[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Public key validation and Proof of possession
-------------- Original message ----------------------
From: Michael Ströder <michael@xxxxxxxxxxxx>
>
> Stefan Santesson wrote:
> >
> > I'm concerned that we are about to enter a dangerous path if we start
> > defining extensions for policy aspects.
>
> A very valid concern.
Depends on whether your actually defining the operations policies or the framework for their definition...
>
> > If we open this can, there are
> > many other potential candidates for policy expression extensions and I'm
> > not sure we will help the deployment community by going down that path.
>
> I couldn't agree more.
I would disagree. In fact I claim its negligent of this body to not define these.
>
> How about candidates like "Power and air conditioning", "Water
> exposures" and "Fire prevention and protection". I'm pretty sure a
> relying participant should be able to check these aspects automagically. ;-)
>
> > I think this needs careful consideration and I'm not sure the benefit of
> > this extension is worth the cost.
>
> It's my impression that X.509v3 extensions are not fully supported in
> today's implementations anyway. Therefore each new extension will likely
> not be adopted by implementors but will complicate the standards.
>
> > My thought is that arithmetic property validation seems feasible even in
> > a smart card today and even more, this test can easily be done in the
> > system in which the smart card is used. Computation power is
> > exponentially increasing and before this extension is generally adopted,
> > this might very well be a completely redundant issue.
>
> +1
>
> Ciao, Michael.
>