Re: Attribute Cert Policies Rationale

[Denis Pinkas <Denis.Pinkas@xxxxxxxx>]

Steve,

> IMO this is neither needed nor desirable. ("Neither use nor 
> ornament" as me granny used say.)
>
> It clearly isn't needed since there are IMO already sufficient 
> degrees of freedom in the AC profile, i.e. whatever their problems, 
> DNs are cheap (certainly relative to paying all those policy-gank 
> consultants and lawyers!).

Having a different AA name to identify a policy is not a clean solution.

> The reason it isn't desirable is that AC usage is still almost
> non-existent, and adding yet more complexity is a very good way
> to ensure that things stay as they are.

Maybe one of the reasons why AC usage is still almost non-existent, is 
because it is lacking many features, including this feature.

We need to be positive and identify the obstacles for the use of ACs.

FYI, I have proposed a talk at the next RSA 2003 Conference in San Francisco 
on the following topic:

" Why are Attribute Certificates not yet in use today ? "

That talk has been accepted. So I welcome you to attend that presentation.

:-)

Denis

PS. Thanks for giving me the opportunity to advertise that presentation.

:-)

> Stephen.
>
> PS: I could try start a separate disussion about PKIX feature-creep,
> but I won't. (Oops, maybe I just did:-)