[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Certificate Policy Standardization

To: hnn@xxxxxxxxxxxxxx, ietf-pkix@xxxxxxx
Subject: RE: Certificate Policy Standardization
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Sun, 7 Dec 2003 17:44:54 +1300
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

"Hans Nilsson" <hnn@xxxxxxxxxxxxxx> writes:

>Very funny, as usual, Peter. However, let me just spoil your joke a bit.

It wasn't a joke (maybe you missed the recent discussion, in which case you
may want to check the list archives for earlier posts).  That was a
business/legal analysis of how to best use and apply cert policies.

>>The reason why this is approach is used is that if you changed your OID when
>>your policy changes, you'd have to re-issue all your certs, which no-one
>>wants to do.
>
>Why re-issue?? Old certs with old policy-OID are still fine and valid, but
>from now on the CA just issues new certs according to its new policy, with
>new OID.

No, I think you're confusing the cert with a rent-controlled apartment there.
The T&C for use don't continue to be whatever they were in 1949 when you first
got the thing, they change over time, appropriate cert use is defined by
whatever the T&C currently are, and the cert policy extension tells the user
where they can find the T&C online, just like any (non-cert-based)
alternative.  The intent of the legal analysis was to determine the
appropriate way to use the cert policy (from a business/legal perspective),
and that was to treat it as a standard T&C arrangement.

Peter.

Prev by Date: RE: DISCUSS: MUST reject in OCSPv1
Next by Date: Re: DN Encoding by UTF8String
Previous by thread: Re: Certificate Policy Standardization
Next by thread: meeting minutes, slides
Index(es):
- Date
- Thread