[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NEW Data type for certificate selection ?

To: Stefan Santesson <stefan@xxxxxxxxxxx>
Subject: RE: NEW Data type for certificate selection ?
From: Ed Gerck <egerck@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 1 Oct 1998 13:53:42 -0300 (EST)
Cc: Anders Rundgren <anders.rundgren@xxxxxxxxxx>, "'ietf-pkix@xxxxxxx '" <ietf-pkix@xxxxxxx>, "'list@xxxxxxxxxxxxxxxxx '" <list@xxxxxxxxxxxxxxxxx>
In-reply-to: <>
Sender: owner-ietf-pkix@xxxxxxx

On Thu, 1 Oct 1998, Stefan Santesson wrote:

>
>Ed,
>
>I just want to clearify that I don't want to see any YAPITs (or any other
>speciffic attribute) hardcoded by design into any certificate slection
>mechanism. 

Stefan:

I am really glad you are taking private data such as SSN out of the
picture and out of the data that you need to have in a public cert --
for the second time in this thread.

>But I don't want to stop anyone from using it as selective criteria either.

However, I do want to guarantee that no one will be forced or coaxed
into accepting that "selective criteria". As I said, if you want to
have enough rope to hang yourself (eg, as in C) that is fine but just
don't make it mandatory to thy neighbor.

>
>To me the YAPIT (Yet Another Personal Information Token) discussion belongs
>in completely different dimension independent of the certificate select
>problem space. (even if it is an interesting subject).
>

Agreed -- iff it is taken out of that picture! As it is being done
now, again.

However, another point of my msg still remains. Can you pls address
my reply to your affirmation below:

>>> PPITs are not only designed to make big-brothers job easier :-), 
>>> but to allow users to authenticate themselves using a valid
>>> certificate (be it electronical or physical) where the
>>> certificate receiver only must know what issuers (and domain) to
>>> trust.  

where PPIT is your name for YAPTI and I commented:

>>This has nothing to do with YAPITs. It has to do with issuer trust
>>and key challenge-response. 
>>
>>I affirm that a certificate may only be its signature in size -- a 20
>>byte string -- and that suffices to allow anything you can do with
>>any kilobyte-size X509v3 cert, or even mega-byte size. So, YAPTIs do
>>not really belong to certs as a functional need. To ignore this is to
>>ignore what certificates are.
>>

Cheers,

Ed Gerck
______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
http://novaware.cps.softex.br

References:
- RE: NEW Data type for certificate selection ?
  - From: Stefan Santesson

Prev by Date: Re: NEW Data type for certificate selection ?
Next by Date: RE: NEW Data type for certificate selection ?
Previous by thread: RE: NEW Data type for certificate selection ?
Next by thread: Re: NEW Data type for certificate selection ?
Index(es):
- Date
- Thread