Re: Bridge Certification Authorities
Sam Schaen <schaen@mitre.org> Thu, 30 December 1999 19:30 UTC
Received: from ns.secondary.com (ns.secondary.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03602 for <pkix-archive@odin.ietf.org>; Thu, 30 Dec 1999 14:30:05 -0500 (EST)
Received: from localhost by ns.secondary.com (8.9.3/8.9.3) with SMTP id LAA03850; Thu, 30 Dec 1999 11:24:17 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Thu, 30 Dec 1999 11:24:15 -0800
Received: from smtpproxy1.mitre.org (mbunix.mitre.org [129.83.20.100]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA03824 for <ietf-pkix@imc.org>; Thu, 30 Dec 1999 11:24:14 -0800 (PST)
Received: from avsrv1.mitre.org (avsrv1.mitre.org [129.83.20.58]) by smtpproxy1.mitre.org (8.9.3/8.9.3) with ESMTP id OAA11078; Thu, 30 Dec 1999 14:29:12 -0500 (EST)
Received: from MAILHUB2 (mailhub2.mitre.org [129.83.221.18]) by smtpsrv1.mitre.org (8.9.3/8.9.3) with ESMTP id OAA01693; Thu, 30 Dec 1999 14:26:26 -0500 (EST)
Received: from schaen-pc.mitre.org (128.29.162.49) by mailhub2.mitre.org with SMTP id 2319069; Thu, 30 Dec 1999 14:29:13 EST
Message-ID: <386BB317.8AC349A6@mitre.org>
Date: Thu, 30 Dec 1999 14:31:35 -0500
From: Sam Schaen <schaen@mitre.org>
Organization: The MITRE Corporation
X-Mailer: Mozilla 4.7 [en]C-19991010M (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Snow Katrina <snow_katrina@bah.com>
CC: ietf-pkix@imc.org
Subject: Re: Bridge Certification Authorities
References: <386B73BD.6154E83D@dsi.unimi.it> <386BB05F.9DE4CE55@bah.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Content-Transfer-Encoding: 7bit
Look at http://csrc.nist.gov/pki/twg/welcome.html#documents which contains a link for "Proposed Federal PKI Architecture" Snow Katrina wrote: > > Can anyone point me to documentation, books, websites, etc. that provide > information on Bridge Certificate Authorities? I am trying to learn as > much as possible about this topic starting at the ground level. Any > input would be appreciated. > > Katrina > snow_katrina@bah.com Received: from wjao001.sita.int (wjao001.sita.int [57.250.224.18]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA12608 for <ietf-pkix@imc.org>; Fri, 31 Dec 1999 03:01:07 -0800 (PST) From: Jean-Rene.Labarriere@sita.int Received: by wjao001.sita.int (Smap/SITAnet-firewall-2.1) id LAA25549 for <ietf-pkix@imc.org>; Fri, 31 Dec 1999 11:05:39 GMT Received: from mx2.sita.int(57.6.21.40) by wjao001 via smap (3.2) id xma025543; Fri, 31 Dec 99 11:05:32 GMT Received: from nice1.nce.sita.int (nice1.equant.com [57.4.26.95]) by mx2.sita.int (8.8.8/SITAnet-relay-2.5b) with SMTP id LAA21450 for <ietf-pkix@imc.org>; Fri, 31 Dec 1999 11:05:31 GMT Received: by nice1.nce.sita.int(Lotus SMTP MTA v4.6.2 (693.3 8-11-1998)) id 41256858.003CE990 ; Fri, 31 Dec 1999 12:05:19 +0100 X-Lotus-FromDomain: SITA To: ietf-pkix@imc.org Message-ID: <41256858.003CE79B.00@nice1.nce.sita.int> Date: Fri, 31 Dec 1999 12:05:13 +0100 Subject: unsubscribe Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline unsubscribe Received: from smtpproxy1.mitre.org (mbunix.mitre.org [129.83.20.100]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA03824 for <ietf-pkix@imc.org>; Thu, 30 Dec 1999 11:24:14 -0800 (PST) Received: from avsrv1.mitre.org (avsrv1.mitre.org [129.83.20.58]) by smtpproxy1.mitre.org (8.9.3/8.9.3) with ESMTP id OAA11078; Thu, 30 Dec 1999 14:29:12 -0500 (EST) Received: from MAILHUB2 (mailhub2.mitre.org [129.83.221.18]) by smtpsrv1.mitre.org (8.9.3/8.9.3) with ESMTP id OAA01693; Thu, 30 Dec 1999 14:26:26 -0500 (EST) Received: from schaen-pc.mitre.org (128.29.162.49) by mailhub2.mitre.org with SMTP id 2319069; Thu, 30 Dec 1999 14:29:13 EST Message-ID: <386BB317.8AC349A6@mitre.org> Date: Thu, 30 Dec 1999 14:31:35 -0500 From: Sam Schaen <schaen@mitre.org> Organization: The MITRE Corporation X-Mailer: Mozilla 4.7 [en]C-19991010M (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Snow Katrina <snow_katrina@bah.com> CC: ietf-pkix@imc.org Subject: Re: Bridge Certification Authorities References: <386B73BD.6154E83D@dsi.unimi.it> <386BB05F.9DE4CE55@bah.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Look at http://csrc.nist.gov/pki/twg/welcome.html#documents which contains a link for "Proposed Federal PKI Architecture" Snow Katrina wrote: > > Can anyone point me to documentation, books, websites, etc. that provide > information on Bridge Certificate Authorities? I am trying to learn as > much as possible about this topic starting at the ground level. Any > input would be appreciated. > > Katrina > snow_katrina@bah.com Received: from mclean4-mail.usae.bah.com ([156.80.5.111]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA03577 for <ietf-pkix@imc.org>; Thu, 30 Dec 1999 11:15:02 -0800 (PST) Received: from bah.com ([156.80.187.157]) by mclean4-mail.usae.bah.com (Netscape Messaging Server 3.61) with ESMTP id AAA57A3 for <ietf-pkix@imc.org>; Thu, 30 Dec 1999 14:15:41 -0500 Message-ID: <386BB05F.9DE4CE55@bah.com> Date: Thu, 30 Dec 1999 14:19:59 -0500 From: "Snow Katrina" <snow_katrina@bah.com> Organization: BAH X-Mailer: Mozilla 4.03 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Bridge Certification Authorities References: <386B73BD.6154E83D@dsi.unimi.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Can anyone point me to documentation, books, websites, etc. that provide information on Bridge Certificate Authorities? I am trying to learn as much as possible about this topic starting at the ground level. Any input would be appreciated. Katrina snow_katrina@bah.com Received: from v4j31 (ip12.proper.com [165.227.249.12]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA01719; Thu, 30 Dec 1999 08:10:27 -0800 (PST) Message-Id: <4.2.1.19991230081416.00bfc140@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.1 Date: Thu, 30 Dec 1999 08:15:30 -0800 To: Bruschi Danilo <bruschi@dsi.unimi.it>, ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: Getting an OID In-Reply-To: <386B73BD.6154E83D@dsi.unimi.it> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed At 04:01 PM 12/30/99 +0100, Bruschi Danilo wrote: >in the preliminary study for a PKI we ended up with the problem of >defining new extension for X.509 V3 certificates. Does someone know >which kind of procedure has to be followed in order to get them, I mean >to have an OID and get it internationally approved? The easiest way to get the beginning of an OID arc is to get a "private enterprise number" from IANA. See <http://www.isi.edu/cgi-bin/iana/enterprise.pl> for the form. The list of all folks who have gotten such OIDs is at <ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers>. --Paul Hoffman, Director --Internet Mail Consortium Received: from mercurio.srv.dsi.unimi.it (root@mercurio.srv.dsi.unimi.it [159.149.130.5]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA00753 for <ietf-pkix@imc.org>; Thu, 30 Dec 1999 06:56:31 -0800 (PST) Received: from dsi.unimi.it (exodus.usr.dsi.unimi.it [159.149.145.41]) by mercurio.srv.dsi.unimi.it (8.9.3/8.9.3) with ESMTP id QAA09593 for <ietf-pkix@imc.org>; Thu, 30 Dec 1999 16:00:00 +0100 (MET) Message-ID: <386B73BD.6154E83D@dsi.unimi.it> Date: Thu, 30 Dec 1999 16:01:17 +0100 From: Bruschi Danilo <bruschi@dsi.unimi.it> X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Getting an OID Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello everybody, in the preliminary study for a PKI we ended up with the problem of defining new extension for X.509 V3 certificates. Does someone know which kind of procedure has to be followed in order to get them, I mean to have an OID and get it internationally approved? Thanks for your answers D. Bruschi ------------------------------------------------------------------------ Danilo Bruschi, Associate Professor of Computer Science Dip. Scienze dell'Informazione * tel: +39 02 55006 260 Universita' degli Studi di Milano * fax: +39 02 55006 266 Via Comelico 39, 20135 Milano- ITALY * email: bruschi@dsi.unimi.it ------------------------------------------------------------------------ Received: from esebh01nok.ntc.nokia.com (esebh01nok.ntc.nokia.com [131.228.118.150]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA29459 for <ietf-pkix@imc.org>; Thu, 30 Dec 1999 04:56:43 -0800 (PST) From: haitao.tang@nokia.com Received: by esebh01nok with Internet Mail Service (5.5.2650.10) id <ZC3V1FZH>; Thu, 30 Dec 1999 15:01:38 +0200 Message-ID: <01D91AFB08B6D211BFD00008C7EABAE1011E75@eseis04nok> To: namedroppers@internic.net, dhcp-v4@bucknell.edu, ipng@sunroof.eng.sun.com, srvloc@srvloc.org, zeroconf@merit.edu, aaa-wg@merit.edu, roamops@tdmx.rutgers.edu, ipsec@lists.tislabs.com, ietf-pkix@imc.org, ietf-stime@stime.org, spki@c2.net, ietf-cat-wg@lists.stanford.edu, discuss@apps.ietf.org, www-mobile@w3.org Subject: Announcement of the Internet Spatial Location Forum Date: Thu, 30 Dec 1999 15:01:37 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: text/plain; charset="iso-8859-1" Dear Colleagues: Internet Spatial Location Forum, a discussion list on IP-related location issues is now active. The setting up of the forum is sparked by the huge practical value and the unreadiness of the spatial location capability for the Internet. The missing capability becomes even more demanded with the integration of IP and various network technologies including cellular and mobile systems. The forum is thus set up after our discussions with the leaders and some other members of IETF. It serves as a pre-BOF mailing list for applying a BOF in 47th IETF to address those location issues. The detailed description can be found at 'http://www-nrc.nokia.com/ip-location'. Its immediate goals are: (1) Collect the interests, concerns, and suggestions on an IP spatial location protocol, (2) Identify the further requirements of the location protocol, (3) Seek partners and enthusiasts for the joint effort, (4) Invite volunteers for their presentations on the location issues, and (5) Prepare the BOF charter for the location protocol. In brief, there is now a well-evaluated concept in its pregnancy. Please add your own influences onto its progress. To subscribe to the list, just email 'majordomo@research.nokia.com' with 'subscribe ext-ip-location' in the mail body. To discuss , just email the mailing list 'ext-ip-location@research.nokia.com'. More information (detailed forum description, mailing list archive, etc.) can be found at the web page 'http://www-nrc.nokia.com/ip-location'. Thank you for reading this far! Please forward this mail to anyone else who may be interested. Please visit the forum's web page and contribute by sending email to the mailing list. Thanks again! Yours truly, Haitao Tang / Eric Brunner Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA13507 for <ietf-pkix@imc.org>; Wed, 29 Dec 1999 07:14:17 -0800 (PST) Received: from [171.78.30.107] (FIXED030-107.BBN.COM [171.78.30.107] (may be forged)) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id JAA26400; Wed, 29 Dec 1999 09:48:03 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v04220800b48fcdb31321@[171.78.30.107]> In-Reply-To: <3869F7BA.5EFBDBF0@lex.unict.it> References: <38695392.BA6739D5@teleline.es> <3869F7BA.5EFBDBF0@lex.unict.it> Date: Wed, 29 Dec 1999 09:42:05 -0500 To: floridia@iname.com From: Stephen Kent <kent@bbn.com> Subject: Re: Certificate Extension Cc: ietf-pkix@imc.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Florida, Yes, even if the extension is only destined for local use, it is preferable that you register it and get a unique OID assigned. Otherwise, there is the possibility that someone else will be assigned whatever OID you choose, for a registered extension, and a cert containing their extension will make its way into your environment. At that point local software will not be able to interpret the extensions with the same OID unambiguously. Steve Received: from twingo.tiscalinet.it (twingo.tiscalinet.it [195.130.224.85]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA11337 for <ietf-pkix@imc.org>; Wed, 29 Dec 1999 03:55:08 -0800 (PST) Received: from lex.unict.it (62.10.154.223) by twingo.tiscalinet.it; 29 Dec 1999 12:58:08 +0100 Message-ID: <3869F7BA.5EFBDBF0@lex.unict.it> Date: Wed, 29 Dec 1999 12:59:54 +0100 From: Floridia Carmelo <cfloridia@lex.unict.it> Reply-To: floridia@iname.com Organization: CEFRIEL X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 CC: ietf-pkix@imc.org Subject: Certificate Extension References: <38695392.BA6739D5@teleline.es> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all, I need to use certificate extension (non critical just inside my domain) , is it necessary to register an OID? if yes , what i have to do? thanks Carmelo Received: from tsmtp3.ldap.isp (mailhost.teleline.es [195.235.113.141] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA02007 for <ietf-pkix@imc.org>; Tue, 28 Dec 1999 16:12:34 -0800 (PST) Received: from teleline.es ([62.82.35.172]) by tsmtp3.ldap.isp (Netscape Messaging Server 4.1 Nov 19 1999 19:47:43) with ESMTP id FNH7EA00.560 for <ietf-pkix@imc.org>; Wed, 29 Dec 1999 01:15:46 +0100 Message-ID: <38695392.BA6739D5@teleline.es> Date: Wed, 29 Dec 1999 01:19:30 +0100 From: "Jorge G." <gar_gon@teleline.es> X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en,es MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Help PKIX schedule Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello! I'm an Spanish studient, and I'll have to do a work for the university about the PKIX and I need some texts who describes the schedule of this protocol. Could you help me? -- Saludos. Jorge Received: from exchange.redcreek.com (mail.redcreek.com [209.125.38.15]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA00628 for <ietf-pkix@imc.org>; Tue, 28 Dec 1999 13:27:03 -0800 (PST) Received: from redcreek.com (host186.redcreek.com [209.218.26.186]) by exchange.redcreek.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id ZTSD4KPL; Tue, 28 Dec 1999 13:31:17 -0800 Sender: rcharlet Message-ID: <38692C66.3376D706@redcreek.com> Date: Tue, 28 Dec 1999 13:32:22 -0800 From: Ricky Charlet <rcharlet@redcreek.com> Organization: RedCreek Communications Inc. X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.0.34 i686) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: confirm Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit auth eda8db07 subscribe ietf-pkix \ Ricky Charlet <rcharlet@redcreek.com> Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA17956 for <ietf-pkix@imc.org>; Tue, 21 Dec 1999 10:52:15 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <ZJC16LXV>; Tue, 21 Dec 1999 10:51:13 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE235E1A0@seine.valicert.com> From: Peter Williams <peterw@valicert.com> To: "'Nick Pope'" <pope@secstan.com> Cc: ietf-pkix@imc.org Subject: RE: AC509 Login Name Date: Tue, 21 Dec 1999 10:51:12 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" There are a number of ancillary subject-related details that one would quite naturally wish to associate with an identified subject, depending upon its object type, to make PKIX more useful to more technical communication processes. Whereas PKIX has traditionally been focuses on persons and organizations, this is not the limit of PKIX applicability. Host, Domains and Routers are now receiving certs in practice. You have identified that object class "Account" needs a naming or other type of subject attribute, which describes a login name to be associated, appropriately, with an id- or privilege cert. And you seem to be attempting to find a format and transmission field for such information. But there other examples of additional subject information; I suggest the scope of the question be widened slightly, so that the PKIX community agreements for the login value case are reusable for other similar localized situations. ftp://ftp.isi.edu/in-notes/rfc2714.txt describes the CORBA object referencing framework in IETF LDAP directories. The various interface names and references are naturally tied to "Host" objects referred to by the names bound to X.509 id-certs. In that Internet deployment scenario, the Host chooses to export a given set of named interfaces, and wishes to bind those formal interface names and/or references to its id- or privilege cert. ftp://ftp.isi.edu/in-notes/rfc2713.txt describes additional attributes that would need to be similarly associated with an identified entity. to ensure java protocol entity references are bound to the identified server. -----Original Message----- From: Nick Pope [mailto:pope@secstan.com] Sent: Tuesday, December 21, 1999 9:30 AM To: stephen.farrell@baltimore.ie Cc: ietf-pkix@imc.org Subject: RE: AC509 Login Name Thanks to Kensaku, Andy and Stephen for all their comments. I don't think OTHER-NAME on its own meets my requirement. This requires a OBJECT (type) IDENTIFIER to be registered so that others can recognise the type. I do not want to use rfc822Name as this misuses the field and has the wrong semantics associated with it. We could : a) register a new OTHER-NAME type (as has been done in the QC draft)with its OBJECT IDENTIFIER e.g. using ASN.1 93: flatname OTHER-NAME ::= { UTF8String IDENTIFIED BY id-on-flatname} id-on-flatname OBJECT IDENTIFIER ::= {id-pkix-on ?} b) use the FlatOrGeneralName syntax given below could be used. Either of the above would suite me. The implementor in me likes (b); the structured designer in me prefers (a). Nick > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: 21 December 1999 12:15 > To: Nick Pope > Cc: ietf-pkix@imc.org > Subject: Re: AC509 Login Name > > > > Hi Nick, > > > I am working on the use of attribute certificates for secure access to a > > database, where the user's global identity authenticated using > SSL/TLS needs > > to be securely mapped to a local login name. > > > > I presume that the Access Identity, as defined in 4.5.2 of > > <draft-ietf-pkix-ac509prof-01>, can be used for this function. > > That's the intent. > > > However, I cannot find an existing name form defined in X.509 for > > GeneralNames which could be used for a local login name. > > Bit naughty, but what about using rfc822Name? It does map reasonably > well in lots of cases so long as IA5String isn't a problem. > > > Could one be defined as part of the IETF attribute certificate profile? > > > > What syntax should this take? A choice between UTF-8 and > General Name would > > be the simplest. > > So you mean you'd prefer something like: > > SvceAuthInfo ::= SEQUENCE { > service FlatOrGeneralName, > ident FlatOrGeneralName, > authInfo OCTET STRING OPTIONAL > } > > FlatOrGeneralName ::= CHOICE { > flat UTF8String, > gen GeneralName > } > > I wouldn't have a problem with this, if you're sure you can't > use the rfc822 field (and I think I prefer the above to the use of > otherName that Andy suggested). Anyone else? > > Regards, > Stephen. > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 647 7406 > 61 Fitzwilliam Lane, fax: +353 1 647 7499 > Dublin 2. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com > Received: from gnasher.sol.co.uk (gnasher.sol.co.uk [194.247.64.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA16784 for <ietf-pkix@imc.org>; Tue, 21 Dec 1999 09:19:41 -0800 (PST) Received: from npwork2 (e1h2p202.scotland.net [148.176.234.203]) by gnasher.sol.co.uk (8.8.5/8.8.5) with SMTP id RAA02260; Tue, 21 Dec 1999 17:23:41 GMT From: "Nick Pope" <pope@secstan.com> To: <stephen.farrell@baltimore.ie> Cc: <ietf-pkix@imc.org> Subject: RE: AC509 Login Name Date: Tue, 21 Dec 1999 17:30:18 -0000 Message-ID: <000d01bf4bd9$0c8bfaf0$0500000a@npwork2> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 In-Reply-To: <385F6F52.F50467F7@baltimore.ie> Thanks to Kensaku, Andy and Stephen for all their comments. I don't think OTHER-NAME on its own meets my requirement. This requires a OBJECT (type) IDENTIFIER to be registered so that others can recognise the type. I do not want to use rfc822Name as this misuses the field and has the wrong semantics associated with it. We could : a) register a new OTHER-NAME type (as has been done in the QC draft)with its OBJECT IDENTIFIER e.g. using ASN.1 93: flatname OTHER-NAME ::= { UTF8String IDENTIFIED BY id-on-flatname} id-on-flatname OBJECT IDENTIFIER ::= {id-pkix-on ?} b) use the FlatOrGeneralName syntax given below could be used. Either of the above would suite me. The implementor in me likes (b); the structured designer in me prefers (a). Nick > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: 21 December 1999 12:15 > To: Nick Pope > Cc: ietf-pkix@imc.org > Subject: Re: AC509 Login Name > > > > Hi Nick, > > > I am working on the use of attribute certificates for secure access to a > > database, where the user's global identity authenticated using > SSL/TLS needs > > to be securely mapped to a local login name. > > > > I presume that the Access Identity, as defined in 4.5.2 of > > <draft-ietf-pkix-ac509prof-01>, can be used for this function. > > That's the intent. > > > However, I cannot find an existing name form defined in X.509 for > > GeneralNames which could be used for a local login name. > > Bit naughty, but what about using rfc822Name? It does map reasonably > well in lots of cases so long as IA5String isn't a problem. > > > Could one be defined as part of the IETF attribute certificate profile? > > > > What syntax should this take? A choice between UTF-8 and > General Name would > > be the simplest. > > So you mean you'd prefer something like: > > SvceAuthInfo ::= SEQUENCE { > service FlatOrGeneralName, > ident FlatOrGeneralName, > authInfo OCTET STRING OPTIONAL > } > > FlatOrGeneralName ::= CHOICE { > flat UTF8String, > gen GeneralName > } > > I wouldn't have a problem with this, if you're sure you can't > use the rfc822 field (and I think I prefer the above to the use of > otherName that Andy suggested). Anyone else? > > Regards, > Stephen. > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 647 7406 > 61 Fitzwilliam Lane, fax: +353 1 647 7499 > Dublin 2. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com > Received: from Newman.GSC.GTE.Com (SYSTEM@Unknown.GSC.GTE.Com [192.160.62.66] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA14265 for <ietf-pkix@imc.org>; Tue, 21 Dec 1999 06:25:54 -0800 (PST) Received: from gscex01.gsc.gte.com ("port 4367"@gscex01.ndhm.gsc.gte.com [155.95.162.170]) by Newman.GSC.GTE.Com (PMDF V5.2-30 #38015) with ESMTP id <01JJRBKW10QW00291Z@Newman.GSC.GTE.Com> for ietf-pkix@imc.org; Tue, 21 Dec 1999 09:29:57 -500 (EST) Received: by GSCEX01.gsc.gte.com with Internet Mail Service (5.5.2448.0) id <YVGLDDFV>; Tue, 21 Dec 1999 09:29:56 -0500 Content-return: allowed Date: Tue, 21 Dec 1999 09:29:54 -0500 From: "Sweigert, David" <David.Sweigert@GD-CS.COM> Subject: RE: Time-stamp server. TimePrecision info To: "Todd S. Glassey" <Todd.Glassey@www.GMTsw.com>, Paul Koning <pkoning@xedia.com> Cc: ietf-pkix@imc.org Message-id: <2575327B6755D211A0E100805F9FF95404683391@ndhmex02.ndhm.gsc.gte.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-type: text/plain; charset="iso-8859-1" Does anyone have knowledge of a commercial time-stamping service, or is anyone willing to suggest another alternative to obtaining time other than using the underlying O/S as described below. Dave -----Original Message----- From: owner-ietf-pkix@imc.org [mailto:owner-ietf-pkix@imc.org]On Behalf Of Todd S. Glassey Sent: Wednesday, March 31, 1999 1:45 PM To: Paul Koning Cc: ietf-pkix@imc.org Subject: Re: Time-stamp server. TimePrecision info Hey Paul - Does this mean that we are going to use NTP for timestamping? (This is not such a bad idea and Michael McNeil and i suggested just this with the two drafts on PKI extended NTP we did with Dave Mills), The real issue is how timestamps are derived from a local timebase and that the local timebase has to deal with Leap Seconds somehow... The current Entrust protocol toolkit assumes that the time data it is handed by the underlying OS is "legally sufficient" to use as core for timestamping- but the problem here is that NO COMMERCIAL OS's know about Leap Seconds and so using the TOD clock is a gamble... that the BCP addresses these and that the timebase services are managed out of band. BTW, as a simple example of how most people just believe this has already been handled, there is a paragraph in the TimeServe addition to the NT resource kit (timeserve.txt file) that states the accuracy of the NT clock is at best .45S/day. That in and of itself is an issue since the PC and Server manufacturers are all worried about the bottom line so they use the most "cost effective" (from their $$$ viewpoint) clock chips and the like. My personal feeling is that without some BCP that has one dialing into the ACTS servers at NIST on a once daily or twice daily model, we have know idea what time it really is. There are no secure NTP servers out there yet but we are woking on this and, well - Stay tuned for the first one's announcement in the next 45 days. Todd -----Original Message----- From: Paul Koning <pkoning@xedia.com> To: Todd.Glassey@GMTsw.com <Todd.Glassey@GMTsw.com> Cc: ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Wednesday, March 31, 1999 10:03 AM Subject: Re: Time-stamp server. TimePrecision info >>>>>> "Todd" == Todd S Glassey <Todd.Glassey@www.GMTsw.com> writes: > > Todd> How will you deal with leap seconds? T. > >The NTP RFC (RFC 1305) has an excellent discussion on this and the >approaches it describes would be good to use. In particular, it >suggests using a two part date/time coding (day separate from >time-in-day). That way the existence of leap seconds merely increases >the range of the second field by one. (Analogy: if you sent the >timestamp as yyyymmddhhmmss.ssss the impact is merely that ss can be >from 0 to 60, not 0 to 59.) > > paul > Received: from apollon.greg.rim.or.jp (root@t24.cno.ne.jp [202.248.64.24]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA10644 for <ietf-pkix@imc.org>; Tue, 21 Dec 1999 04:37:09 -0800 (PST) Received: from izanami.greg.rim.or.jp (greg@izanami.greg.rim.or.jp [172.31.1.3]) by apollon.greg.rim.or.jp (8.9.3/3.7W) with SMTP id VAA95803 for ietf-pkix@imc.org; Tue, 21 Dec 1999 21:41:20 +0900 (JST) Date: Tue, 21 Dec 1999 21:41:20 +0900 (JST) Message-Id: <199912211241.VAA95803@apollon.greg.rim.or.jp> Mime-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: AC509 Login Name In-Reply-To: Your message of "Tue, 21 Dec 1999 12:15:15 +0000". <385F6F52.F50467F7@baltimore.ie> From: greg@greg.rim.or.jp (Kensaku Masuda) Content-Type: text/plain; charset=ISO-2022-JP X-Mailer: mnews [version 1.21PL4] 1998-06/01(Mon) Hi everyybody. <385F6F52.F50467F7@baltimore.ie>$B$N5-;v$K$*$$$F(B stephen.farrell@baltimore.ie$B$5$s$O=q$-$^$7$?!#(B >> I am working on the use of attribute certificates for secure access to a >> database, where the user's global identity authenticated using SSL/TLS needs >> to be securely mapped to a local login name. We going to implement ac's CA. And discus about same problem. >Bit naughty, but what about using rfc822Name? It does map reasonably >well in lots of cases so long as IA5String isn't a problem. It's same result of our implement. Because We need items that are hostname and user name. It is simplest choice for us. --- Fingerprint16 = 4F CC 44 F8 54 BE 45 3A 4F 9F 1C 4E 5E 3B 91 E9 Fingerprint20 = 12CA 6B2D DC50 8248 A636 992B 0292 F548 D65F 4D5B -----------------+-----------------------------------$BA}ED!!7r:n(B---+ $B;0!&O;$r<i$m$&!*(B | greg@greg.rim.or.jp | $B!!$*2H$X5"$m$&!*(B | greg@fxis.fujixerox.co.jp | | http://www.st.rim.or.jp/~greg/ | -----------------+------------------------------------------------+ Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA10172 for <ietf-pkix@imc.org>; Tue, 21 Dec 1999 04:05:24 -0800 (PST) Received: by balinese.baltimore.ie; id MAA04391; Tue, 21 Dec 1999 12:09:30 GMT Received: from bobcat.baltimore.ie(192.168.20.10) by balinese.baltimore.ie via smap (V4.2) id xma004359; Tue, 21 Dec 99 12:08:54 GMT Received: from baltimore.ie ([192.168.21.76]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id MAA07854; Tue, 21 Dec 1999 12:08:54 GMT Message-ID: <385F6F52.F50467F7@baltimore.ie> Date: Tue, 21 Dec 1999 12:15:15 +0000 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Nick Pope <pope@secstan.com> CC: ietf-pkix@imc.org Subject: Re: AC509 Login Name References: <000001bf4b13$f64cbfb0$0500000a@npwork2> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Nick, > I am working on the use of attribute certificates for secure access to a > database, where the user's global identity authenticated using SSL/TLS needs > to be securely mapped to a local login name. > > I presume that the Access Identity, as defined in 4.5.2 of > <draft-ietf-pkix-ac509prof-01>, can be used for this function. That's the intent. > However, I cannot find an existing name form defined in X.509 for > GeneralNames which could be used for a local login name. Bit naughty, but what about using rfc822Name? It does map reasonably well in lots of cases so long as IA5String isn't a problem. > Could one be defined as part of the IETF attribute certificate profile? > > What syntax should this take? A choice between UTF-8 and General Name would > be the simplest. So you mean you'd prefer something like: SvceAuthInfo ::= SEQUENCE { service FlatOrGeneralName, ident FlatOrGeneralName, authInfo OCTET STRING OPTIONAL } FlatOrGeneralName ::= CHOICE { flat UTF8String, gen GeneralName } I wouldn't have a problem with this, if you're sure you can't use the rfc822 field (and I think I prefer the above to the use of otherName that Andy suggested). Anyone else? Regards, Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 647 7406 61 Fitzwilliam Lane, fax: +353 1 647 7499 Dublin 2. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from mail0.sse.ie (mail0.sse.ie [193.120.32.47]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA05101 for <ietf-pkix@imc.org>; Tue, 21 Dec 1999 01:10:13 -0800 (PST) Received: from mail0.sse.ie (actually localhost) by mail0.sse.ie; Tue, 21 Dec 1999 09:13:13 +0000 Received: from bowsy (bowsy.sse.ie [193.120.32.196]) by mail0.sse.ie (8.9.1a/8.9.1) with SMTP id JAA19207; Tue, 21 Dec 1999 09:13:11 GMT Message-ID: <016901bf4b94$03e92fc0$c42078c1@sse.ie> From: "Andy Dowling" <andy.dowling@sse.ie> To: "Nick Pope" <pope@secstan.com>, <stephen.farrell@baltimore.ie> Cc: <ietf-pkix@imc.org> References: <000001bf4b13$f64cbfb0$0500000a@npwork2> Subject: Re: AC509 Login Name Date: Tue, 21 Dec 1999 09:16:07 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Content-Transfer-Encoding: 7bit Nick, I don't see the need to define any new name form. Why not simply use the "otherName" (OCTET STRING) choice of GeneralName, and encode the DER-encoded UTF8String (or whatever) inside that? (i.e. just like AC/PKC extensions do it). The profile specifies that otherName must not be used as a GeneralName choice unless otherwise specified, but I'm sure an exception can be made in this case - eh Stephen? :-) Regards, Andy > I am working on the use of attribute certificates for secure access to a > database, where the user's global identity authenticated using SSL/TLS needs > to be securely mapped to a local login name. > > I presume that the Access Identity, as defined in 4.5.2 of > <draft-ietf-pkix-ac509prof-01>, can be used for this function. > > However, I cannot find an existing name form defined in X.509 for > GeneralNames which could be used for a local login name. > > Could one be defined as part of the IETF attribute certificate profile? > > What syntax should this take? A choice between UTF-8 and General Name would > be the simplest. > > Nick Pope > > > Received: from gnasher.sol.co.uk (gnasher.sol.co.uk [194.247.65.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA24007 for <ietf-pkix@imc.org>; Mon, 20 Dec 1999 09:49:05 -0800 (PST) Received: from npwork2 (e1h3p65.scotland.net [148.176.235.66]) by gnasher.sol.co.uk (8.8.5/8.8.5) with SMTP id RAA07925; Mon, 20 Dec 1999 17:52:53 GMT From: "Nick Pope" <pope@secstan.com> To: <stephen.farrell@baltimore.ie> Cc: <ietf-pkix@imc.org> Subject: AC509 Login Name Date: Mon, 20 Dec 1999 17:59:29 -0000 Message-ID: <000001bf4b13$f64cbfb0$0500000a@npwork2> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 I am working on the use of attribute certificates for secure access to a database, where the user's global identity authenticated using SSL/TLS needs to be securely mapped to a local login name. I presume that the Access Identity, as defined in 4.5.2 of <draft-ietf-pkix-ac509prof-01>, can be used for this function. However, I cannot find an existing name form defined in X.509 for GeneralNames which could be used for a local login name. Could one be defined as part of the IETF attribute certificate profile? What syntax should this take? A choice between UTF-8 and General Name would be the simplest. Nick Pope Received: from hotmail.com (f144.law4.hotmail.com [216.33.149.144]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id OAA14316 for <ietf-pkix@imc.org>; Fri, 17 Dec 1999 14:09:32 -0800 (PST) Received: (qmail 92952 invoked by uid 0); 17 Dec 1999 22:12:57 -0000 Message-ID: <19991217221257.92951.qmail@hotmail.com> Received: from 168.70.232.233 by www.hotmail.com with HTTP; Fri, 17 Dec 1999 14:12:57 PST X-Originating-IP: [168.70.232.233] From: "Franklin Lee" <franklinlee@hotmail.com> To: ietf-pkix@imc.org Subject: Sample source code for writing the HTTP/LDAP Date: Fri, 17 Dec 1999 22:12:57 GMT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Dear all, Could anyone kindly direct me where I could find the sample source code to write the a) HTTP b) LDAP in accessing the LDAP directories serverices? Thanks a lot. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com Received: from delcluster4.vsnl.net.in (del6.vsnl.net.in [202.54.96.9]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA01019 for <ietf-pkix@imc.org>; Fri, 17 Dec 1999 02:20:45 -0800 (PST) Received: from progsoft ([202.54.108.115]) by delcluster4.vsnl.net.in (8.9.2/8.9.1) with SMTP id PAA29452 for <ietf-pkix@imc.org>; Fri, 17 Dec 1999 15:51:46 -0500 (GMT) Message-ID: <001701bf4879$689940e0$015029c3@progdom> Reply-To: "Progressive Software Pvt Ltd" <progsoft@del6.vsnl.net.in> From: "Progressive Software Pvt Ltd" <progsoft@del6.vsnl.net.in> To: <ietf-pkix@imc.org> Subject: unsubscribe Date: Fri, 17 Dec 1999 15:58:05 +0530 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0014_01BF48A7.8156F040" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 This is a multi-part message in MIME format. ------=_NextPart_000_0014_01BF48A7.8156F040 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable unsubscribe ------=_NextPart_000_0014_01BF48A7.8156F040 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>unsubscribe</FONT></DIV></BODY></HTML> ------=_NextPart_000_0014_01BF48A7.8156F040-- Received: from VHOSTSQL ([202.130.1.93]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id TAA11502 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 19:56:37 -0800 (PST) Received: from mail pickup service by ihw.com.cn with Microsoft SMTPSVC; Fri, 17 Dec 1999 11:59:07 +0800 Received: from one.eListX.com - 209.116.252.130 by mail.ihw.co.cn with Microsoft SMTPSVC; Tue, 14 Dec 1999 13:09:46 +0800 Received: from one.elistx.com by one.eListX.com id aa08633; 13 Dec 99 11:00 EST Received: from caesar.udac.se by one.eListX.com id aa08621; 13 Dec 99 10:56 EST Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id KAA12763; Mon, 13 Dec 1999 10:16:58 +0100 Received: by HYDRA with Microsoft Mail id <01BF4551.F3691180@HYDRA>; Mon, 13 Dec 1999 10:08:06 +0100 Message-ID: <01BF4551.F3691180@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "set-discuss@lists.commerce.net" <set-discuss@lists.commerce.net>, "'Lyal Collins'" <lyalc@ozemail.com.au> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Matei (DSV)'" <matei@dsv.su.se> Subject: RE: Online PIN & Server Wallet Date: Mon, 13 Dec 1999 10:08:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: set-discuss-owner@lists.commerce.net Precedence: bulk X-elistx: set-discuss Source-Info: From (or Sender) name not authenticated. Lyal, >- Why not have the Server wallet sign on behalf of the cardholder? - they've >already authenticated themselves by PIN, thuis no need for a personalised >certificate. Well, your are right about the server-signature but if you put this statement in the IETF-PKIX-list you will get return messages like "not secure", "breaks the intention of PKI" , "the user-environment and equipment is more trustworthy than a server" etc. Naturally these guys will simply be ignored, as today you get computer-generated invoices on company-papers from energy companies and Telcos. When (if) they convert this into PKI, I doubt that they will add a human clerk to push "OK" or key PIN-codes for each outgoing digitally signed invoice. I do believe though that it would be advantageous (but not absolutely necessary) that users also performs a signature operation, preferably with the same device and mechanism as they do for their Internet-banking account. Here assuming that the server wallet is located at the user's bank which though may not always be the case. Some Internet-banks do not require signing yet, and in those cases your original idea is exactly as good (or bad) as their on-line banking services. Anders ----------------------------------------------------------------------- Message addressed to: set-discuss@lists.commerce.net Archive available at: http://lists.commerce.net/archives/set-discuss/ To (un)subscribe send a message with "subscribe" or "unsubscribe" in the body to: set-discuss-request@lists.commerce.net Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA29161 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 18:26:11 -0800 (PST) Received: by florida.melco.co.jp (3.7W-florida) id LAA23005; Fri, 17 Dec 1999 11:29:34 +0900 (JST) Received: by mailgw.melco.co.jp (3.7W-mailgw) id LAA21245; Fri, 17 Dec 1999 11:30:13 +0900 (JST) Received: by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.7W-inetgw) id LAA24346; Fri, 17 Dec 1999 11:30:33 +0900 (JST) Received: from islgw.isl.melco.co.jp by elgw.isl.melco.co.jp (8.8.8/3.6W) id LAA02776; Fri, 17 Dec 1999 11:30:15 +0900 (JST) Received: from iss.isl.melco.co.jp by islgw.isl.melco.co.jp (8.8.8/3.6W) id LAA07921; Fri, 17 Dec 1999 11:34:10 +0900 (JST) Received: from belize by iss.isl.melco.co.jp (8.8.8/3.6W) id LAA02713; Fri, 17 Dec 1999 11:29:34 +0900 (JST) Message-ID: <007b01bf4836$50608580$78054a0a@belize> From: "Hiroyuki Sakakibara" <sakaki@iss.isl.melco.co.jp> To: "Ambarish Malpani" <ambarish@valicert.com>, <ietf-pkix@imc.org> Subject: RE: certificate which has both AIA and CRL DPs Date: Fri, 17 Dec 1999 11:27:49 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Mr. Malpani Thank you for your reply. I am going to create the list of the order of priority and give it to the application which uses certificates including CDPs and AIA. Hiroyuki Sakakibara >Hi, > The certificate that you are planning to issue is perfectly >legal. Unfortunately, the answer to Question2 is not specified >in the standards. It is up to the application to decide how it >wants to prioritize the different validation methods. > >It is perfectly legal for the application to ask in the following >order: > >OCSP server-2 >CRL DP-1 >OCSP server-1 >CRL DP-2 > >or any other order it chooses. > >Regards, >Ambarish > >--------------------------------------------------------------------- >Ambarish Malpani >Architect 650.567.5457 >ValiCert, Inc. ambarish@valicert.com >1215 Terra Bella Ave. http://www.valicert.com >Mountain View, CA 94043-1833 > > >> -----Original Message----- >> From: Hiroyuki Sakakibara [mailto:sakaki@iss.isl.melco.co.jp] >> Sent: Tuesday, December 07, 1999 6:47 PM >> To: ietf-pkix@imc.org >> Subject: certificate which has both AIA and CRL DPs >> >> >> Hello >> >> I would like to generate a certificate which has >> both AIA and CRL DPs. >> >> Question1 : In RFC2459 specification, is this >> certificate legal or illegal ? >> >> Question2 : If this certificate is legal, how does it describe the >> order of priority to process those extensions? >> >> For example, >> ------------------------------------------------ >> 1st. OCSP server-1 >> 2nd. OCSP server-2 >> 3rd. CRL DP-1 >> 4th. CRL DP-2 >> >> or >> >> 1st. OCSP server-1 >> 2nd. CRL DP-1 >> 3rd. OCSP server-2 >> 4th. CRL DP-2 >> >> etc ... >> ------------------------------------------------ >> >> Is a new extension(or any scheme) which describes the >> list of these priorities needed? >> >> like this >> >> LIST { >> 1st use AIA's 1st element, >> 2nd use CRL DPs 1st element, >> 3rd use "other method", >> 4th use AIA's 2nd element, >> 5th use CRL DPs 2nd element, >> etc ... >> } >> >> Please, can anyone help? >> >> Hioryuki Sakakibara >> >> ========================================= >> Hiroyuki Sakakibara >> Research Engineer >> Information Security Department >> Mitsubishi Electric Corporation >> Information Technology R&D Center >> 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501, Japan >> PHONE: +81-467-41-2183 >> FAX: +81-467-41-2185 >> ========================================== >> > Received: from mx01.usbank.com ([170.135.240.14]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id NAA18913 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 13:42:54 -0800 (PST) From: susan.shimota@usbank.com Received: from 172.18.31.14 by mx01.usbank.com with SMTP (WorldSecure Server SMTP Relay(WSS) v3.2 SR1); Thu, 16 Dec 99 15:46:13 -0600 X-Server-Uuid: 44c0c3c9-f1db-11d2-a9aa-0000f6b9ab98 Received: from 10.88.129.211 by ntorccmx01.or.usbc.com with ESMTP ( WorldSecure Server SMTP Relay(WSS) v3.2 SR1); Thu, 16 Dec 99 13:45:36 -0800 X-Server-Uuid: 903dc846-ce68-11d1-a9ea-000629b217d2 Subject: To: <ietf-pkix@imc.org> cc: Sender: <susan.reynolds@notes.int.usbc.com> Date: Thu, 16 Dec 1999 13:42:07 -0800 Message-ID: <OF1CAF47A7.1F7B1933-ON88256849.00772B96@or.usbc.com> X-Priority: 3 (Normal) X-MIMETrack: Serialize by Router on NTORCCEM07/OR/Servers/USB(Release 5.0.1a|August 17, 1999) at 12/16/99 01:42:07 PM MIME-Version: 1.0 X-WSS-ID: 1447820A386441-01-01 X-WSS-ID: 1447822F4740113-01-01 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit auth e21a932f subscribe ietf-pkix \ susan.shimota@usbank.com Received: from gauntlet.corecom.com ([206.74.64.132]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA17746 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 12:33:35 -0800 (PST) Received: by gauntlet.corecom.com; id QAA23527; Thu, 16 Dec 1999 16:01:31 -0500 (EST) Received: from unknown(207.86.152.184) by gauntlet.corecom.com via smap (V4.2) id xmaa23522; Thu, 16 Dec 99 16:01:13 -0500 Message-Id: <4.1.19991216153047.009fe760@mail2.netreach.net> X-Sender: dave@corecom.com@mail2.netreach.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Thu, 16 Dec 1999 15:31:45 -0500 To: ietf-pkix@imc.org From: Dave Piscitello <dave@corecom.com> Subject: Internet Security Conference, Call for Papers, Abstracts Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" The Fourth Internet Security Conference will be held April 24-28, 2000 in San Jose, CA, at the Fairmont Hotel. TISC is an educational forum for security professionals and practitioners. The TISC Security Symposium is an opportunity for individuals to share their expertise and practical experience with others involved in the design, implementation and deployment of networked security systems. For April, we have invited a few original papers from past TISC workshop instructors and speakers. Accepted papers will be presented at the conference. We cordially invite you to submit a session abstract for consideration, or if you prefer, to present a topic as a panel member. We encourage you to submit abstracts and topics by December 20. Further information can be found at http://tisc.corecom.com. Or send your proposal to me directly (mailto:dave@corecom.com). We look forward to your participation. Thank you. Warm Regards, Dave Piscitello On behalf of the TISC Advisory Board ------------------- David M. Piscitello Core Competence, Inc. 3 Myrtle Bank Lane Hilton Head, SC 29926 1.843.683-9988 dave@corecom.com PGP Fingerprint: 070A 9F01 C35C 4D41 A460 EF2C 2992 2F12 11D2 02DC http://www.corecom.com Received: from oass09.cstelecom.cie-signaux.fr (mailhub.cie-signaux.fr [194.2.40.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA08534 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 04:15:35 -0800 (PST) Received: from oass03.cstelecom.cie-signaux.fr (oass03.cstelecom.cie-signaux.fr [194.2.51.78]) by oass09.cstelecom.cie-signaux.fr with ESMTP id NAA09071 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 13:17:48 +0100 (MET) Received: from cssystemes.cie-signaux.fr by oass03.cstelecom.cie-signaux.fr (8.8.8/SMI-SVR4) id NAA21507; Thu, 16 Dec 1999 13:36:02 +0100 (MET) Message-ID: <3858DA29.7597FE20@cssystemes.cie-signaux.fr> Date: Thu, 16 Dec 1999 13:25:14 +0100 From: LUBREZ =?iso-8859-1?Q?J=E9r=F4me?= <jerome.lubrez@cssystemes.cie-signaux.fr> Organization: CS Communications & Systems X-Mailer: Mozilla 4.5 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: unsubscribe Content-Type: multipart/mixed; boundary="------------CF738F2CE129F44FDD4DBE9E" Il s'agit d'un message multivolet au format MIME. --------------CF738F2CE129F44FDD4DBE9E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit unsubscribe --------------CF738F2CE129F44FDD4DBE9E Content-Type: text/x-vcard; charset=us-ascii; name="jerome.lubrez.vcf" Content-Description: Carte pour LUBREZ Jérôme Content-Disposition: attachment; filename="jerome.lubrez.vcf" Content-Transfer-Encoding: 7bit begin:vcard n:LUBREZ;Jérôme tel;fax:33 1 40 78 61 70 tel;work:33 1 40 78 61 69 x-mozilla-html:FALSE url:http://www.cie-signaux.fr/security org:CS Communications & Systemes;Information Systems Security Unit adr:;;88, rue Brillat Savarin;PARIS;;75013;FRANCE version:2.1 email;internet:jerome.lubrez@cssystemes.cie-signaux.fr title:Head of Development Department x-mozilla-cpt:;-27440 fn:Jérôme LUBREZ end:vcard --------------CF738F2CE129F44FDD4DBE9E-- Received: from relay1.trustworks.com (zuka.trustworks.com [212.114.5.147]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA03463 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 02:22:20 -0800 (PST) Received: by relay1.trustworks.com (8.8.5/1.4) id NAA25388; Thu, 16 Dec 1999 13:25:49 +0300 (MSK) Received: from tws123(212.114.5.15) by zuka via smap (V2.0) id xma025368; Thu, 16 Dec 99 13:25:30 +0300 Message-ID: <3858BE1E.BDFBBF74@trustworks.com> Date: Thu, 16 Dec 1999 13:25:34 +0300 From: Pavel Krylov <Pavel.Krylov@trustworks.com> Organization: TrustWorks X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: CRLs' cycle Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all, I didn't find any limitations for CRL infrastructure .. I found out one interesting CRL configuration, when revokation only one certificate in it follows to automatic revokation all certificates, those in the cycle. Basically it seems like: CA1 | V cert_1 -~-~-~-~-~-> crl_2 | & | | | | V | crl_1 <-~-~-~-~-~- cert_2 <----- CA2 -~-~-~ line shows who references to a crl. ------ line shows who issued a crl. When no one certificate is revoked in the infrastructure, then it looks good and works best ( I think ). But if only one certificate is revoked by appropriate crl, then it follows to the automatic revokation of another certificate ( in this example ). So my question: is this infrastructure illicit by rfc2459 or not? Another question: have I missed something? Thanks a lot. Pavel. Received: from oass09.cstelecom.cie-signaux.fr (mailhub.cie-signaux.fr [194.2.40.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA26487 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 00:33:46 -0800 (PST) Received: from oass03.cstelecom.cie-signaux.fr (oass03.cstelecom.cie-signaux.fr [194.2.51.78]) by oass09.cstelecom.cie-signaux.fr with ESMTP id JAA24289 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 09:35:55 +0100 (MET) Received: from cssystemes.cie-signaux.fr by oass03.cstelecom.cie-signaux.fr (8.8.8/SMI-SVR4) id JAA17287; Thu, 16 Dec 1999 09:54:08 +0100 (MET) Message-ID: <3858A626.322CAC40@cssystemes.cie-signaux.fr> Date: Thu, 16 Dec 1999 09:43:18 +0100 From: LUBREZ =?iso-8859-1?Q?J=E9r=F4me?= <jerome.lubrez@cssystemes.cie-signaux.fr> Organization: CS Communications & Systems X-Mailer: Mozilla 4.5 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: unsubscribe Content-Type: multipart/mixed; boundary="------------ECCC54071A727412C57AD802" Il s'agit d'un message multivolet au format MIME. --------------ECCC54071A727412C57AD802 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit unsubscribe --------------ECCC54071A727412C57AD802 Content-Type: text/x-vcard; charset=us-ascii; name="jerome.lubrez.vcf" Content-Description: Carte pour LUBREZ Jérôme Content-Disposition: attachment; filename="jerome.lubrez.vcf" Content-Transfer-Encoding: 7bit begin:vcard n:LUBREZ;Jérôme tel;fax:33 1 40 78 61 70 tel;work:33 1 40 78 61 69 x-mozilla-html:FALSE url:http://www.cie-signaux.fr/security org:CS Communications & Systemes;Information Systems Security Unit adr:;;88, rue Brillat Savarin;PARIS;;75013;FRANCE version:2.1 email;internet:jerome.lubrez@cssystemes.cie-signaux.fr title:Head of Development Department x-mozilla-cpt:;-27440 fn:Jérôme LUBREZ end:vcard --------------ECCC54071A727412C57AD802-- Received: from ns.koscom.co.kr (ns.koscom.co.kr [128.134.148.66]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id XAA23349 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 23:33:26 -0800 (PST) Received: from koscom.co.kr ([128.134.151.24]) by ns.koscom.co.kr (8.9.1/8.9.1) with ESMTP id QAA12908 for <ietf-pkix@imc.org>; Thu, 16 Dec 1999 16:23:20 +0900 (KST) Message-ID: <38589668.DF8F52F3@koscom.co.kr> Date: Thu, 16 Dec 1999 16:36:08 +0900 From: Sungjin Lee <sjlee@koscom.co.kr> X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Why should not the BC extension appear in end entity certificate? Content-Type: text/plain; charset=EUC-KR Content-Transfer-Encoding: 7bit RFC 2459 state that the BC extension should not appear in EE certificates. Let me know why the BC extension should not appear in EE certificates. Is there any problem when cA in BC in EE certificates is set to false? Sungjin Lee SignKorea (http://www.signkorea.com) Korea Securities Computer Corp. Seoul, South Korea. Received: from mail-ewr-3.pilot.net (mail-ewr-3.pilot.net [206.98.230.17]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA20542 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 15:21:43 -0800 (PST) From: Lynn.Wheeler@firstdata.com Received: from mailgw.firstdata.com ([204.48.27.156]) by mail-ewr-3.pilot.net with ESMTP id SAA10807; Wed, 15 Dec 1999 18:25:17 -0500 (EST) Received: from lnsunr02.firstdata.com (localhost [127.0.0.1]) by mailgw.firstdata.com with SMTP id SAA15699; Wed, 15 Dec 1999 18:25:16 -0500 (EST) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 85256848.00805487 ; Wed, 15 Dec 1999 18:21:42 -0500 X-Lotus-FromDomain: FDC To: TMetzinger@aol.com cc: ietf-pkix@imc.org, pki-twg@csmes.ncsl.nist.gov Message-ID: <85256848.008053E9.00@lnsunr02.firstdata.com> Date: Wed, 15 Dec 1999 15:19:46 -0800 Subject: Re: RFC 2527 Physical Security Controls Question Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline there is slightly related thread running in sci.crypt newsgroup ("Attacks on a PKI") ... i've archived some of my postings at: http://www.garlic.com/~lynn/99.html#226 http://www.garlic.com/~lynn/99.html#228 the full thread is available from places like dejanews Received: from imo-d04.mx.aol.com (imo-d04.mx.aol.com [205.188.157.36]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA18733 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 13:59:27 -0800 (PST) From: TMetzinger@aol.com Received: from TMetzinger@aol.com by imo-d04.mx.aol.com (mail_out_v24.6.) id 7.0.d6fa5c2b (6398); Wed, 15 Dec 1999 17:02:40 -0500 (EST) Message-ID: <0.d6fa5c2b.258969ff@aol.com> Date: Wed, 15 Dec 1999 17:02:39 EST Subject: Re: RFC 2527 Physical Security Controls Question To: ietf-pkix@imc.org CC: pki-twg@csmes.ncsl.nist.gov MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Windows AOL sub 44 In a message dated 12/15/99 3:17:16 PM Eastern Standard Time, Lynn.Wheeler@firstdata.com writes: << So if public key becomes integral to the core operation (say on a transaction by transaction basis) ... then its associated infrastructure has to at least meet the requirements of that infrastructure (w/o introducing new risk and failure modes). >> Boy oh boy is that an important statement! I paraphrase it as "If you integrate PKI into a business process, in such a way that the process DEPENDS on the PKI working properly, you've just held your business process hostage to your PKI." Thus, as you say, the PKI needs to meet the requirements and not introduce new risk. I don't think there is any way to introduce PKI into a process without introducing some new failure modes, but that just means you have to compensate for those failure modes to keep the risk acceptable. All of which means to me that we need to be VERY cautious when trying to "improve" a process with PKI. Remember that it can take as long (or longer) to remove automation from a process as it did to add it. Received: from imo-d04.mx.aol.com (imo-d04.mx.aol.com [205.188.157.36]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA18227 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 13:49:33 -0800 (PST) From: TMetzinger@aol.com Received: from TMetzinger@aol.com by imo-d04.mx.aol.com (mail_out_v24.6.) id 7.0.763bc5a6 (6398); Wed, 15 Dec 1999 16:52:43 -0500 (EST) Message-ID: <0.763bc5a6.258967ab@aol.com> Date: Wed, 15 Dec 1999 16:52:43 EST Subject: Re: RFC 2527 Physical Security Controls Question To: ietf-pkix@imc.org CC: pki-twg@csmes.ncsl.nist.gov MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Windows AOL sub 44 In a message dated 12/15/99 1:42:10 PM Eastern Standard Time, BJUENEMAN@novell.com writes: << There are certainly a number of commercial applications where the use an armed, lethal, and strong response to a forcible intrusion or attack would be both prudent and justifiable. I am thinking about a nuclear reactor, a control center that administers regional gas or electrical power supplies, a major banking facility, a printing company that prints Traveler's Checks, etc. >> This is exactly the kind of debate I wanted to spark, and I agree wholeheartedly with your reasoned response. I agree that the danger to a CA that only issues signing keys is minimal... A CA that issues encryption keys is another matter, since it's compromise or destruction could render extremely valuable information unrecoverable. While in the US and UK, there is the common theme that you only take life to protect life, there are other countries (and subcultures like organized crime) who take a markedly different view. God forbid one of us ever gets hired to build a CA for the Russian Mafia.... I think the Industrial Security Manual is an excellent starting point since it mirrors most DOD standards. But it also has one significant weakness; it was initially written to protect paper documents and other concrete (as opposed to virtual) objects. Special care must be taken to protect against the latest and greatest threats (perhaps EMP) to computers. Received: from mail02-ewr.pilot.net (mail-ewr-2.pilot.net [206.98.230.16]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA16413 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 12:13:21 -0800 (PST) From: Lynn.Wheeler@firstdata.com Received: from mailgw.firstdata.com ([204.48.27.156]) by mail02-ewr.pilot.net with ESMTP id PAA11513; Wed, 15 Dec 1999 15:17:02 -0500 (EST) Received: from lnsunr02.firstdata.com (localhost [127.0.0.1]) by mailgw.firstdata.com with SMTP id PAA01565; Wed, 15 Dec 1999 15:17:01 -0500 (EST) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 85256848.006F0EB6 ; Wed, 15 Dec 1999 15:13:02 -0500 X-Lotus-FromDomain: FDC To: TMetzinger@aol.com cc: ietf-pkix@imc.org, pki-twg@csmes.ncsl.nist.gov Message-ID: <85256848.006F08A9.00@lnsunr02.firstdata.com> Date: Wed, 15 Dec 1999 12:13:30 -0800 Subject: Re: RFC 2527 Physical Security Controls Question Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline one of the X9.59/AADS scenerios is that the public key operation becomes integrated into the infrastructure of the financial transaction. If that infrastructure has spent several hundred million on security & integrity infrastructure ... then all components have to be at the same level of security/integrity or it puts the infrastructure at risk (don't want to introduce new risk and failure modes). That somewhat reverses the question ... rather than how much has to be spent on the PKI specific implementation ... it becomes all components have to meet same minimum integrity/security requirements; that goes for both availability (denial of service attacks) as well as compromise (& ability to then do fraudulent transactions). For some infrastructures, the security/integrity infrastructure may only represent thousands of dollars ... while some commercial operations the security/integrity infrastructure may represent hundreds of millions. So if public key becomes integral to the core operation (say on a transaction by transaction basis) ... then its associated infrastructure has to at least meet the requirements of that infrastructure (w/o introducing new risk and failure modes). Furthermore, there may be situations were there is no level of liability & insurance that would make any kind of trusted 3rd parties acceptable The other issue not to be overlooked ... is that one of the biggest threats to (at least) commercial operations are insiders. Some of the human factors issues may change when only hundreds of billions of dollars are at stake. Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA15778 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 11:37:07 -0800 (PST) Received: from postal-gw2.verisign.com (mailhost2.verisign.com [208.206.241.102]) by caladan.verisign.com (8.9.3/BCH1.7) with ESMTP id LAA23254; Wed, 15 Dec 1999 11:37:59 -0800 (PST) Received: from pbaker-pc.verisign.com ([192.168.7.110]) by postal-gw2.verisign.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id YMRLSYMB; Wed, 15 Dec 1999 11:39:54 -0800 From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Bob Jueneman" <BJUENEMAN@novell.com>, <TMetzinger@aol.com>, <ietf-pkix@imc.org> Cc: <pki-twg@csmes.ncsl.nist.gov> Subject: RE: RFC 2527 Physical Security Controls Question Date: Wed, 15 Dec 1999 14:41:36 -0500 Message-ID: <007401bf4734$66b0d680$6e07a8c0@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal In-Reply-To: <s8577e85.087@prv-mail20.provo.novell.com> Bob, > However, in all of those cases the justification would be to > protect human life, > and only secondarily to protect property and major financial > assets. I can't think of many cases in which a PKI would be the last barrier protecting such facilities. In the case of a reactor you can run the boron feed pumps and so on... In the UK nuclear installations are guarded by the British Nuclear Police which is the only part of the police force which is permitted to carry firearms at all times. I suspect they are authorized to fire if someone attempts to steal nuclear material but they have yet to shoot one of the many protestors who make a habit of unauthorized entries to such facilties. > Unlike > a government that could conceivably deploy automatic, lethal defenses to > protect nuclear missiles, Actually the US is one of a very small number of governments that could do this. The rest have signed up for the landmine ban treaty! > US law strongly frowns on people who > set up deadfall > devices or shotguns triggered to go off if someone attempts to > open a door. If for no other reason than such devices have a habit of going off and killing innocent bystanders, in particular the emergency services. > Another problem is how to deal with the conflicting demands of > the fire codes and security. Quite so, deployment of deadfall devices is probably contrary to every fire code in the country. Failing to attend to fire codes can itself be a serious problem. For example anyone who digs out a bunker has to be aware of the possibility of methane gas build up. More than one pumping station has gone up as visitors have neglected the no-smoking signs. Folk who build secure bunkers underground would be well advised to consider such issues. After all a fire is likely to compromise one's security substantially... Phill Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.82.195]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id KAA14018 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 10:38:45 -0800 (PST) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 15 Dec 1999 11:41:57 -0700 Message-Id: <s8577e85.088@prv-mail20.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 5.5.2.1 Date: Wed, 15 Dec 1999 11:41:45 -0700 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <TMetzinger@aol.com>, <ietf-pkix@imc.org> Cc: <pki-twg@csmes.ncsl.nist.gov> Subject: Re: RFC 2527 Physical Security Controls Question Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id KAA14019 There are certainly a number of commercial applications where the use an armed, lethal, and strong response to a forcible intrusion or attack would be both prudent and justifiable. I am thinking about a nuclear reactor, a control center that administers regional gas or electrical power supplies, a major banking facility, a printing company that prints Traveler's Checks, etc. However, in all of those cases the justification would be to protect human life, and only secondarily to protect property and major financial assets. Unlike a government that could conceivably deploy automatic, lethal defenses to protect nuclear missiles, US law strongly frowns on people who set up deadfall devices or shotguns triggered to go off if someone attempts to open a door. (Having said that, some states allow the use of deadly force to prevent arson, and a few allow deadly force to protect against theft, but not unattended force.) In the case of a CA that is only protecting signing keys and not encryption keys, such defenses would be "overkill". Instead, various trip-guards could and perhaps should be deployed to cause key zeroization in the event of an attack, in order to prevent compulsion of personnel. This should be in addition to the tamper-detecting circuitry contained within a FIPS 140-1 level 3 or 4 device, for unless they have been disarmed they will sign what they are told to. To go back to the original request, I would suggest that the physical security requirements outlined in the Industrial Security Manual have stood the test of time, and are defensible as a reasonable and prudent set of precautions. I no longer have a copy of the ISM, but I would suggest that the requirements for a Closed Area would be the minimum for a CA. If I were doing it, I would tend to make the outer peripheral area a Closed Area, to be used for administrative and technical office space. The next level up would be a Strong Room or Vault, one that is suitable for the storage of Top Secret documents in the open. This would be where I would put the firewalls, servers, etc. -- everything but the crypto devices that actually sign the most important certificates. The inner sanctum might very well deserve SCIF treatment, including Red/Black power separation, but would presumably not require the attention to acoustic controls, assuming the personnel don't sit around reading off the content of the keys! But what is more important than the physical strength and the ability to withstand an overt penetration is the degree to which the area would withstand a covert attack. Sheet rock walls can be penetrated, repaired, and repainted very easily within a shift, and maybe even within an hour or so, so it is important to have appropriate infrared or microwave area alarm systems that cover the walls, floor, and ceiling. Another problem is how to deal with the conflicting demands of the fire codes and security. When I was with GTE Laboratories, we set up a closed area for cellular fraud investigations that was built to Strong Room specifications. The main access was controlled by a fingerprint reader which was under my control (with a backup person in my group). The rear door had a strong three-position combination lock on it. The combination to that lock was sealed in plastic in an envelope that was kept for emergency response purposes by the building guards, so they could gain entry in case of fire. The rear door was always alarmed, and the front door was alarmed after hours. More importantly, however, there were TWO sets of alarms -- one of which was wired to the building alarm system, and one of which was internal to and controlled within our area, and physically protected. So in the event of an emergency the building guards could get in, but they couldn't get in undetected, even if they turned off the building alarm system. In addition, the most sensitive inner area should be designated a Two Man No Lone Zone. Two people should be required to enter the area together, preferably using two fingerprint readers or at least two physical keys, and those people should also be required to use a fingerprint reader to exit the facility. The interior alarm should be activated shortly after the first person exits, to make sure someone doesn't stay behind unsupervised. Finally, it must be recognized that the most devastating security compromises have not been caused by external attacks, but by authorized insiders. All of the physical security in the world won't help if your people can be compromised by say an offer of $100,000. So you need personnel investigations, bonding, etc., etc. The problem is typically getting your HR department to accept those requirements. Bob >>> <TMetzinger@aol.com> 12/14/99 06:22PM >>> John Kennedy and Lynn Wheeler both made excellent points about the potential need for absolute top-grade physical security in a commercial CA operation. It all seems to come down (as always) to risk assessment and balancing the cost of security against it's benefits. In the commercial world, especially in the financial and medical sectors, the potential liability for a CA operator could be enormous, easily justifying the cost of physical security measures rivalling that found around weapons of mass destruction. This brings up an interesting question though... For a government, it's very easy to designate a resourse as being sufficiently valuable to authorize the use of deadly force to protect it - try to get close to a stealth aircraft sometime. For commercial applications, however, even where billions of dollars may be at stake, it's harder (if not impossible) to implement that final line of security. So for you non-government types, would your CA physical security include lethal defenses? Can anyone think of any application for a non-government CA that would require such defenses? I'm not talking about just armed guards here... I'm talking about defenses that would kill an unauthorized individual who entered protected space BEFORE they did any damage besides entering that space. Timothy M. Metzinger Technical Director Drug Enforcement Administration Office of Information Systems (202) 307-9884 (888) 385-0705 Received: from sentry (firewall-user@sentry.gw.tislabs.com [192.94.214.100]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA10583 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 09:48:40 -0800 (PST) Received: by sentry; id MAA03149; Wed, 15 Dec 1999 12:53:27 -0500 (EST) Received: from unknown(10.33.1.2) by sentry.gw.tislabs.com via smap (V5.5) id xma003142; Wed, 15 Dec 99 12:53:08 -0500 Received: (from balenson@localhost) by clipper.gw.tislabs.com (8.9.3/8.9.1) id MAA04247 for ietf-pkix@imc.org; Wed, 15 Dec 1999 12:52:22 -0500 (EST) Date: Wed, 15 Dec 1999 12:52:22 -0500 (EST) From: "David M. Balenson" <balenson@tislabs.com> Message-Id: <199912151752.MAA04247@clipper.gw.tislabs.com> To: ietf-pkix@imc.org Subject: ISOC Netw. & Distr. Sys. Security Symp. (NDSS 2000) R E G I S T E R N O W ! ! THE INTERNET SOCIETY'S Year 2000 NETWORK AND DISTRIBUTED SYSTEM SECURITY (NDSS) SYMPOSIUM February 2-4, 2000 Catamaran Resort Hotel, San Diego, California General Chair: Steve Welke, Trusted Computer Solutions Program Chairs: Gene Tsudik, USC/Information Sciences Institute Avi Rubin, AT&T Labs - Research ONLINE INFORMATION AND REGISTRATION: http://www.isoc.org/ndss2000 EARLY REGISTRATION DISCOUNT DEADLINE: January 6, 2000 The 7th annual NDSS Symposium brings together researchers, implementers, and users of network and distributed system security technologies to discuss today's important security issues and challenges. The Symposium provides a mix of technical papers and panel presentations that describe promising new approaches to security problems that are practical and, to the extent possible, have been implemented. NDSS fosters the exchange of technical information and encourages the Internet community to deploy available security technologies and develop new solutions to unsolved problems. KEYNOTE SPEAKER: Gene Spafford, Professor of Computer Sciences at Purdue University, an expert in information security, computer crime investigation and information ethics. Spaf (as he is known to his friends, colleagues, and students) is director of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security), and was the founder and director of the (now superseded) COAST Laboratory. THIS YEAR'S TOPICS INCLUDE: - Automated Detection of Buffer Overrun Vulnerabilities - User-Level Infrastructure for System Call Interposition - Optimized Group Rekey for Group Communication Systems - IPSec-based Host Architecture for Secure Internet Multicast - The Economics of Security - Automatic Generation of Security Protocols - Security Protocols for SPKI-based Delegation Systems - Secure Border Gateway Protocol (S-BGP) - Analysis of a Fair Exchange Protocol - Secure Password-Based Protocols for TLS - Chameleon Signatures - Lightweight Tool for Detecting Web Server Attacks - Adaptive and Agile Applications Using Intrusion Detection - Secure Virtual Enclaves - Encrypted rlogin Connections Created With Kerberos IV - Accountability and Control of Process Creation in Metasystems - Red Teaming and Network Security PRE-CONFERENCE TECHNICAL TUTORIALS: - Network Security Protocol Standards, Dr. Stephen T. Kent - Deployed and Emerging Security Systems for the Internet, Dr. Radia Perlman and Charlie Kaufman - Mobile Code Security and Java 2 Architecture, Dr. Gary McGraw - Cryptography 101, Dr. Aviel D. Rubin - Public Key Infrastructure - The Truth and How to Find It, Dr. Daniel E. Geer, Jr. - An Introduction to Intrusion Detection Technology, Mr. Mark Wood FOR MORE INFORMATION contact the Internet Society: Internet Society, 11150 Sunset Hills Road, Reston, VA, 20190 USA Phone: +1-703-326-9880 Fax: +1-703-326-9881 E-mail: ndss2000reg@isoc.org URL: http://www.isoc.org/ndss2000/ SPONSORSHIP OPPORTUNITIES AVAILABLE! Take advantage of this high visibility event. Contact Carla Rosenfeld at the Internet Society at +1-703-326-9880 or send e-mail to carla@isoc.org. THE INTERNET SOCIETY is a non-governmental organization for global cooperation and coordination for the Internet and its internetworking technologies and applications. Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA02081 for <ietf-pkix@imc.org>; Wed, 15 Dec 1999 07:36:05 -0800 (PST) Received: from postal-gw2.verisign.com (mailhost2.verisign.com [208.206.241.102]) by caladan.verisign.com (8.9.3/BCH1.7) with ESMTP id HAA11699; Wed, 15 Dec 1999 07:36:56 -0800 (PST) Received: from pbaker-pc.verisign.com ([192.168.7.110]) by postal-gw2.verisign.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id YMRLSW6W; Wed, 15 Dec 1999 07:38:49 -0800 From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: <TMetzinger@aol.com>, <ietf-pkix@imc.org> Cc: <pki-twg@csmes.ncsl.nist.gov> Subject: RE: RFC 2527 Physical Security Controls Question Date: Wed, 15 Dec 1999 10:40:30 -0500 Message-ID: <006f01bf4712$b7c9c3a0$6e07a8c0@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal In-Reply-To: <0.57e7884f.25884758@aol.com> Timothy Metzinger writes: > So for you non-government types, would your CA physical security include > lethal defenses? Can anyone think of any application for a > non-government CA > that would require such defenses? I'm not talking about just > armed guards > here... I'm talking about defenses that would kill an unauthorized > individual who entered protected space BEFORE they did any damage besides > entering that space. What an utterly bizare idea. This is PKI, not James Bond. Dr No might require such a security system but I can't see that such a system would serve any commercial purpose. I would be very suspicious about any such system. I would see it as introducing the very serious threat of complacency. I am much happier trusting concrete and steel than 007 type booby-trap gadgets. It isn't as if disarming explosive devices is impossible. Security is a function of the difficulty of disarming preventative devices rather than the seriousness of a device being triggered. Besides which I doubt that operating such a system would be legal in most countries. Burglars don't have many legal rights but in the UK at least use of lethal force is only permitted in self defence. Defence of property is not a justification. Anyone building such a device would (quite rightly) face a murder charge if it went off. Even in Texas I suspect that the fire dept would have something to say on the matter. Rather than kill the attacker it would surely be a much simpler matter to destroy any cryptographic keying material. This should not in itself be a problem if there was an equally well protected disaster recovery site. The principal risk is not destruction of keying material but theft of keying material - particularly if it was undetected. The NSA is rumoured to use explosives in certain crytosystems. My understanding is that the purpose was to destroy the keying material and not to kill someone probing. Phill Received: from btec-fw.certco.com (btec-fw.certco.com [209.2.102.3]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id TAA10097 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 19:00:24 -0800 (PST) From: BalluffiF@CertCo.com Received: from nycertco-srv1.ny.certco.com (nycertco-srv1.certco.com [10.100.24.12]) by btec-fw.certco.com (Postfix) with ESMTP id BDE4032DE8; Tue, 14 Dec 1999 22:03:46 -0500 (EST) Received: by nycertco-srv1.certco.com with Internet Mail Service (5.5.2650.21) id <YTHY6X1G>; Tue, 14 Dec 1999 22:05:22 -0500 Message-ID: <1C01AEF219EAD2119DAF0000F840E64E0B7F4D@nycertco-srv1.certco.com> To: TMetzinger@aol.com, ietf-pkix@imc.org Cc: pki-twg@csmes.ncsl.nist.gov Subject: RE: RFC 2527 Physical Security Controls Question Date: Tue, 14 Dec 1999 22:05:21 -0500 X-Mailer: Internet Mail Service (5.5.2650.21) Timothy, I challenge your notion that high security equals lethal defense. A private key used to sign certificates is very different than a stealth aircraft. I may not be able to revoke a stealth aircraft that falls into the hands of an adversary. Frank Balluffi CertCo -----Original Message----- From: TMetzinger@aol.com [mailto:TMetzinger@aol.com] Sent: Tuesday, December 14, 1999 8:23 PM To: ietf-pkix@imc.org Cc: pki-twg@csmes.ncsl.nist.gov Subject: Re: RFC 2527 Physical Security Controls Question John Kennedy and Lynn Wheeler both made excellent points about the potential need for absolute top-grade physical security in a commercial CA operation. It all seems to come down (as always) to risk assessment and balancing the cost of security against it's benefits. In the commercial world, especially in the financial and medical sectors, the potential liability for a CA operator could be enormous, easily justifying the cost of physical security measures rivalling that found around weapons of mass destruction. This brings up an interesting question though... For a government, it's very easy to designate a resourse as being sufficiently valuable to authorize the use of deadly force to protect it - try to get close to a stealth aircraft sometime. For commercial applications, however, even where billions of dollars may be at stake, it's harder (if not impossible) to implement that final line of security. So for you non-government types, would your CA physical security include lethal defenses? Can anyone think of any application for a non-government CA that would require such defenses? I'm not talking about just armed guards here... I'm talking about defenses that would kill an unauthorized individual who entered protected space BEFORE they did any damage besides entering that space. Timothy M. Metzinger Technical Director Drug Enforcement Administration Office of Information Systems (202) 307-9884 (888) 385-0705 Received: from gandalf.trustpoint.com (IDENT:root@gandalf.trustpoint.com [216.100.231.61]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA09439 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 18:18:48 -0800 (PST) Received: from himansu (himansu [192.168.42.5]) by gandalf.trustpoint.com (8.8.7/8.8.7) with SMTP id SAA12007; Tue, 14 Dec 1999 18:22:26 -0800 From: "John C. Kennedy" <jkennedy@trustpoint.com> To: <TMetzinger@aol.com>, <ietf-pkix@imc.org> Cc: <pki-twg@csmes.ncsl.nist.gov> Subject: RE: RFC 2527 Physical Security Controls Question Date: Tue, 14 Dec 1999 18:27:56 -0800 MIME-Version: 1.0 Message-ID: <NDBBKGCMPJCKIDPKAHACMEDCCCAA.jkennedy@trustpoint.com> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <0.57e7884f.25884758@aol.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_007C_01BF4660.EF7D6340" Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 This is a multi-part message in MIME format. ------=_NextPart_000_007C_01BF4660.EF7D6340 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Lethal? You mean like the deadly nerve gas that is released if you tamper with a SafeKeyper box? (I'm *joking*, maybe... :-) Actually, Steve's plug for the SafeKeyper box is quite appropriate. It remains a very elegant piece of crypto-engineering. I'd prefer to see a system design that spread the the risk around rather than require the protection of a single box-of-bits with lethal defenses. I mean, try explaining to a 60 Minutes news team why the accidental vaporization of the cleaning lady was an unfortunate result of maintaining the integrity of your high-assurance, We-are-the-only-source-of-trust.com, e-commerce CA. If you start with the assumptions that (1) root keys have a low but much-greater-than-zero chance of compromise and (2) that they will probably need to be replaced at the least convenient time, you will probably end up with a more robust system and a more survivable business model. -John > > So for you non-government types, would your CA physical security include > lethal defenses? Can anyone think of any application for a > non-government CA > that would require such defenses? I'm not talking about just > armed guards > here... I'm talking about defenses that would kill an unauthorized > individual who entered protected space BEFORE they did any damage besides > entering that space. > > Timothy M. Metzinger > Technical Director > Drug Enforcement Administration > Office of Information Systems > (202) 307-9884 > (888) 385-0705 ------=_NextPart_000_007C_01BF4660.EF7D6340 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGhzCCAo8w ggH6oAMCAQICFQDZ+E/k9gGxjXStLkDx9Qm6iCXqjTALBgkqhkiG9w0BAQUwNTEWMBQGA1UEAxMN U01lbWUgUm9vdCBDQTEOMAwGA1UEChMFU01lbWUxCzAJBgNVBAYTAlVTMB4XDTk5MDYyNDIzNDQw OFoXDTE0MDYyNDIzNDQwOFowNTEWMBQGA1UEAxMNU01lbWUgUm9vdCBDQTEOMAwGA1UEChMFU01l bWUxCzAJBgNVBAYTAlVTMIGdMAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAoh2u/ZzVrjTtXzowWcH1 vVHqUSJRsAF+TunEsqbZsn755D6Y0xe2ruYlNMEW7sExSoUYPQNR7cTQWwcFSyE3FtDhGGkYUt5O UgPXZ5HVuG/Q4UwocCbOx4CIIfNJJevfEw9MvthYugg2J13XBW5iUonP5aY5rO6VrQedIa1+q8kC AwEAAaOBoDCBnTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNn4T+T2AbGNdK0uQPH1CbqI JeqNMB0GA1UdDgQWBBTZ+E/k9gGxjXStLkDx9Qm6iCXqjTAOBgNVHQ8BAf8EBAMCAP4wJwYDVR0l BCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBDARBglghkgBhvhCAQEEBAMCALcwCwYJ KoZIhvcNAQEFA4GBAJLpYU+A1SKEVesAvpylZ//Fhq/fOZrVnxBgEVHC0RpLMnlPG/Y2XaZqmr42 bIwvqZ50m6R5o41mob2N4a78ty30kAOLEvsxFaK06iezfHFJGn9TbLPEi2BTaIWCJv77skLSVjUe zzm5JAmaKwJ3txI6s4sbM6/rrnQ2oPa2/n+JMIID8DCCA1ugAwIBAgIVANnXVOID136qfHqgNaDC u+cYaTDNMAsGCSqGSIb3DQEBBTA1MRYwFAYDVQQDEw1TTWVtZSBSb290IENBMQ4wDAYDVQQKEwVT TWVtZTELMAkGA1UEBhMCVVMwHhcNOTkwODI1MDEzNjEyWhcNMDAwODI1MDEzNjEyWjBkMQswCQYD VQQGEwJVUzETMBEGA1UEChMKVHJ1c3Rwb2ludDEYMBYGA1UEAxMPSm9obiBDLiBLZW5uZWR5MSYw JAYJKoZIhvcNAQkBFhdqa2VubmVkeUB0cnVzdHBvaW50LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAm/78rZZNYaJ67AZjKMwFb3ky+57qdCpI0oAbPpQQqYJOAzm0f2Y4Nlz3QMC0scMp lGvIpxr8qwMoPIReFo+X4e7QiyumvXfNkKSgFw43rA6ne0zACHX7dbx0U4c6NLLDYer+3lFAGe8M 9y2ICgWk9aBnRaPaUKKIJhDpp4zEepMCAwEAAaOCAc8wggHLMB0GA1UdDgQWBBRBz7sIilZiDESP GwAbpRjKtTIrajAhBgNVHSMEGgQYMBaAFNn4T+T2AbGNdK0uQPH1CbqIJeqNMA4GA1UdDwEB/wQE AwIA+DAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMBEGCWCGSAGG+EIB AQQEAwIAsDAiBgNVHREEGzAZgRdqa2VubmVkeUB0cnVzdHBvaW50LmNvbTBRBgNVHSAESjBIMEYG CCsGBAGYVB4BMDowOAYIKwYBBQUHAgEWLGh0dHA6Ly93d3cuc21lbWUuY29tL3NlcnZpY2VhZ3Jl ZW1lbnRfMS5odG1sMEQGCWCGSAGG+EIBAwQ3FjVodHRwOi8vd3d3LnNtZW1lLmNvbS9zZXJ2bGV0 cy9zbWVtZV9jYS9jaGVja19yZXZva2VkPzBBBglghkgBhvhCAQcENBYyaHR0cDovL3d3dy5zbWVt ZS5jb20vc2VydmxldHMvc21lbWVfY2EvcmVuZXdfY2VydD8wOwYJYIZIAYb4QgEIBC4WLGh0dHA6 Ly93d3cuc21lbWUuY29tL3NlcnZpY2VhZ3JlZW1lbnRfMS5odG1sMAsGCSqGSIb3DQEBBQOBgQB3 OYc+W2F6MemxaU4Udxf7CRVZ/fR8/zEs+mpb9WIT2Dsft7XRVKP/XWZeQwx5iBoFOaU6/Xf3yqr4 k6nqhEoj1sPYD5QuTS9M/NhPYovbyf/zzUcXGTV+JRK6TgTMbIbfyuMDfBKKfHXIv5gmJfZUCNhY N8C00T8yX9sEVYpzfzGCAg4wggIKAgEBME4wNTEWMBQGA1UEAxMNU01lbWUgUm9vdCBDQTEOMAwG A1UEChMFU01lbWUxCzAJBgNVBAYTAlVTAhUA2ddU4gPXfqp8eqA1oMK75xhpMM0wCQYFKw4DAhoF AKCCARYwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNOTkxMjE1MDIy NzUzWjAjBgkqhkiG9w0BCQQxFgQUt/AV7TLwRqOWlEBkrRyVIfduxPYwWAYJKoZIhvcNAQkPMUsw STAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYF Kw4DAhowCgYIKoZIhvcNAgUwXQYJKwYBBAGCNxAEMVAwTjA1MRYwFAYDVQQDEw1TTWVtZSBSb290 IENBMQ4wDAYDVQQKEwVTTWVtZTELMAkGA1UEBhMCVVMCFQDZ11TiA9d+qnx6oDWgwrvnGGkwzTAN BgkqhkiG9w0BAQEFAASBgAnVtCNCwTw6hd0GhCQv6aEln+2ppTzTV9R7hAUM2M+ODang4ojDjPP3 Wk4tVqJu7znAWx9cH+neK6yH4cJhEod8oUthuKC9l0urVUhJ3kZxtbxzI+nv4OI8lBowUjezYL1b B56jW202Tg5iNxcZR2dwOKtXeQhLjFCfl6PskITjAAAAAAAA ------=_NextPart_000_007C_01BF4660.EF7D6340-- Received: from lh2.rdc1.sdca.home.com (ioracle@ha2.rdc1.sdca.home.com [24.0.3.67]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA09300 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 18:15:45 -0800 (PST) Received: from cx47705a ([24.0.172.52]) by lh2.rdc1.sdca.home.com (InterMail v4.01.01.00 201-229-111) with SMTP id <19991215021924.CGDF1336.lh2.rdc1.sdca.home.com@cx47705a>; Tue, 14 Dec 1999 18:19:24 -0800 From: "Mike Davis" <mikedatsd@home.com> To: <TMetzinger@aol.com>, <ietf-pkix@imc.org> Cc: <pki-twg@csmes.ncsl.nist.gov> Subject: RE: RFC 2527 Physical Security Controls Question Date: Tue, 14 Dec 1999 18:19:31 -0800 Message-ID: <NDBBICHLMLKCLOHABCNCGEIJCBAA.mikedatsd@home.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Mimeole: Produced By Microsoft MimeOLE V5.00.2615.200 Importance: Normal In-Reply-To: <0.57e7884f.25884758@aol.com> Tim, Let's hope not! Strong physical defenses on the order of a SCIF might well represent an appropriate standard of physical security appropriate for a CA. We are not talking about needing a huge facility here so the costs might in fact be quite reasonable. For the intrusion scenario, recall that the CA key is protected by cryptographic methods as well. The CA key should also be protected within a tamper resistant module that would cause the key to zeroize if attempts were made to open it. This seems to work well enough (is an accepted practice) for top secret keying material. Would it really be required to waste the CA compound and the intruder to protect theft of an encrypted key? Mike Davis Senior Security Architect SAIC Center for Information Security Technology -----Original Message----- From: TMetzinger@aol.com [mailto:TMetzinger@aol.com] Sent: Tuesday, December 14, 1999 5:23 PM To: ietf-pkix@imc.org Cc: pki-twg@csmes.ncsl.nist.gov Subject: Re: RFC 2527 Physical Security Controls Question John Kennedy and Lynn Wheeler both made excellent points about the potential need for absolute top-grade physical security in a commercial CA operation. It all seems to come down (as always) to risk assessment and balancing the cost of security against it's benefits. In the commercial world, especially in the financial and medical sectors, the potential liability for a CA operator could be enormous, easily justifying the cost of physical security measures rivalling that found around weapons of mass destruction. This brings up an interesting question though... For a government, it's very easy to designate a resourse as being sufficiently valuable to authorize the use of deadly force to protect it - try to get close to a stealth aircraft sometime. For commercial applications, however, even where billions of dollars may be at stake, it's harder (if not impossible) to implement that final line of security. So for you non-government types, would your CA physical security include lethal defenses? Can anyone think of any application for a non-government CA that would require such defenses? I'm not talking about just armed guards here... I'm talking about defenses that would kill an unauthorized individual who entered protected space BEFORE they did any damage besides entering that space. Timothy M. Metzinger Technical Director Drug Enforcement Administration Office of Information Systems (202) 307-9884 (888) 385-0705 Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA09002 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 18:03:44 -0800 (PST) Received: from catalyst (catalyst.llnl.gov [128.115.223.61]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id SAA10191; Tue, 14 Dec 1999 18:07:23 -0800 (PST) Message-Id: <4.2.0.58.19991214175322.00a9ab20@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 14 Dec 1999 18:07:44 -0800 To: TMetzinger@aol.com, ietf-pkix@imc.org From: Tony Bartoletti <azb@llnl.gov> Subject: Re: RFC 2527 Physical Security Controls Question Cc: pki-twg@csmes.ncsl.nist.gov In-Reply-To: <0.57e7884f.25884758@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" At 08:22 PM 12/14/1999 -0500, TMetzinger@aol.com wrote: >John Kennedy and Lynn Wheeler both made excellent points about the potential >need for absolute top-grade physical security in a commercial CA operation. >It all seems to come down (as always) to risk assessment and balancing the >cost of security against it's benefits. > >In the commercial world, especially in the financial and medical sectors, the >potential liability for a CA operator could be enormous, easily justifying >the cost of physical security measures rivalling that found around weapons of >mass destruction. > >This brings up an interesting question though... For a government, it's very >easy to designate a resourse as being sufficiently valuable to authorize the >use of deadly force to protect it - try to get close to a stealth aircraft >sometime. For commercial applications, however, even where billions of >dollars may be at stake, it's harder (if not impossible) to implement that >final line of security. > >So for you non-government types, would your CA physical security include >lethal defenses? Can anyone think of any application for a non-government CA >that would require such defenses? I'm not talking about just armed guards >here... I'm talking about defenses that would kill an unauthorized >individual who entered protected space BEFORE they did any damage besides >entering that space. Tim, I'm a University of California employee, so I will assume I'm not a "government type" :) It occurs to me that structures warranting the kind of protection we are talking about would have several layers to penetrate. Consequently, an intruder would likely have to reveal themselves as bearing lethal means in the course of an attempted apprehension by the "guards". If the intruder brandishes a gun, I don't believe the guards need an act of congress to use deadly force. So we are really talking about an "army-sized" assault upon a facility. Here, perhaps there are issues to be addressed. If a breach of the perimeter causes inner safeguards to kick in, such as (well-marked) electric fences, so-to-speak, are these means allowed? In general, are there non-lethal means that are effective when applied with sufficient extension? (tear gas, paralyzing fields, etc.) Granted, if the facility could be taken out by a 500 lb bomb delivered by a private plane, I don't think one will be able to fire anti-aircraft munitions under threat, but then I'm not an expert in law ;) ___tony___ Tony Bartoletti LL IOWA Center LL LL Lawrence Livermore National Laboratory LL LL LL PO Box 808, L - 089 LL LL LL Livermore, CA 94551-9900 LL LL LLLLLLLL phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL email: azb@llnl.gov LLLLLLLL Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA08391 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 17:36:47 -0800 (PST) Received: from mailgate1.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id RAA28936 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 17:40:25 -0800 (PST) Received: from scv2.apple.com (scv2.apple.com) by mailgate1.apple.com (mailgate1.apple.com- SMTPRS 2.0.15) with ESMTP id <B0009148393@mailgate1.apple.com>; Tue, 14 Dec 1999 17:40:08 -0800 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv2.apple.com (8.9.3/8.9.3) with ESMTP id RAA22918; Tue, 14 Dec 1999 17:40:07 -0800 (PST) Message-Id: <199912150140.RAA22918@scv2.apple.com> X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410) Date: Tue, 14 Dec 1999 17:40:07 -0800 Subject: Re: RFC 2527 Physical Security Controls Question From: "Aram Perez" <aram@apple.com> To: TMetzinger@aol.com, ietf-pkix@imc.org Cc: pki-twg@csmes.ncsl.nist.gov, mccurley@digicrime.com MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Hi Tim, > John Kennedy and Lynn Wheeler both made excellent points about the potential > need for absolute top-grade physical security in a commercial CA operation. > It all seems to come down (as always) to risk assessment and balancing the > cost of security against it's benefits. > > In the commercial world, especially in the financial and medical sectors, the > potential liability for a CA operator could be enormous, easily justifying > the cost of physical security measures rivalling that found around weapons of > mass destruction. > > This brings up an interesting question though... For a government, it's very > easy to designate a resourse as being sufficiently valuable to authorize the > use of deadly force to protect it - try to get close to a stealth aircraft > sometime. For commercial applications, however, even where billions of > dollars may be at stake, it's harder (if not impossible) to implement that > final line of security. > > So for you non-government types, would your CA physical security include > lethal defenses? Can anyone think of any application for a non-government CA > that would require such defenses? I'm not talking about just armed guards > here... I'm talking about defenses that would kill an unauthorized > individual who entered protected space BEFORE they did any damage besides > entering that space. The only CA that I'm aware that might have this type of defense system is one run by DigiCrime, Inc. (http://www.digicrime.com). ;-) Aram Perez Received: from imo14.mx.aol.com (imo14.mx.aol.com [152.163.225.4]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA07893 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 17:19:32 -0800 (PST) From: TMetzinger@aol.com Received: from TMetzinger@aol.com by imo14.mx.aol.com (mail_out_v24.6.) id 7.0.57e7884f (3875); Tue, 14 Dec 1999 20:22:32 -0500 (EST) Message-ID: <0.57e7884f.25884758@aol.com> Date: Tue, 14 Dec 1999 20:22:32 EST Subject: Re: RFC 2527 Physical Security Controls Question To: ietf-pkix@imc.org CC: pki-twg@csmes.ncsl.nist.gov MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Windows AOL sub 44 John Kennedy and Lynn Wheeler both made excellent points about the potential need for absolute top-grade physical security in a commercial CA operation. It all seems to come down (as always) to risk assessment and balancing the cost of security against it's benefits. In the commercial world, especially in the financial and medical sectors, the potential liability for a CA operator could be enormous, easily justifying the cost of physical security measures rivalling that found around weapons of mass destruction. This brings up an interesting question though... For a government, it's very easy to designate a resourse as being sufficiently valuable to authorize the use of deadly force to protect it - try to get close to a stealth aircraft sometime. For commercial applications, however, even where billions of dollars may be at stake, it's harder (if not impossible) to implement that final line of security. So for you non-government types, would your CA physical security include lethal defenses? Can anyone think of any application for a non-government CA that would require such defenses? I'm not talking about just armed guards here... I'm talking about defenses that would kill an unauthorized individual who entered protected space BEFORE they did any damage besides entering that space. Timothy M. Metzinger Technical Director Drug Enforcement Administration Office of Information Systems (202) 307-9884 (888) 385-0705 Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA05912 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 15:07:07 -0800 (PST) Received: from [171.78.30.108] (comsecpb.bbn.com [171.78.30.108]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id SAA05522; Tue, 14 Dec 1999 18:10:34 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v0422080db47c6e14c53b@[171.78.30.108]> In-Reply-To: <27FF4FAEA8CDD211B97E00902745CBE235E196@seine.valicert.com> References: <27FF4FAEA8CDD211B97E00902745CBE235E196@seine.valicert.com> Date: Tue, 14 Dec 1999 17:21:26 -0500 To: Peter Williams <peterw@valicert.com> From: Stephen Kent <kent@bbn.com> Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Cc: "'PKIX-List '" <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Peter, >Steve, > >In response to your comments, I venture that my suggestion is wholly >reasonable, I assert again. Concerning the factual basis of your >counter-argument, the "latest" version of 2459 merely advises a MODEL >OF "prioritization and scope - for implementers (not operators)" >concerning the subjectDirectoryAttributes field. (See quote, below.) I'm not sure what document you're referring to, Peter. A search for "prioritization" in 2459 yields no matches. > >In no sense do I read from the normative text that use of the disputed >field is/was "discouraged". Now we have 2 local uses for subjectAttributes >- NSA's and the biometric application - and given we are revising 2459 >for bugs and timeliness of options and important processing steps, it is NOW > >appropriate to revise even this language so that X.509's design and intent >can be realized in the Internet environment. Nothing in the "Internet >environment" suggests that this quite properly standardized field is >in someway fundamentally tainted. 2459 specifically encourages operators >to change or refine the profile, as they see fit, furthermore. I interpret the phrase "not recommended", reproduced in your quite below, as advising against use of this extension. We don't prohibit its use, but we suggest that people not use it. If we were neutral or wished to encourage its use, we have appropriate language for expressing those values, and that is not the language used here. >Ander's bio-vendors group, like NSA/DoD, have a quite appropriate home >for their "local material" which binds to the subject. As the material >is "local" and non-critical (per 2459), the authors/WGs opinion on >suitability >of any such local information in an operational id-cert infrastructure is, >by definition, irrelevant. Local means we here have no particular opinion, >beyond ensuring interoperability in maintained. Yes, one can make such decisions and be compliant. However, for reasons we have already discussed on the list and documented elsewhere, there are good reasons to not incorporate the data in question in certs directly. That is the crux of this argument. > >Encouragement or discouragement (at best a non-normative and >political element of a standards process, subject to subjective >biases and influence of lobbyists) is perhaps a specifically inappropriate >position HERE, I venture, given the *explicit* local >delegation specified in current AND expected versions of PKIX-1. > >"The subject directory attributes extension is not recommended as an > essential part of this profile, but it may be used in local environ- > ments. This extension MUST be non-critical." We disagree about the applicability of the explicit "not recommended' phrase in this case. Obviously, it is not a prohibition, and your view is that it is not applicable. My view is otherwise, and is based on the specific language cited above. We are each entitled to our views. Good judgement cannot be legislated. >I do suggest that it is quite appropriate for IETF to assist >interworking-oriented and PKIX-cert conforming groups formulate standard >syntaxes to represent information in cert which is designed >for local, or "card-present/signature-device present" type, >security enforcement processes. Many existing IETF-blessed LDAP >attributes are local in scope; PKIX can similarly oblige. I don't know what criteria the LDAP WG uses in deciding what to include in standard attributes. They need not be the same ones used by this WG re the contents of certificates. > >May I ask a Booz-Allen or DoD party to post a URL here to the excellent >and current version of SDN706 before we sensibly discuss further >the use of labels and the authorization issue, re >subjectDirectoryAttributes? You may ask, but it's not relevant to the discussion since, as I noted earlier, the sensitivity of disclosure of authorization data and of personal authentication data are distinct concerns. One cannot infer that a decision by one group to include one type of data that it is generally, or specifically appropriate to include another type of data. Steve Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA05890 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 15:07:03 -0800 (PST) Received: from [171.78.30.108] (comsecpb.bbn.com [171.78.30.108]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id SAA05510; Tue, 14 Dec 1999 18:10:28 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v0422080bb47c61add950@[171.78.30.108]> In-Reply-To: <NDBBKGCMPJCKIDPKAHACKECHCCAA.jkennedy@trustpoint.com> References: <NDBBKGCMPJCKIDPKAHACKECHCCAA.jkennedy@trustpoint.com> Date: Tue, 14 Dec 1999 16:10:02 -0500 To: "John C. Kennedy" <jkennedy@trustpoint.com> From: Stephen Kent <kent@bbn.com> Subject: RE: RFC 2527 Physical Security Controls Question Cc: <ietf-pkix@imc.org>, <pki-twg@csmes.ncsl.nist.gov> Content-Type: text/plain; charset="us-ascii" ; format="flowed" John, I don't mean to sound like a sales person, but the observations you made were part of what motivated the design of the SafeKeyper in the early 90s, as a CA crypto module. To the extent that one can address physical security concerns with compact, technical security solutions, a lot of money can be saved, and a lot of attacks can be thwarted. FIPS 140-1 does not address all of the concerns that are now part of the open literature, even at levels 3 and 4. I expect 140-2 will up the ante on evaluation to better address some of these attacks. Fortunately, we designed our module to be resistant to such attacks because of our experience in the military crypto arena, and our understanding of what one might do with sufficient resources and expertise ... Steve Received: from mail02-ewr.pilot.net (mail-ewr-2.pilot.net [206.98.230.16]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA03981 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 12:40:59 -0800 (PST) From: Lynn.Wheeler@firstdata.com Received: from mailgw.firstdata.com ([204.48.27.166]) by mail02-ewr.pilot.net with ESMTP id PAA12993; Tue, 14 Dec 1999 15:44:33 -0500 (EST) Received: from lnsunr02.firstdata.com ([206.201.60.104]) by mailgw.firstdata.com with SMTP id PAA11344; Tue, 14 Dec 1999 15:44:32 -0500 (EST) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 85256847.00719A57 ; Tue, 14 Dec 1999 15:40:50 -0500 X-Lotus-FromDomain: FDC To: "John C. Kennedy" <jkennedy@trustpoint.com> cc: "MHenry" <MHenry@PEC.com>, ietf-pkix@imc.org, pki-twg@csmes.ncsl.nist.gov Message-ID: <85256847.0071994C.00@lnsunr02.firstdata.com> Date: Tue, 14 Dec 1999 12:40:50 -0800 Subject: RE: RFC 2527 Physical Security Controls Question Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline in the commercial world ... it is almost alwas a cost benefit trade-off ... there are both penetration exploits and denial-of-service exploits. a financial operation might have assets where management operations yield a couple billion a day. if the operation of the infrastructure is dependent on security features ... then crippling the security infrastructure might disable the ability to perform financial management transactions and result in the significant losses for the duration of the security infrastructure outage. theft because of security problems not only may put reputation at risk, but may represent a problem in any court &/or litigation. Litigating theft of trade-secrets valued at several billion can be put at risk if security procedures aren't proportional to the value of the trade-secret (it was explained to me as analogous to not having fence around swimming pool and being liable if somebody fell in ... having value of several billion out in the open, of course somebody will steal it ... and it won't really be their fault). claimed value of several billion for trade-secrets may necessitate demonstrating security procedures valued at tens of millions or more ... and have no obvious/known weakness (the bigger the value the higher the fence). Received: from gandalf.trustpoint.com (IDENT:root@gandalf.trustpoint.com [216.100.231.61]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA02742 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 11:25:34 -0800 (PST) Received: from himansu (himansu [192.168.42.5]) by gandalf.trustpoint.com (8.8.7/8.8.7) with SMTP id LAA09698; Tue, 14 Dec 1999 11:29:10 -0800 From: "John C. Kennedy" <jkennedy@trustpoint.com> To: "MHenry" <MHenry@PEC.com>, <ietf-pkix@imc.org> Cc: <pki-twg@csmes.ncsl.nist.gov> Subject: RE: RFC 2527 Physical Security Controls Question Date: Tue, 14 Dec 1999 11:34:40 -0800 Message-ID: <NDBBKGCMPJCKIDPKAHACKECHCCAA.jkennedy@trustpoint.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <408016D0F599D311A82B0008C7F450FD0B4267@EXCHNG-FAIRFAX> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Michael, I do not think it is unreasonable to assume that a CA's adversaries might be national services, organized crime, or other organizations of similar strength. With attacks based on differential power analysis (http://www.cryptography.com/dpa/Dpa.pdf) and related techniques becoming at least theoretically possible, a TEMPEST-shielded SCIF-style design might not be a bad idea. While this might be overkill for a private enterprise CA, a commercial CA might very well find such protection measures reasonable and worth the cost. Remember that the compromise of the CA's private key may never become evident to the CA. Also, given the loss of credibility that would be incurred, the CA might be very reluctant to go through the very onerous task of revoking and replacing its root keys. I am fairly certain that obligations to the CA's subscribers as well as its stockholders would be part of the decision process. As a point of reference, I have heard a number of anecdotal stories about large banks that decided to simply absorb losses from electronic break-ins rather than make such situations public and risk loss of consumer confidence and/or higher insurance rates. -John Kennedy jkennedy@trustpoint.com > -----Original Message----- > From: MHenry [mailto:MHenry@PEC.com] > Sent: Friday, December 10, 1999 11:08 AM > To: 'ietf-pkix@imc.org' > Cc: 'pki-twg@csmes.ncsl.nist.gov' > Subject: RFC 2527 Physical Security Controls Question > > > All, > > RFC 2527( CP and CPS Framework), 4.5.1,Physical Security > Controls, includes > site location and CA facility construction , as topics that should be > considered in a CP or CPS. > > I am in the process of writing a CP/CPS and I am looking for standards > that would apply to this section. > > Can anyone point me towards an industry/private sector/civil side of > government "standard" for hardening a facility. I am particularly looking > for some sort of of construction standards that would permit me to > distinguish between, for example, a CA facility that might fairly be > described as being built to support a "high" standard of > security/assurance > and one built to a "medium" standard. Can it be wood? brick? steel? one > story? windows? > etc? > > I spent decades concerned with SCIF designs and vulnerabilities but > I don't think that is what I need here. My potential adversaries are not > national services and what I am protecting is not of such persistent high > value to most people. > > Thanks, > Michael C. Henry > Principal Member of the Technical Staff > Performance Engineering Corporation > 3949 Pender Drive > Fairfax, VA > > > > Received: from relay1.trustworks.com (zuka.trustworks.com [212.114.5.147]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA29632 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 08:23:40 -0800 (PST) Received: by relay1.trustworks.com (8.8.5/1.4) id TAA02695; Tue, 14 Dec 1999 19:27:18 +0300 (MSK) Received: from tws123(212.114.5.15) by zuka via smap (V2.0) id xma002659; Tue, 14 Dec 99 19:26:20 +0300 Message-ID: <38566FB1.81AD2359@trustworks.com> Date: Tue, 14 Dec 1999 19:26:25 +0300 From: Pavel Krylov <Pavel.Krylov@trustworks.com> Organization: TrustWorks X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Tom Biskupic <tbiskupic@baltimore.com> CC: ietf-pkix@imc.org Subject: Re: cert == crl References: <00a101bf464c$dfcff570$7c15a8c0@crown.cdsemea.baltimore.