[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth fields
Carl Ellison wrote:
>
> Hi Ron.
>
> At 11:10 AM 3/11/97 EST, Ron Rivest wrote:
> >You mentioned a "sorting order" for auth fields. This implies that
> >you want what mathematicians call a "total order" on the elements, so that
> >between any two such elements you have a relationship (either greater,
> >less than or equal to).
>
> No, I had always been thinking of a partial order -- maybe a lattice --
> although it's not clear that any such lattice would be closed.
>
> E.g., in your filesystem example,
> "ftp://cybercash.com/pub/cme/"
> and
> "ftp://theory.lcs.mit.edu/pub/rivest/"
> might theoretically be both subordinate to
> "ftp:"
> but there might be no cert ever generated for that lattice point.
>
> The problem with thinking of such lattices, to me, is that for some real
> uses of certs, we'll need to be able to do an occasional PolicyMaker
> translation of <auth> -- something that I don't know how to express in such
> a form. A PolicyMaker program would join arbitrary places on such a
> lattice.
You want to be a bit careful about terminology here, because "join" and "meet"
are the defined operations on a lattice, if I remember things correctly. I
suspect that you didn't mean "join" in the lattice sense (and please don't ask
me to define that ... but I know a man who can ;-). Correct me if I'm wrong!
Cheers,
Ben.
>
> Agree?
>
> - Carl
>
>
>
>
> +------------------------------------------------------------------+
> |Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
> |CyberCash, Inc. http://www.cybercash.com/ |
> |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
> |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
> +------------------------------------------------------------------+
>
--
Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk
Freelance Consultant and Fax: +44 (181) 994 6472
Technical Director URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd, Apache Group member (http://www.apache.org)
London, England. Apache-SSL author
Follow-Ups:
References: