|
Bob Blakley wrote:
> I
agree with Steve here. I think this horse is dead now, and I resolve
to stop arguing
>
these points.
Yes.
Good ideas have been exchanged, a general need for methods stressed,
as
well as the need for considering not only the number of attributes (so-called
Steve's
rule) but also their individual lifetimes when estimating a certificate
lifetime.
The
discussions also indicated that certificate lifetime seems to be more
closely
given by an inverse function of the number of attributes, which is also
contrary
to the so-called Steve's rule which predicated an inverse square-function
(based
on the now revealed, suck principle). So, these two hit counts surely
give
Steve
the right to call off this discussion as no parts of his rule are valid
any
longer
;-)
But,
judging by list reactions -- pro, con and in disbelief -- Bob Blakley was
indeed
IMO not only insightful but also persistent in following through the
initial
discussions in order to question whether PKIX should consider
the
question of certificate lifetime in connection to attributes and costs
(whatever
cost metric one wants to use), risks, presumed validity, policies,
etc.
The
issue of actually *increasing* a certificate lifetime by adding attributes
was
just
briefly considered here by myself, but the question of redundancy was lively
debated
also by Tony Bartoletti and by Veikko Punka. Two different approaches
to
deal with attribute redundancy were revealed; one which discusses redundancy
as
a question relative to the observer and which I might call a subjective-frame
approach
was proposed early on by myself (original posting) and another given
recently
by a n-order lifetime equation, using what is an objective-frame
approach
(David Chia).
I will
be including Veikko's interesting example, as well as Tony's comments
and
a comparison with David's approach to deal with redundancy in my
final
paper on this. I wish to thank all suggestions, for their high
and
oftentimes
enlightening or even amusing quality. In particular, Tony's
"dynamite
sticks" metaphor was very graphic and I have used it effectively
with
varied audiences. Even lawyers understand it ;-), so its field-proven,
I
may say. Kudos to Tony.
When
the full paper is done, I will supply the URL. IMO, ideas only grow
when
shared and I am thus thankful for the examples and counterexamples
provided.
For those that led this into a personal campaign, I say that
I
took
the challenge, not the offense.
BTW,
some have given me the pleasure of very productive private discussions
and
this channel is also open for off list discussion to anyone interested.
Cheers,
Ed Gerck
_________________________________________________________________
Dr.rer.nat. E. Gerck
egerck@mcg.org.br
--- Meta-Certificate Group
member -- http://www.mcg.org.br ---
|