[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lifetime versus NR, Re: Comments on the PKIX Roadmap

To: Ed Gerck <egerck@xxxxxxx>
Subject: Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
From: Alfred Arsenault <awa1@xxxxxxxx>
Date: Sat, 30 Oct 1999 10:51:32 -0400
Cc: IETF-PXIX <ietf-pkix@xxxxxxx>
Organization: @Home Network
References: <> <>

Ed,

	What was the "consensus" of this WG on the meaning of
"non-repudiation"?  I've looked back yet again at all of the messages,
and I can find no consensus.  I can find only several different groups
of people holding different ideas of what it means, or should mean, or
ought to mean but maybe doesn't, or...

	My interpretation of when the NR discussions stopped is that it wasn't
because the WG reached consensus, it was because a number of the
participants just stopped trying to make the same point/argue against
the same point over and over and over ... 

	I'll ask the working group chairs to bring this up in Washington.  The
Roadmap (and other WG documents, but especially the Roadmap, because of
its purpose) should reflect the consensus of the WG on its major
issues.  It should not be "creative" nor contradictory, nor should it
reflect the views of just its authors unless those are explicitly
identified as such.  

	(Please note:  I'm leaving for the airport in about 30 minutes; I'll
most likely be away from e-mail access for the next nine days.  Please
don't interpret my silence/non-participation in discussions of this
between now and then as agreeing to or disagreeing with any stated
position.)

			Al Arsenault

--- This posting represents the opinions of the author only, and may or
may not reflect the views of his employer or of any other organization
with which he may have a relationship.


Ed Gerck wrote:
> 
> Denis Pinkas wrote:
> 
> > Comments on the PKIX Roadmap <draft-ietf-pkix-roadmap-04.txt>
> 
> Dennis:
> 
> The PKIX roadmap is a very creative document. In fact, there is
> little resemblance between its contents and the past
> messages/consensus in this WG.
> 
> > Page 43. About the discussion, starting with "According to
> > [SIMONETTI], ..." I would propose a global replacement until the end
> > of that topic:
> >
> > " The intent is that the digitalSignature bit should be set when
> > what is desired is the ability to sign ephemeral transactions; e.g.,
> > for a single session authentication. These transactions are
> > "ephemeral" in the sense that they are important only while they are
> > in existence; after the session is terminated, there is no long-term
> > record of the digital signature and its properties kept.
> 
> The ability to sign ephemeral transactions e.g., single session
> authentication has to do with the *authenticated connection*
> not with a *signed object* (the certificate) -- so, it is rather easy
> to distinguish the DS bit in either case.  There is no need to
> yet again redefine non-repudiation as a "non-ephemeral digital
> signature" in order to do so:
> 
> >When something is intended to be kept for some period of time for
> >non repudiation purposes, the nonRepudiation bit shall be set. This
> >implies that an application will digitally sign something that may
> >be used for non repudiation purposes; this bit must be turn on.
> 
> The new confusion introduced by your text (and the roadmap)  is
> that non-repudiation has now nothing to do with "preventing the
> denial of a previous act" (HAC, Menezes) or even with "protecting
> against falsely denying an act" (RFC 2459) but with the *lifetime*
> of a digital signature.  Hmmmm... this was never mentioned
> in this WG and is clearly a redundant definition -- so, why
> have it? To avoid the issue?
> 
> Or, perhaps there are those that now say the WG consensus on
> NR was "wrong"?  Perhaps, but this should be decided in this list,
> not in the roadmap text and not in a redundant definition of
> lifetime.
> 
> I also note for the record that accepting this would mean to negate the
> IETF decision process, which I think is even worse than confusing
> "non-repudiation" with lifetime.  Thus, in the best spirit of the Internet
> of routing around the damage, I ask for a recall of the roadmap as it is
> and for a reinstatement of what was discussed and decided here.
> Otherwise, in the future, someone will say "but, there is precedent for
> this behavior" and we will have no more roads but just slippery
> slopes to map, I am afraid.
> 
> Cheers,
> 
> Ed Gerck

Follow-Ups:
- Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
  - From: Ed Gerck

References:
- Comments on the PKIX Roadmap
  - From: Denis Pinkas
- lifetime versus NR, Re: Comments on the PKIX Roadmap
  - From: Ed Gerck

Prev by Date: QC comparisons are DEADLY serious!
Next by Date: Re: I-D ACTION:draft-ietf-pkix-roadmap-04.txt
Previous by thread: lifetime versus NR, Re: Comments on the PKIX Roadmap
Next by thread: Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
Index(es):
- Date
- Thread