[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Common misconceptions, ... .txt))

To: Lynn.Wheeler@xxxxxxxxxxxxx
Subject: RE: Common misconceptions, ... .txt))
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 19 Jul 1999 16:19:14 -0400
Cc: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
In-reply-to: <>

Lynn,

>i believe the context of the reply was within the statement of what are the
>reasons why cert PKIs are having hard time. One of the issues raised was
>cost ... part of that scenerio is that digital signature authentication can be
>seperated from the question of cert infrastructure costs ... i.e. semantic
>confusion that the digital signature authenticates the transaction (not
>the certificate) and that the certificate is one method of authenticating
>the public key. The digital signature business case can actually be
>seperated from the certificate business case (they don't have to
>be synonomous) ... leaving the certificate business case to show
>that it can eliminate/reduce cost of existing account-based operations.
>
>One way  is to show identity certificates carrying all information
>and permissions can eliminate the accounts ... but that introduces
>privacy and security exposures. The other way is to show relying-party-only
>certificates ... with no information but an account number .... which then
>have to hit the account record ... at which point the certificate can be
>shown to be redundant and superfulous.
>
>So examining the parameters and operational regions for certificate
>business cases .... it is useful to understand where they provide
>significant benefit like in the webserver comfort certificate case.

We disagree that "relying-party-only" certs are redundant, as I have
discussed in a recent response.

However, I agree that your comments about cert-less use of PKIs were
relevant to the discussion of why PKIs have been hard to deploy, and so, in
that context, the comments were appropriate for this list.

Steve

References:
- RE: Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
  - From: Lynn.Wheeler

Prev by Date: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by Date: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Previous by thread: RE: Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by thread: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Index(es):
- Date
- Thread