[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: resolution

To: Carlisle Adams <carlisle.adams@xxxxxxxxxxx>
Subject: RE: resolution
From: Stephen Kent <kent@xxxxxxx>
Date: Wed, 10 Sep 1997 11:43:23 -0400
Cc: "'ietf-pkix@xxxxxxxxxx'" <ietf-pkix@xxxxxxxxxx>
In-reply-to: <>

Carlisle,

>>The co-chairs could perhaps now call for final arguments, and
>>then decide the concensus position, and the actions.
>
>Given that over a week has gone by since you sent your message, and
>given that not a single response has been submitted, I would guess that
>we already have consensus:
>
>- CA key generation will be downgraded from mandatory to optional (which
>means that EE key generation will be upgraded from optional to
>mandatory, although this may be accomplished as described next);

OK, downgrade CA key gen to optional.  However, let's not make EE key gen
mandatory.  You and others gave good arguments why that is not always
desirable from a security perspective, and how it increases EE cost.  Let's
leave it optional and let users and CAs worry about ensuring apporpriate
matching.

>- Bob and Peter will submit an I-D (separate from PKIX-3) specifying a
>request/response (possibly request/response/confirm) protocol for key
>generation.  This protocol may be supported by EEs, CAs, RAs, or any
>other entity in the PKI.

OK.

>Peter, Bob, Steve/Warwick, Everyone-Else:  does this sound reasonable?
>Can I make the relevant changes in PKIX-3 and submit it for Last Call?

Yes.

Steve

Follow-Ups:
- RE: resolution
  - From: Russ Housley

References:
- RE: resolution
  - From: Carlisle Adams

Prev by Date: Re: resolution
Next by Date: Re: PKCS 7/10 Security Issues
Previous by thread: RE: resolution
Next by thread: RE: resolution
Index(es):
- Date
- Thread