[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: unqualified topic - not solved yet.

To: "'Stefan Santesson'" <stefan@xxxxxxxxxxx>, Charles Moore <cmoore@xxxxxxxxxxxxx>, "'Anders Rundgren'" <anders.rundgren@xxxxxxxxxx>, "'Tony Bartoletti'" <azb@xxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: unqualified topic - not solved yet.
From: Sharon Boeyen <sharon.boeyen@xxxxxxxxxxx>
Date: Wed, 1 Dec 1999 13:02:47 -0500
Cc: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

Title: RE: unqualified topic - not solved yet.

Just to clarify,

My comment was based on a conversation with Hoyt Kesterson who chairs
the X.500 group. We both agree that this could be a minor defect. However,
we can't speak for the group and a defect report would need to be submitted,
reviewed and ballotted before we could be sure of the support for it.

-----Original Message-----
From: Stefan Santesson [mailto:stefan@accurata.se]
Sent: Wednesday, December 01, 1999 4:38 AM
To: Charles Moore; 'Anders Rundgren'; 'Tony Bartoletti';
ietf-pkix@imc.org
Cc: David P. Kemp
Subject: RE: unqualified topic - not solved yet.

Charles,

At 04:02 PM 12/1/99 +1000, Charles Moore wrote:
<snip>
>Back to the past....
>
>I am not arguing that serial number or dnq be exclusively used, my personal
>preference would be dnq, but rather require we have a standard that reflects
>reality and provides a long term solution that can be used by all existing
>communities...not selective interest groups...
>
>I have a problem with overloading of semantics, as they produce
>indeterminate results...
>I also dont believe a CP is the means to achieve this, keep the protocol
>clean and use rules/policy to determine the usage....
>

One thing that may have to be clarified here is that I have had a dialogue
with Sharon Boyen, who is involved in the X.509, X.520 and X.521
standardization, and she claims that they are willing to change the
definition of serialNumber and related object classes, so that this
attribute can be used for any type of object.

Sharon says that this is considered to be a minor adjustment that almost
was fixed 4 years ago but was forgotten in the process.

This is the fundamental reason for proposing use of serialNumber.

Having this in mind, I fail to see any problems.

I' don't want to enter a privacy discussion here, but I just want to stress
that there is NOTHING in the QC profile that require inclusion of privacy
sensitive information. In fact, the possibility to use a Pseudonym name is
clearly stated. The use of a unique identifier doesn't necessarily means
that it is privacy sensitive. That depends completely what you can do with
that number.

The fact is that we need to add support for inclusion of such identifiers,
regardless of their actual content.

/Stefan
-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata AB                     http://www.accurata.se
Slagthuset                      Tel. +46-40 108588
211 20 Malmö                   Fax. +46-40 150790
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Prev by Date: [no subject]
Next by Date: Re: Server-signatures: Re: proposed key usaged text -- the final round
Previous by thread: RE: unqualified topic - not solved yet.
Next by thread: RE: unqualified topic - not solved yet.
Index(es):
- Date
- Thread