Re: [Jsdsi-users] Specific Tag
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
Re: [Jsdsi-users] Specific Tag
|
From: Guillermo N. <gna...@cc...> - 2004-05-12 16:58:20
|
Sameer Ajmani <aj...@cs...> writes: > I think checking the hash chain somewhere else makes sense. The ID is > enough to uniquely identify a hash chain, and the index ensures proper > ordering, so together they are enough for the Prover to build the > certificate chain. Assuming the certificates were created correctly, then > the hash chain should also be correct. Of course, the Verifier will need > to check that this is in fact true! > > Also, I don't think "h2 = h(h1)" is really in the spirit of tag > "intersection" -- contrast with the intersection rules for sets, ranges, > prefixes, etc, which are more intuitive. yes, that's true, it is by no means intuitive :) I am currently doing what you outline. I put the hash value into the comment of the certificate --(by the way, is there any way that I can put the hash into the "tag" so it is ignored by the intersection algorithm?)--, and the verifier stores all the hashes in order to check them later. I use the hash as some sort of authorization token I just though it may be easier if the intersection could ensure the validity of the hash. But, in fact, is not that "nconfortable to check it later. > I actually think hash chains ought to be a separate primitive in JSDSI. > Hash chains are useful to create certificate revocation and validation > lists and trees, and JSDSI currently has no support for them. A long time > ago I proposed a format for hash chains to the SPKI mailing list; perhaps > I should dig that up. You might search the SPKI mailing list archives for > mention of hash chains or validation trees. Thanks, I couldn't find any hash chains or validation trees references in the archives at a first search. I'll try to look at them closer. Thanks for the advice. Guillermo |
