[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] Certificate Directories and Spam

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] Certificate Directories and Spam
From: Andrew Csinger <csinger@xxxxxxxxxxxxxx>
Date: Tue, 30 Dec 1997 22:09:54 -0800
In-reply-to: <>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

There's also no obvious reason why email addresses (or for that matter
other identifying information) should form PART OF the certificate; see
Xcert's papers on the use of OCSP for the secure transmission of
attributes associated with certificates.  (There are few remaining proponents
of the view that credit card numbers, e.g., should be included in certs
as v3 extensions, but the same argument can be used against email addresses,
and so on...)

Andrew


At 14:02 12/30/97 -0400, ajaber@CERTICOM.COM wrote:
>> I would like to hear other opinions.  Does anyone else think this
>> problem may discourage people allowing their certs to be publicly
>> posted?  Have the email or directory working groups discussed this
>> issue?
>
>     Certs has to be made available to those who need them to
>     do what they were intended to do.  To achieve this availability
>     without making public important information like E-mail addresses
>     and personal details is the challenge here.
>
>     Making certs publicly available is not a security issue in
>     the conventional sense, any average E-mail user who subscribes
>     to a an ISP will tell you that they do not want their E-mail
>     boxes filled with Junk and porno E-mail every day.
>
>     As long as there is no Law to Stop unwanted harassing E-mail
>     from spammers the solution SHOULD come Engineering i.e
>     "do not provide spammers with lists of E-mail addresses
>     posted publicly for FREE".
>
>> Hal
>
>Adel Jaber/Certicom Corp
>
--------------------------------------------------------------
Andrew Csinger, Director                   Xcert Software Inc.
1001-701 West Georgia Street    P.O. Box 10145, Pacific Centre
Vancouver, B.C.                                 Canada V7Y 1C6
tel:     1-604-640-6210                fax:     1-604-640-6220
http://www.xcert.com                  email: csinger@xcert.com
           **** Internet Security Technologies ****
"Every  information  object known to modern man is a candidate
 for PKI-based ACL"                          - Young Etheridge
--------------------------------------------------------------

References:
- Re: [IETF-PKIX] Certificate Directories and Spam
  - From: ajaber

Prev by Date: Re: [IETF-PKIX] Certificate Directories and Spam
Next by Date: Re: [IETF-PKIX] Certificate Directories and Spam
Previous by thread: Re: [IETF-PKIX] Certificate Directories and Spam
Next by thread: [IETF-PKIX] Searching_for_representatives
Index(es):
- Date
- Thread