[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on <draft-ietf-pkix-crlaia-00.txt>

To: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Subject: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Thu, 12 May 2005 10:53:06 -0400
Cc: pkix <ietf-pkix@xxxxxxx>
In-reply-to: <42832153.8000802@xxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BF9309599A71984CAC5BAC5ECA629944023E57E5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <427F6014.1030001@xxxxxxxx> <6.2.1.2.2.20050509111902.05e0c6a0@xxxxxxxxxxxxxxxx> <42805BD8.4050608@xxxxxxxx> <6.2.1.2.2.20050510145551.082d6310@xxxxxxxxxxxxxxxx> <42832153.8000802@xxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Denis:

Finally!  We now uncover the actual point of disagreement.

You say:
   The same trust anchor is not a *sufficient* condition. The same node in the
   certification tree is the necessary condition. This implies, of course, the
   same trust anchor, but since two CRL issuers located at different nodes
   (i.e. certified by different CAS) might have the same CRL issuer name, this
   condition is insufficient to solve the issue.

When policies, procedures, and practices are followed, I do not believethat two different CRL issuers that are subordinate to the same trustanchor can legitimately have the same name. As I said yesterday, I amwilling to add text to the Security Considerations section to statethis. I am even willing to state that certificate users should not includetrust anchors that do not have policies, procedures, and practices thatwould prevent such name collisions.


Russ

Follow-Ups:
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Denis Pinkas

References:
- RE: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Stefan Santesson
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Denis Pinkas
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Russ Housley
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Denis Pinkas
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Russ Housley
- Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
  - From: Denis Pinkas

Prev by Date: Re: key usage - key encipherment or data encipherment
Next by Date: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
Previous by thread: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
Next by thread: Re: Comments on <draft-ietf-pkix-crlaia-00.txt>
Index(es):
- Date
- Thread