[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] RFC 822 names in SubjectAltName and

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 17 Mar 1998 20:59:02 -0500
Approved-by: Stephen Kent <kent@BBN.COM>
In-reply-to: <>
References: <>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

Paul,

I think the question of who reads a CPS and how closely is relevant to this
discussion, even if it may be somewhat separable.

>
>Section 2.0 of the draft is quite clear on this:
>   A certificate user should review the certification practice Statement
>   (CPS) generated by the CA before relying on the authentication or
>   non-repudiation services associated with the public key in a
>   particular certificate.  To this end, this standard does not
>   prescribe legally binding rules or duties.

Yes, the draft says that now, and I want to suggest that we tone this down
a bit, since not all CAs will have a CPS.  The CPS notion is important for
3rd party CAs, and organizational CAs issuing certs for extranet purposes,
but proprietary CAs may not have to have one, unless they operate in Utah
;-).

>I think it would be a good idea to add words to this such as:
>
>To avoid confusion, a CPS should say which attributes of a certificate have
>been verified. Further, a CPS should not state that only part of any
>attribute is verified; either the entire attribute is verified, or none of
>the attribute is verified. This is particularly important for attributes
>with rfc822Name values, since the two parts of the value can be validated
>in different fashions, and many CAs will choose not to validate one part or
>the other.

Yes, one could do that, but actually assuming that users will pay close
enough attention to note these differences strikes me as unwarranted.   As
a "security guy" I know from experinece that users pay little attention to
various warnings and the average CPS is way too big to expect the average
user to really read it.  Remember the "Internet Exploder" program, an
ActuveX module that had a valid Microsoft ActiveX vendor signature on it?
People downloaded it and when it popped up a window that said it would shut
down the user's PC when clicked, most users actually cliked the button and
watched in surprize while their system shut down!  The metaphor I use in my
talks on CA policies is that of VCR programming: the vast majority of
(U.S.) VCR owners are incapable of performing this task and thus VCRPlus is
a big hit.  How much harder is it to evaluate a CPS, a complex "trust"
graph in a PKI, etc?

Steve

References:
- Re: [IETF-PKIX] RFC 822 names in SubjectAltName and
  - From: David P. Kemp
- Re: [IETF-PKIX] RFC 822 names in SubjectAltName and
  - From: Paul Hoffman / IMC

Prev by Date: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions
Next by Date: Re: [IETF-PKIX] Multiple certificates for same key?
Previous by thread: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and
Next by thread: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and
Index(es):
- Date
- Thread