[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth fields

Hi Ron.

At 11:10 AM 3/11/97 EST, Ron Rivest wrote:
>You mentioned a "sorting order" for auth fields.  This implies that
>you want what mathematicians call a "total order" on the elements, so that
>between any two such elements you have a relationship (either greater,
>less than or equal to).

No, I had always been thinking of a partial order -- maybe a lattice --
although it's not clear that any such lattice would be closed.

E.g., in your filesystem example, 
might theoretically be both subordinate to 
but there might be no cert ever generated for that lattice point.

The problem with thinking of such lattices, to me, is that for some real 
uses of certs, we'll need to be able to do an occasional PolicyMaker 
translation of <auth> -- something that I don't know how to express in such 
a form.  A PolicyMaker program would join arbitrary places on such a


 - Carl

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |

Follow-Ups: References: