[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Summary Trust x Delegation

I disagree with the statement made by Bill Frantz that
	"I have no technical way to prevent effective delegation, so..."

If Alice gives Bob a certificate (say with tag "foo"), then of course there
is no way for Alice to prevent Bob from issuing a certificate with tag
"foo" to Dorothy.  

But this certificate issued by Bob is not _effective_ if Alice's certificate
has a "don't propagate" bit turned on.  (Let us assume for simplicity here
that this is the simplest form of propagation control, not "stop at key".)

By turning on the "don't propagate" bit, Alice is insisting that her
certificate must be the *last* certificate in any valid certificate chain
containing that certificate.  Thus any certificates that Bob issues can
not be effectively utilized in a valid certificate chain.  Thus Bob's
certificates are ineffective--the certificate he issues to Dorothy will
not be usable to sub-delegate any "foo" rights that Alice gave to Bob.

Alice need only trust the verifier to honor the correct notion of what
a valid certificate chain is; she does not need to trust Bob not to
issue further certificates.