[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request for IESG consideration: CP/CPS Framework

To: "Fillingham, David W." <dwfilli@xxxxxxxxxxxxxx>
Subject: Re: Request for IESG consideration: CP/CPS Framework
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Wed, 20 Nov 2002 13:23:46 +0100
Cc: "'Paul Hoffman / IMC'" <phoffman@xxxxxxx>, "Jeffrey I. Schiller"<jis@xxxxxxx>, smb@xxxxxxxxxxxxxxxx, ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Bull SA.
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

David,

Hi Paul:

As someone who has worked PKI policy interoperability issues for several years, I will stand up in defense of RFC 2527 and its successor. If you enter "certificate policy" into any Internet search engine, you will find hundreds of Certificate Policies and Practice Statements from all over the world, from both government and industry. Nearly all of them conform to RFC 2527.


RFC 2527 is not the single document in that category.
There exists other documents like:

ESTI TS 102 042 : Policy requirements for Certification Authorities
                  issuing Public Key Certificates

ESTI TS 101 456 : Policy requirements for Certification Authorities
                  issuing Qualified Certificates.

They have a different structure. There is also work being done by ISO at this time by TC 68.

So RFC 2527 is not the single reference anymore.

Having said this, it would be a pity not to update RFC 2527.

Denis

> Having Certificate Policies presented with a common structure and

format is extremely important to those of us who work in both the PKI
technical and policy interoperability realms.
RFC 2527 has been very successful in meeting its objectives of providing a
way to compare and contrast Certificate Policies and PKI implementations,
and thereby promoting interoperable PKI implementations.  I believe PKIX
should continue to support it.
Best Regards,
Dave Fillingham
US Department of Defense
-----Original Message----- From: Paul Hoffman / IMC [mailto:phoffman@xxxxxxx] Sent: Tuesday, November 12, 2002 12:11 PM To: Jeffrey I. Schiller; smb@xxxxxxxxxxxxxxxx Cc: ietf-pkix@xxxxxxx Subject: Re: Request for IESG consideration: CP/CPS Framework

At 12:10 PM -0500 11/11/02, Jeffrey I. Schiller wrote:

This document was discussed at the IESG and there were concerns that it was a legal document and not a technical document.

Yup, just like its predecessor.

I don't know how to deal with the objection. It appears that the people objecting don't have any solid recommendation to make to change the document, they just don't like it... I will be taking this up with them in person.

You can't change 2527 to not talk about legal/policy issues; that's what it is about. The new document is simply a revision to an existing RFC. It seems like some revision should be accepted, or the old RFC should be removed (which is not possible). That is, you're stuck with the previous decision to issue RFC 2527. If you have changed your mind about that, is it better to revise it to reflect current practice or to not revise it and hope no one uses the old one?
--Paul Hoffman, Director
--Internet Mail Consortium

References:
- RE: Request for IESG consideration: CP/CPS Framework
  - From: Fillingham, David W.

Prev by Date: Re: New draft-ietf-pkix-logotypes-08.txt
Next by Date: RE: No-op LDAP ;binary option
Previous by thread: RE: Request for IESG consideration: CP/CPS Framework
Next by thread: RE: Request for IESG consideration: CP/CPS Framework
Index(es):
- Date
- Thread