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi again, please look in message body Tom Biskupic wrote: > > Pavel, > > If you take the assumption that CRLs from only one issuer are placed in a > given DP then could you just compare the DP in the CDP with the DP in the > IDP (or CRLScope Extension) of the CRL? Please, Tom, I don't understand the relations between your question and mine. You are talking about comparing of DP in CDP and IDP. That is not a problem, I suppose. FPDAM claims only one rule of it - at least one part of DP in IDP ( if it's present ) must match with a part of DP in CDP. But my questions is how I need ( what are the rules ) to compare DN and GN in CRL case? ( please, look at my previous message ). > This seems kinda naive to me but will it work? Does it make sense/is it > valid for multiple issuers to place CRLs in the same DP? Sorry, but that is not my question. Tom, if you have more questions, may be it would be better to move them into private messages, what do you think? > Tom Biskupic Pavel. > > -----Original Message----- > > From: Pavel Krylov [mailto:Pavel.Krylov@trustworks.com] > > Sent: Tuesday, December 14, 1999 12:48 PM > > To: Tom Biskupic > > Cc: ietf-pkix@imc.org > > Subject: Re: cert == crl > > > > > > > > Hi Tom, > > may be I wrote my questions not clearly ( sorry for that ), but my > > misunderstanding lies not in obtaining of a proper CRL by CRLDPs > > certificate extension. It lies when I've obtained some CRLs by > > crl distribution point ( pointed in CRLDPs certificate extension ) > > and I need to choose appropriate CRLs from that amount. One of > > necessary tests is to check that crl.issuer matches with the cRLIssuer > > ( which is in CRLDPs extension ). How I noticed in my > > previous letters, > > crl.issuer is DN, but cRLIssuer is GN, so I'm trying to discover all > > limitations on their comparing. Hope, I make my problem clear. > > > > Pavel. > > > > Tom Biskupic wrote: > > > > > > Pavel, Russ, > > > > > > If I understand this correctly, the Location where the CRL > > can be obtained > > > is either determined by the DP or if the DP is absent by > > the CRL Issuer > > > Name. > > > > > > In the same way that you can have a DP Name that is a URI > > or an email > > > address etc couldn't the CRL Issuer name also be a URI? I > > know it's a bit of > > > a strange case but imagine the CRL Issuer certificate had > > no subject but > > > only a subject alternative name. > > > > > > In terms of Pavel's question - if both DP and issuer are > > specified aren't > > > they both quite independant? ie the location of the CRL > > could be quite > > > different to what is implied by the CRL Issuer name(s). > > > > > > Tom Biskupic > > > > > > > -----Original Message----- > > > > From: Pavel Krylov [mailto:Pavel.Krylov@trustworks.com] > > > > Sent: Tuesday, December 14, 1999 10:31 AM > > > > Cc: ietf-pkix@imc.org > > > > Subject: Re: cert == crl > > > > > > > > > > > > > > > > Thank you Russ for your reply. Okay, I understood the case I had > > > > written. > > > > Could you answer me the same question, if certificate's CRLDP > > > > extension > > > > had Distribution Point in it and crlIssuer in the same time. What > > > > restrictions are applied to the crlIssuer? > > > > > > > > Thanks a lot. > > > > > > > > Pavel > > > > > > > > Russ Housley wrote: > > > > > > > > > > If the CRLIssuer GN is a DirectoryName, then the CRL can be > > > > found in the > > > > > LDAP or X.500 Directory. I think that all of the other > > > > cases are ambiguious. > > > > > > > > > > Russ > > > > > > > > > > At 08:18 PM 12/8/99 +0300, Pavel Krylov wrote: > > > > > >Hi all, > > > > > > > > > > > >I would be grateful if someone helped me with one case in CRL > > > > > >processing. > > > > > >A certificate has some information how to find appropriate CRLs > > > > > >to check revokation status of the certificate. This > > > > information includes > > > > > >certificate issuer name (DN), alternative issuer name (GN) > > > > and CRLDPs > > > > > >extension, which in its order includes distribution > > point (dp, i.e. > > > > > >a choice between fullName(GN) and > > nameRelativeToCRLIssuer (rdn) ), > > > > > >reason codes and cRLIssuer name (GN). > > > > > > > > > > > >Okay, how I understand CRL processing begins from > > certificate, i.e. > > > > > >getting proper information to find appropriate CRL. > > > > Suppose, we have > > > > > >a certificate with following fields ( only mentioned to CRL ): > > > > > > > > > > > > cert > > > > > > |_ issuer (DN) > > > > > > |_ altIssuer (GN) > > > > > > |_ certExtensions > > > > > > |_ CRLDPs extension > > > > > > |_ crldp > > > > > > |_ cRLIssuer (GN) > > > > > > > > > > > >i.e. dp is absent, but cRLIssuer is present in CRLDPs > > extension. > > > > > >In this case I have a name of issuer of needed CRL, but it is > > > > > >represented by GN type. Say, I have some CRLs to try > > to apply them > > > > > >for the certificate. But each CRL has issuer (DN) and > > > > altIssuer (GN). > > > > > >So my question is how cRLIssuer(GN) is supposed to be > > compared with > > > > > >crl.issuer(DN) and crl.altIssuer(GN)?? > > > > > > > > > > > >Any ideas? > > > > > > > > > > > >Thanks a lot. > > > > > > > > > > > >Pavel Krylov > > > > > > Received: from dfw-smtpout4.email.verio.net (dfw-smtpout4-ext.email.verio.net [129.250.36.44]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA29055 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 08:01:33 -0800 (PST) Received: from dfw-mmp3.email.verio.net ([129.250.38.63]) by dfw-smtpout4.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMQMXI00.FI2 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 15:56:06 +0000 Received: from nma.com ([209.21.28.70]) by dfw-mmp3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMQMWG00.GB1 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 15:55:28 +0000 Message-ID: <385668B4.D959EC50@nma.com> Date: Tue, 14 Dec 1999 07:56:36 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: Shifting around the risk burden, Re: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit All: This is a reply to a private comment I received, which may be useful here. Cheers -- Ed Gerck -------- Original Message -------- Subject: Re: Shifting around the risk burden, Re: Consensus Text for Date: Mon, 13 Dec 1999 00:41:01 -0800 From: Ed Gerck <egerck@nma.com> ,,, wrote: > I doubt the correctness of the quoted assertion from X.509: > > >A number of practical methods > >are available for the user to hold his private key in a > >manner that provides adequate security > > It depends on what "adequate" means, but there are too many published > attacks on known systems to leave me at all comfortable with the practical > methods I'm aware of. > Yes, that affirmation is weak -- and it was put there IMO in order to try to preempt doubts. However, in discussing X.509/PKIX in order to try to develop a better base for interoperation, which is my main objective, I have found it more useful to hold to one part of the PKIX spec while verifying fallacies in another -- rather than trying to show that both (or, more) parts are wrong. What is at stake here is the Grandma scenario, where Denis insists that X.509/PKIX can be used to deal with the content of what was signed, as well as its intent, which are respectively second- and third-order removed from the act of signing a message *digest* -- which is all that X.509/PKIX deals with. The fact that I am fully aware (assuming this much) that I am signing a message digest, does not mean that I agree with the content and also does not mean that I had the intent of declaring my definitive agreement to it, irrebuttably. So, first, I need to show that (above) -- then, the fact that not even that modicum of trust is granted. I have to leave to a separate argument the fact you point out That I cannot assume I was fully aware of signing a message digest -- my key might have been stolen, for example, and I might have never signed it. Now, if I would question this first then people may say that I am being "impractical" because everyone knows that we all use credit-cards on the Internet and it mostly works, that business has risks anyway, etc. So, the real problem needs to be tackled first IMO -- that X.509/PKIX is not about validation of message *content* or *intent*, it is about authentication of credentials as data. The semiotic confusion is between the message as data (syntax -- that carries values, which are always uninterpreted) and the message as "code" (semantics -- that carries instructions, which can only be functional after interpreted according to a trusted context). X.509/PKIX deals with data, not with "code" -- X.509 is moot on validation procedures for "code" aspects. Thus, it cannot be applied to draw conclusions on that which it outrightly does not represent. Cheers, Ed Gerck Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA28949 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 08:00:31 -0800 (PST) Received: by balinese.baltimore.ie; id QAA22898; Tue, 14 Dec 1999 16:04:04 GMT Received: from bobcat.baltimore.ie(192.168.20.10) by balinese.baltimore.ie via smap (V4.2) id xma022793; Tue, 14 Dec 99 16:03:09 GMT Received: from crown (crown.baltimore.ie [192.168.21.124]) by bobcat.baltimore.ie (8.9.3/8.9.3) with SMTP id QAA28100; Tue, 14 Dec 1999 16:03:08 GMT From: "Tom Biskupic" <tbiskupic@baltimore.com> To: "'Pavel Krylov'" <Pavel.Krylov@trustworks.com> Cc: <ietf-pkix@imc.org> Subject: RE: cert == crl Date: Tue, 14 Dec 1999 16:04:15 -0000 Message-ID: <00a101bf464c$dfcff570$7c15a8c0@crown.cdsemea.baltimore.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal In-Reply-To: <38563C79.BF0A1D70@trustworks.com> Pavel, If you take the assumption that CRLs from only one issuer are placed in a given DP then could you just compare the DP in the CDP with the DP in the IDP (or CRLScope Extension) of the CRL? This seems kinda naive to me but will it work? Does it make sense/is it valid for multiple issuers to place CRLs in the same DP? Tom Biskupic > -----Original Message----- > From: Pavel Krylov [mailto:Pavel.Krylov@trustworks.com] > Sent: Tuesday, December 14, 1999 12:48 PM > To: Tom Biskupic > Cc: ietf-pkix@imc.org > Subject: Re: cert == crl > > > > Hi Tom, > may be I wrote my questions not clearly ( sorry for that ), but my > misunderstanding lies not in obtaining of a proper CRL by CRLDPs > certificate extension. It lies when I've obtained some CRLs by > crl distribution point ( pointed in CRLDPs certificate extension ) > and I need to choose appropriate CRLs from that amount. One of > necessary tests is to check that crl.issuer matches with the cRLIssuer > ( which is in CRLDPs extension ). How I noticed in my > previous letters, > crl.issuer is DN, but cRLIssuer is GN, so I'm trying to discover all > limitations on their comparing. Hope, I make my problem clear. > > Pavel. > > Tom Biskupic wrote: > > > > Pavel, Russ, > > > > If I understand this correctly, the Location where the CRL > can be obtained > > is either determined by the DP or if the DP is absent by > the CRL Issuer > > Name. > > > > In the same way that you can have a DP Name that is a URI > or an email > > address etc couldn't the CRL Issuer name also be a URI? I > know it's a bit of > > a strange case but imagine the CRL Issuer certificate had > no subject but > > only a subject alternative name. > > > > In terms of Pavel's question - if both DP and issuer are > specified aren't > > they both quite independant? ie the location of the CRL > could be quite > > different to what is implied by the CRL Issuer name(s). > > > > Tom Biskupic > > > > > -----Original Message----- > > > From: Pavel Krylov [mailto:Pavel.Krylov@trustworks.com] > > > Sent: Tuesday, December 14, 1999 10:31 AM > > > Cc: ietf-pkix@imc.org > > > Subject: Re: cert == crl > > > > > > > > > > > > Thank you Russ for your reply. Okay, I understood the case I had > > > written. > > > Could you answer me the same question, if certificate's CRLDP > > > extension > > > had Distribution Point in it and crlIssuer in the same time. What > > > restrictions are applied to the crlIssuer? > > > > > > Thanks a lot. > > > > > > Pavel > > > > > > Russ Housley wrote: > > > > > > > > If the CRLIssuer GN is a DirectoryName, then the CRL can be > > > found in the > > > > LDAP or X.500 Directory. I think that all of the other > > > cases are ambiguious. > > > > > > > > Russ > > > > > > > > At 08:18 PM 12/8/99 +0300, Pavel Krylov wrote: > > > > >Hi all, > > > > > > > > > >I would be grateful if someone helped me with one case in CRL > > > > >processing. > > > > >A certificate has some information how to find appropriate CRLs > > > > >to check revokation status of the certificate. This > > > information includes > > > > >certificate issuer name (DN), alternative issuer name (GN) > > > and CRLDPs > > > > >extension, which in its order includes distribution > point (dp, i.e. > > > > >a choice between fullName(GN) and > nameRelativeToCRLIssuer (rdn) ), > > > > >reason codes and cRLIssuer name (GN). > > > > > > > > > >Okay, how I understand CRL processing begins from > certificate, i.e. > > > > >getting proper information to find appropriate CRL. > > > Suppose, we have > > > > >a certificate with following fields ( only mentioned to CRL ): > > > > > > > > > > cert > > > > > |_ issuer (DN) > > > > > |_ altIssuer (GN) > > > > > |_ certExtensions > > > > > |_ CRLDPs extension > > > > > |_ crldp > > > > > |_ cRLIssuer (GN) > > > > > > > > > >i.e. dp is absent, but cRLIssuer is present in CRLDPs > extension. > > > > >In this case I have a name of issuer of needed CRL, but it is > > > > >represented by GN type. Say, I have some CRLs to try > to apply them > > > > >for the certificate. But each CRL has issuer (DN) and > > > altIssuer (GN). > > > > >So my question is how cRLIssuer(GN) is supposed to be > compared with > > > > >crl.issuer(DN) and crl.altIssuer(GN)?? > > > > > > > > > >Any ideas? > > > > > > > > > >Thanks a lot. > > > > > > > > > >Pavel Krylov > > > > Received: from relay1.trustworks.com (zuka.trustworks.com [212.114.5.147]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA26130 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 04:45:01 -0800 (PST) Received: by relay1.trustworks.com (8.8.5/1.4) id PAA23983; Tue, 14 Dec 1999 15:48:38 +0300 (MSK) Received: from tws123(212.114.5.15) by zuka via smap (V2.0) id xma023949; Tue, 14 Dec 99 15:47:48 +0300 Message-ID: <38563C79.BF0A1D70@trustworks.com> Date: Tue, 14 Dec 1999 15:47:53 +0300 From: Pavel Krylov <Pavel.Krylov@trustworks.com> Organization: TrustWorks X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Tom Biskupic <tbiskupic@baltimore.com> CC: ietf-pkix@imc.org Subject: Re: cert == crl References: <009601bf462e$991fa0d0$7c15a8c0@crown.cdsemea.baltimore.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Tom, may be I wrote my questions not clearly ( sorry for that ), but my misunderstanding lies not in obtaining of a proper CRL by CRLDPs certificate extension. It lies when I've obtained some CRLs by crl distribution point ( pointed in CRLDPs certificate extension ) and I need to choose appropriate CRLs from that amount. One of necessary tests is to check that crl.issuer matches with the cRLIssuer ( which is in CRLDPs extension ). How I noticed in my previous letters, crl.issuer is DN, but cRLIssuer is GN, so I'm trying to discover all limitations on their comparing. Hope, I make my problem clear. Pavel. Tom Biskupic wrote: > > Pavel, Russ, > > If I understand this correctly, the Location where the CRL can be obtained > is either determined by the DP or if the DP is absent by the CRL Issuer > Name. > > In the same way that you can have a DP Name that is a URI or an email > address etc couldn't the CRL Issuer name also be a URI? I know it's a bit of > a strange case but imagine the CRL Issuer certificate had no subject but > only a subject alternative name. > > In terms of Pavel's question - if both DP and issuer are specified aren't > they both quite independant? ie the location of the CRL could be quite > different to what is implied by the CRL Issuer name(s). > > Tom Biskupic > > > -----Original Message----- > > From: Pavel Krylov [mailto:Pavel.Krylov@trustworks.com] > > Sent: Tuesday, December 14, 1999 10:31 AM > > Cc: ietf-pkix@imc.org > > Subject: Re: cert == crl > > > > > > > > Thank you Russ for your reply. Okay, I understood the case I had > > written. > > Could you answer me the same question, if certificate's CRLDP > > extension > > had Distribution Point in it and crlIssuer in the same time. What > > restrictions are applied to the crlIssuer? > > > > Thanks a lot. > > > > Pavel > > > > Russ Housley wrote: > > > > > > If the CRLIssuer GN is a DirectoryName, then the CRL can be > > found in the > > > LDAP or X.500 Directory. I think that all of the other > > cases are ambiguious. > > > > > > Russ > > > > > > At 08:18 PM 12/8/99 +0300, Pavel Krylov wrote: > > > >Hi all, > > > > > > > >I would be grateful if someone helped me with one case in CRL > > > >processing. > > > >A certificate has some information how to find appropriate CRLs > > > >to check revokation status of the certificate. This > > information includes > > > >certificate issuer name (DN), alternative issuer name (GN) > > and CRLDPs > > > >extension, which in its order includes distribution point (dp, i.e. > > > >a choice between fullName(GN) and nameRelativeToCRLIssuer (rdn) ), > > > >reason codes and cRLIssuer name (GN). > > > > > > > >Okay, how I understand CRL processing begins from certificate, i.e. > > > >getting proper information to find appropriate CRL. > > Suppose, we have > > > >a certificate with following fields ( only mentioned to CRL ): > > > > > > > > cert > > > > |_ issuer (DN) > > > > |_ altIssuer (GN) > > > > |_ certExtensions > > > > |_ CRLDPs extension > > > > |_ crldp > > > > |_ cRLIssuer (GN) > > > > > > > >i.e. dp is absent, but cRLIssuer is present in CRLDPs extension. > > > >In this case I have a name of issuer of needed CRL, but it is > > > >represented by GN type. Say, I have some CRLs to try to apply them > > > >for the certificate. But each CRL has issuer (DN) and > > altIssuer (GN). > > > >So my question is how cRLIssuer(GN) is supposed to be compared with > > > >crl.issuer(DN) and crl.altIssuer(GN)?? > > > > > > > >Any ideas? > > > > > > > >Thanks a lot. > > > > > > > >Pavel Krylov > > Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA25719 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 04:23:58 -0800 (PST) Received: by balinese.baltimore.ie; id MAA21271; Tue, 14 Dec 1999 12:27:31 GMT Received: from bobcat.baltimore.ie(192.168.20.10) by balinese.baltimore.ie via smap (V4.2) id xma021212; Tue, 14 Dec 99 12:26:41 GMT Received: from crown (crown.baltimore.ie [192.168.21.124]) by bobcat.baltimore.ie (8.9.3/8.9.3) with SMTP id MAA11881; Tue, 14 Dec 1999 12:26:26 GMT From: "Tom Biskupic" <tbiskupic@baltimore.com> To: "'Pavel Krylov'" <Pavel.Krylov@trustworks.com> Cc: <ietf-pkix@imc.org> Subject: RE: cert == crl Date: Tue, 14 Dec 1999 12:27:33 -0000 Message-ID: <009601bf462e$991fa0d0$7c15a8c0@crown.cdsemea.baltimore.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal In-Reply-To: <38561C81.484072FF@trustworks.com> Pavel, Russ, If I understand this correctly, the Location where the CRL can be obtained is either determined by the DP or if the DP is absent by the CRL Issuer Name. In the same way that you can have a DP Name that is a URI or an email address etc couldn't the CRL Issuer name also be a URI? I know it's a bit of a strange case but imagine the CRL Issuer certificate had no subject but only a subject alternative name. In terms of Pavel's question - if both DP and issuer are specified aren't they both quite independant? ie the location of the CRL could be quite different to what is implied by the CRL Issuer name(s). Tom Biskupic > -----Original Message----- > From: Pavel Krylov [mailto:Pavel.Krylov@trustworks.com] > Sent: Tuesday, December 14, 1999 10:31 AM > Cc: ietf-pkix@imc.org > Subject: Re: cert == crl > > > > Thank you Russ for your reply. Okay, I understood the case I had > written. > Could you answer me the same question, if certificate's CRLDP > extension > had Distribution Point in it and crlIssuer in the same time. What > restrictions are applied to the crlIssuer? > > Thanks a lot. > > Pavel > > Russ Housley wrote: > > > > If the CRLIssuer GN is a DirectoryName, then the CRL can be > found in the > > LDAP or X.500 Directory. I think that all of the other > cases are ambiguious. > > > > Russ > > > > At 08:18 PM 12/8/99 +0300, Pavel Krylov wrote: > > >Hi all, > > > > > >I would be grateful if someone helped me with one case in CRL > > >processing. > > >A certificate has some information how to find appropriate CRLs > > >to check revokation status of the certificate. This > information includes > > >certificate issuer name (DN), alternative issuer name (GN) > and CRLDPs > > >extension, which in its order includes distribution point (dp, i.e. > > >a choice between fullName(GN) and nameRelativeToCRLIssuer (rdn) ), > > >reason codes and cRLIssuer name (GN). > > > > > >Okay, how I understand CRL processing begins from certificate, i.e. > > >getting proper information to find appropriate CRL. > Suppose, we have > > >a certificate with following fields ( only mentioned to CRL ): > > > > > > cert > > > |_ issuer (DN) > > > |_ altIssuer (GN) > > > |_ certExtensions > > > |_ CRLDPs extension > > > |_ crldp > > > |_ cRLIssuer (GN) > > > > > >i.e. dp is absent, but cRLIssuer is present in CRLDPs extension. > > >In this case I have a name of issuer of needed CRL, but it is > > >represented by GN type. Say, I have some CRLs to try to apply them > > >for the certificate. But each CRL has issuer (DN) and > altIssuer (GN). > > >So my question is how cRLIssuer(GN) is supposed to be compared with > > >crl.issuer(DN) and crl.altIssuer(GN)?? > > > > > >Any ideas? > > > > > >Thanks a lot. > > > > > >Pavel Krylov > Received: from relay1.trustworks.com (zuka.trustworks.com [212.114.5.147]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA21952 for <ietf-pkix@imc.org>; Tue, 14 Dec 1999 02:28:17 -0800 (PST) Received: by relay1.trustworks.com (8.8.5/1.4) id NAA18607; Tue, 14 Dec 1999 13:31:48 +0300 (MSK) Received: from tws123(212.114.5.15) by zuka via smap (V2.0) id xma018577; Tue, 14 Dec 99 13:31:24 +0300 Message-ID: <38561C81.484072FF@trustworks.com> Date: Tue, 14 Dec 1999 13:31:29 +0300 From: Pavel Krylov <Pavel.Krylov@trustworks.com> Organization: TrustWorks X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 CC: ietf-pkix@imc.org Subject: Re: cert == crl References: <4.2.0.58.19991208161723.009f2680@mail.spyrus.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Thank you Russ for your reply. Okay, I understood the case I had written. Could you answer me the same question, if certificate's CRLDP extension had Distribution Point in it and crlIssuer in the same time. What restrictions are applied to the crlIssuer? Thanks a lot. Pavel Russ Housley wrote: > > If the CRLIssuer GN is a DirectoryName, then the CRL can be found in the > LDAP or X.500 Directory. I think that all of the other cases are ambiguious. > > Russ > > At 08:18 PM 12/8/99 +0300, Pavel Krylov wrote: > >Hi all, > > > >I would be grateful if someone helped me with one case in CRL > >processing. > >A certificate has some information how to find appropriate CRLs > >to check revokation status of the certificate. This information includes > >certificate issuer name (DN), alternative issuer name (GN) and CRLDPs > >extension, which in its order includes distribution point (dp, i.e. > >a choice between fullName(GN) and nameRelativeToCRLIssuer (rdn) ), > >reason codes and cRLIssuer name (GN). > > > >Okay, how I understand CRL processing begins from certificate, i.e. > >getting proper information to find appropriate CRL. Suppose, we have > >a certificate with following fields ( only mentioned to CRL ): > > > > cert > > |_ issuer (DN) > > |_ altIssuer (GN) > > |_ certExtensions > > |_ CRLDPs extension > > |_ crldp > > |_ cRLIssuer (GN) > > > >i.e. dp is absent, but cRLIssuer is present in CRLDPs extension. > >In this case I have a name of issuer of needed CRL, but it is > >represented by GN type. Say, I have some CRLs to try to apply them > >for the certificate. But each CRL has issuer (DN) and altIssuer (GN). > >So my question is how cRLIssuer(GN) is supposed to be compared with > >crl.issuer(DN) and crl.altIssuer(GN)?? > > > >Any ideas? > > > >Thanks a lot. > > > >Pavel Krylov Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id TAA01431 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 19:29:25 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <YP1K7XX8>; Mon, 13 Dec 1999 19:28:11 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE235E198@seine.valicert.com> From: Peter Williams <peterw@valicert.com> To: "'David P. Kemp'" <dpkemp@missi.ncsc.mil>, ietf-pkix@imc.org Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Date: Mon, 13 Dec 1999 19:28:09 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" David, Please do not take any real exception to my language concerning the synchronization of an acceptable use of the PKIX subjectDirectoryAttributes field and the use made by a given user community (NSA's various DoD-related customers.) That field is suitably generic; DoD/NSA is to be commended for arriving at its availability, and making use of it for purposes critical to US national security interests. Our own QC is written in an interesting & revealing manner - it expects to be sub-profiled, so "QC+local-extensions" meet the needs of particular user communities. Each of these include a subset of the internet community who are bound to one or more public or private legal systems, depending upon context. Should one such community, which will *by definition* fail to be interoperable at the intended legal level with the entire Internet community, choose to mandate a particular biometric inline data requirement tuned to the choice of biometric protection afforded a particular national id smartcard, then the architects have the perfect place to put such, non-naming, but subject-oriented information in the PKIX-conforming cert, using the sub-profiling authority provided by, and required by, QC. X.509 is pretty explicit about allowing use of such as photo material in certs. An "animated gif", consisting of a facial profile base image using inline data, with more detail arriving from the net could be a sensible data size compromise. I assume those the US folk who wrote PKIX were aware of NSA requirements, and accommodated those needs. Just as MISSI designers chose to then utilize the field for local-community authorization purposes, so can other now use the field for biometric authorization, or using biometrics to increase the confidence in user identification, as they see fit, as standardized by X.509. If nothing else, PKIX could assist such sub-profiling by providing an OID arc, for registering attribute definitions tuned to PKIX purposes. User organizations can of course define their own attributes, for non-PKIX purposes, pursuant to their sub-profiling responsibilities. -----Original Message----- From: David P. Kemp [mailto:dpkemp@missi.ncsc.mil] Sent: Monday, December 13, 1999 8:43 AM To: ietf-pkix@imc.org Subject: Re: Accessing/selecting biometrics was: Stray Poll: Finger-printsin QCs MISSI/Fortezza documentation is available, as always, from http://www.armadillo.huntsville.al.us/Fortezza_docs/missi2.html That includes the latest (12 May) versions of SDN.706: "X.509 Certificate and Certificate Revocation List Profiles and Certification Path Processing Rules for MISSI" and SDN.801: "MISSI Access Control Concept and Mechanisms". I take mild exception to Peter's characterization that the subjectDirectoryAttributes extension is somehow slanted toward MISSI's use of the extension as a container for the "prbacInfo", "sigOrKMPrivileges", and "commPrivileges" data structures. Those data structures are oriented toward a particular user community, but it is silly to imply that the extension itself is anything other than absolutely generic. I agree with Steve that the place to define biometric interoperability specifications is within a biometric interest group (open/closed consortium or IETF BOF/WG), not within PKIX. PKIX should provide a container (sDA or hash+URL, neither of which are specific to biometric data) but no more. Dave Kemp > From: Ed Gerck <egerck@nma.com> > > Peter Williams wrote: > > > May I ask a Booz-Allen or DoD party to post a URL here to the excellent > > and current version of SDN706 before we sensibly discuss further > > the use of labels and the authorization issue, re subjectDirectoryAttributes? > > I second that. I can host a public copy, if needed. This helps the interoperation > goal. > > Cheers, > > Ed Gerck > Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA26530 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 18:50:57 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <YP1K7XVD>; Mon, 13 Dec 1999 18:49:44 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE234383A@seine.valicert.com> From: Ambarish Malpani <ambarish@valicert.com> To: "'Hiroyuki Sakakibara'" <sakaki@iss.isl.melco.co.jp>, ietf-pkix@imc.org Subject: RE: certificate which has both AIA and CRL DPs Date: Mon, 13 Dec 1999 18:49:42 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Hi, The certificate that you are planning to issue is perfectly legal. Unfortunately, the answer to Question2 is not specified in the standards. It is up to the application to decide how it wants to prioritize the different validation methods. It is perfectly legal for the application to ask in the following order: OCSP server-2 CRL DP-1 OCSP server-1 CRL DP-2 or any other order it chooses. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 > -----Original Message----- > From: Hiroyuki Sakakibara [mailto:sakaki@iss.isl.melco.co.jp] > Sent: Tuesday, December 07, 1999 6:47 PM > To: ietf-pkix@imc.org > Subject: certificate which has both AIA and CRL DPs > > > Hello > > I would like to generate a certificate which has > both AIA and CRL DPs. > > Question1 : In RFC2459 specification, is this > certificate legal or illegal ? > > Question2 : If this certificate is legal, how does it describe the > order of priority to process those extensions? > > For example, > ------------------------------------------------ > 1st. OCSP server-1 > 2nd. OCSP server-2 > 3rd. CRL DP-1 > 4th. CRL DP-2 > > or > > 1st. OCSP server-1 > 2nd. CRL DP-1 > 3rd. OCSP server-2 > 4th. CRL DP-2 > > etc ... > ------------------------------------------------ > > Is a new extension(or any scheme) which describes the > list of these priorities needed? > > like this > > LIST { > 1st use AIA's 1st element, > 2nd use CRL DPs 1st element, > 3rd use "other method", > 4th use AIA's 2nd element, > 5th use CRL DPs 2nd element, > etc ... > } > > Please, can anyone help? > > Hioryuki Sakakibara > > ========================================= > Hiroyuki Sakakibara > Research Engineer > Information Security Department > Mitsubishi Electric Corporation > Information Technology R&D Center > 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501, Japan > PHONE: +81-467-41-2183 > FAX: +81-467-41-2185 > ========================================== > Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA19836 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 18:08:11 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <YP1K7XT2>; Mon, 13 Dec 1999 18:06:47 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE2343839@seine.valicert.com> From: Ambarish Malpani <ambarish@valicert.com> To: "'Russ Housley'" <housley@spyrus.com>, thayes@netscape.com Cc: ietf-pkix@imc.org Subject: RE: Q: Are repeated OIDs allowed in the AIA extension? Date: Mon, 13 Dec 1999 18:06:45 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Hi Russ, The clarification of AIA is pretty good. However, it doesn't address Terry's question, which is can there be an AIA extension, which has multiple OIDs with an accessMethod of id-ad-ocsp and different accessLocations. We have definitely assumed that you can have this kind of a situation, if you have multple URLs that point to legitimate OCSP responders for your server. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 > -----Original Message----- > From: Russ Housley [mailto:housley@spyrus.com] > Sent: Wednesday, December 08, 1999 8:02 AM > To: thayes@netscape.com > Cc: ietf-pkix@imc.org > Subject: Re: Q: Are repeated OIDs allowed in the AIA extension? > > > Terry: > > We tried to clarify AIA in the revision to RFC 2459. Please review > http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1- > 00.txt. If > you still have questions, please post them in the context of > the new AIA text. > > Russ > > At 05:14 PM 12/7/99 -0800, Terry Hayes wrote: > >All, > > > >This is a question about the constraints on the contents of the > >Authority Information Access extension as defined in RFC > 2459. This the > >data value in this extension consists of a sequence of > OID/GeneralName > >pairs. The OID portion of the pair indicates the purpose of > the value, > >while the GeneralName indicates where and (in some cases) > the protocol > >to use to perform other operations related to the certificate. The > >current RFC does not specify any restriction on the values > stored in the > >extension. In particular, it doesn't seem to rule out pairs in the > >sequence that have the same OID. > > > >I can imagine certificates that are issued that make use of the > >capability to associate multiple location values (names) > with a single > >OID. For example: > > > > OCSPResponder : http://ocsp.company.com > > OCSPResponder : http://ocsp.default.com > > > >This set of values in the AIA extension might indicate that two OCSP > >responders are available for checking certificate status. Also: > > > > OCSPResponder: http://ocsp.company.com > > OCSPResponder: tcpmsg://ocsp.company.com:1111 > > > >This configuration might indicate that OCSP is available over two > >protocols (HTTP POST and a hypothetical standard TCP message > protocol). > >The certificate client would be allowed to choose on that it has > >implemented. > > > >Is this sort of repeated value allowed in AIA? > > > >Terry Hayes > >thayes@netscape.com > Received: from oznet15.ozemail.com.au (oznet15.ozemail.com.au [203.2.192.116]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA15423 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 16:22:39 -0800 (PST) Received: from dallaptop (slsdn4p50.ozemail.com.au [210.84.9.242]) by oznet15.ozemail.com.au (8.9.0/8.6.12) with SMTP id LAA16615; Tue, 14 Dec 1999 11:26:05 +1100 (EST) From: "Lyal Collins" <lyalc@ozemail.com.au> To: <set-discuss@lists.commerce.net> Cc: <ietf-pkix@imc.org> Subject: RE: Online PIN & Server Wallet Date: Tue, 14 Dec 1999 11:23:46 +1100 Message-ID: <000301bf45c9$7c807680$f20954d2@dallaptop> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal In-Reply-To: <006a01bf45c3$10a2b0a0$6e07a8c0@pbaker-pc.verisign.com> I would have phrased it "control risk cost effectively". AADS is the nearest I have seen to a cost effective PKI model, the rest cost too much to implement and to operate. Lyal > -----Original Message----- > From: Phillip M Hallam-Baker [mailto:pbaker@verisign.com] > Sent: Tuesday, 14 December 1999 10:38 > To: Lyal Collins; set-discuss@lists.commerce.net > Cc: ietf-pkix@imc.org > Subject: RE: Online PIN & Server Wallet > > > > > Who cares about "not in the spirit of PKI"? > > > I want to see affordable implementations and affordable > operational models > > for PKI, otherwise, don't waste our time with it. > > I thought that was the spirit of PKI! > > If I get a bill from my telco it is the telco that is authenticating > itself to me as a corporate entity, not Kent the Clerk. > > One of the problems with the endless (and more than tedious) > discussions of > non repudiation and biometrics that infest the list could be avoided if > people would recognize that: > > 1) The objective is to _control_ risk. Eliminating every possible > threat is > not necessary to achieve that objective. > > 2) Non repudiation is not a binary property. It is not a question > of having > NR or not having it but one of degree. > > 3) Corporations do not have biometrics. > > > > Phill > > > Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA14628 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 15:33:59 -0800 (PST) Received: from postal-gw2.verisign.com (mailhost2.verisign.com [208.206.241.102]) by caladan.verisign.com (8.9.3/BCH1.7) with ESMTP id PAA00972; Mon, 13 Dec 1999 15:34:27 -0800 (PST) Received: from pbaker-pc.verisign.com ([192.168.7.110]) by postal-gw2.verisign.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id YMRLSJ5D; Mon, 13 Dec 1999 15:36:18 -0800 From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Lyal Collins" <lyalc@ozemail.com.au>, <set-discuss@lists.commerce.net> Cc: <ietf-pkix@imc.org> Subject: RE: Online PIN & Server Wallet Date: Mon, 13 Dec 1999 18:37:48 -0500 Message-ID: <006a01bf45c3$10a2b0a0$6e07a8c0@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal In-Reply-To: <000d01bf45a8$5e2a0e60$070a54d2@here> > Who cares about "not in the spirit of PKI"? > I want to see affordable implementations and affordable operational models > for PKI, otherwise, don't waste our time with it. I thought that was the spirit of PKI! If I get a bill from my telco it is the telco that is authenticating itself to me as a corporate entity, not Kent the Clerk. One of the problems with the endless (and more than tedious) discussions of non repudiation and biometrics that infest the list could be avoided if people would recognize that: 1) The objective is to _control_ risk. Eliminating every possible threat is not necessary to achieve that objective. 2) Non repudiation is not a binary property. It is not a question of having NR or not having it but one of degree. 3) Corporations do not have biometrics. Phill Received: from fep6.mail.ozemail.net (fep6.mail.ozemail.net [203.2.192.123]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA12133 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 12:24:54 -0800 (PST) Received: from here (slsdn5p07.ozemail.com.au [210.84.10.7]) by fep6.mail.ozemail.net (8.9.0/8.6.12) with SMTP id HAA22681; Tue, 14 Dec 1999 07:28:18 +1100 (EST) From: "Lyal Collins" <lyalc@ozemail.com.au> To: <set-discuss@lists.commerce.net> Cc: <ietf-pkix@imc.org> Subject: RE: Online PIN & Server Wallet Date: Tue, 14 Dec 1999 07:26:42 +1100 Message-ID: <000d01bf45a8$5e2a0e60$070a54d2@here> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 In-Reply-To: <01BF4551.F3691180@HYDRA> Who cares about "not in the spirit of PKI"? The end result of what I described is the same, and it is no less secure than the password at keyboard models most think we can use 'safely' I want to see affordable implementations and affordable operational models for PKI, otherwise, don't waste our time with it. Regards, Lyal > -----Original Message----- > From: set-discuss-owner@lists.commerce.net > [mailto:set-discuss-owner@lists.commerce.net]On Behalf Of Anders > Rundgren > Sent: Monday, 13 December 1999 20:08 > To: set-discuss@lists.commerce.net; 'Lyal Collins' > Cc: 'ietf-pkix@imc.org'; 'Matei (DSV)' > Subject: RE: Online PIN & Server Wallet > > > Lyal, > > >- Why not have the Server wallet sign on behalf of the > cardholder? - they've > >already authenticated themselves by PIN, thuis no need for a personalised > >certificate. > > Well, your are right about the server-signature but if you put > this statement in the > IETF-PKIX-list you will get return messages like "not secure", > "breaks the intention of PKI" , > "the user-environment and equipment is more trustworthy than a > server" etc. > > Naturally these guys will simply be ignored, as today you get > computer-generated invoices on > company-papers from energy companies and Telcos. When (if) they > convert this into PKI, > I doubt that they will add a human clerk to push "OK" or key > PIN-codes for each outgoing > digitally signed invoice. > > I do believe though that it would be advantageous (but not > absolutely necessary) that users also > performs a signature operation, preferably with the same device > and mechanism as they do for > their Internet-banking account. Here assuming that the server > wallet is located at the user's bank > which though may not always be the case. Some Internet-banks do > not require signing yet, and > in those cases your original idea is exactly as good (or bad) as > their on-line banking services. > > Anders > > ----------------------------------------------------------------------- > Message addressed to: set-discuss@lists.commerce.net > Archive available at: http://lists.commerce.net/archives/set-discuss/ > To (un)subscribe send a message with "subscribe" or "unsubscribe" in the > body to: set-discuss-request@lists.commerce.net > Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA08217 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 08:40:25 -0800 (PST) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id LAA10554 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 11:44:26 -0500 (EST) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id LAA10550 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 11:44:25 -0500 (EST) Received: from ara.missi.ncsc.mil (ara.missi.ncsc.mil [144.51.58.9]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id LAA09883 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 11:43:34 -0500 (EST) Received: from ara.missi.ncsc.mil (ara.missi.ncsc.mil [144.51.58.9]) by ara.missi.ncsc.mil (8.9.1b+Sun/8.9.1) with SMTP id LAA21211 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 11:43:19 -0500 (EST) Message-Id: <199912131643.LAA21211@ara.missi.ncsc.mil> Date: Mon, 13 Dec 1999 11:43:19 -0500 (EST) From: "David P. Kemp" <dpkemp@missi.ncsc.mil> Reply-To: "David P. Kemp" <dpkemp@missi.ncsc.mil> Subject: Re: Accessing/selecting biometrics was: Stray Poll: Finger-printsin QCs To: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: 3jtEwPT9iGbMu/zN7XMP2w== X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc MISSI/Fortezza documentation is available, as always, from http://www.armadillo.huntsville.al.us/Fortezza_docs/missi2.html That includes the latest (12 May) versions of SDN.706: "X.509 Certificate and Certificate Revocation List Profiles and Certification Path Processing Rules for MISSI" and SDN.801: "MISSI Access Control Concept and Mechanisms". I take mild exception to Peter's characterization that the subjectDirectoryAttributes extension is somehow slanted toward MISSI's use of the extension as a container for the "prbacInfo", "sigOrKMPrivileges", and "commPrivileges" data structures. Those data structures are oriented toward a particular user community, but it is silly to imply that the extension itself is anything other than absolutely generic. I agree with Steve that the place to define biometric interoperability specifications is within a biometric interest group (open/closed consortium or IETF BOF/WG), not within PKIX. PKIX should provide a container (sDA or hash+URL, neither of which are specific to biometric data) but no more. Dave Kemp > From: Ed Gerck <egerck@nma.com> > > Peter Williams wrote: > > > May I ask a Booz-Allen or DoD party to post a URL here to the excellent > > and current version of SDN706 before we sensibly discuss further > > the use of labels and the authorization issue, re subjectDirectoryAttributes? > > I second that. I can host a public copy, if needed. This helps the interoperation > goal. > > Cheers, > > Ed Gerck > Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id HAA07352 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 07:59:18 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id KAA12763; Mon, 13 Dec 1999 10:16:58 +0100 Received: by HYDRA with Microsoft Mail id <01BF4551.F3691180@HYDRA>; Mon, 13 Dec 1999 10:08:06 +0100 Message-ID: <01BF4551.F3691180@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "set-discuss@lists.commerce.net" <set-discuss@lists.commerce.net>, "'Lyal Collins'" <lyalc@ozemail.com.au> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Matei (DSV)'" <matei@dsv.su.se> Subject: RE: Online PIN & Server Wallet Date: Mon, 13 Dec 1999 10:08:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Lyal, >- Why not have the Server wallet sign on behalf of the cardholder? - they've >already authenticated themselves by PIN, thuis no need for a personalised >certificate. Well, your are right about the server-signature but if you put this statement in the IETF-PKIX-list you will get return messages like "not secure", "breaks the intention of PKI" , "the user-environment and equipment is more trustworthy than a server" etc. Naturally these guys will simply be ignored, as today you get computer-generated invoices on company-papers from energy companies and Telcos. When (if) they convert this into PKI, I doubt that they will add a human clerk to push "OK" or key PIN-codes for each outgoing digitally signed invoice. I do believe though that it would be advantageous (but not absolutely necessary) that users also performs a signature operation, preferably with the same device and mechanism as they do for their Internet-banking account. Here assuming that the server wallet is located at the user's bank which though may not always be the case. Some Internet-banks do not require signing yet, and in those cases your original idea is exactly as good (or bad) as their on-line banking services. Anders Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2-ext.email.verio.net [129.250.36.42]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA06154 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 07:24:39 -0800 (PST) Received: from dfw-mmp1.email.verio.net ([129.250.38.61]) by dfw-smtpout2.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMOQOI00.BAH for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 15:21:54 +0000 Received: from nma.com ([209.21.28.70]) by dfw-mmp1.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMOQNS00.J7U for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 15:21:28 +0000 Message-ID: <38550F2D.7B133F8@nma.com> Date: Mon, 13 Dec 1999 07:22:21 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: DS, NR and their legal effects Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit All: >From time to time, discussions in this WG have revolved around the issue of legal effects and intent of authentication (as indicated by setting the DS bit) and non-repudiation (as indicated by setting the NR bit). Even though these discussions exceed the technical charter of this WG, I understand that some posters might feel that "something is missing" unless we introduce words about the legal or binding effects of the DS bit and, especially, of the NR bit. This message intends to help clarify the issue and show that what is "missing" belongs indeed to another layer -- the legal layer. And, there should it rest if we want to improve interoperation lest we want PKIX to be tied in to one particular legal system and time, and fail in others. Technically, it has become clearer in these discussions that authentication and non-repudiation are distinct services (as clearly stated also in X.509v3) and that *both* the DS and NR bits are necessary to indicate what I might call the "signature state". Many agree that we cannot "deprecate" either because we would be missing an essential state variable and we could not adequately describe some digital signature systems. Suffice as limitation that the DS bit applies only to asymmetric signature algorithms. However, about the evidenciary consequences of authentication and non-repudiation? They would directly impact the ability of digital signatures to be used in e-commerce and to be enforceable in a court of law. Do we need to include words to this effect in PKIX, in order to allow PKIX to be applied as a commercial tool? Do we need to include the legal layer in PKIX? My opinion has been that we should not -- even though we need to keep an eye on the legal layer in order to verify if we are providing an adequate firm basis for it, whatever it might reasonably be. In this aspect, I present the current interpretation provision from the latest version of the UK Electronic Communications Bill (thanks to Nicholas Bohm for sending it to me): "In this Act- (a) references to the authenticity of any communication or data are references to any one or more of the following- (i) whether the communication or data comes from a particular person or other source; (ii) whether it is accurately timed and dated; (iii) whether it is intended to have legal effect" The Act provides that an electronic signature is admissible as evidence of the authenticity of a message or data, and paragraph (iii) above was inserted to meet the reproach that the original version failed to acknowledge that a signature is more than evidence of authenticity, it is evidence of an intention to adopt and approve what is signed. IMO, this provision thus does shed light into what the legal layer might include -- which largely solves the issue whether "something is missing" in PKIX. Indeed, "something is missing" but on purpose, because it is out of scope and provided elsewhere. Cheers, Ed Gerck Received: from gull.prod.itd.earthlink.net (gull.prod.itd.earthlink.net [207.217.121.85]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA04148 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 05:48:28 -0800 (PST) Received: from cbljrtorrent (CBL-jrtorrent.hs.earthlink.net [208.233.117.109]) by gull.prod.itd.earthlink.net (8.9.3/8.9.3) with SMTP id FAA24604 for <ietf-pkix@imc.org>; Mon, 13 Dec 1999 05:51:52 -0800 (PST) Message-ID: <002e01bf4571$3bfcafa0$6d75e9d0@cerf.net> Reply-To: "Juan Rodriguez-Torrent" <torrent@acm.org> From: "Juan Rodriguez-Torrent" <jrtorrent@earthlink.net> To: <ietf-pkix@imc.org> Subject: PKI Forum Date: Mon, 13 Dec 1999 08:51:57 -0500 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 I think this press release is of prime interest to this group Juan Rodriguez-Torrent torrent@us.ibm.com "It is better to sleep on things beforehand than lie awake about them afterwards." Baltasar Gracian For additional information on the PKI Forum: Patrick Corman Corman Communications (650) 326-9648 patrick@cormancom.com FOR IMMEDIATE RELEASE Baltimore Technologies, Entrust, IBM, Microsoft and RSA Security Announce Formation of PKI Forum Leaders in Public Key Infrastructure Provide Industry Focal Point for PKI Interoperability, Increased Customer Confidence for PKI-Based Solutions MENLO PARK, Calif., Dec. 13, 1999 -- Leading public key infrastructure (PKI) vendors Baltimore Technologies, Entrust Technologies Inc., IBM Corp., Microsoft Corp. and RSA Security Inc. today announced the formation of the PKI Forum, an industry-led collaboration created to accelerate the adoption of PKI technology and PKI-based solutions as the trusted, secure foundation for e-business applications. The PKI Forum will provide an opportunity for vendors to demonstrate support for standards-based, interoperable PKI by developing PKI interoperability profiles based on business-driven requirements in certificate interoperability, directory-PKI interoperability, application interoperability, certificate validation and other areas. The forum will sponsor product interoperability demonstrations and work closely with standards organizations and external test bodies. The forum also will bring customers and vendors together to increase customer knowledge about the value of PKI and demonstrate how PKI solves key security issues for e-business. "Infrastructure technologies like PKI succeed only when they can support a large number of users and applications," said Jamie Lewis, CEO of The Burton Group. "By addressing interoperability issues and raising business awareness of PKI, the PKI Forum can increase the number of applications that rely on PKI and thus accelerate the deployment of PKI-based solutions." The five founding PKI Forum member companies have expressed their commitment to working collaboratively with other vendors, as well as users, to ensure greater interoperability and utility for PKI-based solutions: Baltimore Technologies: "The PKI Forum will enable customers to see demonstrable interoperability among the leading PKI vendors," said Paddy Holahan, executive vice president of marketing. "Baltimore Technologies, as a founding member, will work to ensure the practical implementation of open standards to deliver manageable, robust PKI systems." Entrust: "The PKI Forum is all about increasing customer's confidence in our collective capabilities," said Brian O'Higgins, executive vice president and CTO, Entrust Technologies. "Enhancing interoperability and ease-of-use of PKI Technology will drive more value to our customers. Entrust is committed to the objectives of the PKI Forum." IBM: "IBM is committed to open standards, and our participation in the PKI Forum will benefit our customers who rely on PKI-based applications to provide a secure foundation for e-business," said Mark Greene, vice president, IBM SecureWay. "Working with the other vendors committed to this important forum and with the broader community of technology companies and customers who will participate in the forum's working groups, IBM continues to champion standards-based, interoperable PKI and the value it brings to global e-business." Microsoft: "As e-business evolves, PKI interoperability is crucial to meeting customer demand for Internet security. Microsoft has made this significant commitment to customers by providing PKI in Windows 2000® and is proud to play a founding role in the innovation and vision that the PKI Forum will provide to the industry and to customers," said Shanen Boettcher, product manager, Windows 2000 Security, Microsoft. "Microsoft is committed to keeping customers' information secure, and our membership in the PKI Forum is an important part of meeting this commitment." RSA Security: "Broad PKI interoperability is essential to advancing the deployment of trusted, secure e-business applications, and RSA is happy to have this opportunity to help make it a reality," said Scott Schnell, vice president of RSA Security. "We look forward to working closely with the other PKI Forum members in achieving this goal and lending our expertise to help promote the adoption of PKI technology." Membership in the PKI Forum is open to product and service providers, independent software vendors, consultants, integrators and end-user organizations that have a demonstrated interest in promoting PKI technology and PKI-based solutions. In addition to the five founding members, the PKI Forum is supported by a variety of leading companies that are committed to interoperable PKI-based solutions and have expressed interest in the PKI Forum. These companies include British Telecommunications plc, Hewlett-Packard Co., ID Certify, Novell Inc., The Open Group, Sun/Netscape Alliance, SPYRUS, Thawte Certification, Trustpoint, ValiCert Inc. and Xcert International Inc. Public key technology and digital certificates have emerged as the preferred enablers of strong security for a wide range of e-business applications, including secure e-mail, secure Web access, virtual private networks and digital signatures. The most common functions of a PKI are issuing certificates, revoking certificates, creating and publishing Certificate Revocation Lists (CRLs), storing and retrieving certificates and CRLs, and policy enforcement. Enhanced or emerging PKI functions include time-stamping and policy-based certificate validation. To successfully deploy a PKI, organizations must develop a sound strategy, plan for interoperability, determine how e-business applications will interface with the PKI, and plan for technical staffing requirements. The PKI Forum is being established within the legal framework of the managed consortia program of The Open Group, a vendor and technology-neutral consortium of IT buyers and suppliers. Through defining and extending industry standards, creating customer testing and conformance programs, and educating on best industry practices, The Open Group is focused on helping customers and vendors solve enterprise integration problems. Members of the PKI Forum plan to establish two standing working groups: ? The Business Working Group will help ensure that the forum understands the PKI needs of four constituencies: software developers, service providers, vendors and customers. It will link those needs to the Technical Working Group and carry out marketing activities. ? The Technical Working Group will develop PKI interoperability profiles to address the use of PKI in business applications, link with appropriate standards and other PKI organizations, and charter demonstration projects to establish interoperability among vendor products. The PKI Forum intends to conduct informational meetings and a reception for interested companies in conjunction with the RSA Conference 2000, to be held the week of Jan. 17-21, 2000, in San Jose, Calif. Organizations interested in membership in the PKI Forum should contact Graham Bird of The Open Group by phone at (650) 323-7992, by fax at (650) 323-8204, or by e-mail at g.bird@opengroup.org. Further information on The Open Group can be obtained at www.opengroup.org. For general information about the PKI Forum, see www.pkiforum.org. About Baltimore Technologies Baltimore Technologies develops and markets security products and services to enable companies to develop trusted, secure systems for e-business, e-commerce and the Internet. Its products include a wide range of PKI systems, cryptographic toolkits, security applications and hardware cryptographic devices. Baltimore Technologies markets and sells its solutions worldwide directly and through the TrustedWorld channel program. The company employs over 450 people worldwide and operates from over 20 cities, with headquarters in Dublin, Ireland; London; Boston; and Sydney, Australia. Baltimore Technologies plc is a public company with dual listings on Nasdaq (BALT) and the London Stock Exchange (BLM). For further information and press releases on Baltimore Technologies, please visit http://www.baltimore.com/. About Entrust Technologies Entrust Technologies Inc. (Nasdaq: ENTU) is a global leader in providing products and services that allow e-businesses to manage trusted, secure electronic transactions and communications over today's advanced networks, including the Internet, extranets and intranets. Since 1994, Entrust Technologies has been providing award-winning solutions to global enterprises, government entities, small to midsize businesses and individuals. Over 4 million Entrust Technologies users have been licensed with digital certificates to date. Entrust Technologies Inc. is headquartered in Plano, Texas, with offices in Canada, the United States, the United Kingdom, Switzerland, Germany and Japan. For additional company information, please visit http://www.entrust.com/. About IBM IBM is the world's largest information technology company, with 80 years of leadership in helping businesses innovate. IBM Software offers the widest range of applications, middleware and operating systems for all types of computing platforms, allowing customers to take full advantage of the new era of e-business. The fastest way to get more information about IBM software is through the IBM Software home page at http://www.ibm.com/software/. About Microsoft Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in software for personal and business computing. The company offers a wide range of products and services designed to empower people through great software - any time, any place and on any device. About RSA Security RSA Security Inc. (Nasdaq: RSAS), The Most Trusted Name in e-SecurityT, helps organizations build secure, trusted foundations for e-businesses through its RSA SecurID® two-factor authentication, RSA BSAFE® encryption and RSA KeonT public key management systems. As the global integration of Security Dynamics and RSA Data Security, RSA Security has the proven leadership, innovative technology and systems experience to address the changing security needs of e-business and bring trust to the new, online economy. RSA Security can be reached at http://www.rsasecurity.com/. # # # Entrust is a registered trademark of Entrust Technologies Inc. in the United States and other countries. In Canada, Entrust is a registered trademark of Entrust Technologies Ltd. All Entrust product names are trademarks of Entrust Technologies. BSAFE and SecurID are registered trademarks, and Keon, RSA and The Most Trusted Name in e-Security are trademarks of RSA Security Inc. