[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Profiles, Profiles, Profiles

To: gangolli@xxxxxxxxxxxx, ietf-pkix@xxxxxxxxxx
Subject: RE: Profiles, Profiles, Profiles
From: "Simonetti David" <simonettid@xxxxxxx>
Date: Fri, 21 Feb 1997 10:17 -0500

Anil,

I am the author of several of these profiles (MISSI and Federal PKI) and let 
me say that interoperability is one of the primary objectives in this work. 
 We have worked closely in the past with those contributing to the PKIX and 
MISPC work to ensure that there are no interoperability concerns.

Due to the general nature of X.509, I feel it is necessary that these 
profiles be developed to, in fact, foster interoperability.  The intent of 
the profile is to standardize implementations and reduce the complexity of 
certificate generation and certificate processing.  That is why we feel it 
necessary in the MISSI and Federal PKI profiles to provide somewhat more 
detail that other profiles.  We also feel that specific extensions 
undoubtedly increase the security of the infrastructure, and that is why 
they are explicitly "profiled in".

Also note that the profiles are not meant to be all inclusive.  The profiles 
for MISSI and Federal PKI (and an uncoming ISO profile) all permit 
communities the opportunity to tailor and control certificate and CRL usage.

If you have any specific questions on the profiles, please feel free to 
contact me.

David Simonetti
Booz-Allen & Hamilton Inc.
900 Elkridge Landing Road
Linthicum, MD 21090
 ----------
From: Anil R. Gangolli
To: ietf-pkix
Subject: Profiles, Profiles, Profiles
Date: Thursday, February 20, 1997 9:12PM

I am aware of the following certificate, crl, and/or verification
profiles in development or existence today:

1. PEM   (will be mostly obsolete, I expect, after PKIX)
2. PKIX  (IETF)
3. MISSI
4. MISPC (NIST)
5. Federal PKI (Federal PKI-TWG)

I worry that the proliferation of certificate profiles
poses a serious threat to interoperability and will
slow down the adoption and usability of PKI as a whole.

Most of these profiles specify contents requirements for
each field in the certificate, crl, etc..  Has anyone here
done a comparative field-by-field analysis of these to
see where they are in common and where they differ?
(I suppose a comparitive analysis of the verification
procedures may be harder to write down succinctly.)

Any comparative analysis would be useful both to the IETF
PKIX effort as well as these other profile efforts.
Ideally there would be  one uniform profile across
the board, but barring that, at least one could hope
for (and drive toward) the minimal differences in
profiles that are needed to support any actual
differences in requirements.

Thanks in advance for any information in this area.
 --a.

Follow-Ups:
- Re: Profiles, Profiles, Profiles
  - From: Anil R. Gangolli

Prev by Date: RE: Profiles, Profiles, Profiles
Next by Date: Re: Private key possession
Previous by thread: RE: Profiles, Profiles, Profiles
Next by thread: Re: Profiles, Profiles, Profiles
Index(es):
- Date
- Thread