[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple subjects and auths

At 01:23 PM 3/31/97 EST, Ron Rivest wrote:
>I guess I'm convinced by Carl that it would be best to require that
>a certificate have exactly ONE subject and exactly ONE auth field.
>However, I think it is extremely important that the user interface allow
>the user to see a list of names for ease-of-use reasons...

The one place where this might not apply (Ron convinced me, in return)
is if the user is using a simple text editor to create his objects.

We have a number of different objects -- all cert-like:

1)	certificate (subject = <principal>)  {<principal> = <key>|<key-hash>}
2)	auto-cert (subject = (keyholder <principal>))
3)	assertion (subject = <hash-of-object>)
4)	ACL entry (issuer = NULL standing for "self")
5)	request (a kind of assertion)

Of these cert-like objects, only #4 can be created by a raw text editor 
since only #4 requires no signature.  Therefore, if we define a separate 
object BNF for ACL entry, we should probably allow multiple subjects in that 

BTW, by the same logic I used to argue for different object names for the 
three different kinds of SDSI name, I should argue for different object 
names for the above 4 or 5 kinds of cert-like object (even though all of 
them reduce to 5-tuples and are reduced as 5-tuples without attention to 
their brand of origin).  The only reason I argue against different object 
type names for these 4 is that if we do the 5-tuple reduction to 
(issuer=self) and sign the result, it's simpler if signed 5-tuples are 
always the same object type.  That one object type would encompass all of 
the 4 or 5 above.

 - Carl

|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |