[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Public key validation and Proof of possession

To: Terry Hayes <tdchayes@xxxxxxxxx>
Subject: RE: Public key validation and Proof of possession
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 28 Oct 2005 14:48:46 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <4701d76c0510271418p28eb9362l8cfcdeba1182a6fc@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BF9309599A71984CAC5BAC5ECA62994403653217@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx .com> <4701d76c0510271416i3e73cf63i74696df0009477cb@xxxxxxxxxxxxxx> <4701d76c0510271418p28eb9362l8cfcdeba1182a6fc@xxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Title: RE: Public key validation and Proof of possession

At 2:18 PM -0700 10/27/05, Terry Hayes wrote:

What's wrong with defining a new policy qualifier?

id-qt-ietf-pkix-key-validation-performed

id-qt-ietf-pkix-proof-of-posession-performed (owner-posession-of-key-assured?)

These would generally be asserted only in the end-entity certificates.

Terry Hayes

3280 suggests that policy qualifiers NOT be used in general. If we adopted this approach we would have to revisit that advice.

"To promote interoperability, this profile RECOMMENDS that policy
information terms consist of only an OID. Where an OID alone is

insufficient, this profile strongly recommends that use of

qualifiers be limited to those identified in this section."

Steve

References:
- RE: Public key validation and Proof of possession
  - From: Terry Hayes

Prev by Date: Re: Public key validation and Proof of possession
Next by Date: Re: draft-ietf-pkix-scvp-21.txt
Previous by thread: RE: Public key validation and Proof of possession
Next by thread: RE: Public key validation and Proof of possession
Index(es):
- Date
- Thread