[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecate the NR bit?

To: Bob Jueneman <BJUENEMAN@xxxxxxxxxx>
Subject: Re: Deprecate the NR bit?
From: Ed Gerck <egerck@xxxxxxx>
Date: Thu, 02 Sep 1999 11:23:04 -0700
Cc: kent@xxxxxxxxxxx, ietf-pkix@xxxxxxx, Tom Gindin <tgindin@xxxxxxxxxx>
References: <>

Bob Jueneman wrote:

> But even if he [Tom Gindin] comes up with a satisfactory, suitably limited definition of
> "technical NR" or something like that, I think we have clearly identified a need for additional
> functionality that needs to be endorsed by the CA in order to constitute adequate
> notice. so I think additional bits will be necessary.  Whether we put them in the keyUsage
> or the extendedKeyUsage fields, I don't care.

In my analysis, four cases are needed at least -- and, for heaven's sake, yes, four different
names. Instead of calling all as "NR".  We now have "technical NR", "full NR", and maybe,
following this track we will have "waning NR",  "quasi-empty NR", etc. ;-)

Of course (paraphrasing a very well-known text), no objection can be raised
against the self-definition of NR itself in PKIX, at most one might take exception
to the name "non-repudiation" given to this quantity on the ground that the term is
reserved for another, "known" concept.  But, as far as the exposition of PKIX
clarified by Tom's proposed RFC is concerned, the term was not "known" -- as it has
appeared for the "first time" in PKIX and then was defined in a precise form in Tom's
proposed RFC.

It is true however that human beings, business and law do have a concept of
non-repudiation which differs from PKIX usage, and I think it is unfortunate that
these ends cannot meet when I would think it would be very easy to do so.  But,
it just adds another level of indirection.

However, I feel that today this issue is NOT the most relevant one.  The most
relevant issue today IMO is to massage Tom's RFC to an at least passing grade.

As I see it any full treatment will have to be formally defined, not just protocol
defined -- since protocol is not the only way of implementing it and protocol
cannot do it alone. I already circulated a draft on the formalism to two people in
the WG but it seems that interest is not high enough at this time.  It is like talking
about the need to have air traffic control in 1920, it seems ;-) .. just too soon.  Thus,
I welcomed Tom's initiative and I ask you Bob to take a good hard look at it
and perhaps you will also agree that if this RFC is the most one can have at the
moment ... then let's have it.

Cheers,

Ed Gerck

References:
- Re: Deprecate the NR bit?
  - From: Bob Jueneman

Prev by Date: Re: Real-world issues, Re: Deprecate the NR bit?
Next by Date: RE: End-Entity Certificate Policies
Previous by thread: Re: Deprecate the NR bit?
Next by thread: Re: Deprecate the NR bit?
Index(es):
- Date
- Thread