[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Policies

To: "Richard Levitte - VMS Whacker" <levitte@xxxxx>
Subject: Re: Certificate Policies
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Fri, 14 Mar 2003 10:52:22 +0100
Cc: <steve.hanna@xxxxxxx>, "Santosh Chokhani" <chokhani@xxxxxxxxxxxx>, <chris.gilbert@xxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Hi Richard,

>A policy implies what is written in it (in the CP and the CPS).
>There's nothing in a policy OID that can tell you what the function or
>the legality of the policy is, you have to read the documents and
>decide that for yourself accordingly.

So far, I am with you.

Now assuming that a single CA key/cert can create N different
policies applied to M different EE-certificates, you get a potentially
unmanageable legal/function matrix.

BTW, why do some people believe that you need a lot of 
different policies?  To keep legal departments busy?  Why do
you actually need more than one within a given "trust-network"?

It would be very interesting to see what purposes all this
stuff is supposed to fill in application software.

            Architecture?

            Data model?

            Links?

I occasionally look on this in a slightly "philosophical" way:
If one large user like DoD, deploys "something" but the rest of 
the market does not, using my thinking, it was a failure for this 
"something" (and long-term also for the DoD).

As not even X.500 directories and LDAP are sacred anymore
http://www.imc.org/ietf-pkix/mail-archive/msg05571.html ,
it seems that PKI technology is still to be regarded as being
highly immature.  That is, your answer is as good as mine.
And vice versa :-)

Unless somebody provides some more facts regarding PE usage
in application software, I suggest that we halt this thread a while,
and let the market do the final selection...

Anders

Follow-Ups:
- Re: Certificate Policies
  - From: Al Arsenault
- Re: Certificate Policies
  - From: Richard Levitte - VMS Whacker

References:
- Re: Certificate Policies (was Re: Trivial PKI Question)
  - From: Anders Rundgren
- Re: Certificate Policies (was Re: Trivial PKI Question)
  - From: Steve Hanna
- Re: Certificate Policies (was Re: Trivial PKI Question)
  - From: Anders Rundgren
- Re: Certificate Policies
  - From: Richard Levitte - VMS Whacker

Prev by Date: Re: Certificate Policies (was Re: Trivial PKI Question)
Next by Date: Distribution Point Name Matching Rule?
Previous by thread: Re: Certificate Policies
Next by thread: Re: Certificate Policies
Index(es):
- Date
- Thread