Re: Public key validation and Proof of possession

[Michael Ströder <michael@xxxxxxxxxxxx>]

Stefan Santesson wrote:
> 
> I'm concerned that we are about to enter a dangerous path if we start
> defining extensions for policy aspects.

A very valid concern.

> If we open this can, there are
> many other potential candidates for policy expression extensions and I'm
> not sure we will help the deployment community by going down that path.

I couldn't agree more.

How about candidates like "Power and air conditioning", "Water
exposures" and "Fire prevention and protection". I'm pretty sure a
relying participant should be able to check these aspects automagically. ;-)

> I think this needs careful consideration and I'm not sure the benefit of
> this extension is worth the cost.

It's my impression that X.509v3 extensions are not fully supported in
today's implementations anyway. Therefore each new extension will likely
not be adopted by implementors but will complicate the standards.

> My thought is that arithmetic property validation seems feasible even in
> a smart card today and even more, this test can easily be done in the
> system in which the smart card is used. Computation power is
> exponentially increasing and before this extension is generally adopted,
> this might very well be a completely redundant issue.

+1

Ciao, Michael.