[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: relying-party contract

To: dwightarthur@xxxxxxxxxxxxxx
Subject: Re: relying-party contract
From: petkat@xxxxxxxxx (Peter williams)
Date: Wed, 4 Jun 1997 09:01:44 -0700
Cc: ssl-talk@xxxxxxxxxxxx (SSL-Talk List), ietf-pkix@xxxxxxxxxx (PKIX List), jreilly@xxxxxxxx, bredler@xxxxxxxx, akung@xxxxxxxx

The VeriSIGN CPS (designed for muli-putpose applications in its
structuing) is already capable of governing the relationships, flows,
obligations and liabilities you mention. One would need a slight shift
of perpective to enable  governance in the scenario you mention, but the
design would  still be as intuitively valid as the particular management
system design and oblication/responsibility transfer protocol  your
scenario conceives.

Should there be a relying-party agreement - no, say I, if one was using
the architecture of the VERISIGN CPS - as such notions are reserved for
different semantics to the controls which your scenario is *really*
after instrumenting. (I agree about the terms if one follows your
scenario's management design;s flow and relationship model; but this,
I'm suggesting, would take CPS design into areas which CPS designers
have yet to tread! and it it may be easier to morph the suggested form
of the relationship back into more "conventional" forms, and reuse
existing responsibility-passing protocols embodied in such as the
VeriSign CPS, or equivalents from MISSI, SET and even RFC 1422.))

I suspect it is indeed time we created a CPS/Cert-issuing-policy list
with an internet-style culture, versus the several  semi-closed lists of
"studied legal/technical professionals". Just as finally we managed here
to open up security and CAs/cert to any & all players, getting any
willing players upto speed on technology and systems so they can choose
to do it oneself, or contract out as the economics beg, then so pehaps
we need to begin opening up the "technology" of CPSs and certificate
issuing *policies*, so folk get the capability of writing/specialising
their own "infrastructure practices", should they wish, based on a solid
understanding and sharing of the essentials, experence and knowlege.

Any site want to volunteer a mailing list responder or, Netscape, is it
acceptable to use this list for more than occasional infrastructure and
policy-related thread only semi-related to SSL?

Prev by Date: ietf-pkix: housekeeping - please delete
Next by Date: Re: relying-party contract
Previous by thread: Re: relying-party contract
Next by thread: ietf-pkix: housekeeping - please delete
Index(es):
- Date
- Thread