[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lifetime versus NR, Re: Comments on the PKIX Roadmap

To: Alfred Arsenault <awa1@xxxxxxxx>
Subject: Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
From: Ed Gerck <egerck@xxxxxxx>
Date: Sun, 31 Oct 1999 00:59:24 -0700
Cc: IETF-PXIX <ietf-pkix@xxxxxxx>, Sean Turner <turners@xxxxxxxx>
References: <> <> <>

Alfred Arsenault wrote:

> Ed,
>
>         What was the "consensus" of this WG on the meaning of
> "non-repudiation"?

Wading through the messages in the archives it is possible to see that this
WG reached clear consensus on several NR items. For example, that NR is
not simply the setting of a bit -- in fact, this WG's  *unanimity* (!!) on NR was
that setting the NR-bit is neither necessary nor sufficient to define the
provision of NR services.

Based on this 100% consensual understanding,  this WG considered various
possibilities for defining the provision of NR services in a technical protocol,
and several clearly distinct modes of NR emerged -- I counted four main modes
(see archives).  Some of these NR modes were detailed in an effort by Tom Gindin
....that  is not even  *cited* in the roadmap .... with a proposed RFC... but which
was nonetheless extensively discussed in this WG and is archived at the IETF.
Can we NR that RFC? ;-))

Thus, reading the roadmap I felt a warp effect --  how could the roadmap ignore
these points of consensus and actions including a proposed RFC and, instead,
come up with an equivalence between NR and lifetime which was not discussed
at all? And, which is 100% redundant with the notion of lifetime itself -- after all,
if we want to signal a short lifetime there is a very well defined field for this in
PKIX that has nothing to do with NR.  Besides, the roadmap confused
"authenticated connection" (which authentication is ephemeral by definition and
lasts as long as the connection itself) with "signed object" (a certificate) which
can last much longer than even its signature lifetime (when providing support
for signature verification as in... NR ).

There are other problems with the new roadmap (see my previous msgs) and problems
which I did not address either --- and which IMO seriously undermine its usefulness
to reflect what this WG discussed and what the protocols are for.  Two of its key
purposes -- and that is why I suggested it should be recalled and redone.  It may be
that the new PKIX roadmap  "captured the WG's feelings from around mid '98
timeframe" as Sean Turner has mentioned today in this list -- but, aren't we
around end '99 timeframe?

Cheers,

Ed Gerck

Follow-Ups:
- Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
  - From: Sean Turner

References:
- Comments on the PKIX Roadmap
  - From: Denis Pinkas
- lifetime versus NR, Re: Comments on the PKIX Roadmap
  - From: Ed Gerck
- Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
  - From: Alfred Arsenault

Prev by Date: Re: LAAP performance issues
Next by Date: Re: QC comparisons are DEADLY serious!
Previous by thread: Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
Next by thread: Re: lifetime versus NR, Re: Comments on the PKIX Roadmap
Index(es):
- Date
- Thread