Re: I-D ACTION:draft-ietf-pkix-laap-00.txt

[Stephen Farrell <stephen.farrell@xxxxxxxxxxxx>]

Hi John,

> I'm somewhat concerned about the definition of profile strings as AC
> selectors.  If the usual practice is that profile strings' values are
> meaningful only by bilateral agreement, this implies a lot of configuration
> and could be susceptible to misinterpretation by punning, especially if/as
> LRQs grow to interact with more than just one LRP. At the risk of a
> contrived example, a Mr. Teller's name, passed as a profile hint, shouldn't
> be interpreted as soliciting a role AC allowing him to handle cash at a
> bank.  I think general use of an OID tag with optional text qualifier would
> be safer, more general, and could contribute to more effective
> interoperability among prospective LAAP peers.  Some uniform tag values
> (e.g., "role") could be usefully defined.  I'm neutral as to whether the OID
> is carried in string-encoded form or not, but believe that some level of
> syntactic structure needs to be present to distinguish the OID from any
> associated qualifier(s).

I guess this is also Dave's opinion and I'm coming around myself.

> Is the fact of LAAP's definition within CMP likely to create demultiplexing
> problems in end systems where both LAAP and CMP services are provided, but
> by different internal entities?

I'd hope not, CMP encapsulation is for discussion in DC anyway, so lets
see what happens there.

Regards,
Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 647 7406
61 Fitzwilliam Lane,                    fax: +353 1 647 7499
Dublin 2.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com