Re: [Jsdsi-users] Specific Tag
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
Re: [Jsdsi-users] Specific Tag
|
From: Sean R. <sra...@ae...> - 2004-05-12 18:33:40
|
On Wed, 2004-05-12 at 17:51, Guillermo Navarro wrote: > Sameer Ajmani <aj...@cs...> writes: > > I think checking the hash chain somewhere else makes sense. The ID is > > enough to uniquely identify a hash chain, and the index ensures proper > > ordering, so together they are enough for the Prover to build the > > certificate chain. Assuming the certificates were created correctly, then > > the hash chain should also be correct. Of course, the Verifier will need > > to check that this is in fact true! > > > > Also, I don't think "h2 = h(h1)" is really in the spirit of tag > > "intersection" -- contrast with the intersection rules for sets, ranges, > > prefixes, etc, which are more intuitive. > > yes, that's true, it is by no means intuitive :) I am currently doing > what you outline. I put the hash value into the comment of the > certificate - > -(by the way, is there any way that I can put the hash > into the "tag" so it is ignored by the intersection algorithm?) Nope. I think that putting them in the comment is perfectly allowable though. > --, and > the verifier stores all the hashes in order to check them later. > > I use the hash as some sort of authorization token I just though it > may be easier if the intersection could ensure the validity of the > hash. But, in fact, is not that "nconfortable to check it later. > > > I actually think hash chains ought to be a separate primitive in JSDSI. > > Hash chains are useful to create certificate revocation and validation > > lists and trees, and JSDSI currently has no support for them. A long time > > ago I proposed a format for hash chains to the SPKI mailing list; perhaps > > I should dig that up. You might search the SPKI mailing list archives for > > mention of hash chains or validation trees. > > Thanks, I couldn't find any hash chains or validation trees references > in the archives at a first search. I'll try to look at them closer. Just to clarify... Sameer is talking of the SPKI mailing list, not JSDSI. > Thanks for the advice. > > Guillermo > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
