[E-Lang] Re: Hash Chaining & Capabilities, Proposal #2d: Deputizing Remote Vats

[David Wagner]

> While I cannot offer as much experience, I have my own personal
> motivations for offline certificates, which are scalability and
> vulnerability to attack.

Right.  Those seem like good reasons.  And I suspect we can grow the
list even further.

For instance, another good reason to prefer offline active certificates
is to support partial disconnection.  Most people who access the net
through a modem are only rarely connected; if you have to check with
them online to verify all privileges they've delegated, they'll never
be able to usefully delegate anything to anyone else.

Also, there are cases of asymmetric connectivity.  I'm thinking especially
of folks behind a firewall who can connect out (to give an outsider an
active certificate) but where outsiders cannot connect in (to verify
delegated authority); in these cases, an "offline" protocol is useful.

In general, you can take any certificate system and replace all offline
certificate-verification steps with an online query to the trusted
certification authority.  Certificates are just an offline version of
an online protocol.  There are plenty of good reasons to prefer offline
authentication (certs) to the online protocol, and I think most of those
will also apply to active certificates.