Re: Missing Protocol ?

["David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>]

Denis,

If the information is NOT in a public key certificate, and the
information IS to be provided electronically instead of using methods
from the 60's, then the question is how to provide it.

I'm with Bob and Peter: the directory is the answer and no new
protocol is needed.  If there are attributes defined for passport
number/validity, bank account number, optically-scanned document, etc,
then those attributes can be stored in the directory either in unsigned
normal form or in signed attribute certificates.

No matter how new attribute certificates are, they are more mature than
this undefined 'missing protocol'.  It would be most productive to use
ACs and/or directories as is, and focus energy on establishing the catalog
of attribute definitions.

Dave



> From: Denis Pinkas <Denis.Pinkas@bull.net>
>
> Attribute Certificates are quite new and new [not] frequently used (if
> used). As stated above, the problem does not directly relate to
> Attribute Certificates.
> 
> > - There are methods/protocols to "publish" certificates, or to give
> >   controlled and secured access to them.
> 
> Yes, but the information that is needed is NOT in the certificate.
> 
> > > As a bottom line: if a protocol is not going to be used frequently, and we
> > > can get by without it for occasional need, do we need the protocol at all?
> 
> When we will have a significant deployment of a world-wide PKI, this
> protocol will be more and more useful/needed. We are trying to
> anticipate the needs.
> 
> Regards,
> 
> Denis
>  
> > I think we don't need a new one.
> > 
> > Peter