[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] Critical extensions and Policy OIDs

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] Critical extensions and Policy OIDs
From: Charles Moore <cmoore@xxxxxxxxxxxxx>
Date: Wed, 17 Dec 1997 10:12:21 +1000
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

-----Original Message-----
From: Bob Jueneman <BJUENEMAN@NOVELL.COM>
To: IETF-PKIX@LISTS.TANDEM.COM <IETF-PKIX@LISTS.TANDEM.COM>
Date: Wednesday, 17 December 1997 4:47
Subject: Re: [IETF-PKIX] Critical extensions and Policy OIDs

:Michael,
:
:I think it is anyone's guess.  I don't know of anything in X.509 or in PKIX
:that particularly mandates the USE of the policy OID -- it could be the
ISDN
:number of an unpublished manuscript which resides on the planet Vogon, for
:all anyone knows.
:
:I haven't done a recent search, but to the best of my knowledge, only
:VeriSign has actually published a Certification Practice Statement, and I'm
:not sure whether they intend to publish a separate Policy document in
:addition, or not.

We have both, these are published in closed communities.

:
:I'm not aware of any CAs that are actually including a policy OID in their
:certificates to date -- if someone does know of some examples it might be
:quite helpful -- maybe even a defacto practice.

See our CA certificates in our path,ALL certs will have OIDS from 1st of
January.

:
:Certainly the INTENT of the policy OID as I understand it was to provide
:some kind of shorthand legal notice, in the form of an incorporation by
:reference.

Its just an OID.

Snip
:
:What still isn't clear is the extent to which a policy OID constitutes a
:representation or agreement between the subscriber and the CA, and/or the
:extent to which such a representation by the subscriber can be relied on by
:a relying party.

It is a staement by the CA, as to the certifiaction policy ( NOT practices
that are used)
most Certificate policies include policies regarding subscriber and relying
party policy.
These are enforced by agreements, that refernce the Certifiacet policy(s).

:
:Seems to me that the relying party wants to know two things:  (1)  Under
:what circumstances would the reliance on a digital signature verified by
:reference to a particular certificate constitute a commercially
UNREASONABLE
:transaction, and (2) (the flip side) when would reliance on the digital
:signature be considered the norm.

See above.

Content-Type: application/x-pkcs7-signature;
        name="smime.p7s"
Content-Disposition: attachment;
        filename="smime.p7s"

Attachment converted: Lutefisk:smime.p7s 4 (????/----) (0001DCAF)

Prev by Date: Re: [IETF-PKIX] Encoding of INTEGER fields in PKIX
Next by Date: Re: [IETF-PKIX] Critical extensions and Policy OIDs
Previous by thread: Re: [IETF-PKIX] Critical extensions and Policy OIDs
Next by thread: Re: [IETF-PKIX] Critical extensions and Policy OIDs
Index(es):
- Date
- Thread