[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Updating RFC 3039 - and its impact on PI

To: <ietf-pkix@xxxxxxx>, "Stefan Santesson" <stefan@xxxxxxxxxxxx>
Subject: Re: Updating RFC 3039 - and its impact on PI
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Tue, 19 Mar 2002 19:26:26 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Stefan,
As you probably know well, I have advocated (for about 2 years),
that a PI extension should indeed contain an OID or similar to point
out what DN attributes (usually one) contain the unique data.  This
means that existing DN schemes (containing the PI-data) can be kept
and the extension added "silently".  This so called "migration solution"
has been banned by [*censored*], who claim that this "habit" creates
bad DNs (DITs?) and must be stopped, in the same way as rcf822 names,
that still are deprecated by son-of-2459 authors in spite of being de-facto
standard.  So I give you little chance to get support for existing practices
and market.  I have already tried that route...

Regarding 3039, I think whatever mechanism PKIX may come up with,
it is rather a son-of-2459 or independent topic we are dealing with as
PIs has uses outside of personal certificates.

/anders

----- Original Message ----- 
From: "Stefan Santesson" <stefan@xxxxxxxxxxxx>
To: <ietf-pkix@xxxxxxx>
Sent: Tuesday, March 19, 2002 17:26
Subject: RE: Updating RFC 3039 - and its impact on PI

Maybe I should clarify myself.

I believe that many of the functionality aspects, that PI was design to 
meet, is achieved by defining semantics of data stored in DN attributes.

I just want to invite people who think they need the PI solution to see 
what they can do with attribute semantics and open the discussion to 
suggestions that would further improve this solution.

Maybe this would reduce the need for a separate PI solution to the extent 
where its just not justified to make YAP. But I remain open to that issue.

/Stefan

At 17:36 2002-03-15 -0400, Roberto Opazo Gazmuri wrote:

> > > Finally I believe that a revision of RFC 3039 should include
> > > considerations to avoid the need for a PI extension according to the PI
> > > draft.
> > >
> > > I can't see that the PI draft accomplish anything that RFC 3039 doesn't
> > > already solve, or at least would solve after revision.
> >
> > The revised document will not be able to solve what the PI document covers
> > since the PI document applies to *any entity* whereas the revised RFC 3039
> > document is planned to apply only to *personal ID certificates*. Maybe the
> > revised RFC 3039 could take advantage and refer to the PI document.
> >
>
>I agree.
>
>The PI purpose is important enough to be in an independent discussion and
>RFC, even considering than QC could be modified to apply to any entity.
>
>Best regards,
>
>Roberto

References:
- Re: Updating RFC 3039 - and its impact on PI
  - From: Denis Pinkas
- RE: Updating RFC 3039 - and its impact on PI
  - From: Stefan Santesson

Prev by Date: RE: Updating RFC 3039 - and its impact on PI
Next by Date: Re: DPD/DPV reqmts strawpoll
Previous by thread: RE: Updating RFC 3039 - and its impact on PI
Next by thread: RE: Updating RFC 3039 - and its impact on PI
Index(es):
- Date
- Thread