[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Finding PKIX Servers!

To: perry@xxxxxxxxxxxx
Subject: Re: Finding PKIX Servers!
From: Michael Sierchio <kudzu@xxxxxxxx>
Date: Mon, 08 Feb 1999 15:12:05 -0800
Cc: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <> <>
Reply-to: kudzu@xxxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

"Perry E. Metzger" wrote:

> Cert directories are totally unneeded in the model I'm describing
> because the issuing bank can just store the cert (or even a naked
> public key) with the account information.

Agreed on that count.  I suppose that what I was trying to say is
that the signer of a cert (or issuer of a keypair,  maybe a bank?)
has an authoritative role.  A directory is just a collection, a
means of publication,  and has no authoritative role.

A business enterprise may find an internal (LDAP) directory of certs
useful for DH key agreement for IPsec, for example.  But there is
no need for a GLOBAL directory structure, AFAICT. 

Other than arguing against the need for such a global directory
infrastructure,  do you have philosophical or aesthetic problems
with it?

Follow-Ups:
- Re: Finding PKIX Servers!
  - From: Perry E. Metzger

References:
- RE: Finding PKIX Servers!
  - From: Andrew Probert
- Re: Finding PKIX Servers!
  - From: Perry E. Metzger
- Re: Finding PKIX Servers!
  - From: Michael Sierchio
- Re: Finding PKIX Servers!
  - From: Perry E. Metzger

Prev by Date: Error in Path Validation description in RFC2549?
Next by Date: Re: Finding PKIX Servers!
Previous by thread: Re: Finding PKIX Servers!
Next by thread: Re: Finding PKIX Servers!
Index(es):
- Date
- Thread