Re: Q: Where should do I put a max amount in a X.509v3 certificate?

["todd glassey" <todd.glassey@xxxxxxxxxxxxxxxx>]

I would propose that there are a number of simple functions or
representational Data Structures to represent these various things missing
from PKIX.  Further that this WG has a number of common points of service or
functionality between a number of protocols and that for whatever reason
that have been ignored till now.

What I suggest that we need is a standard form of:

    1)    representing a light-weight token that can convey a statement as
to policy or indemnity limits

    2)    representing a token that in and of itself is cash or can carry
cash

    3)    representing status of a verification event. - This would be a
common calling form and return messaging for all PKIX routines. Maybe
something like a CDSA top-end for the PKIX protocols.

Todd

----- Original Message -----
From: "Michael Ströder" <michael@xxxxxxxxxxxx>
Cc: <ietf-pkix@xxxxxxx>
Sent: Monday, March 11, 2002 6:55 AM
Subject: Re: Q: Where should do I put a max amount in a X.509v3 certificate?


>
> Tom Gindin wrote:
> >
> >       Since this "purchase limit" is intended as a constraint on signed
> > orders, and those are signed by PKC's rather than AC's, the constraint
> > needs to go into the PKC.  I also don't think the syntax is very complex
>
> I'd suggest to thoroughly discuss a business model first before thinking
> about technical aspects (not on PKIX list off course). From some
discussion
> I remember that most drafts for something like this just didn't fit into
how
> financial institutions are working (although the institutions were
committed
> to use this particular PKI ;-).
>
> So defining technical specifications was completely useless because there
> was no working business model behind it.
>
> Ciao, Michael.
>