[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Other certs extension

To: "pkix" <ietf-pkix@xxxxxxx>
Subject: RE: Other certs extension
From: "Kemp, David P." <DPKemp@xxxxxxxxxxxxxx>
Date: Tue, 8 Apr 2008 15:26:40 -0400
In-reply-to: <9F11911AED01D24BAA1C2355723C3D3210853C38DA@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <47F62FEF.3060600@xxxxxxxxx> <9F11911AED01D24BAA1C2355723C3D3210853C38DA@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AciWYMa5lgle5rtOTBiVZi/Sh36S7QC8NFDQABcBbCA=
Thread-topic: Other certs extension


   "Some applications that associate state information with public key
   certificates can benefit from a way to link together a set of
   certificates belonging to the same end entity that can safely be
   considered to be equivalent for the purposes of referencing that
   application state information.  This memo defines a certificate
   extension that supports such linkage that can allow applications to
   establish the required linkage without introducing a new application
   protocol data unit."

Don't such extensions already exist, i.e. the Subject Alt Name extension
and/or RFC 4043 (Permanent Identifier)?  If multiple devices having
different keys are used to load-balance a single service, for example,
wouldn't each device's cert contain the same UUID or other provider ID
in SAN or PI?



-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Stefan Santesson
Sent: Tuesday, April 08, 2008 4:33 AM
To: Stephen Farrell; pkix
Subject: RE: Other certs extension


Stephen,

You hinted in our discussions regarding this draft that the problem that
this draft addresses originates from some W3C work.
Is this already covered by the use case in the draft, or could you
elaborate?


Stefan Santesson
Senior Program Manager
Windows Security, Standards


> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-
> pkix@xxxxxxxxxxxx] On Behalf Of Stephen Farrell
> Sent: den 4 april 2008 15:41
> To: pkix
> Subject: Other certs extension
>
>
>
> We briefly discussed this draft [1] in Philadelphia where
> there was some support for taking it on as a WG item, as
> well as some concern. I've just posted an update to the
> draft that I hope might mitigate some of the concerns
> expressed.
>
> At the meeting, we agreed to discuss it on the list,
> i.e. to discuss whether or not to make it a PKIX WG item,
> and if so, whether it ought be experimental track or
> whatever.
>
> FWIW, I think it'd be a fine PKIX draft, and reckon
> experimental is right unless its adopted for some
> interesting application, which I don't see happening
> right now.
>
> So - should this be a PKIX draft? And if so, aiming
> at what kind of RFC?
>
> Cheers,
> Stephen.
>
> PS: Comments on the content are, of course, also much
> appreciated. (And its still only 7 pages, incl. cruft:-)
>
> [1]
> http://www.ietf.org/internet-drafts/draft-farrell-pkix-other-certs-
> 02.txt

References:
- Other certs extension
  - From: Stephen Farrell
- RE: Other certs extension
  - From: Stefan Santesson

Prev by Date: Re: Other certs extension
Next by Date: RE: Other certs extension
Previous by thread: Re: Other certs extension
Next by thread: Re: Other certs extension
Index(es):
- Date
- Thread