[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-okid-01.txt

To: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Subject: Re: I-D ACTION:draft-ietf-pkix-okid-01.txt
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Thu, 14 Mar 2002 09:42:13 -0800
Cc: pkix <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 6:19 PM +0100 3/14/02, Denis Pinkas wrote:

1. Editorial. Choose either OKID or OCKID.
   I don't care as long as there is a single acronym.

Yipes! I thought I had done it everywhere except in the draft name; turns out I missed a bunch. (And I left it in the draft name so I didn't have to recycle at -00...).

Hence I would propose a text along the following:

"Because the result of matching the OCKID to the CA certificate is that the
certificate will now become a trust anchor, the system MUST inform the user
that the certificate has become a trust anchor.

The system SHOULD give the user a method for later removing the trust in the
CA certificate.

It MAY provide additional information to the user like:

- The policies used by the issuer of this certificate to issue subordinate
certificates ([PKIX] section 4.2.1.5)

- The basic constraints placed on the issuer of this certificate, such as
the depth of subordinate chain that can be issued under this certificate
([PKIX] section 4.2.1.10)

- The types of names for which the issuer of this certificate can create
certificates ([PKIX] section 4.2.1.11)

- The policy constraints placed on the issuer of this certificate ([PKIX]
section 4.2.1.12)

The system SHOULD also check whether the certificate is properly signed,
that is, that the public key in the certificate is in fact correctly
verifies the contents of the certificate."

So, here is where we get into the discussion of enforcing good security policy. My wording had the bulleted list as MUSTs. You have reduced them past SHOULD to MAY. The result of this is that few implementations will tell end users the effects of what they are doing (a SHOULD would probably do more).

I think this reduction is dangerous in that it does not tell the end user enough about the effects of her or his actions; other people would say that it is not our responsibility to insist on telling the end user this.

Quite frankly, there are probably lots of implementors who use PKIX toolkits who don't realize all the ramifications of using a trust anchor are. Forcing them to tell their users will make them much more aware of their responsibility.

--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: I-D ACTION:draft-ietf-pkix-okid-01.txt
  - From: Denis Pinkas

References:
- I-D ACTION:draft-ietf-pkix-okid-01.txt
  - From: Internet-Drafts
- Re: I-D ACTION:draft-ietf-pkix-okid-01.txt
  - From: Denis Pinkas

Prev by Date: Re: I-D ACTION:draft-ietf-pkix-okid-01.txt
Next by Date: Re: I-D ACTION:draft-ietf-pkix-okid-01.txt
Previous by thread: Re: I-D ACTION:draft-ietf-pkix-okid-01.txt
Next by thread: Re: I-D ACTION:draft-ietf-pkix-okid-01.txt
Index(es):
- Date
- Thread