RE: Comments on draft-ietf-pkix-ipki-part4-03.txt
Stefan Santesson <stefan@accurata.se> Thu, 28 May 1998 13:58 UTC
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA12349 for ietf-pkix-bks; Thu, 28 May 1998 06:58:47 -0700 (PDT)
Received: from maila.telia.com (root@maila.telia.com [194.236.189.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA12345 for <ietf-pkix@imc.org>; Thu, 28 May 1998 06:58:46 -0700 (PDT)
Received: from d1o26.telia.com (root@d1o26.telia.com [195.198.156.241]) by maila.telia.com (8.8.8/8.8.8) with ESMTP id QAA11201; Thu, 28 May 1998 16:03:02 +0200 (CEST)
Received: from stefans (t8o26p38.telia.com [195.198.157.218]) by d1o26.telia.com (8.8.8/8.8.5) with SMTP id QAA28634; Thu, 28 May 1998 16:03:00 +0200 (MET DST)
Message-Id: <3.0.32.19980528155208.00a458c0@m1.404.telia.com>
X-Sender: u40400192@m1.404.telia.com
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Thu, 28 May 1998 15:52:10 +0200
To: Santosh Chokhani <chokhani@cygnacom.com>, ietf-pkix@imc.org
From: Stefan Santesson <stefan@accurata.se>
Subject: RE: Comments on draft-ietf-pkix-ipki-part4-03.txt
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA12346
Sender: owner-ietf-pkix@imc.org
Precedence: bulk
Hi Santoch, Thank you for your reply. I know that the structure allows definitions for CAs, RAs, Subscribers etc. The problem is how to include general exceptions for RAs versus the requirements on CA. Many times this is differing depending on what kind of services the RA is involved in and I need a place to define these provisions. It comes to my mind that it might be better to include general exceptions and provisions regarding the divisions of duties between the CA and its RAs, in the top section of the topic instead of creating a new subsection. I.e. including my 5.1.9 under 5.1, 5.2.1.2 under 5.2.1 and 5.3.9 under 5.3. Thus avoiding un logic changes in the structure. The drawback of this is of course to start defining exceptions before the actual requirements are presented in the subsections. This may feel the wrong way round, but I'm not sure. My main question about "2.10 Contractual Agreements" remain unanswered. Again I higly welcome every view on this topic since I only have a few days left to finalise this policy before approval. Stefan At 08.58 1998-05-28 -0400, Santosh Chokhani wrote: >Please note that the PKIX Part 4 allows for the security controls, >roles, etc. to be defined for the various PKI entities, including >issuing CA, subject CAs, RAs, subscribers, repositories, etc (see >section 4.5 and 4.6 of the framework) > >Thus, all of Stefan's inclusions in Section 5 are within the scope of >the framework. > >> -----Original Message----- >> From: Stefan Santesson [SMTP:stefan@accurata.se] >> Sent: Wednesday, May 27, 1998 5:48 PM >> To: ietf-pkix@imc.org >> Subject: Comments on draft-ietf-pkix-ipki-part4-03.txt >> >> I'm project leader of a joint Swedish project with the >> purpose to form a certificate policy for a Swedish national >> "bas-ID" certificate. >> >> The project is formed by the Swedish non-profit organization >> SEIS (Secured Electronic Information in Society) which is >> formed by members from Government, Banking, Industry, Military, >> Post and Health care sectors. >> >> The policy can be obtain from SEIS WWW at: >> >> http://www.seis.se/regler/normer/S10_v093.doc >> >> This policy is now ready for official approval on June 16 >> by the SEIS board. >> >> The policy almost follows the structure of >> draft-ietf-pkix-ipki-part4-03.txt >> We have, however, been forced to expand the structure with the >> following sections. >> >> 2.10 Contractual agreements. >> In the policy we state requirements on the CA to establish a >> number of contractual agreements according to some minimum >> standards. This is contracts with the subscriber, employer of the >> subscriber with which the subscriber is affiliated in the >> certificate, Subcontractors (such as RA:s), etc. We could not find >> any suitable sections in the PKIX draft to put such requirements. >> >> 5.1.9 Physical Security Controls for Registration Authorities >> A section like this was originally formed by ABA. We know that >> physical security for RA:s can be defined in sections 5.1 to 5.8 >> but it is much easier to define some general exception rules for >> RA:s in a section of its own. >> >> 5.2.1.2 Trusted Roles for Registration Authorities >> This section was formed by the same reason as 5.1.9 above. >> >> 5.3.9 Personal Security Controls for Registration Authorities >> The same as for 5.1.9 >> >> >> Could someone comment on this. Have we misunderstood anything. >> Should we have acted differently or should the PKIX draft be >> expanded. >> >> Thank you in advance. >> >> Stefan >> >> >> >> ---------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> ---------------------------------------------------------------- > > ---------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 ----------------------------------------------------------------
- RE: Comments on draft-ietf-pkix-ipki-part4-03.txt Stefan Santesson
- RE: Comments on draft-ietf-pkix-ipki-part4-03.txt Santosh Chokhani
- Comments on draft-ietf-pkix-ipki-part4-03.txt Stefan Santesson