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries/regions. All other company and product names are trademarks or registered trademarks of their respective owners. Editorial Contacts: Baltimore Technologies Tracy Ross (650) 372-5288 tross@baltimore.com Entrust Technologies Carrie Bendzsa (613) 247-3455 carrie.bendzsa@entrust.com IBM Nancy Riley (919) 486-2834 nriley@us.ibm.com Microsoft Luisa Vacca Waggener Edstrom (425) 637-9097 luisav@wagged.com RSA Security Inc. Rick Mack (781) 301-5344 rhmack@rsasecurity.com Statements of support regarding the mission of the PKI Forum have been received from the following organizations: "We are delighted to be part of the PKI forum. As one of the leading suppliers of eBusiness solutions in the UK, we are also committed to providing organizations with the most secure eBusiness infrastructure in the world. One of the crucial elements of building trust in eBusiness is the promotion of industry standards which will facilitate secure communication across open networks. The formation of an industry body which actively promotes these standards is a positive step forward and we look forward to working with all our partners." -- David Furniss General Manager, BT eBusiness "Hewlett-Packard Company supports the efforts of the PKI Forum to achieve gr eater interoperability among and faster adoption of PKI security technologies. E-Services require a robust security infrastructure to ensure trust, and HP is leveraging standards-based, interoperable PKI to deliver promise of this technology." - Roberto Medrano, General Manager, Internet Security Division, Hewlett Packard Company "ID Certify is looking forward to playing an active role in the PKI Forum. The Forum goals of interoperability for certificates and education will be critical for the growth and advancement of the industry." -- Linda Mackintosh, President, ID Certify "Novell believes the creation of the PKI Forum is an important step in accelerating the adoption of PKI security technology. PKI technology, in combination with directory services, is critical to the infrastructure of e-business and is central to the success of future technology-based commerce." -- Winston Bumpus, Director of Standards, Novell "The Open Group is pleased to support the members of the PKI Forum in their efforts to accelerate interoperability through industry standards, certification testing and conformance programs. The expected results of the PKI Forum will make a major contribution towards interoperability and increased end-user confidence in the deployment of multi-vendor PKI-based solutions." -- Allen Brown, President and CEO, The Open Group "As a PKI solutions provider, SPYRUS enthusiastically supports the creation of the PKI Forum. We look forward to an era of ubiquitous and interoperable PKI solutions from all of the various technology and service providers in this burgeoning industry. The PKI Forum is the first unified organization to bring together the PKI market leaders to openly discuss and encourage prompt response to critical business issues." - Sue Pontius, CEO, Spyrus "Thawte is pleased to be a member of the PKI Forum. We are confident that the PKI Forum will increase vendor awareness of the need for PKI interoperability and provide a venue for PKI protocol testing and adoption." - Mark Shuttleworth, President, Thawte Certification "We fully support the efforts of the PKI Forum and look forward to working with its members in creating open standards for interoperable PKI solutions. Trustpoint's cross-platform JavaT-based PKI components and certification authority systems enable standards-based trust management on the widest range of networked computing and communication devices. The PKI Forum's mission closely parallels our own, and we believe our recognized leadership in open PKI standards development will be a valuable asset to this organization." -- John Kennedy, Chief Technology Officer, Trustpoint "Interoperability is a cornerstone of ValiCert's VA solution, and we look forward to working with the other members of the PKI Forum on this and other PKI issues. PKI offers the best security foundation for all e-business applications, and we support the Forum's goal of accelerating PKI adoption." -- Sathvik Krishnamurthy, Vice President of Marketing and Business Development, ValiCert "Xcert's commitment to open standards to facilitate interoperability is an intrinsic part of our philosophy. We look at participating in the PKI Forum from its inception as a formal opportunity to drive to successful resolution one of the markets more pressing concerns, that of interoperability. Xcert customers, including American Banker's Association and GSA ACES Project (General Administration Services Access for Electronic Services Project), have voiced their support of Xcert's leadership role in the PKI Forum, reiterating that interoperability is a top priority in terms of their ability to move forward in their multi-vendor PKI initiatives." -- Patrick Richard, CTO of Xcert International, Inc. Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id XAA26534 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 23:49:05 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id IAA12540; Mon, 13 Dec 1999 08:54:26 +0100 Received: by HYDRA with Microsoft Mail id <01BF4546.6AE2F7F0@HYDRA>; Mon, 13 Dec 1999 08:45:33 +0100 Message-ID: <01BF4546.6AE2F7F0@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Lynn.Wheeler@firstdata.com'" <Lynn.Wheeler@firstdata.com> Cc: PKIX-List <ietf-pkix@imc.org> Subject: RE: QC Bio-info leak? Date: Mon, 13 Dec 1999 08:45:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit >??? not applicable to fingerprint??? ... which part? ... the AADS strawman with >on-device fingerprint sensor for activation or x9.84? Well, I EXPLICITLY referred to QC-002 were bio-metrics that need machine-verification are BANNED (or not supported depending on how "political" you want to be), for reasons unknown. That includes fingerprints. If you have local/personal device sensors and thus reading etc. biometrics is completely outside of the PKI. You trust a device instead. So it is another story. Such a solution could be interesting for mobile phones (has been shown actually) as a PIN-code replacement or better as a PIN-code complement IMO the QC-editors have quite some homework to do regarding other efforts in this area like the one you mention. Thank God I am not a QC editor! Anders Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA01078 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 17:29:29 -0800 (PST) Received: by florida.melco.co.jp (3.7W-florida) id KAA20983; Mon, 13 Dec 1999 10:32:32 +0900 (JST) Received: by mailgw.melco.co.jp (3.7W-mailgw) id KAA01633; Mon, 13 Dec 1999 10:33:03 +0900 (JST) Received: by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.7W-inetgw) id KAA19680; Mon, 13 Dec 1999 10:33:23 +0900 (JST) Received: from islgw.isl.melco.co.jp by elgw.isl.melco.co.jp (8.8.8/3.6W) id KAA11898; Mon, 13 Dec 1999 10:33:15 +0900 (JST) Received: from iss.isl.melco.co.jp by islgw.isl.melco.co.jp (8.8.8/3.6W) id KAA12812; Mon, 13 Dec 1999 10:36:58 +0900 (JST) Received: from belize by iss.isl.melco.co.jp (8.8.8/3.6W) id KAA22228; Mon, 13 Dec 1999 10:32:36 +0900 (JST) Message-ID: <007c01bf4509$b18c08f0$78054a0a@belize> From: "Hiroyuki Sakakibara" <sakaki@iss.isl.melco.co.jp> To: "Russ Housley" <housley@spyrus.com> Cc: <ietf-pkix@imc.org> Subject: RE: certificate which has both AIA and CRL DPs Date: Mon, 13 Dec 1999 10:30:52 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Mr.Housley Thank you for your reply. >Answer 1: Yes, a certificate can contain both a CRL Distribution Point >(CRLDP) extension and an Authority Information Access (AIA) extension. > >Answer 2: Precedence is not specified. The client may either fetch the >CRLs or use OCSP to determine whether or not the certificate is revoked. > >Russ I understand. I will try to create certificates with both AIA and CRL DP. Hiroyuki Sakakibara Received: from mail01-ewr.pilot.net (mail-ewr-1.pilot.net [206.98.230.18]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA00878 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 17:26:05 -0800 (PST) From: Lynn.Wheeler@firstdata.com Received: from mailgw.firstdata.com ([204.48.27.166]) by mail01-ewr.pilot.net with ESMTP id UAA19526; Sun, 12 Dec 1999 20:29:31 -0500 (EST) Received: from lnsunr02.firstdata.com ([206.201.60.104]) by mailgw.firstdata.com with SMTP id UAA08067; Sun, 12 Dec 1999 20:29:30 -0500 (EST) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 85256846.0007DE0B ; Sun, 12 Dec 1999 20:25:55 -0500 X-Lotus-FromDomain: FDC To: "Anders Rundgren" <anders.rundgren@jaybis.com> cc: "PKIX-List" <ietf-pkix@imc.org> Message-ID: <85256846.0007DC39.00@lnsunr02.firstdata.com> Date: Sun, 12 Dec 1999 17:27:43 -0800 Subject: Re: QC Bio-info leak? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline ... and as a total aside ... did manage to get AADS/X9.59 announcement and press releases at BAI show last week (something like Cebit for the world-wide retail banking industry). Also had AADS financial transactions and AADS privacy-broker transactions being demo'ed at the show ... the only thing missing from the demos was AADS RADIUS authentication for ISP & webserver connections. references (and pointer to press release) are at http://www.garlic.com/~lynn/ Received: from mail-ewr-3.pilot.net (mail-ewr-3.pilot.net [206.98.230.17]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA29352 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 16:03:34 -0800 (PST) From: Lynn.Wheeler@firstdata.com Received: from mailgw.firstdata.com ([204.48.27.166]) by mail-ewr-3.pilot.net with ESMTP id TAA10406; Sun, 12 Dec 1999 19:07:02 -0500 (EST) Received: from lnsunr02.firstdata.com ([206.201.60.104]) by mailgw.firstdata.com with SMTP id TAA07782; Sun, 12 Dec 1999 19:07:01 -0500 (EST) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 85256846.000052D4 ; Sun, 12 Dec 1999 19:03:32 -0500 X-Lotus-FromDomain: FDC To: "PKIX-List" <ietf-pkix@imc.org> cc: "Anders Rundgren" <anders.rundgren@jaybis.com> Message-ID: <85256846.0000515C.00@lnsunr02.firstdata.com> Date: Sun, 12 Dec 1999 15:57:36 -0800 Subject: Re: QC Bio-info leak? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline oh yes, the AADS parameterized risk management is attempting to look at the issues of deploying 50+ year lifetime infrastructures. simplifying a bit, the public key becomes the serial number of the infrastructure that performs the digital signature. That infrastructure has an overall assessed integrity level and is registered when the public key is registered. Incoming transactions can be authenticated ... and then authorization can be decided, in part, based on the integrity level of the signing infrastructure. Also the integrity level can be downgraded in real time as discoveries are made in the future. In theory, AADS strawman help reduce the integrity unknowns for doing risk assesement portion of authorization. It is even possible that expensive on-device bio-sensors can reduce the overall aggregate infrastructure expenses by 1) reducing risk inaccuracies and 2) eliminating cycles currently being spent in risk assesement things like expensive neural net applications. Of course, the implication is that reasonable device activation bio-sensors can have higher integrity properties than other device activation methodologies. Received: from mail01-ewr.pilot.net (mail-ewr-1.pilot.net [206.98.230.18]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA28734 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 15:13:57 -0800 (PST) From: Lynn.Wheeler@firstdata.com Received: from mailgw.firstdata.com ([204.48.27.166]) by mail01-ewr.pilot.net with ESMTP id SAA13378; Sun, 12 Dec 1999 18:17:21 -0500 (EST) Received: from lnsunr02.firstdata.com ([206.201.60.104]) by mailgw.firstdata.com with SMTP id SAA07609; Sun, 12 Dec 1999 18:17:20 -0500 (EST) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 85256845.007F9B7D ; Sun, 12 Dec 1999 18:13:48 -0500 X-Lotus-FromDomain: FDC To: "Anders Rundgren" <anders.rundgren@jaybis.com> cc: "PKIX-List" <ietf-pkix@imc.org> Message-ID: <85256845.007F9AAE.00@lnsunr02.firstdata.com> Date: Sun, 12 Dec 1999 15:16:18 -0800 Subject: Re: QC Bio-info leak? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline ??? not applicable to fingerprint??? ... which part? ... the AADS strawman with on-device fingerprint sensor for activation or x9.84? in the AADS scenerio the chip can be configured to be formfactor agnostic with contactless/wireless infrastructure. the issue of thumb-reader costs justification then becomes a parameterized risk management issue ... there is some at least one application that justifies having the thumbreader for the device ... or there isn't. as to x9.84 5.1 fingerprint 5.2 speaker recognition 5.3 eye scanning 5.4 face identification 5.5 hand geometry 5.6 signature verification Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id LAA27182 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 11:19:04 -0800 (PST) Received: from mega (t4o69p13.telia.com [62.20.145.133]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id UAA15548; Sun, 12 Dec 1999 20:24:55 +0100 Message-ID: <000a01bf44de$20c20d40$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: <Lynn.Wheeler@firstdata.com>, "PKIX-List" <ietf-pkix@imc.org> Subject: Re: QC Bio-info leak? Date: Sun, 12 Dec 1999 20:19:00 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id LAA27183 Lynn, thanx for the info although it does not apply to the QC-002 spec as it does not support finegerprints. The question is therefore (unfortunately) limited to subject image and handwritten signature. Although smart cards with built-in finerprint sensors could be great I believe that this makes them too expensive for most purposes. X9.84? Does anyone within the QC-group care to comments on that? Anders -----Original Message----- From: Lynn.Wheeler@firstdata.com <Lynn.Wheeler@firstdata.com> To: Anders Rundgren <anders.rundgren@jaybis.com> Cc: PKIX-List <ietf-pkix@imc.org> Date: Sunday, December 12, 1999 15:36 Subject: Re: QC Bio-info leak? > > >note in the AADS strawman case ... the fingerprint sensor can be configured on >the card and it used to activate the card ... in-place of PIN activation (with >bio information never appearing in the infrastructure). > >the AADS w/PIN activation was what was announced at BAI this past week (BAI show >is sort of the world-wide retail banking equivalent of cebit). the AADS >strawman also allows that the authentication function doesn't have to only >appear in card formfactor ... that contactless/wireless protocol would allow for >formfactor agnostic configurations. > >one of the challenges has been use in unfamiliar/unknown POS-like environments > >also within X9 ... there has been quite a bit of progress w/X9.84 (Management >and Security For The Biometrics Financial Services Industry) in conjunction with >various world-wide biometric standards organizations. > >as alwas ... references at http:/www.garlic.com/~lynn/ > Received: from mail-ewr-3.pilot.net (mail-ewr-3.pilot.net [206.98.230.17]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA25327 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 07:27:13 -0800 (PST) From: Lynn.Wheeler@firstdata.com Received: from mailgw.firstdata.com ([204.48.27.166]) by mail-ewr-3.pilot.net with ESMTP id KAA26790; Sun, 12 Dec 1999 10:30:40 -0500 (EST) Received: from lnsunr02.firstdata.com ([206.201.60.104]) by mailgw.firstdata.com with SMTP id KAA05482; Sun, 12 Dec 1999 10:30:39 -0500 (EST) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 85256845.0054E1FE ; Sun, 12 Dec 1999 10:27:08 -0500 X-Lotus-FromDomain: FDC To: "Anders Rundgren" <anders.rundgren@jaybis.com> cc: "PKIX-List" <ietf-pkix@imc.org> Message-ID: <85256845.0054E151.00@lnsunr02.firstdata.com> Date: Sun, 12 Dec 1999 07:29:03 -0800 Subject: Re: QC Bio-info leak? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline note in the AADS strawman case ... the fingerprint sensor can be configured on the card and it used to activate the card ... in-place of PIN activation (with bio information never appearing in the infrastructure). the AADS w/PIN activation was what was announced at BAI this past week (BAI show is sort of the world-wide retail banking equivalent of cebit). the AADS strawman also allows that the authentication function doesn't have to only appear in card formfactor ... that contactless/wireless protocol would allow for formfactor agnostic configurations. one of the challenges has been use in unfamiliar/unknown POS-like environments also within X9 ... there has been quite a bit of progress w/X9.84 (Management and Security For The Biometrics Financial Services Industry) in conjunction with various world-wide biometric standards organizations. as alwas ... references at http:/www.garlic.com/~lynn/ "Anders Rundgren" <anders.rundgren@jaybis.com> on 12/11/99 11:48:36 PM To: "PKIX-List" <ietf-pkix@imc.org> cc: (bcc: Lynn Wheeler/CA/FDMS/FDC) Subject: QC Bio-info leak? All, I have another question for you smart-card experts. I believe that biometrics as defined by the current QC-draft (002) will in 99% be used in conjunction with smart cards. Q: How do you anticipate that the bio-template is going to be protected without also requiring that the RP software is authenticating to the card? The latter will IMO not scale that well. Or is there another genial solution? My own solution to the problem is to never put "naked" smart cards in unknown readers, but to have them (or it) in a pesonal security terminal. In my case the mobile phone. Anders Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id WAA16144 for <ietf-pkix@imc.org>; Sat, 11 Dec 1999 22:48:40 -0800 (PST) Received: from mega (t2o69p76.telia.com [62.20.144.196]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id HAA59182 for <ietf-pkix@imc.org>; Sun, 12 Dec 1999 07:54:33 +0100 Message-ID: <001301bf4475$4d111210$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "PKIX-List" <ietf-pkix@imc.org> Subject: QC Bio-info leak? Date: Sun, 12 Dec 1999 07:48:36 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id WAA16145 All, I have another question for you smart-card experts. I believe that biometrics as defined by the current QC-draft (002) will in 99% be used in conjunction with smart cards. Q: How do you anticipate that the bio-template is going to be protected without also requiring that the RP software is authenticating to the card? The latter will IMO not scale that well. Or is there another genial solution? My own solution to the problem is to never put "naked" smart cards in unknown readers, but to have them (or it) in a pesonal security terminal. In my case the mobile phone. Anders Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id GAA09631 for <ietf-pkix@imc.org>; Sat, 11 Dec 1999 06:40:04 -0800 (PST) Received: from mega (t2o69p4.telia.com [62.20.144.124]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id PAA59010; Sat, 11 Dec 1999 15:03:00 +0100 Message-ID: <004101bf43e7$fc2e91c0$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "PKIX-List" <ietf-pkix@imc.org> Cc: "Denis Pinkas" <Denis.Pinkas@bull.net> Subject: Re: QC biometrics needs re-engineering NOW! Date: Sat, 11 Dec 1999 14:56:33 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id GAA09633 All, I have a couple of simple questions regarding biometrics as supported in the *current* QC-draft. Please, I would love to get answers from a purely engineering point-of-view. For a change. Background information: In several countries PKI-based identity-programs are being implemented. We are talking about of populations with millions of subscribers so it is not that "local". Many (but not all) use a static unique identifier (SSN-like but truly unique) to identify the subject. Certificates or subject data is NOT published in any way. Only CRLs. The CA/RA should in these schemes be considerad as "trusted" for handling information concerning its subscibers as this is the foundation for the entire scheme. Like it or not. Qyestions: Q1: In what way could privacy be hampered if there were an optional selectable version of such an identity-certificate containing an in-line data object with an image of the subject? Note that the unique identity-case is already lost so this question has only to do with the image. Q2: In what way would the *user* and *RP* benefit from a system using proprietary protocols for transmitting the bio-template (image file) and specialized GUIs telling: "Do you really want to give your image to XYZ" instead of simply selecting between - Standard QC ;Probably just "Name and number" - Photo ID ;Preferably identified by an easy-to-interprete icon on the user display - etc etc and only using standard authentication protocols. Note: I here refer to the QCdraft's non-URI version of biometric support, which if it has any value (where are you Denis?), should be defended or simply deleted. Anders Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3-ext.email.verio.net [129.250.36.43]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id UAA20493 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 20:28:56 -0800 (PST) Received: from dfw-mmp4.email.verio.net ([129.250.38.64]) by dfw-smtpout3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMK79S00.GAN for <ietf-pkix@imc.org>; Sat, 11 Dec 1999 04:32:16 +0000 Received: from nma.com ([209.21.28.92]) by dfw-mmp4.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMK79F00.JVS; Sat, 11 Dec 1999 04:32:03 +0000 Message-ID: <3851D3DB.4A36C9B8@nma.com> Date: Fri, 10 Dec 1999 20:32:27 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Peter Williams <peterw@valicert.com> CC: "'Stephen Kent'" <kent@bbn.com>, "'PKIX-List '" <ietf-pkix@imc.org> Subject: Re: Accessing/selecting biometrics was: Stray Poll: Finger-printsin QCs References: <27FF4FAEA8CDD211B97E00902745CBE235E196@seine.valicert.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Peter Williams wrote: > Ander's bio-vendors group, like NSA/DoD, have a quite appropriate home > for their "local material" which binds to the subject. As the material > is "local" and non-critical (per 2459), the authors/WGs opinion on > suitability of any such local information in an operational id-cert > infrastructure is, by definition, irrelevant. Local means we here have no > particular opinion, beyond ensuring interoperability in maintained. Yes. I think that Peter is quite correct to point out the value of diversity. And, that is why interoperation is more important than seeking the futile goal of perfect standardization -- because markets are local. However, there are evident problems of publishing private information, from harmless impersonation to outright fraud. So, even though anyone may feel free to promote unsafe standards in the private and even public sector, at the end it is interoperation that suffers when one badly designed protocol threatens to become the back-door of another, otherwise secure, protocol. The first goal is security not privacy, some may say -- but, what is it that security secures? That which is private or at least secret. So, if a bit of privacy is tossed out in order to obtain a bit of security then the means are denying the end. Security would thus be decreased -- e.g., by impersonation attacks, by information leak from unwanted recipients, etc., not increased. So, notwithstanding the needs of local markets, and the the fact that we should have here no particular opinion or demand on the local decisions of others, it is possible to be a bit more forward-looking and point out that quarantine may be the only solution to cope with a privacy-leaking protocol. To isolate or deprecate a protocol is a valid tool to provide security by confinement. I believe however that security cannot be based on confinement only, especially on an open network such as the Internet. We need to base security on understanding. That is why encouragement or discouragement of certain identification practices in regards to privacy and security (when based on technical reasoning and understanding, not on subjective biases and influence of lobbyists or catcalls of 'politics") is thus a specifically appropriate position HERE and NOW, I venture in contraposition to Peter, given the *explicit* need for *global* interoperation specified in current AND expected versions of PKIX-1. > I do suggest that it is quite appropriate for IETF to assist > interworking-oriented and PKIX-cert conforming groups formulate standard > syntaxes to represent information in cert which is designed > for local, or "card-present/signature-device present" type, > security enforcement processes. Many existing IETF-blessed LDAP > attributes are local in scope; PKIX can similarly oblige. I agree. And, likewise it is appropriate for anyone in an IETF WG to point out to such groups the overreaching problems which may be caused by certain approaches when they extrapolate their parochial realm. If, however, they intend to remain parochial then, I venture, there is no need for interoperation and no need for help from an IETF WG -- though such help may be offered and taken at what it is worth. However, to *demand* help for what seems to be from the start an ill-fated and ill-designed intrusion into privacy, and hence a security risk, is not justified. Not even in the good name of local market need. Because such need cannot help the interoperation goal, lest we want to subvert from the outset what we are designing. > May I ask a Booz-Allen or DoD party to post a URL here to the excellent > and current version of SDN706 before we sensibly discuss further > the use of labels and the authorization issue, re subjectDirectoryAttributes? I second that. I can host a public copy, if needed. This helps the interoperation goal. Cheers, Ed Gerck Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA28728 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 16:38:57 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <YP1K74XB>; Fri, 10 Dec 1999 16:37:38 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE235E196@seine.valicert.com> From: Peter Williams <peterw@valicert.com> To: "'Stephen Kent'" <kent@bbn.com> Cc: "'PKIX-List '" <ietf-pkix@imc.org> Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Date: Fri, 10 Dec 1999 16:37:36 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Steve, In response to your comments, I venture that my suggestion is wholly reasonable, I assert again. Concerning the factual basis of your counter-argument, the "latest" version of 2459 merely advises a MODEL OF "prioritization and scope - for implementers (not operators)" concerning the subjectDirectoryAttributes field. (See quote, below.) In no sense do I read from the normative text that use of the disputed field is/was "discouraged". Now we have 2 local uses for subjectAttributes - NSA's and the biometric application - and given we are revising 2459 for bugs and timeliness of options and important processing steps, it is NOW appropriate to revise even this language so that X.509's design and intent can be realized in the Internet environment. Nothing in the "Internet environment" suggests that this quite properly standardized field is in someway fundamentally tainted. 2459 specifically encourages operators to change or refine the profile, as they see fit, furthermore. Ander's bio-vendors group, like NSA/DoD, have a quite appropriate home for their "local material" which binds to the subject. As the material is "local" and non-critical (per 2459), the authors/WGs opinion on suitability of any such local information in an operational id-cert infrastructure is, by definition, irrelevant. Local means we here have no particular opinion, beyond ensuring interoperability in maintained. Encouragement or discouragement (at best a non-normative and political element of a standards process, subject to subjective biases and influence of lobbyists) is perhaps a specifically inappropriate position HERE, I venture, given the *explicit* local delegation specified in current AND expected versions of PKIX-1. "The subject directory attributes extension is not recommended as an essential part of this profile, but it may be used in local environ- ments. This extension MUST be non-critical." I do suggest that it is quite appropriate for IETF to assist interworking-oriented and PKIX-cert conforming groups formulate standard syntaxes to represent information in cert which is designed for local, or "card-present/signature-device present" type, security enforcement processes. Many existing IETF-blessed LDAP attributes are local in scope; PKIX can similarly oblige. May I ask a Booz-Allen or DoD party to post a URL here to the excellent and current version of SDN706 before we sensibly discuss further the use of labels and the authorization issue, re subjectDirectoryAttributes? Peter. -----Original Message----- From: Stephen Kent [mailto:kent@bbn.com] Sent: Friday, December 10, 1999 11:07 AM To: Peter Williams Cc: 'PKIX-List ' Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Peter, > >Steve's argument really does not make sense, in a wider context. > >NSA defines, in SDN706, clearance and privilege attributes to >instrument authorization regimes including NOFORN, >RELUK, etc, and PKIX faciliates their transport & carriage in >the PKIX flexible, subjectDirectoryAttributes field. you mean the field that 2459 discourages use of? >If PKIX id-certs transport such authorization info, they >can transport similar bio-info, in other subjectDirectoryAttributes >fields. certainly you understand the difference between authorization and authentication info, so the analogy looks rather weak on that basis alone. >The privacy argument concerning bio info is mostly the same >as authorization info. A 100 byte compressed picture of me >is no more sensitive than the level of my (non-existing) US >security clearance. no, it is not. the two concerns are incomparable, in general. people holding clearances have opted into a system which requires abandoning some privacy concerns, and adopting new ones imposed by the clearance issuer. a private citizen who makes use of biometric data for authentication in a QC is operating under a different set of privacy assumption, constraints, etc. >Given the seeming synchronization of PKIX work and NSA work, I >have no doubt that knowledge of this authorization case is >well known to all those who decide what goes into PKIX >draft standards. several of the authors of 2459 are aware of the SDN706 work, but they did not skew the document to endorse that NSA spec. today, we would encourage putting that info into an AC. >If my argument does not hold, then authorization info >in PKIX-compliant certs should be restricted to a hash-reference, >so it is aligned with the bio-data rationale. if your analogy were valid, and if we did not disparage use of the directory attributes extension, this argument might make sense, however, ... >This would of course make a large swath of NSA certs >today PKIX non-complying. I doubt PKIX WG would make that >decision, somehow: so PKIX stds should allow the same logic as >enabled 100 bytes of authorization information to now >also hold for embeddeding 100 bytes of bio-data. we're not talking about backward compatibility here, so again the analogy is flawed. Steve Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA25152 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 12:24:30 -0800 (PST) Received: from [171.78.30.108] (comsecpb.bbn.com [171.78.30.108]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id PAA10012; Fri, 10 Dec 1999 15:27:11 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v04220804b476fb461a6a@[171.78.30.108]> In-Reply-To: <01BF40CF.A1904DA0@HYDRA> References: <01BF40CF.A1904DA0@HYDRA> Date: Fri, 10 Dec 1999 13:51:52 -0500 To: Anders Rundgren <anders.rundgren@jaybis.com> From: Stephen Kent <kent@bbn.com> Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-printsin QCs Cc: "'SEIS-List'" <list@seis.nc-forum.com>, PKIX-List <ietf-pkix@imc.org>, Tony Bartoletti <azb@llnl.gov>, "'Denis Pinkas'" <Denis.Pinkas@bull.net>, "'Stefan Santesson'" <stefan@accurata.se> Content-Type: text/plain; charset="us-ascii" ; format="flowed" >Anders, > >PKIX creates infrastructure standards. Specifying a means of binding >biometric data to a cert is within scope. specifying a means of >carrying this data in a wide range of application environments is out >of scope. > >I would say that this sloppy definition requires that the maker of >the smart-card and >the authenticating application are identical. Interoperability=ZERO. > While interoperability is a prime focus of IETF WGs, we still have to have bounds on our work. Smart cards are not the only means of dealing with certs. So, the fact that there is need for additional standards in specific contexts, in order to ensure interoperability is not new, nor surprising. > For example, we don't tell IPsec, SSL/TLS, or S/MIME how >to transport certificates or CRLs in those applications; > >Odd examples. AFAIK SSL/TLS specify exactly how and when client and >server certificates are transmitted between client and server. Unfortunately, your knowledge is lacking here. SSL/TLS do NOT specify cert usage details at all. This is the province of HTTPS, a different (and not IETF standard) protocol. > >Having defined a means of binding biometric data to a cert, >while not putting it in the cert and thus mitigating privacy >problems, we have done the part of the job that is appropriate for >this WG. It is out of scope, starting with the assumption that certs live exclusively on smart cards. > >As noted by others, the URI+hash thing does not do the privacy job >the way you describe it and then >the whole foundation is flawed. I.e. we are back to "file-size" >discussions which are pretty trivial. > >User certificate selection is (so far) the only documented, >interoperable, general-purpose solution to privacy >problems of the kind introduced by certificates containing >"sensitive" information like SSNs, biometrics etc. I don't what point you are trying to make above. Steve Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA25036 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 12:24:13 -0800 (PST) Received: from [171.78.30.108] (comsecpb.bbn.com [171.78.30.108]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id PAA09992; Fri, 10 Dec 1999 15:27:08 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v04220801b476f88975b3@[171.78.30.108]> In-Reply-To: <01BF4267.0CCA6A40@HYDRA> References: <01BF4267.0CCA6A40@HYDRA> Date: Fri, 10 Dec 1999 13:40:13 -0500 To: Anders Rundgren <anders.rundgren@jaybis.com> From: Stephen Kent <kent@bbn.com> Subject: RE: QC biometrics needs re-engineering NOW! Cc: PKIX-List <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Anders, By all means feel free to move your efforts to the context of industry consortia (not to be confused with open standards groups) on ways to achieve your ends. Since we disagree about the scope of our work vs. what you wish to accomplish this may be beneficial for both camps. Just don't expect PKIX compliant systems to necessarily be compatible with the work you foster in such closed environments. Steve Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA25007 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 12:24:02 -0800 (PST) Received: from [171.78.30.108] (comsecpb.bbn.com [171.78.30.108]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id PAA10034; Fri, 10 Dec 1999 15:27:18 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v04220805b476fcba71d9@[171.78.30.108]> In-Reply-To: <27FF4FAEA8CDD211B97E00902745CBE235E190@seine.valicert.com> References: <27FF4FAEA8CDD211B97E00902745CBE235E190@seine.valicert.com> Date: Fri, 10 Dec 1999 14:06:31 -0500 To: Peter Williams <peterw@valicert.com> From: Stephen Kent <kent@bbn.com> Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Cc: "'PKIX-List '" <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Peter, > >Steve's argument really does not make sense, in a wider context. > >NSA defines, in SDN706, clearance and privilege attributes to >instrument authorization regimes including NOFORN, >RELUK, etc, and PKIX faciliates their transport & carriage in >the PKIX flexible, subjectDirectoryAttributes field. you mean the field that 2459 discourages use of? >If PKIX id-certs transport such authorization info, they >can transport similar bio-info, in other subjectDirectoryAttributes >fields. certainly you understand the difference between authorization and authentication info, so the analogy looks rather weak on that basis alone. >The privacy argument concerning bio info is mostly the same >as authorization info. A 100 byte compressed picture of me >is no more sensitive than the level of my (non-existing) US >security clearance. no, it is not. the two concerns are incomparable, in general. people holding clearances have opted into a system which requires abandoning some privacy concerns, and adopting new ones imposed by the clearance issuer. a private citizen who makes use of biometric data for authentication in a QC is operating under a different set of privacy assumption, constraints, etc. >Given the seeming synchronization of PKIX work and NSA work, I >have no doubt that knowledge of this authorization case is >well known to all those who decide what goes into PKIX >draft standards. several of the authors of 2459 are aware of the SDN706 work, but they did not skew the document to endorse that NSA spec. today, we would encourage putting that info into an AC. >If my argument does not hold, then authorization info >in PKIX-compliant certs should be restricted to a hash-reference, >so it is aligned with the bio-data rationale. if your analogy were valid, and if we did not disparage use of the directory attributes extension, this argument might make sense, however, ... >This would of course make a large swath of NSA certs >today PKIX non-complying. I doubt PKIX WG would make that >decision, somehow: so PKIX stds should allow the same logic as >enabled 100 bytes of authorization information to now >also hold for embeddeding 100 bytes of bio-data. we're not talking about backward compatibility here, so again the analogy is flawed. Steve Received: from exchng-fairfax.pec.com (exchng-fairfax.pec.com [204.254.216.13]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA23815 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 11:03:52 -0800 (PST) Received: by EXCHNG-FAIRFAX with Internet Mail Service (5.5.2650.21) id <XPJDQ71Q>; Fri, 10 Dec 1999 14:07:56 -0500 Message-ID: <408016D0F599D311A82B0008C7F450FD0B4267@EXCHNG-FAIRFAX> From: MHenry <MHenry@PEC.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'pki-twg@csmes.ncsl.nist.gov'" <pki-twg@csmes.ncsl.nist.gov> Subject: RFC 2527 Physical Security Controls Question Date: Fri, 10 Dec 1999 14:07:51 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain All, RFC 2527( CP and CPS Framework), 4.5.1,Physical Security Controls, includes site location and CA facility construction , as topics that should be considered in a CP or CPS. I am in the process of writing a CP/CPS and I am looking for standards that would apply to this section. Can anyone point me towards an industry/private sector/civil side of government "standard" for hardening a facility. I am particularly looking for some sort of of construction standards that would permit me to distinguish between, for example, a CA facility that might fairly be described as being built to support a "high" standard of security/assurance and one built to a "medium" standard. Can it be wood? brick? steel? one story? windows? etc? I spent decades concerned with SCIF designs and vulnerabilities but I don't think that is what I need here. My potential adversaries are not national services and what I am protecting is not of such persistent high value to most people. Thanks, Michael C. Henry Principal Member of the Technical Staff Performance Engineering Corporation 3949 Pender Drive Fairfax, VA Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3-ext.email.verio.net [129.250.36.43]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA22279 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 09:06:42 -0800 (PST) Received: from dfw-mmp1.email.verio.net ([129.250.38.61]) by dfw-smtpout3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMJB3L00.OJF for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 16:57:21 +0000 Received: from nma.com ([209.21.28.110]) by dfw-mmp1.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMJB2U00.1GX; Fri, 10 Dec 1999 16:56:54 +0000 Message-ID: <38513102.1D7232C5@nma.com> Date: Fri, 10 Dec 1999 08:57:38 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: ietf-pkix@imc.org, Tim Polk <wpolk@nist.gov> Subject: Shifting around the risk burden, Re: Consensus Text for key usage? References: <3.0.5.32.19991207153050.007ff720@csmes.ncsl.nist.gov> <384D801C.1EF2E955@nma.com> <384FD013.C3A83DC5@bull.net> <3850BD45.7C71926F@nma.com> <3850CC0A.B9514DDC@bull.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Denis: My disagreement with you is not a matter of opinion, but in basics. What you propose is outside the scope of X.509. Section 1 states (my inserted *): Authentication (and other security services [including thus non-repudiation]) can only be provided within the context of a defined security policy. It is a matter for users of an application to define *their own* security policy which may be *constrained* by the services provided by a standard. Further, the general scope of X.509 is *authentication*, the verification of user credentials. What the user signs with those credentials is outside the scope of X.509 -- the user is in no way constrained on the content, meaning or legal implications of what is signed. So, PKIX MAY constrain the security policies that users can define but PKIX MUST NOT define that security policy, NOR what it must include, NOR the legal or otherwise any implication of what is signed. PKIX MAY only say what a user's security policy MUST NOT allow -- and even so, ONLY in regard to the scope of PKIX (authentication of user credentials). And, this makes pretty good sense. Why should it be desirable, as you wish, for PKIX to impose upon users the non-technical burden of risk for the *data* signed with a key when X.509 is moot on what is signed and even on how users should verify what is signed prior to signing? And, what does this have to do with security considerations on *private-keys* in PKIX -- are you really still constraining user security policies for keys when you set a mock criminal code for data that is signed by keys? After all, PKIX *refuses* to warn CAs on *any* security risks in that very same NR security discussion you propose -- and thus CAs can become the back-door of user security if one follows what you suggest and shift the burden of risk 100% to the user. So, following your suggested additions and forceful defense of them, I am forced to conclude that even though PKIX is not willing to trust users to take the necessary precautions, it does expect them to take the risk of failing to take the precautions. Is this a fair conclusion? Your suggestion is therefore: (i) not in accord with X.509 design framework (Section 1) and, (ii) does not allow risk to be well balanced between user and CA. In effect, your suggestion *interferes* with the CA-user relationship -- which is hands-off by design in X.509, and intends to *impose* rules on the consequences of content signed by users -- which is clearly outside the scope of X.509. Further, what you propose would amount to an overreaching security policy set by PKIX over *all* users, while any CA is free to do whatever they want and even to treat different users differently. Note also that X.509 refrains from setting security policies even for user identification (this is also in accord with X.509 Section 1 cited above). For example, X.509 Section 11.2.a states that: "a certification authority shall be satisfied of the identity of a user before creating a certificate for it", which means that identity validation procedures are to be satisfied in the CA's frame of reference by following the CA's own rules (CPS), which are declared outside the scope of X.509 and can be entirely different for different CAs and even for different users in the same CA. So, what is this all about? It is about NOT including the following text segments in PKIX security discussions, for the reasons inlined: 1. NOT include: When such a certificate [with NR bit set] is delivered, it implies that the owner of the corresponding private key should be warned that, in the event of a dispute, he may be held responsible of the data signed with this key. REASON: Setting user's security policy on the data *signed* by the user is outside the scope of PKIX. The text seems to intend to allow CAs to hide behind PKIX in order to impose upon users a burden which not even CAs accept for the data they sign with their own key. Obviously, this would be unfair and is not what this WG should recommend. 2. NOT include: If a certificate has both the digitalSignature and the nonRepudiation bit set, the owner of the private key should make sure that all the environments and applications where the corresponding private key is being used do not allow a misuse of that private key. REASON: Obviously impossible -- the user has no way of knowing that *all* the environments and applications where the corresponding private key is being used do not allow a misuse of that private key. Further, setting user's security policy is outside the scope of PKIX -- especially so in *applications*. 3. NOT include: If that confidence can only be obtained in some environments, two different certificates, one with one public key and the digitalSignature bit set and another one with a different public key and the nonRepudiation bit set, should be used, so that the private key corresponding to the certificate with the nonRepudiation bit set is only used in secure environments. REASON: Obviously, the private key corresponding to any certificate [not only NR] should only used in secure environments, where "secure" is a concept relative to risk and cost. Besides, X.509 *already* says this in "One of the basic principles of strong authentication is that the users private key remain secure. A number of practical methods are available for the user to hold his private key in a manner that provides adequate security". Cheers, Ed Gerck PS: My early attempt to "save" some of your suggestions by editing them to be in accord with X.509's factual text has been unfruitful. Therefore, it seems better to me to just delete them. This is however a matter of opinion and I would welcome (as a second option) that number (2) and (3) be edited. However, I see nothing of substance that would be left if (1) is edited to reflect X.509 as an authentication spec, not a one-sided surreptitious criminal code on content signed -- as currently implied by it. Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA13298 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 01:44:26 -0800 (PST) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id KAA20152; Fri, 10 Dec 1999 10:47:08 +0100 Message-ID: <3850CC0A.B9514DDC@bull.net> Date: Fri, 10 Dec 1999 10:46:50 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: Ed Gerck <egerck@nma.com> CC: ietf-pkix@imc.org, Tim Polk <wpolk@nist.gov> Subject: Re: Consensus Text for key usage? References: <3.0.5.32.19991207153050.007ff720@csmes.ncsl.nist.gov> <384D801C.1EF2E955@nma.com> <384FD013.C3A83DC5@bull.net> <3850BD45.7C71926F@nma.