[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt

To: "Stephen Kent" <kent@xxxxxxx>
Subject: Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Tue, 29 Oct 2002 07:01:05 +0100
Cc: <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

<snip>
>Another disadvantage to mapping is that it creates another 
>opportunity to make errors, i.e., in mapping from the certificate 
>space to the application space. the database needed to perform the 
>map is an additional source of errors, or an additional attack point, 
>and generally lacks the integrity afforded to certs.

Dear Steve,

In other more established sectors of the IT-industry, the need
for mappings have been reduced by introducing globally
agreed-upon identifiers like UNSPC for product codes.
PKI is literally decades behind, where people still are fighting
about the very basics, like where to put and how to interpret identity
information, here referring to Subject DNs, SubjectAltNames,
URIs, PIs, e-mail addresses, DUNS numbers, etc.

Unless we are talking private and closed PKIs, mapping
is still a necessary evil for most systems.

cheers,
Anders

Follow-Ups:
- Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
  - From: Stephen Kent

References:
- I-D ACTION:draft-ietf-pkix-usergroup-01.txt
  - From: Internet-Drafts
- Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
  - From: Anders Rundgren
- Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
  - From: Stephen Kent

Prev by Date: RFC 3280 : anyPolicy in the policy mapping extension
Next by Date: RE: delegation attribute within a signed message
Previous by thread: Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
Next by thread: Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
Index(es):
- Date
- Thread