criticality conformance
Peter Williams <peter@verisign.com> Thu, 16 May 1996 23:48 UTC
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa27916; 16 May 96 19:48 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa27912; 16 May 96 19:48 EDT
Received: from neptune.tis.com by CNRI.Reston.VA.US id aa06367; 16 May 96 19:48 EDT
Received: from neptune.tis.com by neptune.TIS.COM id aa19326; 16 May 96 19:13 EDT
Received: from relay.tis.com by neptune.TIS.COM id aa19309; 16 May 96 19:09 EDT
Received: by relay.tis.com; id TAA03679; Thu, 16 May 1996 19:10:43 -0400
Received: from sol.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1) id xma003675; Thu, 16 May 96 19:10:14 -0400
Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA14857; Thu, 16 May 96 19:10:26 EDT
Received: by relay.tis.com; id TAA03672; Thu, 16 May 1996 19:10:13 -0400
Received: from rosetta.verisign.com(204.162.64.10) by relay.tis.com via smap (V3.1) id xma003669; Thu, 16 May 96 19:09:54 -0400
Received: from dustin.verisign.com (Gateway-Outside.Verisign.COM [204.162.64.20]) by rosetta.verisign.com (8.7.4/8.6.12) with ESMTP id QAA23439 for <pem-dev@tis.com>; Thu, 16 May 1996 16:12:33 -0700 (PDT)
Received: from peter (Peter.verisign.com [192.42.157.77]) by dustin.verisign.com (8.7.4/8.6.12) with SMTP id QAA11459 for <pem-dev@tis.com>; Thu, 16 May 1996 16:01:15 -0700 (PDT)
Message-Id: <319BA92B.49C5@verisign.com>
Date: Thu, 16 May 1996 15:16:11 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Peter Williams <peter@verisign.com>
Reply-To: peter@verisign.com
Organization: VeriSign, Inc
X-Mailer: Mozilla 3.0b3 (Win16; I)
Mime-Version: 1.0
To: pem-dev@tis.com
Subject: criticality conformance
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Orig-Sender: pem-dev-approval@neptune.tis.com
Precedence: bulk
Re: criticality conformance (Peter Williams <peter@verisign.com>, 15:13) To: Mark S Feldman <feldman@tis.com> CC: solo@bbn.com, hoa@rsa.com, pem-dev@tandem.com Mark, Ive moved the conversation to a non-work list: on the matter of conformance to v3 extensions in X.509 certificates, and a bigger picture discussion of how to organize extensions to reflect the needs of multiple applications, consider this memo, brought about by your comment: > Consenting applications should be able to do what they want. Specific > applications may restrict the usage of otherwise valid certificates > based on many criteria, including, but not limited to, extensions. > The only proprietary, vendor-specific information I've seen pre-loaded > or hard-coded into applications are vendor-specific "root" keys. Perhaps you live in a different, safe and secure R&D/defense world to me. I see hard-nosed, commercially-driven proliferation of application-defined extensions; and proprietary key management (PKI) extensions, used to hook users. The only company I have seen which has sought to (a) cater for this inevitable market-based reality (b) create a largely application-independent certificate platform, is, believe it or not, Microsoft. Extension contents has become the battleground in the certificate-based application market. Whose definitions will win is...a platform war prediction. However there may be a technology solution available. At this stage in the game, however, too much is being earned by having the proprietary extensions war; so its unlikely to see light of day! Such is the nature of open standards; they intefere with profit! A solution is to have a cert contain [a] content schema rule[s], in which for each supported object class (where the class notion is applied to cert extn types), the various extensions pertaining to that class are flagged - madatory/optional/required as appropriate to the application which will use these extensions, for some purpose. The application will choose which object classes it wishes to process from those present in the cert (ignoring others classes, with their critical or otherwise extension values). This notion replaces the criticality notion; which turns out to be effectively useless, as we have now seen 3 experts say in ietf-pkix. (It also makes the cert an effective application enabling capability versus a mere digital id.) What we did several months ago in the lab was place a schema rule instance in the policy qualifier, which noted which extensions in the extn sequence were mandatory, optional etc. Microsoft extended this simple idea nicely, by allowing certain policy elements to have an association with just a *subset* of present extensions, whose particular identitying & governing content rule is present - for application evaluation - in the particular qualifier. You might want to have a look at the Microsoft PKI for software licensing and code signing; very well thoughtout as a basis for a multi-application "certificate-platform". Obviously one of the objects represented in the ceriifcate extention set was intended to be the PKIX-like object, covering application-independent processing, and general-purpose key distibution support, which has proven itself on the whole to be largely application-independent for public networks. see http://www.microsoft.com/intdev/sdk/safe.htm et al, perhaps for some context, etc.
- criticality conformance Peter Williams
- Re: criticality conformance Mark S Feldman
- Re: criticality conformance Peter Williams
- Re: criticality conformance Mark S Feldman