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Ed, I would like to leave the bandwith of the PKIX mailing list for other topics and thus I am not going to argument for ever on that topic. So, (I do hope that) this is my last reply to you on that topic and I let Tim, the editor, take the final decision. > > > > When such a > > > > certificate is delivered, it implies that the owner of the > > > > corresponding private key should be warned that, in the event of a > > > > dispute, he may be held responsible of the data signed with this > > > > key. > > > > > I am not in favor of this entire sentence. > > .... > > > Suggestion: delete the sentence. > > > > If I re-use the example I > > used during my presenation at the last PKIX session in Washington, > > the user should really be warned, e.g. not to insert his key in an > > unknown door lock so that instead of getting the door opened he > > unknowingly signs a check of 5.000 $. > > Or not. It depends on the CA's CPS, on what is disclaimed by the user > in the signed data, etc. My objection to that text segment is that PKIX > is not the party that should "warn" the user of anything, or mandate that > the user "should be warned" -- such "warning" is outside the scope of > PKIX in the same way that the CPS is outside the scope of PKIX. Your two arguments can be refuted: 1) CA's CPS will say that key that has the NR bit set has NR properties for everything signed with that key. So if someting is maliciously signed, it becomes rather hard for the user to say that it was maliciously obtained. He has to make sure that nothing can be maliciously signed using that key. The environment where the key is being used should have a "What You See Is What You Sign" (WYSIWYS) property. 2) In the example no disclaimer can be placed by the user because he does not know what he signs while opening the door. So we currently end up with a simple conclusion: we simply disagree. > > There may be alternatives to > > the proposed wording, but the warning should be kept. Do not forget > > that this belongs to the security considerations section, where > > warnings are fully appropriate. > > But not for warnings that lie outside the scope of PKIX. For example, the > user is not warned to set the date correctly in his computer -- and yet, > setting a wrong date may make an expired certificate, valid. The > justification/negation of user actions, or lack of actions, lie outside the > scope of PKIX in the same way that justification of CA's actions are not > the concern of PKIX. I would have no problem to extend warnings to the case you describe. So I do not take this as an argument. > > > > If a certificate has both the digitalSignature and the > > > > nonRepudiation bit set, the owner of the private key should make > > > > sure that all the environments and applications where the > > > > corresponding private key is being used do not allow a misuse of > > > > that private key. > > > > > > I am not in favor of this entire sequence. > > >.... > > > Suggestion: A toned-down statement might be useful, such as: > > > > > > If a certificate has both the digitalSignature and the > > > nonRepudiation bit set, the private key owner should take > > > justified measures to prevent a misuse of that private key. > > > > I think your sentence creates more problems than the original one. > > Some people might argument: what means a "justified measure" ? The > > original sentence should be kept. > > Your point is well taken. Perhaps an even more toned-down note would > be useful, for example: > > If a certificate has both the digitalSignature and the > nonRepudiation bit set, the private key owner should take > measures to prevent a misuse of that private key. Your proposal is missing the fact that the measures are related to the environments where the key is being used. It may be sufficiently explicit for you, but it would become hard to understand for the novice. > where not even justification is predicated -- leaving the user > responsible for deciding "how", while PKIX clearly warns > about "what" should be protected when the NR and DS bits > are set. > > > > > If that confidence can only be obtained in some > > > > environments, two different certificates, one with one public > > > > key and the digitalSignature bit set and another one with a > > > > different public key and the nonRepudiation bit set, should be used, > > > > so that the private key corresponding to the certificate with the > > > > nonRepudiation bit set is only used in secure environments. > > > > > > I am not in favor of this addition, which seems obvious > > .... > > > If one thinks though that saying something is necessary, I suggest, in > > > agreement with the change proposed above: > > >... > > > > Your proposed text is much more complicated to follow (and longer) > > than the original one. > > Your point is well taken. I go back to my first suggestion to simply delete > the addition. Seems less confusing at this time. You cannot say above " this addition [...] seems obvious " and a few lines later "delete the addition. Seems less confusing at this time". It cannot be both obvious and confusing. Ed, I have done my best to answer your E-mails. We cannot argument for ever. Tim, the final decision is yours. Regards, Denis > Cheers, > > Ed Gerck Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA12982 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 01:35:06 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id KAA52792; Fri, 10 Dec 1999 10:40:27 +0100 Received: by HYDRA with Microsoft Mail id <01BF42F9.B87E5440@HYDRA>; Fri, 10 Dec 1999 10:31:29 +0100 Message-ID: <01BF42F9.B87E5440@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Ed Gerck'" <egerck@nma.com> Cc: PKIX-List <ietf-pkix@imc.org>, "'Ben Laurie'" <ben@algroup.co.uk> Subject: RE: QC biometrics needs re-engineering NOW! Date: Fri, 10 Dec 1999 10:31:28 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Ed, >Anders Rundgren wrote: >> Seeing the virtually ZERO progress on the biometric part of QC, I get the feeling it may be >> a better idea (if speed counts) to keep things within a group with members that are more focused >> on solutions rather than just making "noise" or running private political campaigns (Ed & Co). >Anders: >Sometimes, an attack is the best defense. Not here. Please either defend your >"secret standard" approach on its own merit (which I postulate does not exist >and agree with Ben) or keep silence. A part of this can be found at the biometric Consortium web site: http://www.biometrics.org/html/x_509.html >I have no private (or, public) political >campaigns to run and I feel harassed just by having to come here and say this >to you. Since you (and others) do not address the interoperability questions raised, I feel that the design issues are obscured by too much politics. Why not allow a design to support different political/personal opinions instead of forcing a specific one upon everybody? You believe that privacy is the #1 issue. That is a personal opinion that not everybody have to support. MY personal opinion (which you don't have to share) is that you can information-wise be "intimate" with a few selected parties. And to these parties the authentication of the subject may be of uttermost importance. Even for the subject BTW! So let *implementers*, *customers*, *lawyers* and *market* decide what they feel comfortable with! It is a free world, isn't it? >If your point is not accepted today, there is no need to become desperate ;-) Since a lot of knowledgeable people outside of this pretty boring list support the in-line bio-stuff, I don't feel that desperate *anymore* :-). Just puzzled. >Maybe, just maybe, you are wrong. I won't say that you are wrong or than I am right. I just say that my suggested solution (user certificate selection), to the subject privacy issue (in my concept not limited to biometrics) is well worth a comment and hopefully even could be an OPTION in QC. >Cheers, Well... Anders Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3-ext.email.verio.net [129.250.36.43]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA11298 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 00:46:25 -0800 (PST) Received: from dfw-mmp3.email.verio.net ([129.250.38.63]) by dfw-smtpout3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMIOIT00.05T for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 08:49:41 +0000 Received: from nma.com ([209.21.28.102]) by dfw-mmp3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMIOHR00.K4K; Fri, 10 Dec 1999 08:49:03 +0000 Message-ID: <3850BEB8.B3E2661@nma.com> Date: Fri, 10 Dec 1999 00:50:00 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@jaybis.com> CC: PKIX-List <ietf-pkix@imc.org>, "'Ben Laurie'" <ben@algroup.co.uk> Subject: Re: QC biometrics needs re-engineering NOW! References: <01BF4267.0CCA6A40@HYDRA> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Anders Rundgren wrote: > Seeing the virtually ZERO progress on the biometric part of QC, I get the feeling it may be > a better idea (if speed counts) to keep things within a group with members that are more focused > on solutions rather than just making "noise" or running private political campaigns (Ed & Co). Anders: Sometimes, an attack is the best defense. Not here. Please either defend your "secret standard" approach on its own merit (which I postulate does not exist and agree with Ben) or keep silence. I have no private (or, public) political campaigns to run and I feel harassed just by having to come here and say this to you. If your point is not accepted today, there is no need to become desperate ;-) Maybe, just maybe, you are wrong. Cheers, Ed Gerck Received: from dfw-smtpout1.email.verio.net (dfw-smtpout1-ext.email.verio.net [129.250.36.41]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA10175 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 00:40:18 -0800 (PST) Received: from dfw-mmp1.email.verio.net ([129.250.38.61]) by dfw-smtpout1.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMIO8L00.4U4 for <ietf-pkix@imc.org>; Fri, 10 Dec 1999 08:43:33 +0000 Received: from nma.com ([209.21.28.102]) by dfw-mmp1.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMIO7W00.42R; Fri, 10 Dec 1999 08:43:08 +0000 Message-ID: <3850BD45.7C71926F@nma.com> Date: Fri, 10 Dec 1999 00:43:50 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: ietf-pkix@imc.org Subject: Re: Consensus Text for key usage? References: <3.0.5.32.19991207153050.007ff720@csmes.ncsl.nist.gov> <384D801C.1EF2E955@nma.com> <384FD013.C3A83DC5@bull.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Denis Pinkas wrote: > Ed Gerck wrote: > > No comments. The key usage text looks fine. > > Good ! (pending a small change requested by Aram which seems quite > reasonable). Yes. > > > When such a > > > certificate is delivered, it implies that the owner of the > > > corresponding private key should be warned that, in the event of a > > > dispute, he may be held responsible of the data signed with this > > > key. > > > I am not in favor of this entire sentence. > .... > > Suggestion: delete the sentence. > > If I re-use the example I > used during my presenation at the last PKIX session in Washington, > the user should really be warned, e.g. not to insert his key in an > unknown door lock so that instead of getting the door opened he > unknowingly signs a check of 5.000 $. Or not. It depends on the CA's CPS, on what is disclaimed by the user in the signed data, etc. My objection to that text segment is that PKIX is not the party that should "warn" the user of anything, or mandate that the user "should be warned" -- such "warning" is outside the scope of PKIX in the same way that the CPS is outside the scope of PKIX. > There may be alternatives to > the proposed wording, but the warning should be kept. Do not forget > that this belongs to the security considerations section, where > warnings are fully appropriate. But not for warnings that lie outside the scope of PKIX. For example, the user is not warned to set the date correctly in his computer -- and yet, setting a wrong date may make an expired certificate, valid. The justification/negation of user actions, or lack of actions, lie outside the scope of PKIX in the same way that justification of CA's actions are not the concern of PKIX. > > > > If a certificate has both the digitalSignature and the > > > nonRepudiation bit set, the owner of the private key should make > > > sure that all the environments and applications where the > > > corresponding private key is being used do not allow a misuse of > > > that private key. > > > > I am not in favor of this entire sequence. > >.... > > Suggestion: A toned-down statement might be useful, such as: > > > > If a certificate has both the digitalSignature and the > > nonRepudiation bit set, the private key owner should take > > justified measures to prevent a misuse of that private key. > > I think your sentence creates more problems than the original one. > Some people might argument: what means a "justified measure" ? The > original sentence should be kept. Your point is well taken. Perhaps an even more toned-down note would be useful, for example: If a certificate has both the digitalSignature and the nonRepudiation bit set, the private key owner should take measures to prevent a misuse of that private key. where not even justification is predicated -- leaving the user responsible for deciding "how", while PKIX clearly warns about "what" should be protected when the NR and DS bits are set. > > > If that confidence can only be obtained in some > > > environments, two different certificates, one with one public > > > key and the digitalSignature bit set and another one with a > > > different public key and the nonRepudiation bit set, should be used, > > > so that the private key corresponding to the certificate with the > > > nonRepudiation bit set is only used in secure environments. > > > > I am not in favor of this addition, which seems obvious > .... > > If one thinks though that saying something is necessary, I suggest, in > > agreement with the change proposed above: > >... > > Your proposed text is much more complicated to follow (and longer) > than the original one. Your point is well taken. I go back to my first suggestion to simply delete the addition. Seems less confusing at this time. Cheers, Ed Gerck Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id XAA08597 for <ietf-pkix@imc.org>; Thu, 9 Dec 1999 23:57:43 -0800 (PST) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id QAA43534; Thu, 9 Dec 1999 16:52:02 +0100 Message-ID: <384FD013.C3A83DC5@bull.net> Date: Thu, 09 Dec 1999 16:51:47 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: Ed Gerck <egerck@nma.com> CC: ietf-pkix@imc.org Subject: Re: Consensus Text for key usage? References: <3.0.5.32.19991207153050.007ff720@csmes.ncsl.nist.gov> <384D801C.1EF2E955@nma.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Ed, > Tim Polk wrote: > > > There are two pieces of proposed text; text for the key usage extension > > and text for the security considerations section. > > > > 4.2.1.3 Key Usage > > > > No comments. The key usage text looks fine. Good ! (pending a small change requested by Aram which seems quite reasonable). > > --- proposed new paragraphs for Security Considerations section > > Here, I have some comments. > > > A CA may include the key usage extension and assert the > > nonRepudiation bit when issuing a certificate. > > This part is fine. > > > When such a > > certificate is delivered, it implies that the owner of the > > corresponding private key should be warned that, in the event of a > > dispute, he may be held responsible of the data signed with this > > key. > I am not in favor of this entire sentence. It fixes a context for the > NR bit which *contradicts* the key usage section (for example: "A > signature policy identifier embedded in the signed data MAY be used to > explicitly provide context.") and it unduly imposes upon the owner > of the private key a duty which the signer herself (the CA, that elusive lady) > refrains from, for example: in the case of virus, fraud, etc,. These are valid > cases and if they would be reflected in the text, we would have a repeat of a > CA's CPS, I am afraid. > So, "when such a certificate is delivered, it implies that" is not a matter to > be solved here. Rather it MAY be solved in a signature policy identifier > embedded in the signed data, it MAY be solved in the CA's CPS, etc., all > as already predicated in PKIX. > Suggestion: delete the sentence. This is the implication of that bit, as far as the user is concerned. Your argumentation saying that "it MAY be solved in a signature policy identifier embedded in the signed data, it MAY be solved in the CA's CPS, etc" is not valid. If I re-use the example I used during my presenation at the last PKIX session in Washington, the user should really be warned, e.g. not to insert his key in an unknown door lock so that instead of getting the door opened he unknowingly signs a check of 5.000 $. There may be alternatives to the proposed wording, but the warning should be kept. Do not forget that this belongs to the security considerations section, where warnings are fully appropriate. > > If a certificate has both the digitalSignature and the > > nonRepudiation bit set, the owner of the private key should make > > sure that all the environments and applications where the > > corresponding private key is being used do not allow a misuse of > > that private key. > > I am not in favor of this entire sequence. It is not realistic that the > owner of the private key "should make sure that all the > environments and applications where the corresponding private key is > being used" is anything. The most we can ask is a reasonable effort, > which may not be much in the case of virus, fraud, theft, etc. To say > otherwise is to put on the certificate subject's a burden which not even > highly-qualified CAs want to shoulder. > > Suggestion: A toned-down statement might be useful, such as: > > If a certificate has both the digitalSignature and the > nonRepudiation bit set, the private key owner should take > justified measures to prevent a misuse of that private key. I think your sentence creates more problems than the original one. Some people might argument: what means a "justified measure" ? The original sentence should be kept. > Of course, "justified measures" are commensurate to cost and risk, > which means that the above statement is even more effective than > the original to define what the keyholder's responsibilities are (for > example, a private key used to sign money transfer justifies a > need for more precautions than a private key used to sign email messages > in a mailing list) -- and avoids the trap of requiring the whole world > to be secure. An untainable goal, which could easily make the original > clause moot by excessive requirements (not even CAs can do this). > > Note: I have, on purpose, avoided the terms "reasonable measures" > because reasonableness may be difficult to define in the technical > sense, while a justification can be a letter from the ISP on which > one relies upon without (usually) further checking. > > > If that confidence can only be obtained in some > > environments, two different certificates, one with one public > > key and the digitalSignature bit set and another one with a > > different public key and the nonRepudiation bit set, should be used, > > so that the private key corresponding to the certificate with the > > nonRepudiation bit set is only used in secure environments. > > I am not in favor of this addition, which seems obvious (do not set the > NR bit unless you want to set the NR bit), costly (two certificates) and > unnecessary -- since I can use only one certificate with the NR bit set > and deny NR directly in the signed data, case by case (NR opt out mode). > Or, I can use only one certificate with the NR bit off and grant NR directly > in the signed data, case by case (NR opt in mode). > > If one thinks though that saying something is necessary, I suggest, in > agreement with the change proposed above: > > If the private key owner can only prevent misuse in some environments, > then it is possible to use a certificate with the nonRepudiation bit > set and deny non-repudiation in the signed data, case by case (NR opt > out mode); or use a certificate with the nonRepudiation bit off and > grant non-repudiation in the signed data, case by case (NR opt in > mode); or use two different certificates, one with one public key and > the digitalSignature bit set and another one with a different public > key and the nonRepudiation bit set; or use another method that could > be justified, so that the private key corresponding to the certificate > with the nonRepudiation bit set is not used in environments that may > either not conform to a non-repudiation signature policy, or be unknown. Your proposed text is much more complicated to follow (and longer) than the original one. It introduces notions which are not explained in that document e.g. "NR opt out mode" ?!?" and "NR opt in mode" ?!? is also incorrect on several aspects; e.g. you said: " If the private key owner can only prevent misuse in some environments, then it is possible to use a certificate with the nonRepudiation bit set [...] case by case". I do not think that the user, in *any* case, should use (the corresponding private key of) a certificate with the nonRepudiation bit set, if he cannot prevent the misuse of his private key. Tim, the editor, could apparently live with the original proposal. Let us keep the original text, if you can also "live with it". :-) Regards, Denis > Cheers, > > Ed Gerck Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id XAA08473 for <ietf-pkix@imc.org>; Thu, 9 Dec 1999 23:55:49 -0800 (PST) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id QAA23760; Thu, 9 Dec 1999 16:27:38 +0100 Message-ID: <384FCA5B.CE3682F7@bull.net> Date: Thu, 09 Dec 1999 16:27:23 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: Aram Perez <aram@apple.com> CC: ietf-pkix@imc.org Subject: Re: Consensus Text for key usage? References: <199912072226.OAA03458@scv3.apple.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Aram, As far as I am concerned your two proposed (small) changes seem quite reasonable to me. Regards, Denis > Hi Tim, > > > Folks, > > > > With Aram and Denis back in the fray, I think we can finish this one off. > > I have incorporated all the changes, and think we may be nearing consensus! > > There are two pieces of proposed text; text for the key usage extension > > and text for the security considerations section. > > > > Please read it carefully. In general, the changes were all introduced on > > the list in the "porposed" thread, but I have tweaked a couple of other > > paragraphs. The only real suprise is that I capitulated and deleted the > > word "user" under dataEncipherment. I thought keeping it would be less > > controversial, but that wasn't true! I don't think it added anything, so > > let's delete it. > > > > Thanks, > > > > Tim Polk > > > [snip] > > The digitalSignature bit is asserted when the subject public key > > is used with a digital signature mechanism to support security > > services other than non-repudiation (bit 1), certificate signing > > (bit 5), or revocation information signing (bit 6). Digital signa- > > ture mechanisms are often used for entity authentication and data > > origin authentication with integrity. > > > > The nonRepudiation bit is asserted when the subject public key is > > used to verify digital signatures used to provide a non-repudiation > > service. This service protects against the certificate subject falsely > > denying signing the data. In the case of later conflict, a reliable > > third party may determine the authenticity of the signed data. > > Shouldn't this last sentence read something like "a reliable third party may > determine the non-repudiability (or repudiability) of the signed data" since > previous paragraph states the digitalSignature is used for "entity > authentication and data origen authentication"? > > [snip] > > > > This profile does not restrict the combinations of bits that may be > > set in an instantiation of the keyUsage extension. However, > > valid combinations of bits are specified for particular algorithms > > in section 7.3. > > Like I mentioned in a private exchange, I would add something to the effect > of "Although there are no key restrictions, implementers should be aware > that certain combinations do not make sense (i.e. keyAgreement for RSA keys, > keyExchange for ECC keys) and some combinations may 'be insecure' (or > 'lessen the security')." > > [snip] > > Regards, > Aram Perez Received: from 157.22.235.99 ([157.22.235.99]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id MAA01619; Thu, 9 Dec 1999 12:14:32 -0800 (PST) Received: from [157.22.235.84] by 157.22.235.99 (AppleShare IP Mail Server 6.2) id 30901 via TCP with SMTP; Thu, 09 Dec 1999 12:14:29 -0800 Message-id: <991209121429.3b44e7f.9d16eb63.ASIP6.2.30901@157.22.235.99> X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410) Date: Thu, 09 Dec 1999 12:14:29 -0800 Subject: Subscription Request From: "Heidi Slominski" <heidi@mactivity.com> To: Subscriptions <heidi@mactivity.com> Mime-version: 1.0 X-Priority: 3 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit I'd greatly appreciate it if you would please forward me the appropriate information for subscribing to/getting the digest for your mail list. Thank you very much! Warm Regards, Heidi Slominski Marketing Coordinator -- Mactivity, Inc. Conference Organizers Tel: 408-354-2500 Fax: 408-354-2571 www.mactivity.com Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id IAA27989 for <ietf-pkix@imc.org>; Thu, 9 Dec 1999 08:04:50 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id RAA62058; Thu, 9 Dec 1999 17:10:34 +0100 Received: by HYDRA with Microsoft Mail id <01BF4267.0CCA6A40@HYDRA>; Thu, 9 Dec 1999 17:01:35 +0100 Message-ID: <01BF4267.0CCA6A40@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: PKIX-List <ietf-pkix@imc.org>, "'Ben Laurie'" <ben@algroup.co.uk> Subject: RE: QC biometrics needs re-engineering NOW! Date: Thu, 9 Dec 1999 17:01:34 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Ben, Regarding "secret" standards Seeing the virtually ZERO progress on the biometric part of QC, I get the feeling it may be a better idea (if speed counts) to keep things within a group with members that are more focused on solutions rather than just making "noise" or running private political campaigns (Ed & Co). There are currently several consortiums that are competing (and sometimes cooperating) with IEITF. Like W3C, WAP-forum, OBI-forum, Bluetooth etc. etc. More is in the works which I am not allowed to mention. All these consortiums release drafts for public review when a draft has reached a certain level of perfection. These consortiums though keep the final decision-part internally. Anders PS. ZERO progress = no explanations to the raised interoperability questions, or comments to "competing" solutions like user certificate selection DS ---------- From: Ben Laurie [SMTP:ben@algroup.co.uk] Sent: Thursday, December 09, 1999 10:38 To: PKIX-List Subject: Re: QC biometrics needs re-engineering NOW! Anders Rundgren wrote: > # # # # # # # # # # # # # # # # # # # # # # > But this discussion is a pure waste of time as biometrics in certificates have already > been "standardized" by another group. I cannot tell which one right now as I received > this information privately. And Steve, they of course choosed in-line bio-data! > # # # # # # # # # # # # # # # # # # # # # # > > BTW, *their* draft looks real good and supports 20 different biometrics. A secret "standard", eh? That'll be really useful. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA20099 for <ietf-pkix@imc.org>; Thu, 9 Dec 1999 01:35:15 -0800 (PST) Received: from freeby.ben.algroup.co.uk (freeby.ben.algroup.co.uk [193.133.15.6]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id JAA28974 for <ietf-pkix@imc.org>; Thu, 9 Dec 1999 09:38:12 GMT Received: from algroup.co.uk (naughty.ben.algroup.co.uk [193.133.15.107]) by freeby.ben.algroup.co.uk (8.6.12/8.6.12) with ESMTP id JAA20802 for <ietf-pkix@imc.org>; Thu, 9 Dec 1999 09:38:22 GMT Message-ID: <384F7885.F0F77CD9@algroup.co.uk> Date: Thu, 09 Dec 1999 09:38:13 +0000 From: Ben Laurie <ben@algroup.co.uk> Organization: A.L. Group plc X-Mailer: Mozilla 4.7 [en] (WinNT; I) MIME-Version: 1.0 To: PKIX-List <ietf-pkix@imc.org> Subject: Re: QC biometrics needs re-engineering NOW! References: <008b01bf41dc$82857c60$020000c0@mega.vincent.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Anders Rundgren wrote: > # # # # # # # # # # # # # # # # # # # # # # > But this discussion is a pure waste of time as biometrics in certificates have already > been "standardized" by another group. I cannot tell which one right now as I received > this information privately. And Steve, they of course choosed in-line bio-data! > # # # # # # # # # # # # # # # # # # # # # # > > BTW, *their* draft looks real good and supports 20 different biometrics. A secret "standard", eh? That'll be really useful. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA08754 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 15:30:08 -0800 (PST) Received: from mega (t3o69p108.telia.com [62.20.145.108]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id AAA32063; Thu, 9 Dec 1999 00:35:57 +0100 Message-ID: <008b01bf41dc$82857c60$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "PKIX-List" <ietf-pkix@imc.org>, "Ed Gerck" <egerck@nma.com> Cc: "Stefan Santesson" <stefan@accurata.se>, "Magnus (RSA)" <magnus@rsasecurity.com> Subject: Re: QC biometrics needs re-engineering NOW! Date: Thu, 9 Dec 1999 00:29:52 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id PAA08755 >The largely unseen problem here is that the proponents of such unambiguous >certificates do not realize that privacy is at odds with security in CA systems. >And, a bit more of security does not justify a bit less of privacy -- those that >are willing to risk it will IMO lose both. For further comments, also about >reliance on biometrics to safeguard values (documents, money, etc.), please >see http://www.mcg.org.br/faust.htm Ed, if you do not have a single trusted party that you can allow to know your SSN, some biometrics etc. you don't have a security problem, you have *personal* problem. Security is also for a user to know that his/her lost keys are not only protected by PIN-codes but optionally by biometrics. Maybe you still believe that PUBLIC Key Certificates by default are public? # # # # # # # # # # # # # # # # # # # # # # But this discussion is a pure waste of time as biometrics in certificates have already been "standardized" by another group. I cannot tell which one right now as I received this information privately. And Steve, they of course choosed in-line bio-data! # # # # # # # # # # # # # # # # # # # # # # BTW, *their* draft looks real good and supports 20 different biometrics. Anders Received: from keeper.siac.com (firewall-user@gate.siac.com [162.69.5.193]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA08246 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 15:00:53 -0800 (PST) Received: by keeper.siac.com; id SAA02787; Wed, 8 Dec 1999 18:04:17 -0500 (EST) Received: from bigmouth.siac.com(162.69.5.8) by keeper.siac.com via smap (V4.2) id xma002644; Wed, 8 Dec 99 18:04:00 -0500 Received: from localhost (dfinkels@localhost) by tang01.wisdom.siac.com (8.8.6 (PHNE_17135)/8.8.6) with ESMTP id SAA12749; Wed, 8 Dec 1999 18:03:29 -0500 (EST) X-Authentication-Warning: tang01.wisdom.siac.com: dfinkels owned process doing -bs Date: Wed, 8 Dec 1999 18:03:28 -0500 (EST) From: Daniel Alex Finkelstein <dfinkels@siac.com> X-Sender: dfinkels@tang01.wisdom.siac.com To: "Todd Glassey @ GMT" <todd.glassey@www.gmtsw.com> cc: ietf-pkix@imc.org, robert.zucceratto@entrust.com Subject: Re: Timestamping Standards. In-Reply-To: <04b001bf257f$40a14b90$9106b0d0@corp.certifiedtime.com> Message-ID: <Pine.HPX.4.20.9912081801450.11619-100000@tang01.wisdom.siac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Nov 2, 1999 at 2:11pm, Todd Glassey @ GMT wrote: > They provide for a requirements to provably timestamp within three (3) > seconds of UTC and these are of course the NASD OATS requirements. NASD for > thos that are unaware is the NAtional Association of Securities Dealers and > any solution that is proffered as a timestamping one for commercial purposes > should ought to fulfill the only mandate on the books today. To get more of > this try the OATS pages at the www.nasdr.com site. The NASD does not specify or recommend technical matters. Member firms and financial houses gather at our various industry groups to set technical specs, and then turn to us (SIAC) for implementation. -- Daniel Alex Finkelstein Central Services phone 212-383-2951 pager 917-427-1630 fax 212-335-0420 Securities Industry Automation Corporation Received: from Newman.GSC.GTE.Com (SYSTEM@Unknown.GSC.GTE.Com [192.160.62.66] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA02764 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 14:05:11 -0800 (PST) Received: from gscex01.gsc.gte.com ("port 1060"@gscex01.ndhm.gsc.gte.com [155.95.162.170]) by Newman.GSC.GTE.Com (PMDF V5.2-30 #38015) with ESMTP id <01JJ9LSO7R1S001W8C@Newman.GSC.GTE.Com> for ietf-pkix@imc.org; Wed, 8 Dec 1999 17:08:17 -0400 Received: by GSCEX01.gsc.gte.com with Internet Mail Service (5.5.2448.0) id <Y1RQ1P5C>; Wed, 08 Dec 1999 17:08:17 -0500 Content-return: allowed Date: Wed, 08 Dec 1999 17:08:17 -0500 From: "Sweigert, David" <David.Sweigert@GD-CS.COM> Subject: CA Audit Post To: Hiroyuki Sakakibara <sakaki@iss.isl.melco.co.jp>, ietf-pkix@imc.org Message-id: <2575327B6755D211A0E100805F9FF954044924F5@ndhmex02.ndhm.gsc.gte.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id OAA02765 cross-posting, apologies to those of you who have already seen this -----Original Message----- From: Ozgar, Gene A [mailto:gozgar@KPMG.COM] Sent: Sunday, December 05, 1999 10:00 AM To: ECRULES@SECRETARY.STATE.NC.US Subject: FW: NC E-Commerce Act Rules,Certificate Autho John, I'm a co-chair of the "audit and attestation" section of the ABA ISC working group that you describe, and happen to be based in Charlotte. We have drafted a section of the ABA document which outlines in detail the characteristics of the CA auditor. I've been watching these NC EC discussions with great interest, and would be glad to have a discussion about this. Maybe we can speak with the Secretary about this in person. BTW, our work in the ABA is agnostic regarding the actual designation (CPA, CISSP, etc.) but rather outlines the desired characteristics. I believe that the auditor should possess adequate technical training with a demonstrated proficiency in: § Public key infrastructure technology § Information security tools and techniques § Security auditing § The third-party attest function The auditor should be organizationally independent of the CA's operation and policy authorities. The auditor should be accredited by a recognized professional organization or association. Membership in the particular organization or association should require the possession of certain skill sets, quality assurance measures such as peer review, standards with respect to proper assignment of staff to engagements, and requirements for continuing professional education. If the above is true, then in many cases, the skills necessary to perform the audit of a CA will not repose in a single individual. Other important requirements for attestation are objectivity and credibility, and the willingness and ability to take on the liability that may come with the attestation. A CA audit will be considered of great value when it is performed by an organization that is notorious for integrity and possession of the characteristics described above. Also, firms who perform attestation services and meet quality assurance requirements are likely to bring a team of professionals (CPA, CISSP, others?) to bear that is appropriate to the risks of the given audit engagement. If there were one perfectly aligned professional designation I guess we wouldn't be having this conversation. Just some ideas. Gene Gene Ozgar KPMG LLP gozgar@kpmg.com -----Original Message----- From: John Messing [mailto:jmessing@LAW-ON-LINE.COM] Sent: Friday, December 03, 1999 5:59 AM To: ECRULES@SECRETARY.STATE.NC.US Subject: Re: NC E-Commerce Act Rules, Certificate Autho You may recall that we met on the podium of a speaker from Tom Smedinghoff's law firm at the 1997 or 1998 RSA Security Conference. Your name was one that stuck in my mind. I find your comments very interesting. I work with the ABA's ISC, which is currently authoring a document on audits of certification authorities and the accreditation of auditors, similar in concept to the Digital Signature Guidelines which it generated a number of years ago. I would like to forward these two posts to the list serve for that group, for comment, but I would like your permission first. My company, Law-on-Line, does e-filings and uses PGP for its digital signatures. I am also working with another start-up, Signauthority.com, LLC, which uses the technology of Extensible Key Infrastructure, XKI, rather than PKI. If you are interested, we can discuss it at some future time. I am glad to see how your expertise in this area has developed. Best regards. ----- Original Message ----- From: Kepa Zubeldia <kepa.zubeldia@ENVOY.COM> To: <ECRULES@SECRETARY.STATE.NC.US> Sent: Thursday, December 02, 1999 4:36 PM Subject: Re: NC E-Commerce Act Rules, Certificate Autho > Peter, > > I believe it is a mistake to remove the Security Audit. Unless the Secretary > wants to perform an Audit or an Accreditation/Certification of each Licensed CA, > the Security Audit performed by a third party is the best way to assure > compliance with the requirements to be a CA. > > The problem is that a SAS70 audit is probably not the best metric. In my > opinion a CS2 audit using the CPS and Certificate Policies as the "Security > Target" for the Audit is the best way to go. This way the auditors can certify > that the CA does in fact meet the terms of the CPS. The CPS is approved by the > Secretary of State, and the Auditor is the one that verifies compliance with the > terms of the license. Of course, the CPS will have to include the fact that the > CA is compliant with the Act and the Rules in N.C. > > As for the qualifications of the auditor, a CISSP is much better than an > accountant, but you could require that the auditor be both a CISSP and a CPA. > > As for the risk assessment, I believe that a CA should only be licensed once > they are in production and can be audited as being in compliance with their own > CPS. Having a licensed CA that is not in production and is only under > construction is such a moving target that any attempt to audit it would be > meaningless in a very short time. > > If you want we can discuss this over the phone or on a conference call. > > Thanks for the opportunity to comment on these proposed changes. > > Kepa Zubeldia > ARCANVS, Inc. > > ____________________Reply Separator____________________ > Subject: NC E-Commerce Act Rules, Certificate Authorit > Author: This is the Electronic Commerce Rules Forum List > <ECRULES@SECRETARY.STATE.NC.US> > Date: 11/22/99 12:44 PM > > Reference is made to paragraph (4) Security Audits: > > And what qualifications and certifications are needed for the person who > performs the "security audit"? Can a Certified Information Systems Security > Professional (CISSP) perform such an audit or must it be done by a Chartered > (or other) Accountant? What, legally, constitutes an "audit" in this > context? Is it defined by the process that is carried out or by the > certifications and qualifications that the person doing the audit possesses? > If so what are the set of such certifications and qualifications and how > to they relate to security and the technical knowledge and knowledge of the > technology? Can NC corporations that are NOT independent NATIONALLY > recognized security audit firm be approved by EC section? Since there is no > professional organization that certifies firms to do security audits only > the professional themselves www.isc2.org then how does a firm become > qualified? A security audit can only be done against a production system to > validate that it is in fact secure bsed on the knowledge of the security > auditor. Prior to production a risk assessment is perform under the > methodology of certification and accreditation. Dont you want a risk > assessment (C&A) done with a report to EC Section and audits after the > systems are in production? > > To be continued... > > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > **************************************************************************** * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. **************************************************************************** * To unsubscribe send the following in the body of a message to listserv@abanet.org - unsubscribe st-isc Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA02258 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 13:45:42 -0800 (PST) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id NAA04626; Wed, 8 Dec 1999 13:46:56 -0800 (PST) Message-Id: <4.2.0.58.19991208161723.009f2680@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 08 Dec 1999 16:19:29 -0500 To: Pavel Krylov <Pavel.Krylov@trustworks.com> From: Russ Housley <housley@spyrus.com> Subject: Re: cert == crl Cc: ietf-pkix@imc.org In-Reply-To: <384E92DF.75CA2224@trustworks.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed If the CRLIssuer GN is a DirectoryName, then the CRL can be found in the LDAP or X.500 Directory. I think that all of the other cases are ambiguious. Russ At 08:18 PM 12/8/99 +0300, Pavel Krylov wrote: >Hi all, > >I would be grateful if someone helped me with one case in CRL >processing. >A certificate has some information how to find appropriate CRLs >to check revokation status of the certificate. This information includes >certificate issuer name (DN), alternative issuer name (GN) and CRLDPs >extension, which in its order includes distribution point (dp, i.e. >a choice between fullName(GN) and nameRelativeToCRLIssuer (rdn) ), >reason codes and cRLIssuer name (GN). > >Okay, how I understand CRL processing begins from certificate, i.e. >getting proper information to find appropriate CRL. Suppose, we have >a certificate with following fields ( only mentioned to CRL ): > > cert > |_ issuer (DN) > |_ altIssuer (GN) > |_ certExtensions > |_ CRLDPs extension > |_ crldp > |_ cRLIssuer (GN) > >i.e. dp is absent, but cRLIssuer is present in CRLDPs extension. >In this case I have a name of issuer of needed CRL, but it is >represented by GN type. Say, I have some CRLs to try to apply them >for the certificate. But each CRL has issuer (DN) and altIssuer (GN). >So my question is how cRLIssuer(GN) is supposed to be compared with >crl.issuer(DN) and crl.altIssuer(GN)?? > >Any ideas? > >Thanks a lot. > >Pavel Krylov Received: from relay1.trustworks.com (zuka.trustworks.com [212.114.5.147]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA28270 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 09:15:57 -0800 (PST) Received: by relay1.trustworks.com (8.8.5/1.4) id UAA20866; Wed, 8 Dec 1999 20:19:04 +0300 (MSK) Received: from tws123(212.114.5.15) by zuka via smap (V2.0) id xma020826; Wed, 8 Dec 99 20:18:17 +0300 Message-ID: <384E92DF.75CA2224@trustworks.com> Date: Wed, 08 Dec 1999 20:18:23 +0300 From: Pavel Krylov <Pavel.Krylov@trustworks.com> Organization: TrustWorks X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: cert == crl Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all, I would be grateful if someone helped me with one case in CRL processing. A certificate has some information how to find appropriate CRLs to check revokation status of the certificate. This information includes certificate issuer name (DN), alternative issuer name (GN) and CRLDPs extension, which in its order includes distribution point (dp, i.e. a choice between fullName(GN) and nameRelativeToCRLIssuer (rdn) ), reason codes and cRLIssuer name (GN). Okay, how I understand CRL processing begins from certificate, i.e. getting proper information to find appropriate CRL. Suppose, we have a certificate with following fields ( only mentioned to CRL ): cert |_ issuer (DN) |_ altIssuer (GN) |_ certExtensions |_ CRLDPs extension |_ crldp |_ cRLIssuer (GN) i.e. dp is absent, but cRLIssuer is present in CRLDPs extension. In this case I have a name of issuer of needed CRL, but it is represented by GN type. Say, I have some CRLs to try to apply them for the certificate. But each CRL has issuer (DN) and altIssuer (GN). So my question is how cRLIssuer(GN) is supposed to be compared with crl.issuer(DN) and crl.altIssuer(GN)?? Any ideas? Thanks a lot. Pavel Krylov Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA27286 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 08:16:15 -0800 (PST) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id IAA27305; Wed, 8 Dec 1999 08:17:25 -0800 (PST) Message-Id: <4.2.0.58.19991208105610.009e2820@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 08 Dec 1999 11:02:23 -0500 To: thayes@netscape.com (Terry Hayes) From: Russ Housley <housley@spyrus.com> Subject: Re: Q: Are repeated OIDs allowed in the AIA extension? Cc: ietf-pkix@imc.org In-Reply-To: <384DB104.3C69EDA0@netscape.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Terry: We tried to clarify AIA in the revision to RFC 2459. Please review http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-00.txt. If you still have questions, please post them in the context of the new AIA text. Russ At 05:14 PM 12/7/99 -0800, Terry Hayes wrote: >All, > >This is a question about the constraints on the contents of the >Authority Information Access extension as defined in RFC 2459. This the >data value in this extension consists of a sequence of OID/GeneralName >pairs. The OID portion of the pair indicates the purpose of the value, >while the GeneralName indicates where and (in some cases) the protocol >to use to perform other operations related to the certificate. The >current RFC does not specify any restriction on the values stored in the >extension. In particular, it doesn't seem to rule out pairs in the >sequence that have the same OID. > >I can imagine certificates that are issued that make use of the >capability to associate multiple location values (names) with a single >OID. For example: > > OCSPResponder : http://ocsp.company.com > OCSPResponder : http://ocsp.default.com > >This set of values in the AIA extension might indicate that two OCSP >responders are available for checking certificate status. Also: > > OCSPResponder: http://ocsp.company.com > OCSPResponder: tcpmsg://ocsp.company.com:1111 > >This configuration might indicate that OCSP is available over two >protocols (HTTP POST and a hypothetical standard TCP message protocol). >The certificate client would be allowed to choose on that it has >implemented. > >Is this sort of repeated value allowed in AIA? > >Terry Hayes >thayes@netscape.com Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA27279 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 08:16:15 -0800 (PST) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id IAA27309; Wed, 8 Dec 1999 08:17:27 -0800 (PST) Message-Id: <4.2.0.58.19991208110726.0095b690@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 08 Dec 1999 11:11:01 -0500 To: "Hiroyuki Sakakibara" <sakaki@iss.isl.melco.co.jp> From: Russ Housley <housley@spyrus.com> Subject: Re: certificate which has both AIA and CRL DPs Cc: <ietf-pkix@imc.org> In-Reply-To: <007601bf4126$88da3df0$78054a0a@belize> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Hiroyuki: Answer 1: Yes, a certificate can contain both a CRL Distribution Point (CRLDP) extension and an Authority Information Access (AIA) extension. Answer 2: Precedence is not specified. The client may either fetch the CRLs or use OCSP to determine whether or not the certificate is revoked. Russ At 11:47 AM 12/8/99 +0900, Hiroyuki Sakakibara wrote: >Hello > >I would like to generate a certificate which has >both AIA and CRL DPs. > >Question1 : In RFC2459 specification, is this > certificate legal or illegal ? > >Question2 : If this certificate is legal, how does it describe the > order of priority to process those extensions? > >For example, >------------------------------------------------ >1st. OCSP server-1 >2nd. OCSP server-2 >3rd. CRL DP-1 >4th. CRL DP-2 > >or > >1st. OCSP server-1 >2nd. CRL DP-1 >3rd. OCSP server-2 >4th. CRL DP-2 > >etc ... >------------------------------------------------ > >Is a new extension(or any scheme) which describes the >list of these priorities needed? > >like this > >LIST { >1st use AIA's 1st element, >2nd use CRL DPs 1st element, >3rd use "other method", >4th use AIA's 2nd element, >5th use CRL DPs 2nd element, >etc ... >} > >Please, can anyone help? > >Hioryuki Sakakibara > >========================================= >Hiroyuki Sakakibara >Research Engineer >Information Security Department >Mitsubishi Electric Corporation >Information Technology R&D Center >5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501, Japan >PHONE: +81-467-41-2183 >FAX: +81-467-41-2185 >========================================== Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA26794 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 07:53:46 -0800 (PST) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id HAA26914; Wed, 8 Dec 1999 07:55:02 -0800 (PST) Message-Id: <4.2.0.58.19991208104821.0095aec0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 08 Dec 1999 10:54:34 -0500 To: "Aram Perez" <aram@apple.com> From: Russ Housley <housley@spyrus.com> Subject: Re: Consensus Text for key usage? Cc: ietf-pkix@imc.org In-Reply-To: <199912072226.OAA03458@scv3.apple.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed At 02:26 PM 12/7/99 -0800, Aram Perez wrote: > > This profile does not restrict the combinations of bits that may be > > set in an instantiation of the keyUsage extension. However, > > valid combinations of bits are specified for particular algorithms > > in section 7.3. > >Like I mentioned in a private exchange, I would add something to the effect >of "Although there are no key restrictions, implementers should be aware >that certain combinations do not make sense (i.e. keyAgreement for RSA keys, >keyExchange for ECC keys) and some combinations may 'be insecure' (or >'lessen the security')." The sections that discuss each algorithm could state which bits may or may not be set for that algorithm. In my view, algorithm specific information should not be included in the discussion of this extension. Russ Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id HAA26343 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 07:31:53 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id QAA52939; Wed, 8 Dec 1999 16:37:40 +0100 Received: by HYDRA with Microsoft Mail id <01BF4199.48A50800@HYDRA>; Wed, 8 Dec 1999 16:28:39 +0100 Message-ID: <01BF4199.48A50800@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "ietf-pkix@imc.org" <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefan@accurata.se> Cc: Tony Bartoletti <azb@llnl.gov>, "'Magnus Nystrom'" <magnus@rsasecurity.com> Subject: RE: No, was Re: QC biometrics needs re-engineering NOW! Date: Wed, 8 Dec 1999 16:28:38 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Stefan, >No real problems with interoperability with the current solution has ben presented I do not agree with your conclusion regarding interoperability. Neither did Tony B regarding the hash-bio solution. Try to build a system and you will see... Absolutely nothing has been presented by anybody giving any clues on how to achieve interoperability. >This is not a complete biometric solution. No, I think that it is so inferior that it should be left out from the draft. Don't worry, I will soon write a QC addendum that supports both interoperability, privacy, additional biometric types, and does not require any new protocols. It will be developed together with the leading biometrics companies. Anders Received: from popmail.inbox.se (popmail.inbox.se [193.12.72.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA25353 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 06:30:02 -0800 (PST) Received: from best-laptop (par-c45-005-vty141.as.wcom.net [195.232.69.141]) by popmail.inbox.se (8.9.3/8.9.3) with SMTP id QAA26886 for <ietf-pkix@imc.org>; Wed, 8 Dec 1999 16:48:36 +0100 Message-Id: <4.1.19991208092100.00c4fbb0@mail.accurata.se> X-Sender: mb517@mail.accurata.se X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 08 Dec 1999 09:34:57 -0500 To: <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: Re: No, was Re: QC biometrics needs re-engineering NOW! In-Reply-To: <002501bf4149$bc731560$020000c0@mega.vincent.se> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" My conclusion from this discussion is that our consensus from last time this was up for debate still stands. 1) We don't want to involve us in the complex issue of machine verified bio-metrics and they serve no meaningful purpose in remote authentication. 