IETF Logo Mail Archive

Re: [Anima] [lamps] on certification authorities.

Erik Andersen <era@x500.eu> Sat, 27 June 2020 07:57 UTC

Return-Path: <era@x500.eu>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E4B03A0542; Sat, 27 Jun 2020 00:57:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.695
X-Spam-Level:
X-Spam-Status: No, score=-1.695 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=x500.eu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ls1SC2zxKAbO; Sat, 27 Jun 2020 00:57:29 -0700 (PDT)
Received: from outscan1.mf.dandomain.dk (outscan1.mf.dandomain.dk [212.237.249.58]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D1C63A043D; Sat, 27 Jun 2020 00:57:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by outscan1.mf.dandomain.dk (Postfix) with ESMTP id 026754069108; Sat, 27 Jun 2020 09:57:27 +0200 (CEST)
Received: from outscan1.mf.dandomain.dk ([127.0.0.1]) by localhost (outscan1.mf.dandomain.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id biJ1pJk1QMuv; Sat, 27 Jun 2020 09:57:26 +0200 (CEST)
Received: from mail-proxy.dandomain.dk (dilvs03.dandomain.net [194.150.112.64]) by outscan1.mf.dandomain.dk (Postfix) with ESMTPA id 204594069100; Sat, 27 Jun 2020 09:57:18 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=x500.eu; s=dandomain; t=1593244646; bh=St7PSINpTDoO7XbXbeu19G7mALHtr+KVerIBvmZTLbA=; h=From:To:Cc:References:In-Reply-To:Subject:Date:From; b=LI4bDBk2VvF7ALm74PQliD9+6gwwjwZqlhHTxNfw78HitSuJU18mwglOuzOG2EFyZ Sf3Bhherfy3a4kkW1VksUhpsg0Pe7CwoHcUde/zk6s0FA0wY4J0YlPIVUfc4ePfguf XQkjTfanwDwHPCscQqrv4O/wK/BJ4lJ+v3hPs7NdvyjYRuWzwqr6tw0gCyx6j6dwb4 KFx6aiuKXVhZNteOQaT6DCwm0sg4XsgZHyun4cKo1glSjPlZNNyLmAde7Vr01g1jlE z5saF8s4bEXYAqeSFvvCYLOFIShPypFQqI1zc6MwHWUb8aqI5XYkJuBkvkXwaMqx2J XuYpT8GYvr0fw==
From: Erik Andersen <era@x500.eu>
To: 'Michael Richardson' <mcr+ietf@sandelman.ca>, spasm@ietf.org, 'Russ Housley' <housley@vigilsec.com>, anima@ietf.org, 'Ben Kaduk' <kaduk@mit.edu>
Cc: 'Ryan Sleevi' <ryan-ietf@sleevi.com>, 'Nico Williams' <nico@cryptonector.com>
References: <20200624023407.GA41244@faui48f.informatik.uni-erlangen.de> <C71BDB46-A15A-48EC-BC4D-68CA9A7C1DFB@vigilsec.com> <13005.1593208602@localhost>
In-Reply-To: <13005.1593208602@localhost>
Date: Sat, 27 Jun 2020 09:57:16 +0200
Message-ID: <001001d64c58$98890d40$c99b27c0$@x500.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQEwj93EDQf+67rRWWSqilgJXpnKwAJ6Ny4/AP3sFROqG81lYA==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/TG3iXsO2gzoXF6ISKgNDF7UCF2E>
Subject: Re: [Anima] [lamps] on certification authorities.
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jun 2020 07:57:31 -0000

There certainly is a big difference between the term certification (an act)
and the term certificate (a data value). Certification implies that the CA
does some validation before issuing a certificate. When a read an article
and hit the term certificate authority, I stop reading thinking the guy
cannot even get the term right. He/She does not know what a CA is.

Erik 

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: 26 June 2020 23:57
To: spasm@ietf.org; Russ Housley <housley@vigilsec.com>; anima@ietf.org; Ben
Kaduk <kaduk@mit.edu>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>; Nico Williams
<nico@cryptonector.com>
Subject: [lamps] on certification authorities.


Russ Housley <housley@vigilsec.com> wrote:
    > Thank you.  Many people get it wrong, but X.509 and RFC 5280 (as well
    > as the earlier versions in RFC 2459 and RFC 3280) all use
    > {CA=} "certification authority".

I guess it might be worth spreading this point more widely :-) I'll all for
stamping out the wrong expansions, even if it sometimes seems pendantic.

I'm told that Google is about to start their Cloud *Certificate* Authority.
If that happens, I believe that any chance to assert the term will be
completely lost :-)

On the other hand, if they go with "certification authority", then perhaps
the tide of the terminology will be reversed.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=
IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email