[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Qualified Certificates draft - Country name

To: Stephen Kent <kent@xxxxxxx>, "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Subject: Re: Qualified Certificates draft - Country name
From: Tony Bartoletti <azb@xxxxxxxx>
Date: Thu, 04 Mar 1999 11:05:51 -0800
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxx

At 11:57 AM 3/4/99 -0500, Stephen Kent wrote, in part:

>I think one really wants partitioning along organizational lines, not the
>arbitrary lines that the CIDR-like approach would imply.  Organizational
>respobsibility for maintenance of directories has worked well for the DNS,
>and if one were to create a PKI tied to the DNS, e.g., based on DNs that
>employ only DC attributes, then I think we would want to make use of the
>record types already defined for storage of X.509 certs.

Stephen,

I see how "arbitrary partitioning" presents problems for distributed
responsibility of directory maintenance.  But these problems are rooted
in the nature of information the directories are designed to hold, and
begs the question "Why were they designed to hold such information."

As you say, organizational partitioning has worked well for DNS, but
then there is little of privacy concern over data in a DNS database,
and the naming scheme is almost arbitrary.  One should "trust" DNS
only as far as one might trust the entries in a phone book.  If I were
to look up a supposed building contractor from a phone book, I would
still require futher credentials (valid licence, no pending judgements)
before commiting to services.  If the entry in the phone book is bogus,
it is only a minor inconvenience, assuming I exercise diligence.

Certificate and Issuer look-up directories should do no more than this.
They should represent pointers to "tests for trust" and not be trusted
in themselves.  The "best practice" would be to automate multiple tests
through look-ups of independently managed directories, and use a form
of "majority rule" in making determinations of accuracy.

I am concerned about both the fragility and sensitivity of "trusted
directory services" which intend to globalize "meat-space" parameters,
especially geographic, country, state, address, etc.  I ask myself
"What is the worst someone could do, who has access to all of this
information?"

Apologies for not having enough details to make more specific comments.

___tony___






Tony Bartoletti                                             LL
Center for Information Operations and Assurance          LL LL
Lawrence Livermore National Laboratory                LL LL LL
PO Box 808, L - 303                                   LL LL LL
Livermore, CA 94551-9900                              LL LL LLLLLLLL
phone: 925-422-3881   fax: 925-423-8002               LL LLLLLLLL
email: azb@llnl.gov                                   LLLLLLLL

References:
- Re: Qualified Certificates draft - Country name
  - From: David P. Kemp
- Re: Qualified Certificates draft - Country name
  - From: Stephen Kent

Prev by Date: RE: A web of directories - Finding PKIX Servers
Next by Date: RE: Qualified Certificates draft - Country name
Previous by thread: Re: Qualified Certificates draft - Country name
Next by thread: RE: Qualified Certificates draft - Country name
Index(es):
- Date
- Thread