[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments on SPKI draft of 25 March 1997
Isn't this just asking for the binary 0/1 "may-delegate" field? The
certificate in any case just delegates authority to make transactions,
and the may-delegate = 1 authorizes further delegation. So I think we
cover your cases, without needing integer values larger than 1 for the
Date: Mon, 31 Mar 1997 09:26:27 -0500
Subject: Re: Comments on SPKI draft of 25 March 1997
To: email@example.com, firstname.lastname@example.org (Ron Rivest)
Content-Description: cc:Mail note part
31 Mar 97 @ 0900 EST
Pardon the intrusion into your thinking, but may I point out that
"delegate" may have a level of indirection you might wish to consider.
In the right "to delegate", there are actually two rights clouded by
semantics -- the right to execute a transaction under my authority as
my delegatee without further delegation AND the right to delegate my
authority to someone else.
You may wish to consider these as two different things. Lest you
think this is an arbitrary distinction, this is exactly how IBM "fell
on its sword" in DB2. By failing to distinguish between these two
rights, IBM forever coded into DB2 the problem of "cascading revoke".
That is: X as a dbadmin, X grant authority to Y; Y grants to Z; Y
leaves the firm; X revokes Y and Z is disabled.
Perhaps you might wish to consider this input from one who spent some
time in that particular bowl of spaghetti.
Note: This is really my own opinion and not reflect any official
opinion of my employer or my wife -- both of whose opinions count a
lot more than mine. ;-)
______________________________ Reply Separator _________________________________
Subject: Comments on SPKI draft of 25 March 1997
Author: email@example.com (Ron Rivest) at UNIXGTWY
Date: 3/29/97 12:06 PM
On Question 5:
I am in favor of making the may-delegate field boolean (that is,
0/1 valued), as I can't see why someone might need more. Certainly,
the security implications between ( may-delegate 1 ) and ( may-delegate 2 )
are hardly crisp, since you are depending on your delegee to determine
who gets delegated to in either case (either directly by his own judgement,
or indirectly via his delegees).