2) We don't want to encourage inclusion of the actual bio metric data in certificates. It is OK to include a hash but not the actual data. I would personally sleep better if we keep this limitation. No real problems with interoperability with the current solution has ben presented . This is not a complete general bio-metrics solution. It never was and it never will be. But it serves a particular relevant issue. For expanded solutions I would suggest a separate work item. I hope we all can live with this. /Stefan At 06:59 1999-12-08 +0000, Anders Rundgren wrote: >>> >as you should be able to see from >>> >the archive (but its so long ago I forget, maybe it was >>> >a private posting). I think Steve K. addressed the issue >>> >when he said that handing over a URL says nothing about >>> >who can gets a 404 vs. a 200 when they ask for the content. >>> >>> That is REALLY silly! >> >>No, it is not. It means that the biometric data can be denied to >>you, even though it is available. You may need a client certificate >>to get it, or a password, or be in an IP range You don't get it just >>because it is in the certificate. >> >>BTW, I may suggest that including identifying biometric data in >>certificates is unconstitutional in the entire EC, where countries >>have harmonized their constitutions to directly *forbid* any >>initiative which may allow the creation of a unique indentifier, >>a national ID. Please verify in the current Swedish Carta Magna, >>or German, etc. > > >Ed, I think that your answer verifies what I have suspected all the time: >The authors >of the two variants of bio-metrics linked to certs are not really such lousy >engineers, >but are so against the idea of biometrics and PKI that they push solutions that >have no chance to suceed on a wider scale since they are by design 100% >not interoperable. QCs are unconstitutional? Stefan, where you? > >Anders Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id VAA09120 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 21:59:51 -0800 (PST) Received: from mega (t2o69p42.telia.com [62.20.144.162]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id HAA42956; Wed, 8 Dec 1999 07:05:20 +0100 Message-ID: <002501bf4149$bc731560$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "Ed Gerck" <egerck@nma.com>, "Stefan Santesson" <stefan@accurata.se>, "Ilan Shacham" <ilans@arx.com>, "Tony Bartoletti" <azb@llnl.gov>, <ietf-pkix@imc.org>, <stephen.farrell@baltimore.ie> Subject: Re: No, was Re: QC biometrics needs re-engineering NOW! Date: Wed, 8 Dec 1999 06:59:11 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id VAA09121 >> >as you should be able to see from >> >the archive (but its so long ago I forget, maybe it was >> >a private posting). I think Steve K. addressed the issue >> >when he said that handing over a URL says nothing about >> >who can gets a 404 vs. a 200 when they ask for the content. >> >> That is REALLY silly! > >No, it is not. It means that the biometric data can be denied to >you, even though it is available. You may need a client certificate >to get it, or a password, or be in an IP range You don't get it just >because it is in the certificate. > >BTW, I may suggest that including identifying biometric data in >certificates is unconstitutional in the entire EC, where countries >have harmonized their constitutions to directly *forbid* any >initiative which may allow the creation of a unique indentifier, >a national ID. Please verify in the current Swedish Carta Magna, >or German, etc. Ed, I think that your answer verifies what I have suspected all the time: The authors of the two variants of bio-metrics linked to certs are not really such lousy engineers, but are so against the idea of biometrics and PKI that they push solutions that have no chance to suceed on a wider scale since they are by design 100% not interoperable. QCs are unconstitutional? Stefan, where you? Anders Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA18232 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 18:46:06 -0800 (PST) Received: by florida.melco.co.jp (3.7W-florida) id LAA06863; Wed, 8 Dec 1999 11:48:57 +0900 (JST) Received: by mailgw.melco.co.jp (3.7W-mailgw) id LAA05034; Wed, 8 Dec 1999 11:49:19 +0900 (JST) Received: by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.7W-inetgw) id LAA10171; Wed, 8 Dec 1999 11:49:34 +0900 (JST) Received: from islgw.isl.melco.co.jp by elgw.isl.melco.co.jp (8.8.8/3.6W) id LAA14517; Wed, 8 Dec 1999 11:49:36 +0900 (JST) Received: from iss.isl.melco.co.jp by islgw.isl.melco.co.jp (8.8.8/3.6W) id LAA11950; Wed, 8 Dec 1999 11:53:04 +0900 (JST) Received: from belize by iss.isl.melco.co.jp (8.8.8/3.6W) id LAA05654; Wed, 8 Dec 1999 11:48:59 +0900 (JST) Message-ID: <007601bf4126$88da3df0$78054a0a@belize> From: "Hiroyuki Sakakibara" <sakaki@iss.isl.melco.co.jp> To: <ietf-pkix@imc.org> Subject: certificate which has both AIA and CRL DPs Date: Wed, 8 Dec 1999 11:47:14 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Hello I would like to generate a certificate which has both AIA and CRL DPs. Question1 : In RFC2459 specification, is this certificate legal or illegal ? Question2 : If this certificate is legal, how does it describe the order of priority to process those extensions? For example, ------------------------------------------------ 1st. OCSP server-1 2nd. OCSP server-2 3rd. CRL DP-1 4th. CRL DP-2 or 1st. OCSP server-1 2nd. CRL DP-1 3rd. OCSP server-2 4th. CRL DP-2 etc ... ------------------------------------------------ Is a new extension(or any scheme) which describes the list of these priorities needed? like this LIST { 1st use AIA's 1st element, 2nd use CRL DPs 1st element, 3rd use "other method", 4th use AIA's 2nd element, 5th use CRL DPs 2nd element, etc ... } Please, can anyone help? Hioryuki Sakakibara ========================================= Hiroyuki Sakakibara Research Engineer Information Security Department Mitsubishi Electric Corporation Information Technology R&D Center 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501, Japan PHONE: +81-467-41-2183 FAX: +81-467-41-2185 ========================================== Received: from netscape.com (h-205-217-237-47.netscape.com [205.217.237.47]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA09258 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 17:12:18 -0800 (PST) Received: from tintin.mcom.com (tintin.mcom.com [205.217.233.42]) by netscape.com (8.8.5/8.8.5) with ESMTP id RAA25430 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 17:14:18 -0800 (PST) Received: from netscape.com ([208.12.62.90]) by tintin.mcom.com (Netscape Messaging Server 4.1) with ESMTP id FMEE4T00.JD4 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 17:14:53 -0800 Message-ID: <384DB104.3C69EDA0@netscape.com> Date: Tue, 07 Dec 1999 17:14:44 -0800 From: thayes@netscape.com (Terry Hayes) X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Q: Are repeated OIDs allowed in the AIA extension? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit All, This is a question about the constraints on the contents of the Authority Information Access extension as defined in RFC 2459. This the data value in this extension consists of a sequence of OID/GeneralName pairs. The OID portion of the pair indicates the purpose of the value, while the GeneralName indicates where and (in some cases) the protocol to use to perform other operations related to the certificate. The current RFC does not specify any restriction on the values stored in the extension. In particular, it doesn't seem to rule out pairs in the sequence that have the same OID. I can imagine certificates that are issued that make use of the capability to associate multiple location values (names) with a single OID. For example: OCSPResponder : http://ocsp.company.com OCSPResponder : http://ocsp.default.com This set of values in the AIA extension might indicate that two OCSP responders are available for checking certificate status. Also: OCSPResponder: http://ocsp.company.com OCSPResponder: tcpmsg://ocsp.company.com:1111 This configuration might indicate that OCSP is available over two protocols (HTTP POST and a hypothetical standard TCP message protocol). The certificate client would be allowed to choose on that it has implemented. Is this sort of repeated value allowed in AIA? Terry Hayes thayes@netscape.com Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2-ext.email.verio.net [129.250.36.42]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA06884 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 15:29:19 -0800 (PST) Received: from dfw-mmp4.email.verio.net ([129.250.38.64]) by dfw-smtpout2.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FME87200.7G3 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 23:06:38 +0000 Received: from nma.com ([209.21.28.80]) by dfw-mmp4.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FME6MJ00.E29; Tue, 7 Dec 1999 22:32:43 +0000 Message-ID: <384D8A34.45CEFE96@nma.com> Date: Tue, 07 Dec 1999 14:29:08 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@jaybis.com> CC: Stefan Santesson <stefan@accurata.se>, Ilan Shacham <ilans@arx.com>, Tony Bartoletti <azb@llnl.gov>, ietf-pkix@imc.org, stephen.farrell@baltimore.ie Subject: No, was Re: QC biometrics needs re-engineering NOW! References: <007501bf4105$21c34330$020000c0@mega.vincent.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Anders Rundgren wrote: > Stephen, > ... > >as you should be able to see from > >the archive (but its so long ago I forget, maybe it was > >a private posting). I think Steve K. addressed the issue > >when he said that handing over a URL says nothing about > >who can gets a 404 vs. a 200 when they ask for the content. > > That is REALLY silly! No, it is not. It means that the biometric data can be denied to you, even though it is available. You may need a client certificate to get it, or a password, or be in an IP range You don't get it just because it is in the certificate. BTW, I may suggest that including identifying biometric data in certificates is unconstitutional in the entire EC, where countries have harmonized their constitutions to directly *forbid* any initiative which may allow the creation of a unique indentifier, a national ID. Please verify in the current Swedish Carta Magna, or German, etc. Cheers, Ed Gerck Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA06197 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 15:05:24 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <WZF044VM>; Tue, 7 Dec 1999 15:04:00 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE235E190@seine.valicert.com> From: Peter Williams <peterw@valicert.com> To: "'Stephen Kent '" <kent@bbn.com> Cc: "'PKIX-List '" <ietf-pkix@imc.org> Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Date: Tue, 7 Dec 1999 15:04:00 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe Content-Type: text/plain; charset="iso-8859-1" Steve's argument really does not make sense, in a wider context. NSA defines, in SDN706, clearance and privilege attributes to instrument authorization regimes including NOFORN, RELUK, etc, and PKIX faciliates their transport & carriage in the PKIX flexible, subjectDirectoryAttributes field. If PKIX id-certs transport such authorization info, they can transport similar bio-info, in other subjectDirectoryAttributes fields. The privacy argument concerning bio info is mostly the same as authorization info. A 100 byte compressed picture of me is no more sensitive than the level of my (non-existing) US security clearance. Given the seeming synchronization of PKIX work and NSA work, I have no doubt that knowledge of this authorization case is well known to all those who decide what goes into PKIX draft standards. If my argument does not hold, then authorization info in PKIX-compliant certs should be restricted to a hash-reference, so it is aligned with the bio-data rationale. This would of course make a large swath of NSA certs today PKIX non-complying. I doubt PKIX WG would make that decision, somehow: so PKIX stds should allow the same logic as enabled 100 bytes of authorization information to now also hold for embeddeding 100 bytes of bio-data. -----Original Message----- From: Stephen Kent To: Anders Rundgren Cc: 'SEIS-List'; PKIX-List; Tony Bartoletti Sent: 12/7/99 5:47 AM Subject: Re: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Anders, >Tony, > >Slight comment on a thing of importance that you mention > ><snip> > > >Someone mentioned that the hash is sufficient, since the actual > >data could just "tag along" with the cert, if required. But there > >needs to be a standard even for this kind of operation. Is there? > > >This was the original QC solution. As you noted (and I have told the >authors several times) this is a half-made solution. A genuine example >of poor engineering! PKIX creates infrastructure standards. Specifying a means of binding biometric data to a cert is within scope. specifying a means of carrying this data in a wide range of application environments is out of scope. For example, we don't tell IPsec, SSL/TLS, or S/MIME how to transport certificates or CRLs in those applications; we just define the certificate and CRL formats. The same principle applies here. Having defined a means of binding biometric data to a cert, while not putting it in the cert and thus mitigating privacy problems, we have done the part of the job that is appropriate for this WG. What aspect of this argument do you not understand? Steve Received: from mail-out2.apple.com (mail-out2.apple.com [17.254.0.51]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA05802 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 14:50:16 -0800 (PST) Received: from mailgate1.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out2.apple.com (8.9.3/8.9.3) with ESMTP id OAA16403 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 14:53:20 -0800 (PST) Received: from scv3.apple.com (scv3.apple.com) by mailgate1.apple.com (mailgate1.apple.com- SMTPRS 2.0.15) with ESMTP id <B0009052538@mailgate1.apple.com> for <ietf-pkix@imc.org>; Tue, 07 Dec 1999 14:26:59 -0800 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv3.apple.com (8.9.3/8.9.3) with ESMTP id OAA03458 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 14:26:59 -0800 (PST) Message-Id: <199912072226.OAA03458@scv3.apple.com> X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410) Date: Tue, 07 Dec 1999 14:26:58 -0800 Subject: Re: Consensus Text for key usage? From: "Aram Perez" <aram@apple.com> To: ietf-pkix@imc.org MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Hi Tim, > Folks, > > With Aram and Denis back in the fray, I think we can finish this one off. > I have incorporated all the changes, and think we may be nearing consensus! > There are two pieces of proposed text; text for the key usage extension > and text for the security considerations section. > > Please read it carefully. In general, the changes were all introduced on > the list in the "porposed" thread, but I have tweaked a couple of other > paragraphs. The only real suprise is that I capitulated and deleted the > word "user" under dataEncipherment. I thought keeping it would be less > controversial, but that wasn't true! I don't think it added anything, so > let's delete it. > > Thanks, > > Tim Polk > [snip] > The digitalSignature bit is asserted when the subject public key > is used with a digital signature mechanism to support security > services other than non-repudiation (bit 1), certificate signing > (bit 5), or revocation information signing (bit 6). Digital signa- > ture mechanisms are often used for entity authentication and data > origin authentication with integrity. > > The nonRepudiation bit is asserted when the subject public key is > used to verify digital signatures used to provide a non-repudiation > service. This service protects against the certificate subject falsely > denying signing the data. In the case of later conflict, a reliable > third party may determine the authenticity of the signed data. Shouldn't this last sentence read something like "a reliable third party may determine the non-repudiability (or repudiability) of the signed data" since previous paragraph states the digitalSignature is used for "entity authentication and data origen authentication"? [snip] > > This profile does not restrict the combinations of bits that may be > set in an instantiation of the keyUsage extension. However, > valid combinations of bits are specified for particular algorithms > in section 7.3. Like I mentioned in a private exchange, I would add something to the effect of "Although there are no key restrictions, implementers should be aware that certain combinations do not make sense (i.e. keyAgreement for RSA keys, keyExchange for ECC keys) and some combinations may 'be insecure' (or 'lessen the security')." [snip] Regards, Aram Perez Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3-ext.email.verio.net [129.250.36.43]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA05617 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 14:47:47 -0800 (PST) Received: from dfw-mmp4.email.verio.net ([129.250.38.64]) by dfw-smtpout3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FME7DB00.QP2 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 22:48:47 +0000 Received: from nma.com ([209.21.28.97]) by dfw-mmp4.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FME5F800.Q2J; Tue, 7 Dec 1999 22:06:44 +0000 Message-ID: <384D801C.1EF2E955@nma.com> Date: Tue, 07 Dec 1999 13:46:04 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Tim Polk <wpolk@nist.gov> CC: ietf-pkix@imc.org Subject: Re: Consensus Text for key usage? References: <3.0.5.32.19991207153050.007ff720@csmes.ncsl.nist.gov> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Tim Polk wrote: > There are two pieces of proposed text; text for the key usage extension > and text for the security considerations section. > > 4.2.1.3 Key Usage > No comments. The key usage text looks fine. > --- proposed new paragraphs for Security Considerations section Here, I have some comments. > A CA may include the key usage extension and assert the > nonRepudiation bit when issuing a certificate. This part is fine. > When such a > certificate is delivered, it implies that the owner of the > corresponding private key should be warned that, in the event of a > dispute, he may be held responsible of the data signed with this > key. I am not in favor of this entire sentence. It fixes a context for the NR bit which *contradicts* the key usage section (for example: "A signature policy identifier embedded in the signed data MAY be used to explicitly provide context.") and it unduly imposes upon the owner of the private key a duty which the signer herself (the CA, that elusive lady) refrains from, for example: in the case of virus, fraud, etc,. These are valid cases and if they would be reflected in the text, we would have a repeat of a CA's CPS, I am afraid. So, "when such a certificate is delivered, it implies that" is not a matter to be solved here. Rather it MAY be solved in a signature policy identifier embedded in the signed data, it MAY be solved in the CA's CPS, etc., all as already predicated in PKIX. Suggestion: delete the sentence. > If a certificate has both the digitalSignature and the > nonRepudiation bit set, the owner of the private key should make > sure that all the environments and applications where the > corresponding private key is being used do not allow a misuse of > that private key. I am not in favor of this entire sequence. It is not realistic that the owner of the private key "should make sure that all the environments and applications where the corresponding private key is being used" is anything. The most we can ask is a reasonable effort, which may not be much in the case of virus, fraud, theft, etc. To say otherwise is to put on the certificate subject's a burden which not even highly-qualified CAs want to shoulder. Suggestion: A toned-down statement might be useful, such as: If a certificate has both the digitalSignature and the nonRepudiation bit set, the private key owner should take justified measures to prevent a misuse of that private key. Of course, "justified measures" are commensurate to cost and risk, which means that the above statement is even more effective than the original to define what the keyholder's responsibilities are (for example, a private key used to sign money transfer justifies a need for more precautions than a private key used to sign email messages in a mailing list) -- and avoids the trap of requiring the whole world to be secure. An untainable goal, which could easily make the original clause moot by excessive requirements (not even CAs can do this). Note: I have, on purpose, avoided the terms "reasonable measures" because reasonableness may be difficult to define in the technical sense, while a justification can be a letter from the ISP on which one relies upon without (usually) further checking. > If that confidence can only be obtained in some > environments, two different certificates, one with one public > key and the digitalSignature bit set and another one with a > different public key and the nonRepudiation bit set, should be used, > so that the private key corresponding to the certificate with the > nonRepudiation bit set is only used in secure environments. I am not in favor of this addition, which seems obvious (do not set the NR bit unless you want to set the NR bit), costly (two certificates) and unnecessary -- since I can use only one certificate with the NR bit set and deny NR directly in the signed data, case by case (NR opt out mode). Or, I can use only one certificate with the NR bit off and grant NR directly in the signed data, case by case (NR opt in mode). If one thinks though that saying something is necessary, I suggest, in agreement with the change proposed above: If the private key owner can only prevent misuse in some environments, then it is possible to use a certificate with the nonRepudiation bit set and deny non-repudiation in the signed data, case by case (NR opt out mode); or use a certificate with the nonRepudiation bit off and grant non-repudiation in the signed data, case by case (NR opt in mode); or use two different certificates, one with one public key and the digitalSignature bit set and another one with a different public key and the nonRepudiation bit set; or use another method that could be justified, so that the private key corresponding to the certificate with the nonRepudiation bit set is not used in environments that may either not conform to a non-repudiation signature policy, or be unknown. Cheers, Ed Gerck Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id NAA04396 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 13:48:44 -0800 (PST) Received: from mega (t2o69p18.telia.com [62.20.144.138]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id WAA33001; Tue, 7 Dec 1999 22:54:16 +0100 Message-ID: <007501bf4105$21c34330$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "Stefan Santesson" <stefan@accurata.se>, "Ilan Shacham" <ilans@arx.com>, "Tony Bartoletti" <azb@llnl.gov>, <ietf-pkix@imc.org>, <stephen.farrell@baltimore.ie> Subject: QC biometrics needs re-engineering NOW! Date: Tue, 7 Dec 1999 22:48:07 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id NAA04398 Stephen, >I suggested that it was silly to present a digest >without being able to point at something that allows you >to verify the digest It sure is silly! Interoperability=ZERO >as you should be able to see from >the archive (but its so long ago I forget, maybe it was >a private posting). I think Steve K. addressed the issue >when he said that handing over a URL says nothing about >who can gets a 404 vs. a 200 when they ask for the content. That is REALLY silly! The RP is authenticating to the CA-server....... I.e. all RPs must be "known" in advance by the CA? Should I laugh :-) :-) :-) . Or should I cry? :-( :-( Compare that to the simple, interoperable, universal trick invented by Netscape(?) some 3-4 years ago called user certificate selection. Like getting a list like: - Standard QC - Photo ID - e-mail cert - SSN cert Anders Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA02273 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 12:35:24 -0800 (PST) Received: by balinese.baltimore.ie; id UAA20663; Tue, 7 Dec 1999 20:38:28 GMT Received: from bobcat.baltimore.ie(192.168.20.10) by balinese.baltimore.ie via smap (V4.2) id xma020655; Tue, 7 Dec 99 20:38:25 GMT Received: from baltimore.ie ([192.168.20.113]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id UAA27338; Tue, 7 Dec 1999 20:38:22 GMT Message-ID: <384D71A6.4A0075C5@baltimore.ie> Date: Tue, 07 Dec 1999 20:44:22 +0000 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@jaybis.com>, ietf-pkix@imc.org Subject: Re: Back to nothing: URI solution works? References: <005201bf40fa$1c256e40$020000c0@mega.vincent.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit (I thought the "back to nothing" thread was about keyUsage, not biometrics, but since I've been dumb enough to stick my head up...) I suggested that it was silly to present a digest without being able to point at something that allows you to verify the digest, as you should be able to see from the archive (but its so long ago I forget, maybe it was a private posting). I think Steve K. addressed the issue when he said that handing over a URL says nothing about who can gets a 404 vs. a 200 when they ask for the content. Stephen. Anders Rundgren wrote: > > Hi Stephen, > > As it was you who suggested the URI+hash solution for biometrics, you could maybe > elaborate on how this solution is information-wise (not certificate-size-wise) different from > in-line biometric data. > > Anders -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 647 7406 61 Fitzwilliam Lane, fax: +353 1 647 7499 Dublin 2. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id MAA02014 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 12:29:38 -0800 (PST) Received: from mega (t4o69p29.telia.com [62.20.145.149]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id VAA55597; Tue, 7 Dec 1999 21:35:23 +0100 Message-ID: <005201bf40fa$1c256e40$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: <stephen.farrell@baltimore.ie>, <ietf-pkix@imc.org> Subject: Back to nothing: URI solution works? Date: Tue, 7 Dec 1999 21:29:14 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id MAA02015 Hi Stephen, As it was you who suggested the URI+hash solution for biometrics, you could maybe elaborate on how this solution is information-wise (not certificate-size-wise) different from in-line biometric data. Anders Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA01710 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 12:23:59 -0800 (PST) Received: from st12.ncsl.nist.gov (st12.ncsl.nist.gov [129.6.54.66]) by csmes.ncsl.nist.gov (8.9.3+Sun/8.6.4jck0) with SMTP id PAA19797; Tue, 7 Dec 1999 15:26:19 -0500 (EST) Message-Id: <3.0.5.32.19991207153050.007ff720@csmes.ncsl.nist.gov> X-Sender: polk@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 07 Dec 1999 15:30:50 -0500 To: "Aram Perez" <aram@apple.com>, Denis Pinkas <Denis.Pinkas@bull.net> From: Tim Polk <wpolk@nist.gov> Subject: Consensus Text for key usage? Cc: ietf-pkix@imc.org In-Reply-To: <199912071839.KAA17247@scv3.apple.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Folks, With Aram and Denis back in the fray, I think we can finish this one off. I have incorporated all the changes, and think we may be nearing consensus! There are two pieces of proposed text; text for the key usage extension and text for the security considerations section. Please read it carefully. In general, the changes were all introduced on the list in the "porposed" thread, but I have tweaked a couple of other paragraphs. The only real suprise is that I capitulated and deleted the word "user" under dataEncipherment. I thought keeping it would be less controversial, but that wasn't true! I don't think it added anything, so let's delete it. Thanks, Tim Polk parties.---- Proposed text for 4.2.1.3 Key Usage 4.2.1.3 Key Usage The key usage extension defines the purpose (e.g., encipherment, sig- nature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted. For example, when an RSA key should be used only for signing, the digitalSignature and/or nonRepudiation bits would be asserted. Likewise, when an RSA key should be used only for key management, the keyEncipherment bit would be asserted. When used, this extension SHOULD be marked criti- cal. id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } Bits in the KeyUsage type are used as follows: The digitalSignature bit is asserted when the subject public key is used with a digital signature mechanism to support security services other than non-repudiation (bit 1), certificate signing (bit 5), or revocation information signing (bit 6). Digital signa- ture mechanisms are often used for entity authentication and data origin authentication with integrity. The nonRepudiation bit is asserted when the subject public key is used to verify digital signatures used to provide a non-repudiation service. This service protects against the certificate subject falsely denying signing the data. In the case of later conflict, a reliable third party may determine the authenticity of the signed data. The values of the digitalSignature and nonRepudiation bits are not considered when validating the signature on certificates or certificate status information. Further distinctions between the digitalSignature and nonRepudiation bits may be provided in specific certificate policies. The values of the digitalSignature and nonRepudiation bits is insufficient to determine the intentions of the certificate subject. The context in which the data was signed MUST also be considered. A signature policy identifier embedded in the signed data MAY be used to explicitly provide context. The keyEncipherment bit is asserted when the subject public key is used for key transport. For example, when an RSA key is to be used for key management, then this bit shall be asserted. The dataEncipherment bit is asserted when the subject public key is used for enciphering data other than cryptographic keys. The keyAgreement bit is asserted when the subject public key is used for key agreement. For example, when a Diffie-Hellman key is to be used for key management, then this bit shall be asserted. The keyCertSign bit is asserted when the subject public key is used for verifying a signature on certificates. This bit may only be asserted in CA certificates. If the keyCertSign bit is asserted, then the cA bit in the basic constraints extension (see 4.2.1.10) MUST also be asserted. If the keyCertSign bit is not asserted, then the cA bit in the basic constraints extension MUST NOT be asserted. The cRLSign bit is asserted when the subject public key is used for verifying a signature on revocation information (e.g., a CRL). Note: Unlike the keyCertSign bit, there is no relationship between the value of cRLSign and the basic constraints extension. The meaning of the encipherOnly bit is undefined in the absence of the keyAgreement bit. When the encipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for enciphering data while performing key agreement. The meaning of the decipherOnly bit is undefined in the absence of the keyAgreement bit. When the decipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for deciphering data while performing key agreement. This profile does not restrict the combinations of bits that may be set in an instantiation of the keyUsage extension. However, valid combinations of bits are specified for particular algorithms in section 7.3. --- proposed new paragraphs for Security Considerations section A CA may include the key usage extension and assert the nonRepudiation bit when issuing a certificate. When such a certificate is delivered, it implies that the owner of the corresponding private key should be warned that, in the event of a dispute, he may be held responsible of the data signed with this key. If a certificate has both the digitalSignature and the nonRepudiation bit set, the owner of the private key should make sure that all the environments and applications where the corresponding private key is being used do not allow a misuse of that private key. If that confidence can only be obtained in some environments, two different certificates, one with one public key and the digitalSignature bit set and another one with a different public key and the nonRepudiation bit set, should be used, so that the private key corresponding to the certificate with the nonRepudiation bit set is only used in secure environments. Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA01372 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 12:12:22 -0800 (PST) Received: by balinese.baltimore.ie; id UAA20167; Tue, 7 Dec 1999 20:15:25 GMT Received: from bobcat.baltimore.ie(192.168.20.10) by balinese.baltimore.ie via smap (V4.2) id xma020157; Tue, 7 Dec 99 20:15:01 GMT Received: from baltimore.ie ([192.168.20.113]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id UAA25935 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 20:14:56 GMT Message-ID: <384D6C26.228B60F9@baltimore.ie> Date: Tue, 07 Dec 1999 20:20:54 +0000 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: back to nothing, was Re: proposed key usaged text -- the final round References: <4.2.0.58.19991124152024.009f3760@mail.spyrus.com> <3.0.5.32.19991126162233.01fd28b0@csmes.ncsl.nist.gov> <384D484B.82CA7199@bull.net> <384D56F2.5DC08F55@nma.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ...some 100s of messages later... > If you want to deprecate the NR bit, please say so. YES!!! More and more everytime I see this discussion. Actually, I did have the idea that we mandate that CAs MUST set this bit randomly whenever a keyUsage extension is present, just to stop people who argue that its absence has a meaning. Stpehen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 647 7406 61 Fitzwilliam Lane, fax: +353 1 647 7499 Dublin 2. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3-ext.email.verio.net [129.250.36.43]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA00823 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 11:45:11 -0800 (PST) Received: from dfw-mmp4.email.verio.net ([129.250.38.64]) by dfw-smtpout3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMDYZ000.VDZ for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 19:47:24 +0000 Received: from nma.com ([209.21.28.104]) by dfw-mmp4.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMDWCA00.CDW; Tue, 7 Dec 1999 18:50:34 +0000 Message-ID: <384D56F2.5DC08F55@nma.com> Date: Tue, 07 Dec 1999 10:50:26 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Tim Polk <wpolk@nist.gov>, ietf-pkix@imc.org Subject: back to nothing, was Re: proposed key usaged text -- the final round References: <4.2.0.58.19991124152024.009f3760@mail.spyrus.com> <3.0.5.32.19991126162233.01fd28b0@csmes.ncsl.nist.gov> <384D484B.82CA7199@bull.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Denis Pinkas wrote: > I would like first to summarize where we are. Keeping the first > sentence unchanged and adding the text you proposed to solve both my > issue and John Linn issue we come to the following normative text: > > The nonRepudiation bit is asserted when the subject public key is > used to verify digital signatures used to provide a non-repudiation > service. The values of the digitalSignature and nonRepudiation bits > are not considered when validating the signature on certificates or > certificate status information (see keyCertSign and cRLSigning, > below, for values that are considered when validating such > signatures.) Should I understand this suggestion as a substituion for the first sentence or for the entire paragraph? Either way, the suggestion seems to cut the part where the *meaning* of the NR bit is given. The original text was: The nonRepudiation bit is asserted when the subject public key is used to verify digital signatures used to provide a non-repudiation service. This service protects against the certificate subject falsely denying signing the data, excluding certificate or CRL signing. In the case of later conflict, a reliable third party may determine the authenticity of the signed data. So, I fail to see how the suggested text is better. In fact, I think it turns back the clock some six months and we are again back to nothing. If you want to deprecate the NR bit, please say so. > Thenafter I agree that warnings should be moved in the security > consideration section. So the only remaining point should be to > agree on that text. You proposal was missing the case of the two > bits set. Here is a new attempt: > > "A CA may include the key usage extension and assert the > nonRepudiation bit when issuing a certificate. When such a > certificate is delivered, it implies that the owner of the > corresponding private key should be warned that, in the event of a > dispute, he may be held responsible of the data signed with this > key. "The owner of the private key should be warned" -- we are again back some six months ago. Non-repudiation cannot be imposed, it has to be voluntary. Why should the CA tell me that I may be held responsible when the CA themselves says that they are never responsible, provide no warranty, no assurances, yada yada? > If a certificate has both the digitalSignature and the > nonRepudiation bit set, the owner of the private key should make > sure that all the environments and applications where the > corresponding private key is being used do not allow a misuse of > that private key. *All the enviroments and the applications" -- can we be more less assuming? If even the CA refuses to accept responsibility for their environment, I presume that the above text is fictional to the extreme and unfair. Besides, it is outdated by six months. Again, the lack of a real-world model is apparent in the previous work and percolates here. > If that condidence can only be obtained in some > environments, two different certificates, one with one public public > key and the digitalSignature bit set and another one with a > different public key and the nonRepudiation bit set, should be used, > so that the private key corresponding to the certificate with the > nonRepudiation bit set is only used in secure environments." Dennis: I see that we are back to nothing if we follow your suggestions. Again, if you want to deprecate the NR bit, please say so. This is what the market, if not this list, will do if your suggestion is accepted *over all the discussions here*. Those issues that you want to "introduce" now at the final round were already discussed and rejected. Why discuss them to death over and over and over? Cheers, Ed Gerck Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA29708 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 10:36:26 -0800 (PST) Received: from mailgate1.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id KAA28075 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 10:39:28 -0800 (PST) Received: from scv3.apple.com (scv3.apple.com) by mailgate1.apple.com (mailgate1.apple.com- SMTPRS 2.0.15) with ESMTP id <B0009047384@mailgate1.apple.com>; Tue, 07 Dec 1999 10:39:20 -0800 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv3.apple.com (8.9.3/8.9.3) with ESMTP id KAA17247; Tue, 7 Dec 1999 10:39:02 -0800 (PST) Message-Id: <199912071839.KAA17247@scv3.apple.com> X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410) Date: Tue, 07 Dec 1999 10:38:54 -0800 Subject: Re: proposed key usaged text -- the final round From: "Aram Perez" <aram@apple.com> To: Denis Pinkas <Denis.Pinkas@bull.net>, Tim Polk <wpolk@nist.gov> Cc: ietf-pkix@imc.org MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Denis Pinkas wrote: > Tim, > > I did not realized that the ball was rolling in my camp and thus I > needed to send you a response. > I would like first to summarize where we are. Keeping the first > sentence unchanged and adding the text you proposed to solve both my > issue and John Linn issue we come to the following normative text: > > The nonRepudiation bit is asserted when the subject public key is > used to verify digital signatures used to provide a non-repudiation > service. The values of the digitalSignature and nonRepudiation bits > are not considered when validating the signature on certificates or > certificate status information (see keyCertSign and cRLSigning, > below, for values that are considered when validating such > signatures.) > > Thenafter I agree that warnings should be moved in the security > consideration section. So the only remaining point should be to > agree on that text. You proposal was missing the case of the two > bits set. Here is a new attempt: > > "A CA may include the key usage extension and assert the > nonRepudiation bit when issuing a certificate. When such a > certificate is delivered, it implies that the owner of the > corresponding private key should be warned that, in the event of a > dispute, he may be held responsible of the data signed with this > key. > > If a certificate has both the digitalSignature and the > nonRepudiation bit set, the owner of the private key should make > sure that all the environments and applications where the > corresponding private key is being used do not allow a misuse of > that private key. If that condidence can only be obtained in some > environments, two different certificates, one with one public public > key and the digitalSignature bit set and another one with a > different public key and the nonRepudiation bit set, should be used, > so that the private key corresponding to the certificate with the > nonRepudiation bit set is only used in secure environments." > > Regards, > > Denis I like Denis' suggestions and I agree that "warnings should be moved in the security consideration section". Regards, Aram Perez [snip] Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA28512 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 09:45:27 -0800 (PST) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id SAA20132; Tue, 7 Dec 1999 18:48:04 +0100 Message-ID: <384D484B.82CA7199@bull.net> Date: Tue, 07 Dec 1999 18:47:55 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: Tim Polk <wpolk@nist.gov> CC: ietf-pkix@imc.org Subject: Re: proposed key usaged text -- the final round References: <4.2.0.58.19991124152024.009f3760@mail.spyrus.com> <3.0.5.32.19991126162233.01fd28b0@csmes.ncsl.nist.gov> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Tim, I did not realized that the ball was rolling in my camp and thus I needed to send you a response. I would like first to summarize where we are. Keeping the first sentence unchanged and adding the text you proposed to solve both my issue and John Linn issue we come to the following normative text: The nonRepudiation bit is asserted when the subject public key is used to verify digital signatures used to provide a non-repudiation service. The values of the digitalSignature and nonRepudiation bits are not considered when validating the signature on certificates or certificate status information (see keyCertSign and cRLSigning, below, for values that are considered when validating such signatures.) Thenafter I agree that warnings should be moved in the security consideration section. So the only remaining point should be to agree on that text. You proposal was missing the case of the two bits set. Here is a new attempt: "A CA may include the key usage extension and assert the nonRepudiation bit when issuing a certificate. When such a certificate is delivered, it implies that the owner of the corresponding private key should be warned that, in the event of a dispute, he may be held responsible of the data signed with this key. If a certificate has both the digitalSignature and the nonRepudiation bit set, the owner of the private key should make sure that all the environments and applications where the corresponding private key is being used do not allow a misuse of that private key. If that condidence can only be obtained in some environments, two different certificates, one with one public public key and the digitalSignature bit set and another one with a different public key and the nonRepudiation bit set, should be used, so that the private key corresponding to the certificate with the nonRepudiation bit set is only used in secure environments." Regards, Denis ======================================= > Denis, > > At 11:52 AM 11/25/1999 +0100, Denis Pinkas wrote: > >Tim and Russ, > > > >> To people who still care about NR: > > > >I care. > > > > We thought you might. :-) > > I've cut and pasted a bit to asssist those reading along at home... I trust I haven't altered your intent. > > Our proposed text: > > The nonRepudiation bit is asserted when the subject public key is > > used to verify digital signatures used to provide a non-repudiation > > service. This service protects against the certificate subject > > falsely denying signing the data, excluding certificate or CRL > > signing. In the case of later conflict, a reliable third party may > > determine the authenticity of the signed data. > > Your proposed text: > > >" The nonRepudiation bit is asserted when the subject public key is > >used to verify digital signatures used to provide a non-repudiation > >service. When present, the nonRepudiation bit indicates that the > >private key corresponding to the subject public key present in that > >certificate may be used to indicate the user's conscious and willing > >intent to endorse what is being signed." > > > > I prefer our text, since it sticks to the definition of the service. The certificate subject can use their private key for anything they'd like. The question for the key usage extension is, "Should I use this public key to implement this service?". I believe our text describes the general case, yours an important specific case. > > Russ and I worked very hard to remove the word "intent" in our latest proposal. Intent can only be indicated through context, such as the signing policy that ETSI has proposed. This specification cannot do a thing to ensure that any particular signature was generated conciously and willingly. > > Since our text includes your case, and ETSI is already working on the mechanisms to describe the signing context, I think our text is a good middle ground. > > You also wrote: > >I would also propose to add a note that explains the case of a > >certificate having both the DS and the NR bits set and to place this > >addition at the end of the whole section 4.2.1.3: > > > >" Note: A certificate with the nonRepudiation bit set should only be > >used when it is possible to get full confidence of the environments > >where the private key will be used. If a certificate has both the > >digitalSignature and the nonRepudiation bit set, the entity owning > >the private key should have full confidence of all the various > >environments and applications where the private key will being used. > >For the cases where that condidence cannot be obtained, two > >different certificates, one with one public public key and the > >digitalSignature bit set and another one with a different public key > >and the nonRepudiation bit set, should be used." > > > > > > I substituted "issued" for "used" in this paragraph. I'm assuming you are talking about how a CA determines *which* bits should be asserted. Is that right? On that assumption, I think it is a policy issue or a security consideration. [Side note: What do you mean by "full confidence"?] The next paragraph points to the policy for additional information. > > The other possibility would be the security considerations section. It could build on the current text, which includes the folowing: > > The protection afforded private keys is a critical factor in main- > taining security. On a small scale, failure of users to protect > their private keys will permit an attacker to masquerade as them, or > decrypt their personal information. [stuff about CA keys deleted] > > Adding the following paragraph might address your concern: > > A CA may include the key usage extension and assert the nonRepudiation bit > when issuing a certificate. This implies that a reliable third party will > be able to determine the authenticity of signed data in the event of a dispute. > If the certificate subject uses the private key in an insecure environment, > it may be difficult to detect or prevent key compromise. This could prevent a > reliable third party from determining the authenticity of signed data. A CA > should consider the environment of the private key before asserting the > nonRepudiation bit. > > I know this text is very rough, but would this serve your purpose? > > Thanks, > > Tim Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id HAA26207 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 07:28:35 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id QAA62362; Tue, 7 Dec 1999 16:34:13 +0100 Received: by HYDRA with Microsoft Mail id <01BF40CF.A1904DA0@HYDRA>; Tue, 7 Dec 1999 16:25:10 +0100 Message-ID: <01BF40CF.A1904DA0@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Stephen Kent'" <kent@bbn.com>, "'SEIS-List'" <list@seis.nc-forum.com>, PKIX-List <ietf-pkix@imc.org>, Tony Bartoletti <azb@llnl.gov>, "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-printsin QCs Date: Tue, 7 Dec 1999 16:25:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Well Steve, This was the question. And it was not only raised by me: > >Someone mentioned that the hash is sufficient, since the actual > >data could just "tag along" with the cert, if required. But there > >needs to be a standard even for this kind of operation. Is there? > > >This was the original QC solution. As you noted (and I have told the >authors several times) this is a half-made solution. A genuine example >of poor engineering! PKIX creates infrastructure standards. Specifying a means of binding biometric data to a cert is within scope. specifying a means of carrying this data in a wide range of application environments is out of scope. I would say that this sloppy definition requires that the maker of the smart-card and the authenticating application are identical. Interoperability=ZERO. For example, we don't tell IPsec, SSL/TLS, or S/MIME how to transport certificates or CRLs in those applications; Odd examples. AFAIK SSL/TLS specify exactly how and when client and server certificates are transmitted between client and server. Having defined a means of binding biometric data to a cert, while not putting it in the cert and thus mitigating privacy problems, we have done the part of the job that is appropriate for this WG. As noted by others, the URI+hash thing does not do the privacy job the way you describe it and then the whole foundation is flawed. I.e. we are back to "file-size" discussions which are pretty trivial. User certificate selection is (so far) the only documented, interoperable, general-purpose solution to privacy problems of the kind introduced by certificates containing "sensitive" information like SSNs, biometrics etc. Anders Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA25055 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 06:22:14 -0800 (PST) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id PAA29058; Tue, 7 Dec 1999 15:24:49 +0100 Message-ID: <384D18A8.BB885F2C@bull.net> Date: Tue, 07 Dec 1999 15:24:40 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@jaybis.com> CC: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefan@accurata.se> Subject: Re: Repeated: QC biometric selection/protocol References: <01BF40B8.F863BF70@HYDRA> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Anders, > Stefan, > > I look forward to consensus but without any comments on this > > http://www.imc.org/ietf-pkix/mail-archive/msg03203.html > > which is directed to the QC-designers rather than the list, it is very hard > to have an opinion about the current concept for handling biometrics. > > I think it was Denis Pinkas who originally suggested the hash-bio and Stephen Farrel > who added the URI part. Maybe they care to elaborate on this? Your historic is correct. However, I said yesterday: "We should not re-open that discussion". Thus, I do not want to elaborate more on this at this time. Regards, Denis > Note that several others in this list seem to agree with me that the hash+URI is > equally privacy-depriving as the bio-in-cert solution. So is the big question really > only a matter of "file-size"? > > Anders Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA24403 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 05:53:27 -0800 (PST) Received: from [128.33.238.59] (TC059.BBN.COM [128.33.238.59]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id IAA28082; Tue, 7 Dec 1999 08:55:45 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v04220800b472bf2de48d@[128.33.238.12]> In-Reply-To: <001001bf407c$81fda7b0$020000c0@mega.vincent.se> References: <001001bf407c$81fda7b0$020000c0@mega.vincent.se> Date: Tue, 7 Dec 1999 08:47:18 -0500 To: "Anders Rundgren" <anders.rundgren@jaybis.com> From: Stephen Kent <kent@bbn.com> Subject: Re: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Cc: "'SEIS-List'" <list@seis.nc-forum.com>, "PKIX-List" <ietf-pkix@imc.org>, "Tony Bartoletti" <azb@llnl.gov> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Anders, >Tony, > >Slight comment on a thing of importance that you mention > ><snip> > > >Someone mentioned that the hash is sufficient, since the actual > >data could just "tag along" with the cert, if required. But there > >needs to be a standard even for this kind of operation. Is there? > > >This was the original QC solution. As you noted (and I have told the >authors several times) this is a half-made solution. A genuine example >of poor engineering! PKIX creates infrastructure standards. Specifying a means of binding biometric data to a cert is within scope. specifying a means of carrying this data in a wide range of application environments is out of scope. For example, we don't tell IPsec, SSL/TLS, or S/MIME how to transport certificates or CRLs in those applications; we just define the certificate and CRL formats. The same principle applies here. Having defined a means of binding biometric data to a cert, while not putting it in the cert and thus mitigating privacy problems, we have done the part of the job that is appropriate for this WG. What aspect of this argument do you not understand? Steve Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA24297 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 05:53:12 -0800 (PST) Received: from [128.33.238.59] (TC059.BBN.COM [128.33.238.59]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id IAA28130; Tue, 7 Dec 1999 08:56:11 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v04220802b472c1365f75@[128.33.238.12]> In-Reply-To: <01BF408F.23151B30@HYDRA> References: <01BF408F.23151B30@HYDRA> Date: Tue, 7 Dec 1999 08:56:26 -0500 To: Anders Rundgren <anders.rundgren@jaybis.com> From: Stephen Kent <kent@bbn.com> Subject: RE: QC's - for human eyes only? Cc: "ietf-pkix@imc.org" <ietf-pkix@imc.org>, "'SEIS-List'" <list@seis.nc-forum.com> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Anders, >Ilan, > > >It seems to me that most postings here with privacy concerns are > >actually against the whole concept of the QC and the linking of > >biometric data to individuals. Once QC's have been agreed upon it > >looks like both options - hash+URI and Biometrics on the QC, are > >conceptualy identical. > >Your observation is unfortunately completely correct! > >This IMO where you get by starting with ASN.1 instead of an old-fashioned >"requirement specification". A the requirement specification should be on >a level that can be (more or less) interpreted by parties that may not have a >degree in cryptography. Why? Unlike TLS and OCSP, QC is very close to >an "application" and when applications are designed, "users" should be >able to participate. But that's too late now. And many valuable months have >simply passed without any progress and soon the last call is over and things >are still in a partial shape. QC is not an application. It is a certificate profile. Multiple ways of making use of QCs are possible, and that is one of the reasons why we have deferred the question of how to present the biometric template that is bound to a certificate. Steve P.S. OCSP is a PKI management application protocol, and TLS is an application layer protocol, so your comparison above is as flawed as the rest of your arguments. Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA24265 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 05:53:06 -0800 (PST) Received: from [128.33.238.59] (TC059.BBN.COM [128.33.238.59]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id IAA28097; Tue, 7 Dec 1999 08:55:49 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <v04220801b472c08435aa@[128.33.238.12]> In-Reply-To: <6097687B2BCFD211AFA0006008C9A1A317B69E@mx.arx.com> References: <6097687B2BCFD211AFA0006008C9A1A317B69E@mx.arx.com> Date: Tue, 7 Dec 1999 08:50:25 -0500 To: Ilan Shacham <ilans@arx.com> From: Stephen Kent <kent@bbn.com> Subject: RE: QC's - for human eyes only? Cc: ietf-pkix@imc.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Ilan, If one were to provide no protection for the URI-based access, I agree that the argument of added confidentiality would be questionable. That's why the proposal I put forth some time ago left open the issue of how and under what circumstances the biometric template data would be provided. Steve Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id EAA22649 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 04:46:14 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id NAA12684; Tue, 7 Dec 1999 13:52:01 +0100 Received: by HYDRA with Microsoft Mail id <01BF40B8.F863BF70@HYDRA>; Tue, 7 Dec 1999 13:42:57 +0100 Message-ID: <01BF40B8.F863BF70@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefan@accurata.se> Subject: Repeated: QC biometric selection/protocol Date: Tue, 7 Dec 1999 13:42:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Stefan, I look forward to consensus but without any comments on this http://www.imc.org/ietf-pkix/mail-archive/msg03203.html which is directed to the QC-designers rather than the list, it is very hard to have an opinion about the current concept for handling biometrics. I think it was Denis Pinkas who originally suggested the hash-bio and Stephen Farrel who added the URI part. Maybe they care to elaborate on this? Note that several others in this list seem to agree with me that the hash+URI is equally privacy-depriving as the bio-in-cert solution. So is the big question really only a matter of "file-size"? Anders Received: from karon.dynas.se (karon.dynas.se [192.71.43.4]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id EAA22066 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 04:10:37 -0800 (PST) Received: (qmail 32892 invoked from network); 7 Dec 1999 12:13:30 -0000 Received: from spirit.sto.dynas.se (HELO spirit.dynas.se) (172.16.1.10) by karon.sto.dynas.se with SMTP; 7 Dec 1999 12:13:30 -0000 Received: (qmail 15447 invoked from network); 7 Dec 1999 12:13:29 -0000 Received: from mnystrom-lap.nordic-dhcp.dynas.se (10.129.12.111) by spirit.dynas.se with SMTP; 7 Dec 1999 12:13:29 -0000 Date: Tue, 7 Dec 1999 13:12:55 +0100 (W. Europe Standard Time) From: Magnus Nystrom <magnus@rsasecurity.com> To: Tom Biskupic <tbiskupic@baltimore.com> cc: ietf-pkix@imc.org Subject: Re: The definition of OTHER-NAME In-Reply-To: <000001bf40aa$f45e9340$7c15a8c0@crown.cdsemea.baltimore.com> Message-ID: <Pine.WNT.4.10.9912071306200.-806843@mnystrom-lap.rsa-s.com> X-X-Sender: magnus@[172.16.1.10] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi Tom, Note that the 'otherName' choice in the definition of 'GeneralName' in X.509:1997 is: otherName INSTANCE OF OTHER-NAME, and 'INSTANCE OF' is defined in Annex C of X.681 as precisely the 'OtherName' type defined in RFC 2459. Hope this helps, -- Magnus Magnus Nystrom Email: magnus@rsasecurity.com RSA Laboratories On Tue, 7 Dec 1999, Tom Biskupic wrote: > Hello, > > I'm sure this must have been discussed previously, but not having found an > answer in the first 12Mb archive of this mailing list I thought I'd float it > anyhow. > > There seems to be a discrepancy in the definition of Othername in RFC2459 > and X509V3 > > The definition of OtherName in RFC2459 is as follows :- > > OtherName ::= SEQUENCE { > type-id OBJECT IDENTIFIER, > value [0] EXPLICIT ANY DEFINED BY type-id } > > where as X509.V3 defines it as > > OTHER-NAME ::= TYPE-IDENTIFIER > > Which does not have the [0] tag on the value (see X.681 Annex A) > > The draft-ietf-pkix-new-part1-00.txt even says > -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as > -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax > > But then goes on to define AnotherName to include the [0] tag. > > Why is the [0] tag there? I don't see any ambiguity in the encoding that > would require a context specific tag. Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id DAA21789 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 03:59:21 -0800 (PST) Received: by balinese.baltimore.ie; id MAA00128; Tue, 7 Dec 1999 12:02:22 GMT Received: from bobcat.baltimore.ie(192.168.20.10) by balinese.baltimore.ie via smap (V4.2) id xma000112; Tue, 7 Dec 99 12:01:48 GMT Received: from crown (crown.baltimore.ie [192.168.21.124]) by bobcat.baltimore.ie (8.9.3/8.9.3) with SMTP id MAA22364 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 12:01:47 GMT From: "Tom Biskupic" <tbiskupic@baltimore.com> To: <ietf-pkix@imc.org> Subject: The definition of OTHER-NAME Date: Tue, 7 Dec 1999 12:02:36 -0000 Message-ID: <000001bf40aa$f45e9340$7c15a8c0@crown.cdsemea.baltimore.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Hello, I'm sure this must have been discussed previously, but not having found an answer in the first 12Mb archive of this mailing list I thought I'd float it anyhow. There seems to be a discrepancy in the definition of Othername in RFC2459 and X509V3 The definition of OtherName in RFC2459 is as follows :- OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } where as X509.V3 defines it as OTHER-NAME ::= TYPE-IDENTIFIER Which does not have the [0] tag on the value (see X.681 Annex A) The draft-ietf-pkix-new-part1-00.txt even says -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax But then goes on to define AnotherName to include the [0] tag. Why is the [0] tag there? I don't see any ambiguity in the encoding that would require a context specific tag. Thanks, Tom Biskupic, Software Engineer ---------------------------------------------------------------------------- -------------- Baltimore Technologies Tel. +353 1 647 7435 Fax. +353 1 647 7499 Baltimore - Global e-Security ---------------------------------------------------------------------------- -------------- Received: from popmail.inbox.se (popmail.inbox.se [193.12.72.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA18461 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 02:21:22 -0800 (PST) Received: from stefan2 (accurata.inbox.se [193.12.72.24]) by popmail.inbox.se (8.9.3/8.9.3) with SMTP id MAA05890 for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 12:39:54 +0100 Message-Id: <4.1.19991207105318.00ae0e80@mail.accurata.se> X-Sender: mb517@mail.accurata.se X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 07 Dec 1999 11:24:51 +0100 To: <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: Re: QC's - for human eyes only? In-Reply-To: <003d01bf4026$fc7600b0$5b116a0a@cylink> References: <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com> <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com> <3.0.3.32.19991206110522.00c8a4d0@poptop.llnl.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id CAA18462 This is fairly much a repetition of the previous discussion about biometrics. I would avoid discussions regarding the privacy issues, but would like to say that any system that relies on the secrecy of biometrics are likely to fail. The unique identification capability of biometrics does not come from keeping it secret, but rather your unique capability to represent these bio-metric values with your physical body. The wrong body can't represent these values regardless of wether they are secret or not. The second general issue is about the value of bio-metrics in long distance communication. This is where human verification comes in. Schemes aimed for human verification works well on distance (i.e. my certified photo may help convince you who I am, because you may have seen me before and recognize me), while schemes for machine verification doesn't (i.e. finger print verification must be performed with physical control over the bio-measure device, and this device must be where you are). Anyway. I still think that the current solution is good.... On the other hand it would be very easy so expand the scheme. Personally I'm not sure what the best solution is. The only thing I'm really sure about, is that I believe that the predefined bio-metric types shall remain as they are (photo and written signature image) aimed for human verification. The current scheme allows definition of other bio-metric types with an OID and I would personally not object if such OID may be allowed to define a finger print scheme. I would hope to avoid the actual bio-data in certificates, but I don't have a strong opinion here. So please continue top argue and find a consensus here. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata AB http://www.accurata.se Slagthuset Tel. +46-40 108588 211 20 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id XAA13568 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 23:46:51 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id IAA62390; Tue, 7 Dec 1999 08:44:35 +0100 Received: by HYDRA with Microsoft Mail id <01BF408F.23151B30@HYDRA>; Tue, 7 Dec 1999 08:43:30 +0100 Message-ID: <01BF408F.23151B30@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'ghilborn@csc.com'" <ghilborn@csc.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org>, "'Ilan Shacham'" <ilans@arx.com>, "'SEIS-List'" <list@seis.nc-forum.com> Cc: =?iso-8859-1?Q?=27Patrik_F=E4ltstr=F6m=27?= <paf@swip.net>, "'Stefan Santesson'" <stefan@accurata.se>, "'Magnus Nystrom'" <magnus@rsasecurity.com> Subject: RE: QC's - for human eyes only? Date: Tue, 7 Dec 1999 08:43:28 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Ilan, >It seems to me that most postings here with privacy concerns are >actually against the whole concept of the QC and the linking of >biometric data to individuals. Once QC's have been agreed upon it >looks like both options - hash+URI and Biometrics on the QC, are >conceptualy identical. Your observation is unfortunately completely correct! This IMO where you get by starting with ASN.1 instead of an old-fashioned "requirement specification". A the requirement specification should be on a level that can be (more or less) interpreted by parties that may not have a degree in cryptography. Why? Unlike TLS and OCSP, QC is very close to an "application" and when applications are designed, "users" should be able to participate. But that's too late now. And many valuable months have simply passed without any progress and soon the last call is over and things are still in a partial shape. Anders Rundgren Senior Internet e-commerce Architect Received: from mx.arx.com (mx.arx.com [212.25.66.96]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id XAA12175 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 23:09:15 -0800 (PST) Received: by mx.arx.com with Internet Mail Service (5.5.2448.0) id <YJWJFWG9>; Tue, 7 Dec 1999 09:09:35 +0200 Message-ID: <6097687B2BCFD211AFA0006008C9A1A317B69E@mx.arx.com> From: Ilan Shacham <ilans@arx.com> To: "'ghilborn@csc.com'" <ghilborn@csc.com>, ietf-pkix@imc.org Subject: RE: QC's - for human eyes only? Date: Tue, 7 Dec 1999 09:09:33 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" It looks like there is a consensus on the fact that Biometric data is no good for remote authentication, therefore there would be no need for putting QC's in directories. Instead, the QC owner would hold it in a smartcard, or something similiar. Consider the following Scenerio: Alice runs some service which requires authentication through biometrics. Bob comes to Alice and presents his smartcard with his QC on it. Alice takes Biometric measurements of Bob and checks his QC to authenticate him. Now there are two possibilities: 1. The QC includes a hash and URI of the biometrics - Alice securely accesses the URI and retrieves Bob's biometrics. 2. The QC includes Bobs biometrics - Alice gets the biometrics from the QC. In both cases Alice, and only Alice, is given Bob's biometrics. If Bob trusts Alice to keep this data secret then there is no problem. If he doesn't trust her then he shouldn't have given her the smartcard in the first case. Currently there are no definitions of the secure access of the URI, so this might be an opening for malicious people to fraudulantly retrieve the biometrics from the URI. Therefore, as I see it, the URI option is the one where privacy is more breachable. It seems to me that most postings here with privacy concerns are actually against the whole concept of the QC and the linking of biometric data to individuals. Once QC's have been agreed upon it looks like both options - hash+URI and Biometrics on the QC, are conceptualy identical. ------------------------------------------------------------------------ Ilan Shacham mailto:ilans@arx.com Algorithmic Research Ltd. http://www.arx.com 10 Nevatim St., phone: 972 - 3 - 9279540 Petach-Tikva, Israel Fax: 972 - 3 - 9230864 > -----Original Message----- > From: ghilborn@csc.com [mailto:ghilborn@csc.com] > Sent: Tuesday, December 07, 1999 12:55 AM > To: ietf-pkix@imc.org > Subject: Re: QC's - for human eyes only? > > > > > Consider the distinction between *identification* and > *authentication*. > Something makes a good identifier if it points uniquely to > what it identifies. > Something makes a good authenticator if it is hard for the > wrong entity to > generate it. If a "secret" authenticator is shared between > too many parties > (e.g., SSN, mother's maiden name) it no longer makes a very > good authenticator. > > What is the nature of a biometric? A problem for biometrics > is that if multiple > systems know and authenticate me by a my fingerprint data, is > that data still a > good authenticator? If the comparison is static, the answer > would be "no" for > the same reason as SSNs, etc. are poor. But if they also use > an effective > "liveness" test against static reference data, then the > reference fingerprint > data really serves as an identifier and the "liveness" test > mechanism really > serves as the authenticator. In that case what's the problem > with including my > fingerprint data in a certificate? > > I think the real worry about including a biometric in a > certificate is the > potential for privacy invasion, because the biometric in > effect becomes an > unchangeable universal identifier - exactly the same concern > now about SSNs > being attached to all your records, permitting easy dossier > compilation. > > A static hash doesn't solve the privacy problem because that > hash itself just > serves as the universal identifier. > > IMO, the best thing to do with a biometric in connection with > PKI is to put it > into a hardware token that protects one's private key > corresponding to the > public key in a certificate. Then it serves as a private > user-to-key-device > authenticator which is not shared outside that environment. > No reference to the > biometric content is needed in the certificate for this use. > This use of > biometrics is (1)highly secure (assuming a trusted channel > between biometrics > reader and key device) and (2) not a threat to privacy. > > -Gene Hilborn > > > > > lmartin@cylink.com on 12/06/99 03:17:57 PM > > To: ietf-pkix@imc.org > cc: (bcc: Gene Hilborn/DEF/CSC) > Subject: Re: QC's - for human eyes only? > > > > If putting biometric data in a certificate is "bad," what > about putting a > hash of it? > > Or should this type of information be more appropriately stored in a > directory? > ----- Original Message ----- > From: Tony Bartoletti <azb@llnl.gov> > To: Eric Murray <ericm@lne.com>; Ilan Shacham <ilans@arx.com> > Cc: Ietf-Pkix (E-mail) <ietf-pkix@imc.org> > Sent: Monday, December 06, 1999 11:05 AM > Subject: Re: QC's - for human eyes only? > > > > At 09:00 AM 12/05/1999 -0800, Eric Murray wrote: > > > > >However putting a biometric in a certificate is like > putting your Social > > >Security Number and mother's maiden name in a certificate- it would > > >allow anyone who receives the certificate to be able to use those > > >irrevocable identifiers to impersonate you. So biometric > data should > > >only be sent encrypted in a session key, if it's ever sent at all. > > > > This is why "irrevocables" should never be relied upon as > identifiers. > > > > I intend to publish my own photographs, fingerprints, > retinal scans and > > DNA traces to public fora, precisely to diminish reliance > upon them as > > evidence of "me"! I hope to start a global movement... > > > > Seriously, my philosophic problem with biometrics is that, while the > > "body" is somewhat of a constant, the "person" is not, > especially with > > respect to time and circumstance. Yet (undo) reliance upon > biometrics > > tends to reinforce the notion of "once an X, always an X". That is, > > it will encourage the limitation of "trust" calculations to > constants. > > > > ___tony___ > > > > Tony Bartoletti LL > > IOWA Center LL LL > > Lawrence Livermore National Laboratory LL LL LL > > PO Box 808, L - 089 LL LL LL > > Livermore, CA 94551-9900 LL LL LLLLLLLL > > phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL > > email: azb@llnl.gov LLLLLLLL > > > > > > > Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id VAA05835 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 21:31:38 -0800 (PST) Received: from mega (t1o69p59.telia.com [62.20.144.59]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id GAA33014; Tue, 7 Dec 1999 06:28:20 +0100 Message-ID: <001001bf407c$81fda7b0$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "'SEIS-List'" <list@seis.nc-forum.com>, "PKIX-List" <ietf-pkix@imc.org>, "Tony Bartoletti" <azb@llnl.gov> Cc: "Magnus (RSA)" <magnus@rsasecurity.com>, "Stefan Santesson" <stefan@accurata.se> Subject: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs Date: Tue, 7 Dec 1999 06:30:07 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id VAA05947 Tony, Slight comment on a thing of importance that you mention <snip> >Someone mentioned that the hash is sufficient, since the actual >data could just "tag along" with the cert, if required. But there >needs to be a standard even for this kind of operation. Is there? This was the original QC solution. As you noted (and I have told the authors several times) this is a half-made solution. A genuine example of poor engineering! Then somebody sad: Why not add an URI (option) to hold the actual data. Hooray! Problem solved! Is it? The idea behind this and the first suggestion is probably that the user in some mysterious way is supposed to select if he/she is going to give his/her biometrics away. Q: How do you do that with the URI-solution? I have never received an answer this! So I proposed that you include biometrics in a "biometric cert" and use the mechanism already featured in browsers (although biometrics will seldom be used in that environment) - certificate selection. The same solution can be applied to any "privacy-depriving" certificate. http://www.mobilephones-tng.com/papers/idcards.html My bet is: Only really stupid QC implementers will use the current QC scheme for biometrics as they are unlikely to be supported by the large SW manufacturers as this part is currently simply not ready for use. But of course there is a market for proprietary solutions where this fits very nicely... Anders Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2-ext.email.verio.net [129.250.36.42]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id UAA00626 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 20:17:15 -0800 (PST) Received: from dfw-mmp1.email.verio.net ([129.250.38.61]) by dfw-smtpout2.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMCS1R00.SFJ for <ietf-pkix@imc.org>; Tue, 7 Dec 1999 04:20:15 +0000 Received: from nma.com ([209.21.28.123]) by dfw-mmp1.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FMCS1200.Q5G; Tue, 7 Dec 1999 04:19:50 +0000 Message-ID: <384C8B08.32475829@nma.com> Date: Mon, 06 Dec 1999 20:20:24 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Peter Williams <peterw@valicert.com> CC: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: Re: non-repudiation, was Re: proposed key usage text References: <27FF4FAEA8CDD211B97E00902745CBE235E18E@seine.valicert.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Peter: First, excuse me for resetting the messages but your last post in forward format with mixed text, mine and yours, but without any ">" reply level indicator might be even more confusing if replied ;-) You point out that the proposed NR text in PKIX is not "technologically-neutral" because it relies on asymmetric signatures in order to specify the NR services. I agreed -- however I observed: 1. this WG is NOT binding NR to asymmetric signatures, but just specifying the least requirements for NR *when* it is based on asymmetric signatures. 2. some posters in this WG (myself included) have already pointed out that NR *can* be based on symmetric signatures (see archives). 3. nowhere in X.509 it is specified that NR can NOT be based on symmetric signatures. 4. X.509 does specify however that authentication can NOT be based on symmetric signatures, as given in the segment: "The strong authentication method specified in this Recommendation | International Standard is based upon public-key cryptosystems." 5. I do not feel it is necessary *now* to additionally require PKIX to be "technologically-neutral" for non-repudiation and additionally specify a symmetric signature method for NR -- since PKIX is not technologically-neutral for authentication, by definition. However, please note that other authentication techniques besides public-key digital signatures are clearly positively allowed (as you argue for) in the provision of NR services, as already written in the proposed PKIX key usage text. This occurs when the text specifies that "[a] signature policy identifier embedded in the signed data MAY be used to explicitly provide context." -- e.g., I can embed a symmetric NR signature in the asymmetrically signed data, according to a policy identifier that I am allowed to embed in the asymmetrically signed data, which policy identifier provides the context for the NR services ... based on the embedded symmetric signature. Thus, by explictly allowing the signed data itself to provide for NR context, the current key usage text already says what you (correctly, IMO) miss: PKIX does not require that one uses only the fixed context of public-key digital signatures in order to obtain a NR service. In a universal Turing machine analogy, the signed data provides a secure channel both for "code" (the to-be-interpreted bytes that denote context for a NR service) as well as for "data" (the uninterpreted bytes that support the NR service). You define what is "code" and what is "data" -- but, if you do not, the default is NR based on the context of asymmetric keys. Cheers, Ed Gerck Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA11446 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 17:45:41 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <WZF04S9J>; Mon, 6 Dec 1999 17:44:13 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE235E18E@seine.valicert.com> From: Peter Williams <peterw@valicert.com> To: "'Ed Gerck '" <egerck@nma.com> Cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: non-repudiation, was Re: proposed key usage text Date: Mon, 6 Dec 1999 17:44:12 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe Content-Type: text/plain; charset="iso-8859-1" -----Original Message----- From: Ed Gerck To: Peter Williams Cc: ietf-pkix@imc.org Sent: 12/3/99 8:31 PM Subject: Re: non-repudiation, was Re: proposed key usage text Peter Williams wrote: > <snip, snip> > > Perhaps, what we need is the "durable communications" > assertion bit. > > Binding NR to asymmetric signatures is just a bad idea, in > my view. Its pretty clear to me that the EC directive will > accept a SSL server-generated, certificate-supported, > key exchange blob-set as one or more admissable and effective > electronic signature(s), just as it would an asymmetric > signature blob. > > You may have got the NR defn off of the NSA-aberism of > time-dependent, not evidence-dependent semantics, but its > still linked to asymmetric signatures, and thus > at odds with the technology-neutral regulatory > frameworks. Peter: I have no doubt that non-repudiation can be based on symmetric signatures. This is also mentioned in this list's archives, and by more than one poster. I may say thus this WG is NOT binding NR to asymmetric signatures, but just specifying the least requirements for NR *when* it is based on asymmetric signatures. I think your comment helps make this clear. Ed: Let me be even more clear then, based on what you seem to assert. Its easier to specify in the positive, to remove interpretability:- "Use of the NR bit, as to be defined in the PKIX son of 2459, does not require that one use a digital signature verification key in order to obtain that service." If this is true, for PKIX, then I recommed we add a statement along the lines of the above quoted assertion to the text on NR key usage. Now, I must also say that nowhere in X.509 it is specified that NR can NOT be based on symmetric signatures. It only so restricts *authentication*, to wit: "The strong authentication method specified in this Recommendation | International Standard is based upon public-key cryptosystems." Thus, since we did manage to more clearly differentiate between authentication and non-repudiation functions in PKIX, which separation X.509 also predicates as quoted in the archives, it is IMO clear that yours is a valid question to ask -- "Why stop the NR discussion at asymmetric signatures in PKIX? Why not be more technologically-neutral?" Well, PKIX itself is NOT technologically-neutral for authentication (see above) -- which may already preempt the "technology-neutral" argument for PKIX in the eyes of many. So, this may be one answer to your question -- it is not required. However, in time and again, I believe facts will show that unless we enlarge our models (e.g., with symmetric NR) we will not be able to represent the real-world as we ourselves enlarge it. Then, IMO your question will be rediscovered and a solution will be more clearly needed. But, right now, I believe we should try to achieve closure on the current (limited, but useful) definition of NR in PKIX. It will be always fun though to investigate the next issues. Cheers, Ed Gerck Received: from oberon.dnai.com (oberon.dnai.com [207.181.194.97]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA10883 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 17:08:33 -0800 (PST) Received: from dnai.com (dnai-216-15-121-230.cust.dnai.com [216.15.121.230]) by oberon.dnai.com (8.9.3/8.9.3) with ESMTP id RAA23987; Mon, 6 Dec 1999 17:10:48 -0800 (PST) Message-ID: <384C5E7E.17A7C90D@dnai.com> Date: Mon, 06 Dec 1999 17:10:22 -0800 From: Michael Sierchio <kudzu@dnai.com> X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@jaybis.com> CC: PKIX-List <ietf-pkix@imc.org> Subject: Re: Stray Poll: Finger-prints in QCs References: <005101bf4039$801e82e0$020000c0@mega.vincent.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Anders Rundgren wrote: > This discussion can continue forever without getting anywhere so I > propose a short-cut. The alternatives are: > > 1. Support it as an option see final comments below. > 2. PKIX should limit direct support of information that could deprive privacy regardless if some parties want it Definitely. > 3. Finger-prints have no proved value or are still technically immature A substantial percentage of the population in the (ethnically diverse) US have no readable fingerprints. No encoding of biometric data exists which would represent an invariant reference -- all biometric data are subject not only to variances in the metric apparatus, but also in the subject. Therefore, biometric data could only reasonably accomodated by reference. Which raises the question of whether there can be a trusted repository of such data. I suggest not. There are undoubtedly applications in which reference to biometric data for the purposes of authentication might be desireable, and in which privacy concerns are not relevant (military installations, etc.). I cannot comprehend why anyone thinks that the binding of biometric data to a unique person should be embedded in a certificate. -- QUI ME AMET, CANEM MEUM ETIAM AMET Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA02613 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 15:04:50 -0800 (PST) Received: from mailgate2.apple.com ([17.129.100.225]) by mail-out1.apple.com (8.9.3/8.9.3) with ESMTP id PAA15138 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 15:07:49 -0800 (PST) Received: from scv1.apple.com (scv1.apple.com) by mailgate2.apple.com (Content Technologies SMTPRS 2.0.15) with ESMTP id <B0001953602@mailgate2.apple.com> for <ietf-pkix@imc.org>; Mon, 06 Dec 1999 15:07:06 -0800 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv1.apple.com (8.9.3/8.9.3) with ESMTP id PAA09537 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 15:06:58 -0800 (PST) Message-Id: <199912062306.PAA09537@scv1.apple.com> X-Mailer: Microsoft Outlook Express Macintosh Edition - 4.5 (0410) Date: Mon, 06 Dec 1999 15:06:49 -0800 Subject: Re: proposed key usaged text -- the final round From: "Aram Perez" <aram@apple.com> To: ietf-pkix@imc.org MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Tim Polk wrote: > Hi Aram, > > I At 01:35 PM 11/24/1999 -0800, Aram Perez wrote: >>Hi Tim and Russ, >> >>Thanks for taking the effort to clarify and settling the key usage debate. >>Below are a few comments... >> > [snip] >>> >>> The dataEncipherment bit is asserted when the subject public key >>> is used for enciphering user data, other than cryptographic keys. >> >>I'd would change "enciphering user data" to "enciphering data". >> > > At the moment, I can't think of a technical reason to retain "user" in that > phrase. However, that bit of text has been stable since at least draft 5 > (July '97). The word user doesn't add much, but is it *really* a problem? > > My inclination is to leave it alone unless it is really broken. I believe a few other folks agree that it should be dropped. It does not add anything and it raises the question "What's the difference between 'user data' and just plain 'data'?" > >>> >>> The keyAgreement bit is asserted when the subject public key is >>> used for key agreement. For example, when a Diffie-Hellman key is >>> to be used for key management, then this bit shall asserted. >>> >>> The keyCertSign bit is asserted when the subject public key is >>> used for verifying a signature on certificates. This bit may only >>> be asserted in CA certificates. If the keyCertSign bit is >>> asserted, then the cA bit in the basic constraints extension (see >>> 4.2.1.10) MUST also be asserted. If the keyCertSign bit is not >>> asserted, then the cA bit in the basic constraints extension MUST >>> NOT be asserted. >>> >>> The cRLSign bit is asserted when the subject public key is used >>> for verifying a signature on revocation information (e.g., a CRL). >> >>Neither of you responded to my previous comment on this bit. If cRLSign bit >>is asserted, must the cA bit in the basic constraints extension also be >>asserted? And vice-versa? >> > > My apologies for the lack of a response. I have been swamped since we > posted the text. > > There is no direct relationship between the cA bit in basic constraints and > the cRLSign bit in key usage. Consider a subject that issues indirect CRLs > but does not generate certificates. In this case, the cRLSign bit would be > set, but the cA bit in basic constraints and the keyCertSign bit in key > usage would not be set. > > Alternatively, CAs may not issue CRLs; they may rely on indirect CRLs or > OCSP for example. In that case, the cA bit in basic constraints and the > keyCertSign bit in key usage would be set; the cRLSign bit would not. > > Would a brief note stating that no relationship exists clarify matters? > Perhaps the following would do? > > The cRLSign bit is asserted when the subject public key is used > for verifying a signature on revocation information (e.g., a CRL). > [Note: Unlike the keyCertSign bit, there is no relationship > between the value of cRLSign and the basic constraints extension.] Yes, I think this would clarify the description. > > >>> This profile does not restrict the combinations of bits that may be >>> set in an instantiation of the keyUsage extension. However, >>> appropriate values for keyUsage extensions for particular algorithms >>> are specified in section 7.3. >> >>Again, neither of you responded to my previous comment on at least >>recommending against certain combinations. >> > > See apology above. From your email on 11/17: >>I think this is a mistake and causes confusion. In an extreme example, since >>there is no restrictions, I could have a certificate that has all the bits >>set. This means that I can do the following with my asymmetric key pair: >> >>1) sign for entity authentication and data origin authentication with >>integrity, >>2) sign with a non-repudiation service, >>3) encrypt keys for transport using RSA like algorithms, >>4) encrypt data, >>5) exchange keys using D-H like algorithms, >>6) sign certificates, >>7) sign CRLs, >>8) encrypt data using D-H like algorithms, and >>9) decrypt data using D-H like algorithms. >> >> > That's true. That is also the case if the key usage extension isn't > included in the certificate. > > We rely on the algorithm text (section 7.3) to recommend against > combinations that don't make sense cryptographically. (That is, if the > public key is a DSA key, don't asssert keyEncipherment or > dataEncipherment.) I expect that is all this group can do. I still believe that stating the profile "does not restrict the combinations of bits" is a mistake. This means that there will be compliant software that has invalid keyUsage bit combinations. > > More from 11/17: >>At a minimum, the profile should list the combination of bits which are not >>allowed. A few examples: >> >>1) If keyCertSign is asserted, then the only other bit that can be asserted >>is the cRLSign bit. >>2) If cRLSign is asserted, then the only other bit that can be asserted is >>the keyCertSign bit. >>3) If keyEncipherment is asserted, then keyAgreement MUST NOT be asserted. >> >> > There has been a lot of debate here, and in other groups, about which > combinations should be permitted or forbidden. There are lots of different > opinions. For example, I personally could accept 1) and 2) but not 3). > There are algorithms that would let me use my RSA key for key agreement or > my elliptic curve key for key transport. I don't think I should need two > certificates to support that. You lost me here Tim. I've never seen an X.509 certificate for both an RSA key and an elliptic curve key. Unless I've completed missed something, you MUST have certificate for your RSA key and another certificate for your elliptic curve key. > Others have rational arguments with 1) and 2). Just because there are rational arguments does not mean that they are "secure arguments". I've asked the question and I will ask it again: "If we, who claim to be the security experts, can't agree on these issues, how is the general population going to know what to do? > > IMHO, there is absolutely no chance that this group would ever reach > consensus on which combinations should be restricted. It is rathole as > dark and deep as the NR bit! > > Besides, PKIX client systems need to handle any combinations of key usage > bits for the sake of interoperability. As long as path building is "hard", > people will try to limit the number of certificates they generate by > asserting all (cryptographically) reasonable bits. But they should be asserting all (cryptographically and security-wise) reasonable bits. Regards, Aram Perez Received: from ponyexpress6.csc.com (ponyexpress6.csc.com [208.219.64.207]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA02244 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 14:52:33 -0800 (PST) From: ghilborn@csc.com Received: from va-fch31.csc.com ([20.1.107.9] helo=csc.com) by ponyexpress6.csc.com with smtp (Exim 2.12 #1) id 11v726-0002Uq-00 for ietf-pkix@imc.org; Mon, 6 Dec 1999 17:55:02 -0500 Received: by csc.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 8525683F.007DEA98 ; Mon, 6 Dec 1999 17:55:20 -0500 X-Lotus-FromDomain: CSC To: ietf-pkix@imc.org Message-ID: <8525683F.007DE8C5.00@csc.com> Date: Mon, 6 Dec 1999 17:54:51 -0500 Subject: Re: QC's - for human eyes only? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Consider the distinction between *identification* and *authentication*. Something makes a good identifier if it points uniquely to what it identifies. Something makes a good authenticator if it is hard for the wrong entity to generate it. If a "secret" authenticator is shared between too many parties (e.g., SSN, mother's maiden name) it no longer makes a very good authenticator. What is the nature of a biometric? A problem for biometrics is that if multiple systems know and authenticate me by a my fingerprint data, is that data still a good authenticator? If the comparison is static, the answer would be "no" for the same reason as SSNs, etc. are poor. But if they also use an effective "liveness" test against static reference data, then the reference fingerprint data really serves as an identifier and the "liveness" test mechanism really serves as the authenticator. In that case what's the problem with including my fingerprint data in a certificate? I think the real worry about including a biometric in a certificate is the potential for privacy invasion, because the biometric in effect becomes an unchangeable universal identifier - exactly the same concern now about SSNs being attached to all your records, permitting easy dossier compilation. A static hash doesn't solve the privacy problem because that hash itself just serves as the universal identifier. IMO, the best thing to do with a biometric in connection with PKI is to put it into a hardware token that protects one's private key corresponding to the public key in a certificate. Then it serves as a private user-to-key-device authenticator which is not shared outside that environment. No reference to the biometric content is needed in the certificate for this use. This use of biometrics is (1)highly secure (assuming a trusted channel between biometrics reader and key device) and (2) not a threat to privacy. -Gene Hilborn lmartin@cylink.com on 12/06/99 03:17:57 PM To: ietf-pkix@imc.org cc: (bcc: Gene Hilborn/DEF/CSC) Subject: Re: QC's - for human eyes only? If putting biometric data in a certificate is "bad," what about putting a hash of it? Or should this type of information be more appropriately stored in a directory? ----- Original Message ----- From: Tony Bartoletti <azb@llnl.gov> To: Eric Murray <ericm@lne.com>; Ilan Shacham <ilans@arx.com> Cc: Ietf-Pkix (E-mail) <ietf-pkix@imc.org> Sent: Monday, December 06, 1999 11:05 AM Subject: Re: QC's - for human eyes only? > At 09:00 AM 12/05/1999 -0800, Eric Murray wrote: > > >However putting a biometric in a certificate is like putting your Social > >Security Number and mother's maiden name in a certificate- it would > >allow anyone who receives the certificate to be able to use those > >irrevocable identifiers to impersonate you. So biometric data should > >only be sent encrypted in a session key, if it's ever sent at all. > > This is why "irrevocables" should never be relied upon as identifiers. > > I intend to publish my own photographs, fingerprints, retinal scans and > DNA traces to public fora, precisely to diminish reliance upon them as > evidence of "me"! I hope to start a global movement... > > Seriously, my philosophic problem with biometrics is that, while the > "body" is somewhat of a constant, the "person" is not, especially with > respect to time and circumstance. Yet (undo) reliance upon biometrics > tends to reinforce the notion of "once an X, always an X". That is, > it will encourage the limitation of "trust" calculations to constants. > > ___tony___ > > Tony Bartoletti LL > IOWA Center LL LL > Lawrence Livermore National Laboratory LL LL LL > PO Box 808, L - 089 LL LL LL > Livermore, CA 94551-9900 LL LL LLLLLLLL > phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL > email: azb@llnl.gov LLLLLLLL > Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA01916 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 14:36:11 -0800 (PST) Received: from catalyst (catalyst.llnl.gov [128.115.223.61]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with SMTP id OAA14621; Mon, 6 Dec 1999 14:39:07 -0800 (PST) Message-Id: <3.0.3.32.19991206143840.00c8cde0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Mon, 06 Dec 1999 14:38:40 -0800 To: "Anders Rundgren" <anders.rundgren@jaybis.com>, "PKIX-List" <ietf-pkix@imc.org> From: Tony Bartoletti <azb@llnl.gov> Subject: Re: Stray Poll: Finger-prints in QCs In-Reply-To: <005101bf4039$801e82e0$020000c0@mega.vincent.se> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Anders, Putting philosophy aside, I am not against the inclusion of any option, technically. But I confess to being behind the curve on the distinctions made regarding "options" and "future extensibility". Ilam asked why the profile limits discussion to "human-on-hand" biometric authentication. This makes sense, as Steven Kent noted. That is, in remote authentication, biometric data is only useful if it is absolutely secret. But then, ANYTHING absolutely secret would do just as well, and biometric data would certainly NOT be the best choice. I might pick up your fingerprints or DNA trace from an unwashed drinking glass. But you take better care with your secret keys, I suppose. Ilam also asked why the limitation to a hash. Here, I agree that size limitations seem short-sighted. Bob Jueneman's "JPG of my cat" comes to mind. Why not allow for unlimited size, given systems that can handle it. Denis Pinkas states that X509V3 allows extensions that can be "defined later, when it becomes appropriate". So, when does it become appropriate? And can such extensions be added unilaterally by the parties that would use them? Are we arguing that they need to be profiled now, to provide a consistent groundwork? Someone mentioned that the hash is sufficient, since the actual data could just "tag along" with the cert, if required. But there needs to be a standard even for this kind of operation. Is there? It may be marginally outside the PKIX charter to show concern beyond the keys/certificates themselves. Is s/mime a more appropriate forum for this concern? Have I posed enough questions? ;) ___tony___ At 10:30 PM 12/06/1999 -0000, Anders Rundgren wrote: >All, >This discussion can continue forever without getting anywhere so I >propose a short-cut. The alternatives are: > >1. Support it as an option > >2. PKIX should limit direct support of information that could deprive privacy regardless if some parties want it > >3. Finger-prints have no proved value or are still technically immature > >Anders > > > Tony Bartoletti LL IOWA Center LL LL Lawrence Livermore National Laboratory LL LL LL PO Box 808, L - 089 LL LL LL Livermore, CA 94551-9900 LL LL LLLLLLLL phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL email: azb@llnl.gov LLLLLLLL Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id NAA00979 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 13:30:55 -0800 (PST) Received: from mega (t2o69p13.telia.com [62.20.144.133]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id WAA31423 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 22:28:42 +0100 Message-ID: <005101bf4039$801e82e0$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "PKIX-List" <ietf-pkix@imc.org> Subject: Stray Poll: Finger-prints in QCs Date: Mon, 6 Dec 1999 22:30:28 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id NAA00980 All, This discussion can continue forever without getting anywhere so I propose a short-cut. The alternatives are: 1. Support it as an option 2. PKIX should limit direct support of information that could deprive privacy regardless if some parties want it 3. Finger-prints have no proved value or are still technically immature Anders Received: from cymail.cylink.com ([192.43.161.17]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA29073 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 12:17:12 -0800 (PST) Received: from lmartin ([10.106.17.91]) by cymail.cylink.com (Post.Office MTA v3.1.2 release (PO203-101c) ID# 0-41860U500L2S100) with SMTP id AAA14295 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 12:16:10 -0800 Message-ID: <003d01bf4026$fc7600b0$5b116a0a@cylink> From: lmartin@cylink.com (Luther Martin) To: <ietf-pkix@imc.org> References: <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com><6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com> <3.0.3.32.19991206110522.00c8a4d0@poptop.llnl.gov> Subject: Re: QC's - for human eyes only? Date: Mon, 6 Dec 1999 12:17:57 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 If putting biometric data in a certificate is "bad," what about putting a hash of it? Or should this type of information be more appropriately stored in a directory? ----- Original Message ----- From: Tony Bartoletti <azb@llnl.gov> To: Eric Murray <ericm@lne.com>; Ilan Shacham <ilans@arx.com> Cc: Ietf-Pkix (E-mail) <ietf-pkix@imc.org> Sent: Monday, December 06, 1999 11:05 AM Subject: Re: QC's - for human eyes only? > At 09:00 AM 12/05/1999 -0800, Eric Murray wrote: > > >However putting a biometric in a certificate is like putting your Social > >Security Number and mother's maiden name in a certificate- it would > >allow anyone who receives the certificate to be able to use those > >irrevocable identifiers to impersonate you. So biometric data should > >only be sent encrypted in a session key, if it's ever sent at all. > > This is why "irrevocables" should never be relied upon as identifiers. > > I intend to publish my own photographs, fingerprints, retinal scans and > DNA traces to public fora, precisely to diminish reliance upon them as > evidence of "me"! I hope to start a global movement... > > Seriously, my philosophic problem with biometrics is that, while the > "body" is somewhat of a constant, the "person" is not, especially with > respect to time and circumstance. Yet (undo) reliance upon biometrics > tends to reinforce the notion of "once an X, always an X". That is, > it will encourage the limitation of "trust" calculations to constants. > > ___tony___ > > Tony Bartoletti LL > IOWA Center LL LL > Lawrence Livermore National Laboratory LL LL LL > PO Box 808, L - 089 LL LL LL > Livermore, CA 94551-9900 LL LL LLLLLLLL > phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL > email: azb@llnl.gov LLLLLLLL > Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA21404 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 11:03:08 -0800 (PST) Received: from catalyst (catalyst.llnl.gov [128.115.223.61]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with SMTP id LAA11765; Mon, 6 Dec 1999 11:05:49 -0800 (PST) Message-Id: <3.0.3.32.19991206110522.00c8a4d0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Mon, 06 Dec 1999 11:05:22 -0800 To: Eric Murray <ericm@lne.com>, Ilan Shacham <ilans@arx.com> From: Tony Bartoletti <azb@llnl.gov> Subject: Re: QC's - for human eyes only? Cc: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org> In-Reply-To: <19991205090039.04669@slack.lne.com> References: <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com> <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" At 09:00 AM 12/05/1999 -0800, Eric Murray wrote: >However putting a biometric in a certificate is like putting your Social >Security Number and mother's maiden name in a certificate- it would >allow anyone who receives the certificate to be able to use those >irrevocable identifiers to impersonate you. So biometric data should >only be sent encrypted in a session key, if it's ever sent at all. This is why "irrevocables" should never be relied upon as identifiers. I intend to publish my own photographs, fingerprints, retinal scans and DNA traces to public fora, precisely to diminish reliance upon them as evidence of "me"! I hope to start a global movement... Seriously, my philosophic problem with biometrics is that, while the "body" is somewhat of a constant, the "person" is not, especially with respect to time and circumstance. Yet (undo) reliance upon biometrics tends to reinforce the notion of "once an X, always an X". That is, it will encourage the limitation of "trust" calculations to constants. ___tony___ Tony Bartoletti LL IOWA Center LL LL Lawrence Livermore National Laboratory LL LL LL PO Box 808, L - 089 LL LL LL Livermore, CA 94551-9900 LL LL LLLLLLLL phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL email: azb@llnl.gov LLLLLLLL Received: from hotmail.com (f186.law4.hotmail.com [216.33.149.186]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id FAA14813 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 05:05:54 -0800 (PST) Received: (qmail 93197 invoked by uid 0); 6 Dec 1999 13:08:21 -0000 Message-ID: <19991206130821.93196.qmail@hotmail.com> Received: from 202.84.254.4 by www.hotmail.com with HTTP; Mon, 06 Dec 1999 05:08:21 PST X-Originating-IP: [202.84.254.4] From: "Franklin Lee" <franklinlee@hotmail.com> To: ietf-pkix@imc.org Subject: Re: CRL Distribution Mechanism Evaluation and Considerations Date: Mon, 06 Dec 1999 13:08:21 GMT Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_4918659b_a2cb209$754862cf" This is a multi-part message in MIME format. ------=_NextPart_000_4918659b_a2cb209$754862cf Content-Type: text/plain; format=flowed Dear all, Today, I have consolidated some data as researched from the web. Please see the attached. Though are very priliminary, would greatly be appreicated for any comments regarding: - security considerations (whether there issues to distribute the CRL with either protocol?) - performance (which would be more suitable? which would be faster in terms of the speed of retrieval/processing) - compatibility (any considerations regarding the transfer of the CRL) - interoperability - market trend/practice ( which is more popular Again, thanks a lot. Rgds, Franklin >From: "Franklin Lee" <franklinlee@hotmail.com> >To: ietf-pkix@imc.org >Subject: Re: CRL Distribution Mechanism Evaluation and Considerations >Date: Mon, 06 Dec 1999 02:09:00 GMT > >Dear all, > >Actually, I'm a student in the Mainland China having a reserach on the >"Digital