[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Missing Protocol ?

To: Denis.Pinkas@xxxxxxxx, mzolotarev@xxxxxxxxxxxxx
Subject: RE: Missing Protocol ?
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Thu, 20 Apr 2000 10:11:49 +0200 (MET DST)
Cc: ietf-pkix@xxxxxxx, Mzolotarev@xxxxxxxxxxxxxxxx

> I am not sure that the problem the proposed protocol is addressing is the
> real problem.

I realised that Denis and I had been talking about two different things. 
So be it. 

It seems that the interest it to 'publish' some attributes that are
kept by the RA/CA....

> 
> I do not think that the protocol will be something of a frequent use: If an
> entity can not be uniquely and unambiguously identified without some extra
> 'with-the-beard' information, that information should be present in the
> entity's certificate. You do not want to reach out and ask an RA for extra
> details about the entity every time you deal with that entity. It is just
> going to be a pain. Therefore, I do not think we have a real requirement
> here. Passing it over to the "unique ID" thread :)

... a passport number, its validity date, my bank account number, etc. are
not necessarily available in the ID cert, but they can be made available
in one or more attribute certs, for example. 

I had in mind a completely unstructured set of scanned copies of
paper documents, but even that could be encapsulated in an attribute cert.
 
 
> I am not convinced that the protocol is necessary for infrequent use either:
> When a judge or police, or anybody else needs more information about the
> entity, an RA can be contacted directly. You do not really need a protocol.
'contact directly' means what? ...

> A judge, police etc can do it by phone, by fax, by email or by face to face.
> As they do it now, conveniently and simple enough. 

This is the bottom line of the question. To replace existing methods, for example:

- An RA can always issue an attribute cert for all the attributes that they
  store, be it just as a convenient way to fix the content of its user data base,
  or be it to inform the user about what has been stored about him.

- There are methods/protocols to "publish" certificates, or to give
  controlled and secured access to them.

> 
> As a bottom line: if a protocol is not going to be used frequently, and we
> can get by without it for occasional need, do we need the protocol at all?

I think we don't need a new one. 

Peter

Follow-Ups:
- Re: Missing Protocol ?
  - From: Denis Pinkas

Prev by Date: RE: Missing Protocol ?
Next by Date: processing Name in certificate
Previous by thread: RE: Missing Protocol ?
Next by thread: Re: Missing Protocol ?
Index(es):
- Date
- Thread