[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: German Key Usage

To: "Friedrichs, Paul" <friedrip@xxxxxxxxxxxx>, Simonetti David <simonetti_david@xxxxxxx>, aram@xxxxxxxxx
Subject: RE: German Key Usage
From: Tony Bartoletti <azb@xxxxxxxx>
Date: Mon, 17 Aug 1998 16:37:56 -0700
Cc: "cert-talk@xxxxxxxxxxxxxxxxxx " <cert-talk@xxxxxxxxxxxxxxxxxx>, "ietf-pkix@xxxxxxx " <ietf-pkix@xxxxxxx>
In-reply-to: <199808172121.OAA15776@pierce.llnl.gov>
Sender: owner-ietf-pkix@xxxxxxx

Paul,

No disrespect taken.  I understand the difficulties of developing for 
interoperability in the current environment.  As naive as it may sound,
I would prefer to have several of each form of key, scores of them in
fact.  Systems should allow that some suffice for multiple application
usages, others not so.

I look to the future, envision a "smart-card" with numerous keys.
Inserted into a device suitable for certain types of transactions,
it would give me a readout of that subset of keys which suffice for
the transaction at hand.  It may not allow me to do data encryption
with a signature key, for instance, or warn me if entering into a high-
value transation with a key whose certificate is soon-to-expire.

I want to move away from the "one-key-is-me" world-view.  I have too
many facets to want or need to share them all, even by indirection,
in every type of transaction.  I should not have to prove who I am
in order to use public transportation, for instance, and yet if I pay
via my one-account-key-certificate, I am in essence providing the world
a trail of crumbs by which to trace my activities.  This is why hard-
currency is still popular, and will remain so for the foreseeable future.

(enough of my ranting;)

___tony___

At 04:56 PM 8/17/98 -0400, Friedrichs, Paul wrote:
>     Aram, Tony,
>     
>     I hope my responses haven't sounded disrespectful. If so, I 
>     apologize. We, here, have been trying to implement a completed 
>     standards-based PKI, and frequently hear people from the PKIX or 
>     the FedPKI camp specifically challenging the initiative with 
>     conflicting interpretations of keyUsage. On top of that, a primary 
>     aim is providing a service that supports existing products. 
>     Frustrating, but we're trying.
>     
>     Regards, and thanks,
>     
>     Paul
>
>

Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL

Prev by Date: Authentication vs. binding signature, and ephemeral vs.permanent key usage
Next by Date: Re: Authentication vs. binding signature, and ephemeral vs. permanent key usage
Previous by thread: Re: RE: German Key Usage
Next by thread: RE: response to unauthorized OCSP reques
Index(es):
- Date
- Thread