[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions
- To: IETF-PKIX@xxxxxxxxxxxxxxxx
- Subject: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions
- From: Stephen Kent <kent@xxxxxxx>
- Date: Tue, 17 Mar 1998 20:58:52 -0500
- Approved-by: Stephen Kent <kent@BBN.COM>
- In-reply-to: <>
- References: <> <> <> <> <> <> <>
- Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
- Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Paul,
>>Most folks will not read a CPS, especially if it goes into that level of
>>detail, and thus what the fine print says will not matter unless one
>>litigates a dispute.
>
>But if you don't read the CPS, you have no idea if the non-comment part of
>an email address was verified. I could certainly believe that many CAs who
>do not do online enrollment (like corporate CAs) will accept as valid any
>information typed into them by the human CA administrator at a CA console.
>If I walk up to my human administrator and say "here's my common name and
>my email address; give me a cert", there's no sensible way for that human
>to verify that it is really my email address. I think you are thinking too
>much in the Verisign online enrollment model, which is only one way certs
>will be generated.
I am not thinking about any particular enrollment model, VS or otherwise.
And I'm willing to back down a bit from the notion that no user will read
any CPS (though I bet this will be true in the vast majority of the
cases!). However, I do believe that even the few users who do read a CPS
will not read it very carefully. Thus the fine distinction between whether
an 822 address is verified, or whether the address and the commented name
is verified, is somehting I am confident will escape almost every user.
>Basically, either someone reads the CPS or they don't. Saying "becasue they
>probably won't, this identifier is OK because it *could* be verified" is
>very dangerous, IMHO. Either it is verified (and th CPS says so), or it
>isn't (and it's not covered in the CPS, or the CPS says "we don't verify
>this").
>
>>I argue that we ought to be careful to not foster a situation that unduly
>>creates an opportunity for confusion.
>
>I fully agree. And I think pretending that a bare email address is verified
>and belongs to the named user is quite an opportunity for confusion.
>Remember, comments in an RFC 822 name *can* be verified. Both parts can be
>verified, or they can be not verified.
Yes, one can verify the comment as well, but I maintain that unless we
require that the comment is always verified, then we are unnecessarily
creating a situation that will confuse users. The altertiave I proposed
would allow a common (comment?) name to be included separately if
appropriate, and would create an opportunity for the appropriate inclusion
of names based on what a CA really checks.
I;'m not trying to look at this is any strict legal sense, although soe
other list memebrs take that appraoch. I'm trying to suggest what I
believe is a common sense approach to this issue that will minimize the
likelihood of confusion where it is easy to be confused and easy to avoid
confusion.
Steve