[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))

To: Stephen Kent <kent@xxxxxxxxxxx>
Subject: RE: Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
From: Lynn.Wheeler@xxxxxxxxxxxxx
Date: Sat, 17 Jul 1999 13:37:22 -0700
Cc: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>

i believe the context of the reply was within the statement of what are the
reasons why cert PKIs are having hard time. One of the issues raised was
cost ... part of that scenerio is that digital signature authentication can be
seperated from the question of cert infrastructure costs ... i.e. semantic
confusion that the digital signature authenticates the transaction (not
the certificate) and that the certificate is one method of authenticating
the public key. The digital signature business case can actually be
seperated from the certificate business case (they don't have to
be synonomous) ... leaving the certificate business case to show
that it can eliminate/reduce cost of existing account-based operations.

One way  is to show identity certificates carrying all information
and permissions can eliminate the accounts ... but that introduces
privacy and security exposures. The other way is to show relying-party-only
certificates ... with no information but an account number .... which then
have to hit the account record ... at which point the certificate can be
shown to be redundant and superfulous.

So examining the parameters and operational regions for certificate
business cases .... it is useful to understand where they provide
significant benefit like in the webserver comfort certificate case.
 .







Stephen Kent <kent@po1.bbn.com> on 07/17/99 11:46:15 AM

To:   Lynn Wheeler/CA/FDMS/FDC@FDC
cc:   "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>
Subject:  RE: Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1
       vs XML (used to be RE: I-D  ACTION :draft-ietf-pkix-scvp- 00.txt))




Lynn,

I appreciate your fondness for cert-less public key use; after all, the
model you are describing is yours, submitted to an ANSI X.9 committee.  And
a brief discussion of it is OK too, but since the charter of the PKIX WG
focuses on the use of X.509 certificates in the Internet, extended
discussion of your cert-less model is hardly within the scope of the WG
list.

Steve

Follow-Ups:
- RE: Common misconceptions, ... .txt))
  - From: Stephen Kent

Prev by Date: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by Date: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Previous by thread: Showing Nationality in Cert
Next by thread: RE: Common misconceptions, ... .txt))
Index(es):
- Date
- Thread