fields. 3.4 seems to imply that its an "operator" (I using operators in the sense of looking at a generic 5-tuple (certificate body) as a specification for an abstract algebra, a concrete instance of which assigns to operator" some mapping in the field over which auth s are defined, and that mapping is named "intersection"). The nature of the mapping is constrained to be of form (x1,x2)->y as default, yet no concrete mapping in any concrete field is specified. (e.g. boolean and). Is "default" the condition of absence of policymaker program, or, alternatively, the absence in an end-systems hard-coded reduction algebra of a declaration for "intersection". We know such an operator may be expressed in a policymaker program, and in general may be of form :- one or more bodies maps to one or more results. We note that the policymaker rules may define a partial order in the field of values of a given auth-field. Is the default rule mapping playing the role of intersection always a partial order? Are all operators playing the role of intersection as in A=intersection(...) required to be a less-than function in that partial order?? (3.4) In reality, all this abstraction aside, is intersection really just meant to mean less-than over some partial order of an auth field's values? Whilst I get the overall jist of 3.4, I find it very confusing as to what the scope and nature of my definitions for a conforming intersection() function can be.

**Re: intersection()***From*: Carl Ellison <cme@cybercash.com>

- Prev by Date:
**Further comments on capabilities [long]** - Next by Date:
**Re: intersection()** - Prev by thread:
**Re: intersection()** - Next by thread:
**Re: intersection()** - Index(es):