Certificate" applications and limitations --- e-commerce and >cryptograhpy are still relatively new to our region. > >Regarding the CRL distribution mechanism, I have found few topics yet there >are of 98 versions: > >a) Phillip Hallum-Baker >http://csrc.nist.gov/pki/twg/papers/hallum-baker.htm > >b) Mike Myers >http://csrc.nist.gov/pki/twg/twg98_6.htm > >Therefore, would be greatly appreciated for the comments and advice from >the >corresponding knowledge leads. > >Again, thanks a lot and all comments are very welcomed. > >>From: "Franklin Lee" <franklinlee@hotmail.com> >>To: ietf-pkix@imc.org >>Subject: CRL Distribution Mechanism Evaluation and Considerations >>Date: Sun, 05 Dec 1999 04:18:45 GMT >> >>Dear all, >> >>I'm interested in all experts' views on evaulating the distribution of the >>CRL(Certificate Revocation List) - >> >>LADP over SSL vs. HTTPS (HTTP over SSL) >> >>e.g, >>- what are the key considerations (e.g, performance, infrastructure) for >>choosing either protocol? >>- what are the current preferred practice as performed by the various CAs? >>(e.g. Thawte, Verisign)? >> >> >>Thanks a lot and any comments (e.g., links to any relevant docu") are >>greatly appreciated. >> > >______________________________________________________ >Get Your Private, Free Email at http://www.hotmail.com > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com ------=_NextPart_000_4918659b_a2cb209$754862cf Content-Type: application/octet-stream; name="LDAP_HTTPS1.xls" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="LDAP_HTTPS1.xls" 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAB AAAANQAAAAAAAAAAEAAA/v///wAAAAD+////AAAAADQAAAD///////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////8JCBAAAAYFANMQzAdJAAAABgAAAOEAAgCwBMEA AgAAAOIAAABcAHAAGwAAUmlja3kgTGkgKE1hcmtldCBSZWFkaW5lc3MpICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEIAAgCwBGEBAgAA AD0BAgABAJwAAgAOABkAAgAAABIAAgAAABMAAgAAAK8BAgAAALwBAgAAAD0A EgBYAv8AXCvLFjgAAAAAAAEAWAJAAAIAAACNAAIAAAAiAAIAAAAOAAIAAQC3 AQIAAADaAAIAAAAxACgAyAAAAP9/kAEAAAAAAAAMAUIAbwBvAGsAIABBAG4A dABpAHEAdQBhADEAKADIAAAA/3+QAQAAAAAAAAwBQgBvAG8AawAgAEEAbgB0 AGkAcQB1AGEAMQAoAMgAAAD/f5ABAAAAAAAADAFCAG8AbwBrACAAQQBuAHQA aQBxAHUAYQAxACgAyAAAAP9/kAEAAAAAAAAMAUIAbwBvAGsAIABBAG4AdABp AHEAdQBhADEAKADIAAEA/3+8AgAAAAEAAAwBQgBvAG8AawAgAEEAbgB0AGkA cQB1AGEAMQAoAMgABAAMAJABAAABAAAADAFCAG8AbwBrACAAQQBuAHQAaQBx AHUAYQAxACgAyAAAAP9/kAEAAAABAAAMAUIAbwBvAGsAIABBAG4AdABpAHEA dQBhAB4EHAAFABcAACIkIiMsIyMwXyk7XCgiJCIjLCMjMFwpHgQhAAYAHAAA IiQiIywjIzBfKTtbUmVkXVwoIiQiIywjIzBcKR4EIgAHAB0AACIkIiMsIyMw LjAwXyk7XCgiJCIjLCMjMC4wMFwpHgQnAAgAIgAAIiQiIywjIzAuMDBfKTtb UmVkXVwoIiQiIywjIzAuMDBcKR4ENwAqADIAAF8oIiQiKiAjLCMjMF8pO18o IiQiKiBcKCMsIyMwXCk7XygiJCIqICItIl8pO18oQF8pHgQuACkAKQAAXygq ICMsIyMwXyk7XygqIFwoIywjIzBcKTtfKCogIi0iXyk7XyhAXykeBD8ALAA6 AABfKCIkIiogIywjIzAuMDBfKTtfKCIkIiogXCgjLCMjMC4wMFwpO18oIiQi KiAiLSI/P18pO18oQF8pHgQ2ACsAMQAAXygqICMsIyMwLjAwXyk7XygqIFwo IywjIzAuMDBcKTtfKCogIi0iPz9fKTtfKEBfKeAAFAAAAAAA9f8gAAAAAAAA AAAAAADAIOAAFAABAAAA9f8gAAD0AAAAAAAAAADAIOAAFAABAAAA9f8gAAD0 AAAAAAAAAADAIOAAFAACAAAA9f8gAAD0AAAAAAAAAADAIOAAFAACAAAA9f8g AAD0AAAAAAAAAADAIOAAFAAAAAAA9f8gAAD0AAAAAAAAAADAIOAAFAAAAAAA 9f8gAAD0AAAAAAAAAADAIOAAFAAAAAAA9f8gAAD0AAAAAAAAAADAIOAAFAAA AAAA9f8gAAD0AAAAAAAAAADAIOAAFAAAAAAA9f8gAAD0AAAAAAAAAADAIOAA FAAAAAAA9f8gAAD0AAAAAAAAAADAIOAAFAAAAAAA9f8gAAD0AAAAAAAAAADA IOAAFAAAAAAA9f8gAAD0AAAAAAAAAADAIOAAFAAAAAAA9f8gAAD0AAAAAAAA AADAIOAAFAAAAAAA9f8gAAD0AAAAAAAAAADAIOAAFAAAAAAAAQAgAAAAAAAA AAAAAADAIOAAFAABACsA9f8gAAD4AAAAAAAAAADAIOAAFAABACkA9f8gAAD4 AAAAAAAAAADAIOAAFAABACwA9f8gAAD4AAAAAAAAAADAIOAAFAABACoA9f8g AAD4AAAAAAAAAADAIOAAFAAGAAAA9P8AAAD0AAAAAAAAAADAIOAAFAABAAkA 9f8gAAD4AAAAAAAAAADAIOAAFAAFAAAAAQAIAAB4ERFAIEAgAAQqIOAAFAAF AAAAAQAIAAA4ERFAIEAgAADAIOAAFAAFAAAAAQAIAAB4ERFAIEAgAADAIOAA FAAHAAAAAQAIAAB4ERFAIEAgAADAIOAAFAAHAAAAAQAIAAAYAAAAAAAAAADA IOAAFAAHAAAAAQAIAAA4ERFAIEAgAADAIOAAFAAHAAAAAQAJAAA4ERFAIEAg AADAIOAAFAAHAAAAAQALAAA4ERFAIEAgAADAIOAAFAAFAAAAAQALAAB4ERFA IEAgAAQNIOAAFAAFAAAAAQAIAAB4ERFAIEAgAAQpIOAAFAAFAAAAAQAAAAB4 ERFAIEAgAAQpIJMCBAAQgAP/kwIEABGABv+TAgQAEoAE/5MCBAATgAf/kwIE ABSACP+TAgQAAIAA/5MCBAAVgAX/YAECAAEAhQAQABA2AAAAAAgARmluZGlu Z3OMAAQAAQABAK4BBAABAAEEFwAIAAEAAAAAAAAAGAAiAAAAAAgLAAAAAQAA AAAAAF8xMDY5NTM3OwAAJAAkAAMAAwAYABsAIAAAAQsAAAABAAAAAAAABzsA AAAAAAAAAP8AGAAfAAAAAAULAAAAAQAAAAAAAFRBQkxFOwAADQAOAAEAAQAY ACEAAAAABwsAAAABAAAAAAAAVEFCTEVfMjsAAB0AHQACAAQAGAAhAAAAAAcL AAAAAQAAAAAAAFRBQkxFXzM7AAAdAB0AAgAEABgAIQAAAAAHCwAAAAEAAAAA AABUQUJMRV80OwAAJAAkAAMAAwD8ACAgXwAAAFYAAADeAQBMREFQIGRlZmlu ZXMgYSBjb21tdW5pY2F0aW9uIHByb3RvY29sLiBUaGF0IGlzLCBpdCBkZWZp bmVzIHRoZSB0cmFuc3BvcnQgYW5kIGZvcm1hdCBvZiBtZXNzYWdlcyB1c2Vk IGJ5IGEgY2xpZW50IHRvIGFjY2VzcyBkYXRhIGluIGFuIFguNTAwLWxpa2Ug ZGlyZWN0b3J5LiBMREFQIGRvZXMgbm90IGRlZmluZSB0aGUgZGlyZWN0b3J5 IHNlcnZpY2UgaXRzZWxmLiBIb3dldmVyLCB3aGVuIHJlZmVycmluZyB0byBh IGRpcmVjdG9yeSB0aGF0IGNhbiBiZSBhY2Nlc3NlZCB1c2luZyBMREFQLCB0 aGUgZGlyZWN0b3J5IGlzIHVzdWFsbHkgY2FsbGVkIGFuIExEQVAgZGlyZWN0 b3J5LiBUaGVyZWZvcmUsIExEQVAgZGlyZWN0b3JpZXMgY2FuIGJlIGltcGxl bWVudGVkIGluIG1hbnkgZGlmZmVyZW50IHdheXMuIElCTSBpbXBsZW1lbnRz IGNyb3NzIHBsYXRmb3JtIExEQVAgZGlyZWN0b3JpZXMgdXNpbmcgREIyIGFu ZCBMb3R1cyBEb21pbm8uIAoK6gAATERBUCwgd2hpY2ggaGFzIGJlY29tZSB0 aGUgSW50ZXJuZXQgc3RhbmRhcmQgZm9yIGRpcmVjdG9yeSBvcGVyYXRpb25z LCBpcyBzdGFydGluZyB0byByZXBsYWNlIHRoZSBtb3JlIGZhbWlsaWFyIEhU VFAgaW4gc29tZSBJbnRlcm5ldCBhcHBsaWNhdGlvbnMuIEFuIEludGVybmV0 IFVSTCBtYXkgc3BlY2lmeSB0aGUgYWRkcmVzcyBvZiBhbiBMREFQIHNlcnZl ciwgaW5zdGVhZCBvZiBhbiBIVFRQIHNlcnZlcgoKFAEARGlzdHJpYnV0aW9u IG9mIGNlcnRpZmljYXRlcyBpcyBhbHNvIGRvbmUgdGhyb3VnaCBvcGVuIHN0 YW5kYXJkcy4gQmVjYXVzZSBOZXRzY2FwZSBDZXJ0aWZpY2F0ZSBTZXJ2ZXIg dXNlcyBMREFQIChMaWdodHdlaWdodCBEaXJlY3RvcnkgQWNjZXNzIFByb3Rv Y29sKSB0byBwdWJsaXNoIGNlcnRpZmljYXRlcyBhbmQgY2VydGlmaWNhdGUg cmV2b2NhdGlvbiBsaXN0cywgdGhlc2Ugb2JqZWN0cyBjYW4gYmUgcHVibGlz aGVkIHRvIGFueSBMREFQLWNvbXBsaWFudCBkaXJlY3RvcnkuIAoKEAEATERB UCB2MiBvbmx5IG9mZmVycyBhIHNpbXBsZSBjbGVhciB0ZXh0IHBhc3N3b3Jk IGF1dGhlbnRpY2F0aW9uIG1lY2hhbmlzbS4gCkxEQVAgdjMgaXMgZXhwZWN0 ZWQgdG8gZGVzY3JpYmUgYSBzZWN1cml0eSBtb2RlbCBiYXNlZCB1cG9uIHRo ZSBTZWN1cmUgU29ja2V0cyBMYXllciAoU1NMKSB0ZWNobm9sb2d5IHVzZWQg d2l0aGluIHRoZSBJRVRGLiBUaGlzIHNlY3VyZXMgYWNjZXNzIGJldHdlZW4g dGhlIExEQVAgY2xpZW50IGFuZCB0aGUgbG9jYWwgTERBUCBzZXJ2ZXIuIAoq AQBMREFQIG92ZXIgU1NMIChMREFQUykgYWxsb3dzIHNlY3VyZSBMREFQIGNs aWVudCBhY2Nlc3MgYW5kIGNsaWVudCBhdXRoZW50aWNhdGlvbiBmYWNpbGl0 aWVzIHRvZGF5LiBJbiB0aGUgZnV0dXJlLCBMREFQdjMgY2xpZW50cyBjYW4g dXNlIHRoZSBzdGFydFRMUyBleHRlbmRlZCBvcGVyYXRpb24gdG8gYmVnaW4g ZW5jcnlwdGluZyBhbiBMREFQIGNvbm5lY3Rpb24sIGFuZCBUTFMgdG8gcHJv dmUgdGhlaXIgaWRlbnRpdHkgdG8gdGhlIHNlcnZlciwgYXMgd2VsbCBhcyB2 ZXJpZnkgdGhlIHNlcnZlcidzIGlkZW50aXR5LiAKrgAAQmVpbmcgZGVzaWdu ZWQgZm9yIHRoaXMgdXNhZ2UgcGF0dGVybiwgY3VycmVudCBkaXJlY3Rvcnkg c2VydmVycyB3aXRoIGEgbWlsbGlvbiBvciBtb3JlIGVudHJpZXMgY2FuIHJl c3BvbmQgdG8gaHVuZHJlZHMgb2Ygc2VhcmNoIHJlcXVlc3RzIHBlciBzZWNv bmQgZnJvbSBhIHNpbmdsZSBzZXJ2ZXIuIAoKFgAASW50ZXJuYXRpb25hbCBT dGFuZGFyZBcAAFNlY3VyaXR5IENvbnNpZGVyYXRpb25zlQQATERBUCBhbmQg SFRUUCBoYXZlIGJvdGggYmVlbiBwcm9wb3NlZCBhcyBtZWNoYW5pc21zIGZv ciBkaXN0cmlidXRpbmcgc3RhdHVzIGluZm9ybWF0aW9uLiBJbiBib3RoIGNh c2VzIGhvd2V2ZXIgaXQgaXMgbmVjZXNzYXJ5IHRvIGNhcmVmdWxseSBjb25z aWRlciB0aGUgaXNzdWVzIHJhaXNlZCBieSBjb3Jwb3JhdGUgZmlyZXdhbGxz LiAKSW5zaWRlIGFuIGVudGVycHJpc2UgYm90aCBMREFQIGFuZCBIVFRQIGFy ZSBhbiBhZGVxdWF0ZSBiYXNpcyBmb3IgYSBzb2x1dGlvbi4gTERBUCBvZmZl cnMgY2xvc2VyIGludGVncmF0aW9uIHdpdGggdGhlIFguNTAwIGRhdGEgbW9k ZWwsIEhUVFAgaXMgaW5kZXBlbmRlbnQgb2YgdGhlIGRhdGEgbW9kZWwuIFRo ZSBiZW5lZml0cyBvZiBib3RoIHN0cmF0ZWdpZXMgbWF5IGJlIGFyZ3VlZC4g ClVubGlrZSBIVFRQLCBpdCByZW1haW5zIHRvIGJlIHNlZW4gaWYgTERBUCBi ZWNvbWVzIGEgY29udGVuZGVyIGluIHRoZSBpbnRlci1uZXR3b3JraW5nIGNv bnRleHQuIFRoZSBncmVhdGVyIHRoZSBkZXBlbmRlbmNlIG9mIHRoZSBlbnRl cnByaXNlIGluZnJhc3RydWN0dXJlIG9uIGEgZGlyZWN0b3J5LCB0aGUgbW9y ZSByZWx1Y3RhbnQgZW50ZXJwcmlzZXMgYXJlIHRvIG1ha2UgdGhlbSBleHRl cm5hbGx5IGFjY2Vzc2libGUuIExEQVAgcmVwcmVzZW50cyBhIHJpY2ggdmVp biBvZiBwcmVjaXNlbHkgdGhlIHR5cGUgb2YgbWF0ZXJpYWwgY29ycG9yYXRp b25zIGFyZSBrZWVuIHRvIHByZXZlbnQgZXh0ZXJuYWwgYWNjZXNzIHRvLCBw ZXJzb25uZWwgaW5mb3JtYXRpb24sIGRlcGFydG1lbnQgc3RydWN0dXJlLCBl dGMuIApCb3RoIHRyYW5zcG9ydHMgYXJlIHJlbGV2YW50IGluIGRpZmZlcmVu dCBzY2VuYXJpb3MuIEVudGVycHJpc2UgUy9NSU1FIGFuZCBwb2xpY3kgZW5m b3JjZW1lbnQgZ2VuZXJhbGx5IGZhdm9ycyBMREFQJ3MgYWJpbGl0eSB0byBw cm92aWRlIGEgcmljaCBjb250ZXh0IGFjcm9zcyBpbnRlcm5hbCBuZXR3b3Jr cy4gIEV4dHJhbmV0IGludGVyb3BlcmFiaWxpdHkgY29uY2VybnMsIHN1Y2gg YXMgdGhvc2UgbGlrZWx5IHRvIGJlIGVuY291bnRlcmVkIGJ5IHJlcGx5aW5n IHBhcnRpZXMnIGFjY2VzcyB0byByZXZvY2F0aW9uIGluZm9ybWF0aW9uLCBt YXkgYmUgbW9yZSBxdWlja2x5IG1ldCB1c2luZyBIVFRQLiAKCgoKWgAAQm90 aCBhcmUgcmVjb21tZW5kZWQgYXMgdGhlIEludGVybmV0IFguNTA5IFB1Ymxp YyBLZXkgSW5mcmFzdHJ1Y3R1cmUgT3BlcmF0aW9uYWwgUHJvdG9jb2xzMQAA Qm90aCB3aWxsIGJlIGNvbnNpZGVyZWQgc2VjdXJlIGFzIHByb3ZpZGVkIGJ5 IFNTTEIAAEJvdGggYXJlIHBycG9zZWQgYXMgbWVjaGFuaXNtcyBmb3IgZGlz dHJpYnV0aW5nIHN0YXR1cyBpbmZvcm1hdGlvbhQAAE5vIGdyb3VuZCB0byBj b21wYXJlNgAAQm90aCBhcmUgc3VwcG9ydGVkIGJ5IEZpcmV3YWxsLTEgKENo ZWNrcG9pbnQgU29mdHdhcmUp0gAAWWVzLCB3ZSBkbyBzdXBwb3J0IEhUVFBT LiAgV2UgZG9uJ3Qgc3VwcG9ydCBMREFQIG92ZXIgU1NMLiAgV2UgZG8KbWFr ZSB0aGUgQ1JMJ3MgYXZhaWxhYmxlIG9uIG91ciB3ZWIgc2l0ZSBhbmQgd2Ug YWxzbyBzZW5kIHRoZW0gdG8KVmFsaWNlcnQsIGEgdmFsaWRhdGlvbiBhdXRo b3JpdHkuICBWYWxpY2VydCBzdXBwb3J0cyBPQ1NQIChyZWFsdGltZSBsb29r IHVwKS4KAgAAPz8EAABMREFQBQAASFRUUFMPAABNYXJrZXQgUHJhY3RpY2UU AABUaGF3dGUgQ2VydGlmaWNhdGlvbgIAAE5vTAAATERBUCBvbmx5IHN1cHBv cnRzIG5vIGF1dGhlbnRpY2F0aW9uIG9yIHNpbXBsZSBwYXNzd29yZCBiYXNl ZCBhdXRoZW50aWNhdGlvbgUAAFgtcmVmNgAAaHR0cDovL3d3dy51bWljaC5l ZHUvfmRpcnN2Y3MvbGRhcC9pbmRleC5odG1sI292ZXJ2aWV3CwAAUGVyZm9y bWFuY2UrAABodHRwOi8vcGVvcGxlLm5ldHNjYXBlLmNvbS9iam0vd2h5TERB UC5odG1sbAAATERBUCBjb25uZWN0aW9ucyBjYW4gYmUgYXV0aGVudGljYXRl ZCAocmVxdWlyaW5nIGEgcGFzc3dvcmQgb3Igb3RoZXIgY3JlZGVudGlhbHMp IGFuZCBzZWN1cmVkIHRocm91Z2ggU1NMLiAKNwAAaHR0cDovL2RldmVsb3Bl ci5uZXRzY2FwZS5jb20vdmlld3NvdXJjZS9yb3NlX2xkYXAuaHRtbAUAAEFy ZWFzwAAATERBUCBpcyBhIGNsaWVudC1zZXJ2ZXIgcHJvdG9jb2wgZm9yIGFj Y2Vzc2luZyBhIGRpcmVjdG9yeSBzZXJ2aWNlLiBJdCB3YXMgaW5pdGlhbGx5 IHVzZWQgYXMgYSBmcm9udC1lbmQgdG8gWC41MDAsIGJ1dCBjYW4gYWxzbyBi ZSB1c2VkIHdpdGggc3RhbmQtYWxvbmUgYW5kIG90aGVyIGtpbmRzIG9mIGRp cmVjdG9yeSBzZXJ2ZXJzLgoKNAAAaHR0cDovL3d3dy5jcml0aWNhbC1hbmds ZS5jb20vbGRhcHdvcmxkL2xkYXBmYXEuaHRtbBcAAEZpcmV3YWxsIENvbnNp ZGVyYXRpb25zJgAAaHR0cDovL3d3dzMuaW5ub3NvZnQuY29tL2Rpci9saXBu Lmh0bWwqAABNYWlsIGZyb20gVmlja2kgU21pdGggPHZpY2tpc0B0aGF3dGUu Y29tPiBiAABNYWlsIGZyb20gOiBNaWNoYWVsIFN0cvZkZXIgPG1pY2hhZWwu c3Ryb2VkZXJAaW5rYS5kZT4gYXMgcG9zdGVkIG9uIG9wZW5sZGFwLWdlbmVy YWxAT3BlbkxEQVAub3JnIKcAAExEQVAgaXMsIGxpa2UgWC41MDAsIGJvdGgg YW4gaW5mb3JtYXRpb24gbW9kZWwgYW5kIGEgcHJvdG9jb2wgZm9yIHF1ZXJ5 aW5nIGFuZCBtYW5pcHVsYXRpbmcgaXQuIExEQVAncyBvdmVyYWxsIGRhdGEg YW5kIG5hbWVzYXBjZSBtb2RlbCBpcyBlc3NlbnRpYWxseSB0aGF0IG9mIFgu NTAwLiAKLgAAaHR0cDovL3d3dy5raW5nc21vdW50YWluLmNvbS9sZGFwUm9h ZG1hcC5zaHRtbBAAAEludGVyb3BlcmFiaWxpdHkrAABodHRwOi8vd3d3LmVl bWEub3JnL3VuZGVyc3RhbmRpbmdfbGRhcC5odG1sDAAAQ29tcGF0aWJsaXR5 VwAAVGhlIEhUVFAgU2VydmVyIGFsbG93cyBhY2Nlc3MgdG8gTERBUCBpbmZv cm1hdGlvbiB0aHJvdWdoIHRoZSB1c2Ugb2YgYSBwbHVnLWluIG9yIEFQSS4g SgAAaHR0cDovL3d3dy00LmlibS5jb20vc29mdHdhcmUvd2Vic2VydmVycy9o dHRwc2VydmVycy9kb2MvdjUyL2ljc3dnMDE0Lmh0bWwqAABodHRwOi8vd3d3 LmFzNDAwLmlibS5jb20vbGRhcC9sZGFwc29sbi5odG1LAABodHRwOi8vd3d3 LTQuaWJtLmNvbS9zb2Z0d2FyZS93ZWJzZXJ2ZXJzL2h0dHBzZXJ2ZXJzL2Rv Yy92NTIvaWNzd2cwMTQuaHRtbAo6AABodHRwOi8vaG9tZS5uZXRzY2FwZS5j b20vZGlyZWN0b3J5c2VjdXJpdHkvd2hpdGVwYXBlci5odG1sNQAAaHR0cDov L3d3dy5pbWMub3JnL2lldGYtcGtpeC9vbGQtYXJjaGl2ZS05Ny8wNTg1Lmh0 bWwmAQBJbnRlcm5ldCBYLjUwOSBQdWJsaWMgS2V5IEluZnJhc3RydWN0dXJl IE9wZXJhdGlvbmFsIFByb3RvY29scyAtIExEQVB2MiAKVGhpcyBzcGVjaWZp Y2F0aW9uIGFkZHJlc3MgcmVxdWlyZW1lbnRzIHRvIHByb3ZpZGUgYWNjZXNz IHRvIFB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1cmUgcmVwb3NpdG9yaWVzIGZv ciByZXRyaWV2aW5nIGFuZCBtYW5hZ2luZyBQS0kgaW5mb3JtYXRpb24uIEl0 IGlzIGJhc2Vkb24gdGhlIExpZ2h0d2VpZ2h0IERpcmVjdG9yeSBBY2NlcyBQ cm90b2NvbCAoTERBUCkgdjIgKFJGQyAxNzc3KS5HAABodHRwOi8vd3d3LmZy ZWVuaWMubmV0L2RyYWZ0cy9kcmFmdHMtcy10L2RyYWZ0LXNha3VyYWktcGtp eC1pY2FwLTAwLnR4dDoAAGh0dHA6Ly93d3cuZmlzLnVuaXByLml0L2xjYS90 dXRvcmlhbC9zZWN1ZGUvaHRtL2FmbGRhcC5odG0fAABOZXRzY2FwZSBEaXJl Y3RvcnkgU2VydmVyIDMuMCAgFgAATWljcm9zb2Z0IEV4Y2hhbmdlIDUuMA0A AExEQVAgb3ZlciBTU0yEAABQdWJsaXNoZXMgY2VydGlmaWNhdGVzIGFuZCBj ZXJ0aWZpY2F0ZSByZXZvY2F0aW9uIGxpc3RzIChDUkxzKSB0byBhbnkgTERB UC1jb21wbGlhbnQgZGlyZWN0b3J5IG92ZXIgTERBUCBhbmQgSFRUUC9IVFRQ UyBjb25uZWN0aW9ucy5DAABwdWJsaXNoaW5nIENSTHMgaW4gdGhlIExEQVAg ZGlyZWN0b3J5IGFuZCByZXRyaWV2aW5nIENSTHMgb3ZlciBIVFRQSAAAaHR0 cDovL2hvbWUubmV0c2NhcGUuY29tL2VuZy9zZXJ2ZXIvY21zLzQxL2FkbV9n aWRlL2xkYXBfY3JsLmh0bSMxMDAyNjU1DgAAQmVsU2lnbiBOVi9TQSAfAABo dHRwOi8vd3d3LndoYXRpcy5jb20vaHR0cHMuaHRtRQAAaHR0cDovL2RldmVs b3Blci5uZXRzY2FwZS5jb20vdmlld3NvdXJjZS9sZGFwX21vZGVscy9sZGFw X21vZGVscy5odG1sQAAAaHR0cDovL3d3dy5qcC5uZXRzY2FwZS5jb20vY2Vy dGlmaWNhdGUvdjEuMC9ldmFsZ3VpZGUvaW5kZXguaHRtbEUAAE1pbmltdW0g SW50ZXJvcGVyYWJpbGl0eSBTcGVjaWZpY2F0aW9uIGZvciBQS0kgQ29tcG9u ZW50cywgVmVyc2lvbiAxCvEAAFlvdSBkb24ndCBoYXZlIHRvIHNlY3VyZSB0 aGUgdHJhbnNwb3J0IG9mIENSTHMgd2l0aCBlLmcuIFNTTGJlY2F1c2UgdGhl IENSTAoxLiBjb250YWlucyBwdWJsaWMgZGF0YSAoc2VyaWFsIG51bWJlcnMg b2YgcmV2b2tlZCBjZXJ0cykuCjIuIGlzIGFsc28gYSBjZXJ0aWZpY2F0ZSBp c3N1ZWQgYnkgdGhlIENBID0+IG5vbiByZXB1ZGlhdGlvbiBpcyBhbHJlYWR5 CmdhcmFudGVlZCBieSB0aGUgQ0EncyBzaWduYXR1cmUuCgo7AABodHRwOi8v d3d3LmNoZWNrcG9pbnQuY28uanAvcHJvZHVjdHMvdGVjaG5vbG9neS9pbmRl eC5odG1sCisAAE1haWwgZnJvbSBWaWNraSBTbWl0aCA8dmlja2lzQHRoYXd0 ZS5jb20+IApMAABMREFQIG92ZXIgU1NMIGFuZCBYLjUwMCBmb3IgRGlyZWN0 b3J5IGFjY2VzcywgdXNpbmcgc3RhbmRhcmQgQVNOLjEgZW5jb2RpbmcKUgAA TERBUCBhbmQgU1NMIGFyZSB1c2VkIGFzIERpcmVjdG9yeSBhY2Nlc3MgYW5k IHVuZGVybHlpbmcgc2VjdXJlIHNlc3Npb24gcHJvdG9jb2xzChEAAE5vIExE QVAgb3ZlciBTU0wKhQAAUHVibGlzaGVzIGNlcnRpZmljYXRlcyBhbmQgY2Vy dGlmaWNhdGUgcmV2b2NhdGlvbiBsaXN0cyAoQ1JMcykgdG8gYW55IExEQVAt Y29tcGxpYW50IGRpcmVjdG9yeSBvdmVyIExEQVAgYW5kIEhUVFAvSFRUUFMg Y29ubmVjdGlvbnMuCk4AAGh0dHA6Ly9jZ2kuanAubmV0c2NhcGUuY29tL3By b2R1Y3RzL3NlY3VyaXR5L3Jlc291cmNlcy9ldmFsZ3VpZGUvY29tcGFyZS5o dG1sCv8AAFRoZSBMaWdodHdlaWdodCBEaXJlY3RvcnkgQWNjZXNzIFByb3Rv Y29sIChMREFQKSBpcyBhIHByb3RvY29sIGZvciBhY2Nlc3Npbmcgb25saW5l IGRpcmVjdG9yeSBzZXJ2aWNlcy4gSXQgcnVucyBkaXJlY3RseSBvdmVyIFRD UCwgYW5kIGNhbiBiZSB1c2VkIHRvIGFjY2VzcyBhIHN0YW5kYWxvbmUgTERB UCBkaXJlY3Rvcnkgc2VydmljZSBvciB0byBhY2Nlc3MgYSBkaXJlY3Rvcnkg c2VydmljZSB0aGF0IGlzIGJhY2stZW5kZWQgYnkgWC41MDAuCv4AAEludGVy bmV0IFguNTA5IFB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1cmUgT3BlcmF0aW9u YWwgUHJvdG9jb2xzOiBGVFAgYW5kIEhUVFAgOgpUaGlzIHNwZWNpZmljYXRp b24gY292ZXJzIHRoZSBjb252ZW50aW9uIHMgZm9yIHVzaW5nIEZpbGUgVHJh bnNlciBQcm90b2NvbCAoRlRQKSBhbmQgSHlwZXJ0ZXh0IFRyYW5zZmVyIFBy b3RvY29sIChIVFRQKSB0byBvYnRhaW4gY2VydGlmaWNhdGVzIGFuZCBDUkxz IGZyb20gUEtJIHJlcG9zaXRvcmllcwoKPgEAV0VCIGJhc2VkIENlcnRpZmlj YXRlIEFjY2VzcyBQcm90b2NvbC0tIFdlYkNBUC8xLjAgClRoaXMgc3BlY2lm aWNhdGlvbiBkZWZpbmVzIGEgc2V0IG9mIG1ldGhvZHMsIGhlYWRlcnMsIGFu ZCBjb250ZW50LXR5cGVzIGZvciBIVFRQLzEuMSB0byBwdWJsaXNoLCByZXRy aWV2ZSBYLjUwOSBjZXJ0aWZpY2F0ZXMgYW5kIENlcnRpZmljYXRlIFJldm9j YXRpb24gTGlzdHMuIFRoaXMgcHJvdG9jb2wgYWxzbyBmYWNpbGl0YXRlcyBk ZXRlcm1pbmluZyBjdXJyZW50IHN0YXR1cyBvZiBhIGRpZ2l0YWwgY2VydGlm aWNhdGUgd2l0aG91dCB0aGUgdXNlIG9mIENSTHMK1gAASFRUUFMgKFNlY3Vy ZSBIeXBlcnRleHQgVHJhbnNmZXIgUHJvdG9jb2wpIGlzIGEgV2ViIHByb3Rv Y29sIGRldmVsb3BlZCBieSBOZXRzY2FwZSBhbmQgYnVpbHQgaW50byBpdHMg YnJvd3NlciB0aGF0IGVuY3J5cHRzIGFuZCBkZWNyeXB0cyB1c2VyIHBhZ2Ug cmVxdWVzdHMgYXMgd2VsbCBhcyB0aGUgcGFnZXMgdGhhdCBhcmUgcmV0dXJu ZWQgYnkgdGhlIFdlYiBzZXJ2ZXIuCkEBAEhvd2V2ZXIsIERpcmVjdG9yeSBT ZXJ2aWNlcyBhcmUgbm90IGF2YWlsYWJsZSBpbgptYW55IHBhcnRzIG9mIHRo ZSBJbnRlcm5ldCB0b2RheSwgYW5kIHRoZSBIeXBlcnRleHQgVHJhbnNmZXIg UHJvdG9jb2wKKEhUVFApLCBkZWZpbmVkIGluIFJGQyAyMDY4LCAgb2ZmZXJz IGFuIGFsdGVybmF0ZSBtZXRob2QgZm9yCmNlcnRpZmljYXRlIGFuZCBDUkwg ZGlzdHJpYnV0aW9uLgouLi4KSFRUUCBpcyBhbiBhdHRyYWN0aXZlIGFsdGVy bmF0aXZlIHRvIERpcjwAdQkAZWN0b3J5CmFjY2VzcyBwcm90b2NvbHMgZm9y IGNlcnRpZmljYXRlIGFuZCBDUkwgZGlzdHJpYnV0aW9uLgoKEAAARGVmaW5p dGlvbi9Vc2FnZTQAAGh0dHA6Ly9jc3JjLm5pc3QuZ292L3BraS90d2cvcGFw ZXJzL2hhbGx1bS1iYWtlci5odG0yAABTdXBwb3J0ZWQgYnkgRmlyZXdhbGwt MSAoQ2hlY2tQb2ludCBTb2Z0d2FyZSBMdGQpIFYBAFRoZSBOZXRzY2FwZSBE aXJlY3RvcnkgU29mdHdhcmUgRGV2ZWxvcG1lbnQgS2l0IGluY2x1ZGVzIHV0 aWxpdHkgYW5kIGRhdGEtYWNjZXNzIFNES3MgdG8gZmFjaWxpdGF0ZSBjb21t dW5pY2F0aW9uIHdpdGggdGhlIExEQVAtYmFzZWQgZGlyZWN0b3JpZXMgYW5k IGFkbWluaXN0cmF0aW9uIHNlcnZlcnMgZm9yIG1hbmFnaW5nIHNlcnZlciBj b25maWd1cmF0aW9uIGluZm9ybWF0aW9uLiBUaGVzZSBpbmNsdWRlIExEQVAg Y2xpZW50IGFuZCBTREtzIGNyb3NzLXBsYXRmb3JtIGluc3RhbGxhdGlvbiBI VFRQIGNvbm5lY3Rpb24gbWFuYWdlbWVudCBhbmQgQ0dJIHNlcnZpY2UgcmVx dWVzdCBBUElzIAoKCvoCAFRoZSBoYW5kbGluZyBvZiB0aGUgWC41MDkgYXR0 cmlidXRlICJ1c2VyQ2VydGlmaWNhdGUiIGlzIGJhc2VkIHVwb24gYSBzdHJp bmcgZm9ybWF0LCBhbmQgWC41MDAgKDg4KSB2ZXJzaW9uIDEgY2VydGlmaWNh dGVzLiBIb3dldmVyLCB0aGlzIGFwcHJvYWNoIGRvZXMgbm90IHdvcmsgd2l0 aCB0aGUgWC41MDAgKDkzKSB2ZXJzaW9uIDMgY2VydGlmaWNhdGVzIHdoaWNo IGFyZSB0aGUgYmFzaXMgb2YgbW9zdCBzZWN1cml0eSBzeXN0ZW1zIGxpa2Ug RW50cnVzdCwgYXMgdGhlIHN0cmluZyBlbmNvZGluZyBkb2VzIG5vdCBoYXZl IHNwZWNpZmljIGZpZWxkcyBmb3IgdGhlIG5ldyBwcm90b2NvbCBlbGVtZW50 cy4gVGhpcyBtZWFucyB0aGVzZSBuZXcgc2VjdXJpdHkgZmllbGRzIGRvIG5v dCBnZXQgY2FycmllZCB3aXRoaW4gdGhlIExEQVAgcHJvdG9jb2wsIGFuZCBj b25zZXF1ZW50bHkgdGhlIGZ1bGwgdmVyc2lvbiAzIGNlcnRpZmljYXRlIGNh bm5vdCBiZSByZWJ1aWx0IGluIHRoZSBjbGllbnQKTERBUCB2MyByZXZlcnRz IHRvIGEgYmluYXJ5IGVuY29kaW5nIGZvciB1c2VyQ2VydGlmaWNhdGUgYXR0 cmlidXRlcy4gVGhpcyBtZWFucyB0aGUgY2VydGlmaWNhdGUgaXMgZXhjaGFu Z2VkIGluIGl0cyByYXcgQVNOLjEgZm9ybSwgcmF0aGVyIHRoYW4gdXNpbmcg YSBzdHJpbmcgZW5jb2RpbmcuIENvbnNlcXVlbnRseSB0aGUgb3JpZ2luYWws IHVubW9kaWZpZWQgY2VydGlmaWNhdGUgaXMgY2FycmllZCB3aXRoaW4gdGhl IHByb3RvY29sLiAKCq0CAFRoZSBNSVNQQyBhc3N1bWVzIHRoYXQgY2VydGlm aWNhdGVzIGFuZCBjZXJ0aWZpY2F0ZSByZXZvY2F0aW9uIGxpc3RzIChDUkxz KSB3aWxsIGJlIGF2YWlsYWJsZSBpbiBhIHJlcG9zaXRvcnkgZm9yIHJldHJp ZXZhbCB3aXRob3V0IGF1dGhlbnRpY2F0aW9uLiAgTUlTUEMgY2xpZW50cyB3 aWxsIHBlcmZvcm0gcGF0aCB2YWxpZGF0aW9uIGJ5IG9idGFpbmluZyB0aGUg bmVjZXNzYXJ5IGNlcnRpZmljYXRlcyBhbmQgQ1JMcyBmcm9tIHRoZSBhcHBy b3ByaWF0ZSByZXBvc2l0b3JpZXMuICBUaGUgcmVwb3NpdG9yeSBtYXkgYmUg YW4gWC41MDAgZGlyZWN0b3J5IG9yIHNvbWUgb3RoZXIgdHlwZSBhY2Nlc3Np YmxlIGJ5IHVzaW5nIFVuaXZlcnNhbCBSZXNvdXJjZSBJZGVudGlmaWVyIChV UkkpIG5vdGF0aW9uLiAgUmVwb3NpdG9yaWVzIGFyZSBleHBlY3RlZCB0byBz dXBwb3J0IHRoZSBMaWdodHdlaWdodCBEaXJlY3RvcnkgQWNjZXNzIFByb3Rv Y29sIChMREFQKSBbUkZDIDE3NzddLCB0aGVyZWZvcmUgY29tcGxpYW50IHBy b2R1Y3RzIGFyZSByZXF1aXJlZCB0byBzdXBwb3J0IHRoaXMgcHJvdG9jb2wu ClRoZXNlIHJlcG9zaXRvcmllcyBuZWVkIG5vdCBiZSBsaW5rZWQgdG9nZXRo ZXIgYW5kIG90aGVyIHByb3RvY29scyBtYXkgYmUgdXNlZCB0byByZXRyaWV2 ZSBjZXJ0aWZpY2F0ZXMgYW5kIENSTHMuCgpAAABodHRwOi8vaG9tZS5uZXRz Y2FwZS5jb20vZW5nL3NlcnZlci9jbXMvNDEvYWRtX2dpZGUvY3M0MF9pbnQu aHRtJQAAaHR0cDovLzE5NS4xNzAuMTYuMzMvZDNfMS9kb2MwMDA5Lmh0bQgA AFJvb3QgQ0FzBwAAVmVuZG9ycyUAAGh0dHA6Ly93d3cuZmFxcy5vcmcvcmZj cy9yZmMxNzc3Lmh0bWwlAABodHRwOi8vd3d3LmZhcXMub3JnL3JmY3MvcmZj MjU4NS5odG1s3QAATERBUCBpcyBkZWZpbmVkIGJ5IHRoZSBJbnRlcm5ldCBj b21tdW5pdHksIGFuZCBpbiBwYXJ0aWN1bGFyIHRoZSBBU0lEIHdvcmtpbmcg Z3JvdXAuIFRoZSBwcm90b2NvbCBwcm92aWRlcyBhIG1lY2hhbmlzbSBmb3Ig cGFzc2luZyB0ZXh0LWJhc2VkIHF1ZXJpZXMgZnJvbSBhbiBMREFQIGNsaWVu dCB0byBhbiBMREFQIHNlcnZlciBvdmVyIHRoZSBUQ1AvSVAgbmV0d29yayBw cm90b2NvbAr/AFIECAAlCAAADABIti4PAAAVBwEAxhUAAK0NaACTFgAAeg5f AJQYAAB7EGwAehoAAGEScgCEHQAAaxUAADUfAAAcFyMA2SEAAMAZAAA4JwAA Hx8kAEkwAAAMCAAAYgAAAfOPJQAAAAUAHAIEAAAABAAAAAkEAAABAAAAvlCe AJrFYgAAAAAAAAAAAAAAYgAAAWIACAAAAAUARgUAAAAAAAGJAAkAAAAFAIwK AAAAAAABAAAKAAAABQBUBgAAAAAAAQAAKNCdMAUAYgcAAAAAAAEAAAwAAAAF ACwBAAAAAAABAAANAAAABQBUBgAAtwBAAQAADgAAAAUAKgMAAAAAAAEAAA8A AAAFAHAIAAAAAAABAAAQAAAABQBiBwAAYgAAAQAAAAAAAGF6cDC2UJ4ABAAA AJLFYgAEAAAAAQAAAAQAAACSxWIAtlCeAAQAAAAAAQAAFAAAAAUALAEAAGIA AAFiABUAAAAFAOAQAABiAAABAgABAAAAeOhiAAAAAADAUJ4AhPZTMEDFYgB0 AAAAAAAAAAIAxzAAAMUwAAAgAAABbgAZAAAABQDEDgAAAADhPG0wDgDHMNEA AACCxWIA/AAAAAkAAADNFQQwAADFMOyjxzDRAAAAgsViAP0AAACCxWIAhMdi AOzqAjCCxWIAwFCeAAAAAACEx2IAdAAAAAAAAACOjw8wAAAAAIDFYgAHAAAA /////1QAQQBCAEwARQBfADQANwBlAHIAYwBlAG4AdAAAAAAAAAAwAF0AAAB9 pfi/AAgAAIQ4QAAAAAAAAAgAAAAAAADfAwAAAQAAAEhKngABAAAAFMdiAAAA AAAEAAAAAQAAACDvnTAAAAAAXACHABDHYgABAAAA2RAAMJZqVDBScFQwwsgQ MLUaiQBUAIcAZRAAMFQAhwC1GokAAgAAAN2IDzC1GokAVACHAAEAAAB8GokA AAAAAAgAhwD8AYcAAAAAAAAAAADDGokAAAAAAAAAAAAAAAAAPwAAAAAAAACU xmIAOYYPMAYAAAB8GokAKQAAAAcAAAAGAocAwsdiAMDHYgAIAIcABwAAAEAA AADOWlQwAAAAAGUQADBwalQw7ASJAEwAAADZEAAw7ASJAHBqVDBMAAAAzlpU MJ7HYgCkx2IAAAAAAAAAAAAAAAAAoscQMAkEAAAAAAAAAAAAACQAAADg52IA 84MPMDDHYgABAAAAw5/3v7wBc4EBAAAAZk5wMEjXnTAnTnAwcRUAMBDHYgAE AAAASEqeAGBnngBEUe8ASEqeAGBnngCoaA8wSEqeAMRTngAIAIcAAAAAAHzH YgAIAAAAFwAAAJzHYgB8Z54AyMdiALq/EDDAx2IACAAAAAgAAADAx2IA62wP MBcAAAAIAAAALP+fAAgAhwBNAAAAvsNiAP////8AAKAAAAAAAFYAAAALAAAA AAAAAP/////g52IA3QAAAAkAAAAAAAAAPAAAAJToYgBueA8wPSgKAAAACQgQ AAAGEADTEMwHSQAAAAYAAAALAhgAAAAAAAAAAAAmAAAAeDoAAOJDAADiRQAA DQACAAEADAACAGQADwACAAEAEQACAAAAEAAIAPyp8dJNYlA/XwACAAEAKgAC AAAAKwACAAAAggACAAEAgAAIAAAAAAAAAAAAJQIEAAAADgGBAAIAwQUUAAAA FQAWABMAACZMJkYmQ1BhZ2UgJlAgb2YgJk6DAAIAAACEAAIAAABNAI4DAABI AFAAIABMAGEAcwBlAHIASgBlAHQAIAA0ADAAMAAwACAAUwBlAHIAaQBlAHMA IABQAFMAAAAAAAAAAAAAAAAAAAQDBNQAuAIfdwAAAgAJAJoLMwhNAAEABwBY AgEAAQBYAgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAyBkAAMASAAAB AAAAAAAAAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAABC+91hAFwwYKScjAAEA AQAAAAEAAQAAAAAAAgACAAEAUgMAAMIBAAAAAAAAAABkAAAAAAADAP//AwD/ /wAA//8AAP//AQD//wAA//8AAP//AAD//wEA//8BAP//AQD//wEA//8BAP// AAD//wAA//8AAP//AAD//wEA//8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//9DdXN0b20gcGFn ZSAxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAABYQwAAtEMAAAAAAABDdXN0b20gcGFnZSAyAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY QwAAtEMAAAAAAABDdXN0b20gcGFnZSAzAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYQwAAtEMAAAAAAAAA AAAAAAAAAKEAIgAJAE0AAQABAAAAAABYAlgCAAAAAAAA4D8AAAAAAADgPwEA VQACAAgAfQAMAAAAAADbGBoABgAAAH0ADAABAAEAJDEaAAIAAAB9AAwAAgAC AEkfGgAGAAAAfQAMAAMAAwAkKBoABgAAAH0ADAAEAAQAJCgaAAIAAAB9AAwA BQAAASQJGgAAAAAAAAIOAAAAAAAmAAAAAAAFAAAACAIQAAAAAAAFACwBAAAr WwAByIMIAhAAAQAAAAUALAEAAAAAAAEAAAgCEAACAAAABQBwCAAAAAAAAWIA CAIQAAMAAAAFAH4JAABiAAABAAAIAhAABAAAAAUALAEAAGIAAAHzjwgCEAAF AAAABQBUBgAAYgAAAQAACAIQAAYAAAAFAFQGAABiAAABYgAIAhAABwAAAAUA qAwAAGIAAAFiAAgCEAAIAAAABQBGBQAAAAAAAYkACAIQAAkAAAAFAIwKAAAA AAABAAAIAhAACgAAAAUAVAYAAAAAAAEAAAgCEAALAAAABQBiBwAAAAAAAQAA CAIQAAwAAAAFACwBAAAAAAABAAAIAhAADQAAAAUAVAYAALcAQAEAAAgCEAAO AAAABQAqAwAAAAAAAQAACAIQAA8AAAAFAHAIAAAAAAABAAAIAhAAEAAAAAUA YgcAAGIAAAEAAAgCEAARAAAABQBUBgAAATAAAQAACAIQABIAAAAFACwBAAAA AAABAAAIAhAAEwAAAAUAChQAAAAAAAEAAAgCEAAUAAAABQAsAQAAYgAAAWIA CAIQABUAAAAFAOAQAABiAAABAgAIAhAAFgAAAAUAOAQAAAAAAAEAAAgCEAAX AAAABQAsAQAAtwAAAQAACAIQABgAAAAFAEYFAAAgAAABbgAIAhAAGQAAAAUA xA4AAAAAAAEAAAgCEAAaAAAABQAsAQAAAAAAAQAACAIQABsAAAAFACoDAAAA AAABAAAIAhAAHAAAAAUAKgMAAAAAAAEAAAgCEAAdAAAABQAsAQAAAAAAAWIA CAIQAB4AAAAFACwBAABUMAABAAAIAhAAHwAAAAUAYgcAAAAAAAEAAP0ACgAA AAAAFgAcAAAA/QAKAAAAAQAWABAAAAD9AAoAAAACABYAFgAAAP0ACgAAAAMA FgARAAAA/QAKAAAABAAWABYAAAD9AAoAAQAAAB8ABgAAAP0ACgABAAEAIAAJ AAAAvgAMAAEAAgAfAB8AHwAEAAECBgACAAAAGAD9AAoAAgABABkALgAAAP0A CgACAAIAGQBTAAAA/QAKAAIAAwAZAEUAAAD9AAoAAgAEABkAVAAAAL4ADAAD AAAAGAAZABgAAgD9AAoAAwADABkARgAAAP0ACgADAAQAGQAvAAAA/QAKAAQA AAAfAEkAAAC+AA4ABAABACAAHwAfAB8ABAABAgYABQAAABcA/QAKAAUAAQAb AEQAAAD9AAoABQACABsAFwAAAP0ACgAFAAMAGwBHAAAA/QAKAAUABAAbADgA AAABAgYABgAAABsA/QAKAAYAAQAbAB0AAAD9AAoABgACABsAHgAAAP0ACgAG AAMAGwAoAAAA/QAKAAYABAAbACkAAAABAgYABwAAABsA/QAKAAcAAQAbACMA AAD9AAoABwACABsAJAAAAP0ACgAHAAMAGwBIAAAA/QAKAAcABAAbAC0AAAAB AgYACAAAABsA/QAKAAgAAQAbAFUAAAD9AAoACAACABsAJgAAAL4ACgAIAAMA GwAbAAQAAQIGAAkAAAAbAP0ACgAJAAEAGwAAAAAA/QAKAAkAAgAbACoAAAC+ AAoACQADABsAGwAEAAECBgAKAAAAGwD9AAoACgABABsAAQAAAP0ACgAKAAIA GwAqAAAAvgAKAAoAAwAbABsABAABAgYACwAAABsA/QAKAAsAAQAbAAIAAAD9 AAoACwACABsAOgAAAL4ACgALAAMAGwAbAAQA/QAKAAwAAAAfAAcAAAD9AAoA DAABACAACgAAAL4ADAAMAAIAHwAfAB8ABAABAgYADQAAABcA/QAKAA0AAQAb ABUAAAD9AAoADQACABsAMAAAAL4ACgANAAMAGwAbAAQAAQIGAA4AAAAbAP0A CgAOAAEAGwAaAAAA/QAKAA4AAgAbABsAAAC+AAoADgADABsAGwAEAAECBgAP AAAAGwD9AAoADwABABsAPAAAAP0ACgAPAAIAGwAiAAAAvgAKAA8AAwAbABsA BAABAgYAEAAAABsA/QAKABAAAQAbAAMAAAD9AAoAEAACABsAJgAAAL4ACgAQ AAMAGwAbAAQAAQIGABEAAAAbAP0ACgARAAEAGwAEAAAA/QAKABEAAgAbADkA AAC+AAoAEQADABsAGwAEAP0ACgASAAAAHwAlAAAA/QAKABIAAQAgAAsAAAC+ AAwAEgACAB8AHwAfAAQAAQIGABMAAAAXAP0ACgATAAEAGwAIAAAA/QAKABMA AgAbAEoAAAC+AAoAEwADABsAGwAEAP0ACgAUAAAAHwAnAAAAvgAOABQAAQAf AB8AHwAfAAQAAQIGABUAAAAXAP0ACgAVAAEAGwBNAAAA/QAKABUAAgAbACYA AAD9AAoAFQADABwATAAAAP0ACgAVAAQAGwAsAAAAvgAMABYAAAAXABsAGwAC AP0ACgAWAAMAGwAoAAAA/QAKABYABAAbACsAAAD9AAoAFwAAAB8AGAAAAP0A CgAXAAEAHwAMAAAAvgAMABcAAgAfAB8AHwAEAAECBgAYAAAAFwD9AAoAGAAB ABsABQAAAP0ACgAYAAIAGwAZAAAAvgAKABgAAwAbABsABAABAgYAGQAAABcA /QAKABkAAQAbAE4AAAD9AAoAGQACABsAOwAAAL4ACgAZAAMAGwAbAAQA/QAK ABoAAAAfAB8AAAD9AAoAGgABACAADQAAAL4ADAAaAAIAHwAfAB8ABAABAgYA GwAAABcA/QAKABsAAQAbAEsAAAD9AAoAGwACABsAIAAAAP0ACgAbAAMAGwBL AAAA/QAKABsABAAbAD0AAAC+AAoAHAAAABcAGwABAP0ACgAcAAIAGwA9AAAA vgAKABwAAwAbABsABAD9AAoAHQAAAB8AEgAAAP0ACgAdAAEAHwAPAAAAvgAM AB0AAgAfAB8AHwAEAP0ACgAeAAAAHgBRAAAAvgAOAB4AAQAbABwAGwAbAAQA /QAKAB8AAAAdABMAAAD9AAoAHwABABsADgAAAP0ACgAfAAIAGwA+AAAA/QAK AB8AAwAbABQAAAD9AAoAHwAEABsAIQAAANcARADyCAAAbAJGACwAQgAsACAA QgBCAEIANAA0ADQANAAsADQANAA0ADQANAAsADQAIABCACwALAA0ADQALABC ACoALAAgAAgCEAAgAAAABQAqAwAAK1sAAciDCAIQACEAAAAFACoDAAAAAAAB AAAIAhAAIgAAAAUALAEAAAAAAAFiAAgCEAAjAAAABQAqAwAAYgAAAQAACAIQ ACQAAAAFADgEAABiAAAB848IAhAAJQAAAAUAHAIAAGIAAAEAAP0ACgAgAAAA HQA3AAAA/QAKACAAAQAbAD8AAAD9AAoAIAACABsAUAAAAL4ACgAgAAMAGwAb AAQAAQIGACEAAAAdAP0ACgAhAAEAGwBAAAAA/QAKACEAAgAbAFAAAAC+AAoA IQADABsAGwAEAP0ACgAiAAAAHgBSAAAAvgAOACIAAQAbABsAGwAbAAQA/QAK ACMAAAAdADEAAAD9AAoAIwABABsAMwAAAP0ACgAjAAIAGwBDAAAA/QAKACMA AwAbADUAAAD9AAoAIwAEABsANgAAAAECBgAkAAAAHQD9AAoAJAABABsAQgAA AP0ACgAkAAIAGwBPAAAA/QAKACQAAwAcADQAAAD9AAoAJAAEABsATwAAAP0A CgAlAAAAHQAyAAAA/QAKACUAAQAbAEEAAAC+AAwAJQACABsAGwAbAAQA1wAQ ALgBAABkADgANAAgAEYAQgA+AhIAtgYUAAAAQAAAAAAAAAAAAAAAoAAEAAMA BAAdAA8AAxcAAAAAAAEAFwAXAAAA5QACAAAACgAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ /wAABAACAAAAAAAAAAAAAAAAAAAAAAABAAAA4IWf8vlPaBCrkQgAKyez2TAA AADoAAAACAAAAAEAAABIAAAAAgAAAFAAAAAEAAAAaAAAAAgAAACMAAAAEgAA ALAAAAALAAAAyAAAAAwAAADUAAAAEwAAAOAAAAACAAAA5AQAAB4AAAAOAAAA SG90bWFpbCBJbmJveAB4AB4AAAAcAAAAUmlja3kgTGkgKE1hcmtldCBSZWFk aW5lc3MpAB4AAAAcAAAAUmlja3kgTGkgKE1hcmtldCBSZWFkaW5lc3MpAB4A AAAQAAAATWljcm9zb2Z0IEV4Y2VsAEAAAACAmnm75j+/AUAAAACAyy/IsT+/ AQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /v8AAAQAAgAAAAAAAAAAAAAAAAAAAAAAAgAAAALVzdWcLhsQk5cIACss+a5E AAAABdXN1ZwuGxCTlwgAKyz5rgwBAADIAAAACQAAAAEAAABQAAAADwAAAFgA AAAXAAAAaAAAAAsAAABwAAAAEAAAAHgAAAATAAAAgAAAABYAAACIAAAADQAA AJAAAAAMAAAApQAAAAIAAADkBAAAHgAAAAUAAABzZWhrAABzAAMAAABqEAgA CwAAAAAAAAALAAAAAAAAAAsAAAAAAAAACwAAAAAAAAAeEAAAAQAAAAkAAABG aW5kaW5ncwAMEAAAAgAAAB4AAAALAAAAV29ya3NoZWV0cwADAAAAAQAAAJgA AAADAAAAAAAAACAAAAABAAAANgAAAAIAAAA+AAAAAQAAAAIAAAAKAAAAX1BJ RF9HVUlEAAIAAADkBAAAQQAAAE4AAAB7ADEANwA0AEQAOQAxADIAMAAtAEEA QgBFAEIALQAxADEARAAzAC0AQgA1ADEAMgAtADAAMAAxADAANABCADAANQA4 AEMAMwBBAH0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAEAAAACAAAAAwAAAAQAAAAFAAAABgAAAAcAAAAIAAAACQAAAAoAAAALAAAA DAAAAA0AAAAOAAAADwAAABAAAAARAAAAEgAAABMAAAAUAAAAFQAAABYAAAAX AAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAAACIA AAAjAAAA/v///yUAAAAmAAAAJwAAACgAAAApAAAAKgAAACsAAAD+////LQAA AC4AAAAvAAAAMAAAADEAAAAyAAAAMwAAAP7////9/////v////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// ////////////////////////UgBvAG8AdAAgAEUAbgB0AHIAeQAAAAAA//// /wEAAACK1GIAAAAAAAEAAAD/////AQAAAIbUYgAAAAAAAQAAABYABQH///// /////wIAAAAgCAIAAAAAAMAAAAAAAABGAAAAAAEAAAD/////AQAAAAQAYgD+ ////AAAAAP////9XAG8AcgBrAGIAbwBvAGsAAAD//wEAAAAFAGIAAAAAAAEA AAD/////AQAAAA0AYgAAAAAAAQAAAP////8BAAAAEgACAf////////////// /wEAAACS1GIAAAAAAAEAAAD/////AQAAAMzUYgAAAAAAAQAAAAAAAAAxRgAA a81iAAUAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAAA AAAAAQAAAP////8BAAAAN8piAAAAAAAoAAIBAQAAAAMAAAD/////AAAAAAEA AAD/////AQAAAH7UYgAAAAAAAQAAAP////8BAAAAJAAAAAAQAAABAAAABQBE AG8AYwB1AG0AZQBuAHQAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQA aQBvAG4AAAAkDwAAAAAAADgAAgH///////////////8AAAAA////ADUAAAAA AAAANQAAAAAAAAAAAAAAAAAAAAQAAAAsAAAAABAAAAAAAAA= ------=_NextPart_000_4918659b_a2cb209$754862cf-- Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id EAA14425 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 04:48:20 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id NAA26539; Mon, 6 Dec 1999 13:46:04 +0100 Received: by HYDRA with Microsoft Mail id <01BF3FF0.157E6890@HYDRA>; Mon, 6 Dec 1999 13:44:57 +0100 Message-ID: <01BF3FF0.157E6890@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org>, SEIS-listan <list@seis.nc-forum.com> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: Re: QC's - for human eyes only? Date: Mon, 6 Dec 1999 13:44:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Denis >Stephen gave the right answer. We should not re-open that >discussion. We are not "shutting the door on options that technology >will soon make available". The Version 3 of X.509 certificates >allows to define other extensions. The one you are requesting could >be defined later, when it becomes appropriate. It was appropriate already a year ago. I don't think it has gotten less interesting. The problem was (and probably is) that information in certificates cause self-made "politicians" to destroy a debate that really only concerns a "file-format". If you look on ID2's home-page you can see that they brag about being number one in PKI and that they DO combine PKI and finger-prints. So it is HERE TODAY! And regarding file-sizes: Extremely depending on the implementation environment (global Internet consumer, vs corporate intranets) so it is inappropriate of PKIX to decide here and now what is suitable. I.e. QC does not and should not recommend any particular solution. It should offer a "smorgasbord" of generally useful options in a standardized way. The suggested items are known and using the MIME-type of definition that I proposed earlier, they can proliferate on their own merits and pace . How, when and why certificate information is to be used can surely be discussed forever, but if we need consensus on that part as well, we can simply terminate the whole thing. BTW, we just seem to have finally gotten the unique identifier concept through the door although there were originally many, many opponents to such things... Anders Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id CAA10478 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 02:49:57 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id LAA57347 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 11:47:42 +0100 Received: by HYDRA with Microsoft Mail id <01BF3FDF.8C5EC060@HYDRA>; Mon, 6 Dec 1999 11:46:35 +0100 Message-ID: <01BF3FDF.8C5EC060@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: QC's - for human eyes only? Date: Mon, 6 Dec 1999 11:46:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id CAA10479 Just some more info for those who still believe finger-prints is marginal technology ---------- From: Calum Bunney [SMTP:calum.bunney@wanadoo.fr] Sent: Monday, December 06, 1999 10:47 To: 'SEIS-List' Subject: SEIS: Re: QC's - for human eyes only? --- Message on the SEIS mailing list (list@seis.nc-forum.com) Can I add to the comments below? The biometric industry community is moving towards some sort of standardisation in this area, albeit in a piecemeal way. The National Security Agency in the USA has long been investigating the use of X509 v3 certification for storage of biometric data. The ANSI X9F4 standards working group is developing a certificate based standard for the secure and responsible management of biometric data, initially for the financial services community. The Biometric Consortium (www.biometrics.org) is sponsoring a Biometric Common File Exchange Format to find a way of storing biometric data that can invite different biometrics (iris, finger, face etc) and different vendors' solutions to participate in a quasi-universal storage mechanism such as certificates. There is some recognition of the overlap in biometric standardisation with certificate operation, and this is increasingly recognised as a future technical issue for the emerging biometric standard (www.bioapi.org) There are indeed at least ten vendors with selling fingerprint technologies. There are more than fify actual technologies on the market. Among these there are a good number with fingerprint data stored in files between 100 and 400 bytes. Is the general opinion that this is still too large for feasible verification off the certificate, without reliance on a network? I am interested to know the general view on this? with all good wishes Calum Bunney International Biometric & Authentication Consulting Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA10282 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 02:43:34 -0800 (PST) Received: from bull.net (frcls6118.frcl.bull.fr [129.182.109.213]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id LAA57334; Mon, 6 Dec 1999 11:45:44 +0100 Message-ID: <384B93D2.1BD5B7BF@bull.net> Date: Mon, 06 Dec 1999 11:45:38 +0100 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.06 [fr] (Win95; I) MIME-Version: 1.0 To: Ilan Shacham <ilans@arx.com> CC: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org>, SEIS-listan <list@seis.nc-forum.com> Subject: Re: QC's - for human eyes only? References: <6097687B2BCFD211AFA0006008C9A1A317B695@mx.arx.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Ilan, Stephen gave the right answer. We should not re-open that discussion. We are not "shutting the door on options that technology will soon make available". The Version 3 of X.509 certificates allows to define other extensions. The one you are requesting could be defined later, when it becomes appropriate. Denis > Stephen, > Comments inline. > > > Ian & Anders, > That's Ilan... :-) > > > > We had this discussion a year ago, as Anders noted. We did not > > choose to put biometric data in certs because such data is large, > > because its inclusion in a cert potentially exposes it to > > unauthorized acquisition, and because it is not generally required. > > All of these arguments may be true today, but will probably not be > true tomorrow, and are certainly application specific. Therefore > I think we should leave the option to include the biometric data > inside the certificate, and let the application engineers make > storage and security considerations, considering the biometry type, > technologies involved and the specific application. > If we are looking at the security side, I can see network access to > biometric data as an opening to denial of service attacks. > > > In general, biometric user authentication is NOT a good idea for > > remote authentication. Anders made a persuasive argument for > > inclusion of a reference to such data in the case when a person will > > evlauate a human supplied biometric. His arguments were not > > persuasive enough to warrant inclusion of the biometric data in the > > cert per se, nor in more general biometric contexts. This is not a > > function of the quality of the biometrics involved, but a fundamental > > issue with any biometric. > > True, Biometric data has no meaning remotely, that's why I don't see > why a in order to verify a person carrying a digital ID card I should > need anything but the information on the card itself. I also don't > see why, if technology permits it, I shouldn't be able to be machine > authenticated. > > > Steve > > > > My main point is that it seems that we are shutting the door on options > that technology will soon make available. Standards we are etching here > take a long time until they are well accepted in the market, our job is > to look forward at the needs of the market for today and for the > following years. We don't have to do the specifics of stuff we can't > yet work out, but at least leave a good opening for those specifics. > > Ilan Received: from isak.online.no (isak.online.no [193.212.240.68]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA09648 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 02:11:21 -0800 (PST) From: katarina.de-brisis@aad.dep.telemax.no Received: from gw.telemax.no by isak.telepost.no (X.400 to RFC822 Gateway); Mon, 6 Dec 1999 11:15:26 +0100 X400-Received: by mta MHNORWAY in /c=no/admd=telemax/prmd=internet/; converted ( Undefined); Relayed; 06 Dec 1999 11:15:23 +0100 X400-Received: by /c=no/admd=telemax/prmd=internet/; converted ( Undefined); Relayed; 06 Dec 1999 11:15:23 +0100 X400-Received: by /c=no/admd=telemax/prmd=dep/; Relayed; 06 Dec 1999 10:13:55 Z X400-MTS-Identifier: [/c=no/admd=telemax/prmd=dep/; 10159 99/12/06 11:13] Content-Identifier: 10159 99/12/06 Content-Return: Prohibited X400-Content-Type: P2-1988 ( 22 ) Conversion: Allowed Priority: normal Disclose-Recipients: Prohibited Alternate-Recipient: Allowed X400-Originator: katarina.de-brisis@aad.dep.telemax.no X400-Recipients: non-disclosure; Message-Id: <"10159 99/12/06 11:13*/c=no/admd=telemax/prmd=dep/o=aad/s=de-brisis/g=katarina/"@MHS> In-Reply-To: <01BF3FC7.68A9BF20@HYDRA> Date: 06 Dec 1999 10:13:55 Z cc: "'Stefan Santesson'" <stefan@accurata.se>, magnus@rsasecurity.com Subject: SEIS: RE: QC's - for human eyes only? MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id CAA09649 Hi! I've been a "listener" on the SEIS mailing list for some time now, but as I am not a specialist in certificate design, I did not write to it. However, the work you do in PKIX on QC, warrants some comment from potential "market". I represent a part of this market - the public sector in Norway. I've been responsible for establishing naming rules for certificates for the Norwegian public sector. I have two comments in connection with the QC-debates on unique identity and biometrics: 1. Using "serialnumber" for unique identifier seems to be a strange idea for denominating humans and organizations (we have unique numbers for both in Norway, but we put them in dnQualifier or in the O-field following the name itself); dnQualifier makes much more sense for a "common user" than "serialnumber" (this is more appropriate for devices) 2. Inserting biometrics in certificates is NOT a very good idea in terms of personal data protection - no matter how "secure" it might be made, the users won't have it (I would never accept this as a user - I want my biometrics on the smartcard!). I don't know whom do you refer to when you speak about "the market", but it might be more complex than you seem to think. Katarina de Brisis ____________________________________________________________________ Katarina de Brisis, senior adviser, Royal Ministry of Labour and Government Administration, P.O. Box 8004 Dep., 0030 Oslo Phone + 47 22 24 46 46 Fax + 47 22 24 95 17 Internet e-mail katarina.de-brisis@aad.dep.telemax.no Received: from mx.arx.com (mx.arx.com [212.25.66.96]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA08462 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 00:58:01 -0800 (PST) Received: by mx.arx.com with Internet Mail Service (5.5.2448.0) id <YJWJFVR8>; Mon, 6 Dec 1999 10:58:07 +0200 Message-ID: <6097687B2BCFD211AFA0006008C9A1A317B69A@mx.arx.com> From: Ilan Shacham <ilans@arx.com> To: "'Magnus Nystrom'" <magnus@rsasecurity.com> Cc: ietf-pkix@imc.org Subject: RE: Internal conflict in QC profile? Date: Mon, 6 Dec 1999 10:58:06 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Hi Magnus, I see... If I'm the only one who mis-read that then I guess it's ok... Ilan ------------------------------------------------------------------------ Ilan Shacham mailto:ilans@arx.com Algorithmic Research Ltd. http://www.arx.com 10 Nevatim St., phone: 972 - 3 - 9279540 Petach-Tikva, Israel Fax: 972 - 3 - 9230864 > -----Original Message----- > From: Magnus Nystrom [mailto:magnus@rsasecurity.com] > Sent: Monday, December 06, 1999 10:51 AM > To: Ilan Shacham > Cc: ietf-pkix@imc.org > Subject: Re: Internal conflict in QC profile? > > > > Hi Ilan, > > And thanks for your feedback. > > With regards to your question, please note that the paragraph > after the > three choices below refers not only to them but also to all > the attributes > in the list just before your 'snippet'. That is, the dnQualifier (and > whatever attribute that functionally will replace it) is > already included. > > Best regards, > -- Magnus > Magnus Nystrom Email: magnus@rsasecurity.com > RSA Laboratories > > On Sun, 5 Dec 1999, Ilan Shacham wrote: > > > Hi all, > > The QC profile, in section 3.1.2 states: > > > > " ...Of these attributes, the subject field SHALL include > at least one of > > the following: > > > > Choice I: commonName > > Choice II: givenName > > Choice III: pseudonym > > > > Other attributes may be present but MUST NOT be necessary to > > distinguish the subject name from other subject names within the > > issuer domain. > > ... > > ... > > The dnQualifier attribute type SHALL, when present, be used to > > differentiate between names where the subject field > would otherwise > > be identical. This qualifier has no defined semantics beyond > > ensuring uniqueness of subject names. It MAY contain a number or > > code assigned by the CA or an identifier assigned by a > government or > > civil authority. It is the CA's responsibility to > ensure that the > > dnQualifier is sufficient to resolve any subject name > collisions..." > > > > It looks to me that the first of these paragraphs should be > changed to > > something like: > > > > Other attributes may be present but MUST NOT be necessary to > > distinguish the subject name from other subject names within the > > issuer domain, except for the dnQualifier attribute which may be > > used as described below. > Received: from karon.dynas.se (karon.dynas.se [192.71.43.4]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id AAA08220 for <ietf-pkix@imc.org>; Mon, 6 Dec 1999 00:48:52 -0800 (PST) Received: (qmail 19835 invoked from network); 6 Dec 1999 08:51:47 -0000 Received: from spirit.sto.dynas.se (HELO spirit.dynas.se) (172.16.1.10) by karon.sto.dynas.se with SMTP; 6 Dec 1999 08:51:47 -0000 Received: (qmail 2491 invoked from network); 6 Dec 1999 08:51:46 -0000 Received: from mnystrom-lap.nordic-dhcp.dynas.se (10.129.12.111) by spirit.dynas.se with SMTP; 6 Dec 1999 08:51:46 -0000 Date: Mon, 6 Dec 1999 09:51:14 +0100 (W. Europe Standard Time) From: Magnus Nystrom <magnus@rsasecurity.com> To: Ilan Shacham <ilans@arx.com> cc: ietf-pkix@imc.org Subject: Re: Internal conflict in QC profile? In-Reply-To: <6097687B2BCFD211AFA0006008C9A1A317B692@mx.arx.com> Message-ID: <Pine.WNT.4.10.9912060946490.-95911-100000@mnystrom-lap.rsa-s.com> X-X-Sender: magnus@[172.16.1.10] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi Ilan, And thanks for your feedback. With regards to your question, please note that the paragraph after the three choices below refers not only to them but also to all the attributes in the list just before your 'snippet'. That is, the dnQualifier (and whatever attribute that functionally will replace it) is already included. Best regards, -- Magnus Magnus Nystrom Email: magnus@rsasecurity.com RSA Laboratories On Sun, 5 Dec 1999, Ilan Shacham wrote: > Hi all, > The QC profile, in section 3.1.2 states: > > " ...Of these attributes, the subject field SHALL include at least one of > the following: > > Choice I: commonName > Choice II: givenName > Choice III: pseudonym > > Other attributes may be present but MUST NOT be necessary to > distinguish the subject name from other subject names within the > issuer domain. > ... > ... > The dnQualifier attribute type SHALL, when present, be used to > differentiate between names where the subject field would otherwise > be identical. This qualifier has no defined semantics beyond > ensuring uniqueness of subject names. It MAY contain a number or > code assigned by the CA or an identifier assigned by a government or > civil authority. It is the CA's responsibility to ensure that the > dnQualifier is sufficient to resolve any subject name collisions..." > > It looks to me that the first of these paragraphs should be changed to > something like: > > Other attributes may be present but MUST NOT be necessary to > distinguish the subject name from other subject names within the > issuer domain, except for the dnQualifier attribute which may be > used as described below. Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id XAA07451 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 23:57:20 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id IAA33990; Mon, 6 Dec 1999 08:55:04 +0100 Received: by HYDRA with Microsoft Mail id <01BF3FC7.68A9BF20@HYDRA>; Mon, 6 Dec 1999 08:53:47 +0100 Message-ID: <01BF3FC7.68A9BF20@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org>, SEIS-listan <list@seis.nc-forum.com> Cc: "'Stefan Santesson'" <stefan@accurata.se>, "'Magnus Nystrom'" <magnus@rsasecurity.com> Subject: RE: QC's - for human eyes only? Date: Mon, 6 Dec 1999 08:53:46 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Steve, The URI biometric solution does the same thing (information-wise) as in-line biometric data, but in a "crummy" way. If there is any defined way to discriminate access to the URI, this information is surely not possible to find in the QC draft. Note that such information have been requested by me several times. No answer - or "implementation defined". In-line biomterics and finger-prints are just another implementor's option. If it is good or bad is outside of the scope of the standard. If someone really needs "DiameterOfRectum" [he surely must be an A** H**E :-) :-) ] and can prove that there is an entire industry (in analogy with finger-prints) interested in this. Why not add it? The solution in the commercial world will be that this is solved by extensions. Is this what you/we/all want? Anders ---------- From: Stephen Kent [SMTP:kent@bbn.com] Sent: Sunday, December 05, 1999 22:52 To: Anders Rundgren Cc: Ietf-Pkix (E-mail); SEIS-listan Subject: RE: QC's - for human eyes only? Ian & Anders, We had this discussion a year ago, as Anders noted. We did not choose to put biometric data in certs because such data is large, because its inclusion in a cert potentially exposes it to unauthorized acquisition, and because it is not generally required. In general, biometric user authentication is NOT a good idea for remote authentication. Anders made a persuasive argument for inclusion of a reference to such data in the case when a person will evlauate a human supplied biometric. His arguments were not persuasive enough to warrant inclusion of the biometric data in the cert per se, nor in more general biometric contexts. This is not a function of the quality of the biometrics involved, but a fundamental issue with any biometric. Steve Received: from mx.arx.com (mx.arx.com [212.25.66.96]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id XAA07197 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 23:43:48 -0800 (PST) Received: by mx.arx.com with Internet Mail Service (5.5.2448.0) id <YJWJFVP0>; Mon, 6 Dec 1999 09:43:46 +0200 Message-ID: <6097687B2BCFD211AFA0006008C9A1A317B695@mx.arx.com> From: Ilan Shacham <ilans@arx.com> To: "'Stephen Kent'" <kent@bbn.com>, Anders Rundgren <anders.rundgren@jaybis.com> Cc: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org>, SEIS-listan <list@seis.nc-forum.com> Subject: RE: QC's - for human eyes only? Date: Mon, 6 Dec 1999 09:43:45 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Stephen, Comments inline. > Ian & Anders, That's Ilan... :-) > > We had this discussion a year ago, as Anders noted. We did not > choose to put biometric data in certs because such data is large, > because its inclusion in a cert potentially exposes it to > unauthorized acquisition, and because it is not generally required. All of these arguments may be true today, but will probably not be true tomorrow, and are certainly application specific. Therefore I think we should leave the option to include the biometric data inside the certificate, and let the application engineers make storage and security considerations, considering the biometry type, technologies involved and the specific application. If we are looking at the security side, I can see network access to biometric data as an opening to denial of service attacks. > In general, biometric user authentication is NOT a good idea for > remote authentication. Anders made a persuasive argument for > inclusion of a reference to such data in the case when a person will > evlauate a human supplied biometric. His arguments were not > persuasive enough to warrant inclusion of the biometric data in the > cert per se, nor in more general biometric contexts. This is not a > function of the quality of the biometrics involved, but a fundamental > issue with any biometric. True, Biometric data has no meaning remotely, that's why I don't see why a in order to verify a person carrying a digital ID card I should need anything but the information on the card itself. I also don't see why, if technology permits it, I shouldn't be able to be machine authenticated. > Steve > My main point is that it seems that we are shutting the door on options that technology will soon make available. Standards we are etching here take a long time until they are well accepted in the market, our job is to look forward at the needs of the market for today and for the following years. We don't have to do the specifics of stuff we can't yet work out, but at least leave a good opening for those specifics. Ilan Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id UAA01366 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 20:05:21 -0800 (PST) Received: from [128.33.238.100] (TC100.BBN.COM [128.33.238.100]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id XAA27934; Sun, 5 Dec 1999 23:08:01 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com (Unverified) Message-Id: <v04220801b4708dc15da8@[171.78.30.108]> In-Reply-To: <01BF3F30.5F3A0040@HYDRA> References: <01BF3F30.5F3A0040@HYDRA> Date: Sun, 5 Dec 1999 16:51:38 -0500 To: Anders Rundgren <anders.rundgren@jaybis.com> From: Stephen Kent <kent@bbn.com> Subject: RE: QC's - for human eyes only? Cc: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org>, SEIS-listan <list@seis.nc-forum.com> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Ian & Anders, We had this discussion a year ago, as Anders noted. We did not choose to put biometric data in certs because such data is large, because its inclusion in a cert potentially exposes it to unauthorized acquisition, and because it is not generally required. In general, biometric user authentication is NOT a good idea for remote authentication. Anders made a persuasive argument for inclusion of a reference to such data in the case when a person will evlauate a human supplied biometric. His arguments were not persuasive enough to warrant inclusion of the biometric data in the cert per se, nor in more general biometric contexts. This is not a function of the quality of the biometrics involved, but a fundamental issue with any biometric. Steve Received: from hotmail.com (f165.law4.hotmail.com [216.33.149.165]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id SAA14570 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 18:06:34 -0800 (PST) Received: (qmail 12914 invoked by uid 0); 6 Dec 1999 02:09:00 -0000 Message-ID: <19991206020900.12913.qmail@hotmail.com> Received: from 202.84.254.4 by www.hotmail.com with HTTP; Sun, 05 Dec 1999 18:09:00 PST X-Originating-IP: [202.84.254.4] From: "Franklin Lee" <franklinlee@hotmail.com> To: ietf-pkix@imc.org Subject: Re: CRL Distribution Mechanism Evaluation and Considerations Date: Mon, 06 Dec 1999 02:09:00 GMT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Dear all, Actually, I'm a student in the Mainland China having a reserach on the "Digital Certificate" applications and limitations --- e-commerce and cryptograhpy are still relatively new to our region. Regarding the CRL distribution mechanism, I have found few topics yet there are of 98 versions: a) Phillip Hallum-Baker http://csrc.nist.gov/pki/twg/papers/hallum-baker.html b) Mike Myers http://csrc.nist.gov/pki/twg/twg98_6.html Therefore, would be greatly appreciated for the comments and advice from the corresponding knowledge leads. Again, thanks a lot and all comments are very welcomed. >From: "Franklin Lee" <franklinlee@hotmail.com> >To: ietf-pkix@imc.org >Subject: CRL Distribution Mechanism Evaluation and Considerations >Date: Sun, 05 Dec 1999 04:18:45 GMT > >Dear all, > >I'm interested in all experts' views on evaulating the distribution of the >CRL(Certificate Revocation List) - > >LADP over SSL vs. HTTPS (HTTP over SSL) > >e.g, >- what are the key considerations (e.g, performance, infrastructure) for >choosing either protocol? >- what are the current preferred practice as performed by the various CAs? >(e.g. Thawte, Verisign)? > > >Thanks a lot and any comments (e.g., links to any relevant docu") are >greatly appreciated. > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id NAA10460 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 13:55:57 -0800 (PST) Received: from mega (t1o69p93.telia.com [62.20.144.93]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id WAA25679; Sun, 5 Dec 1999 22:53:43 +0100 Message-ID: <003501bf3f73$d26904b0$020000c0@mega.vincent.se> From: "Anders Rundgren" <anders.rundgren@jaybis.com> To: "PKIX-List" <ietf-pkix@imc.org>, "Ilan Shacham" <ilans@arx.com>, "Eric Murray" <ericm@lne.com> Subject: Re: QC's - for human eyes only? Date: Sun, 5 Dec 1999 22:55:26 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id NAA10461 Eric, >There's nothing preventing one from sending the biometric outside the >certificate to be machine verified. The hash is there to tie that into >the cert. The point by Ilan was that the QC draft explicitly calls for HUMAN verification <snip> >However putting a biometric in a certificate is like putting your Social >Security Number and mother's maiden name in a certificate- it would >allow anyone who receives the certificate to be able to use those >irrevocable identifiers to impersonate you. If you steal somebody's private keys, the inclusion of biometric data in the certificate will on the contrary REDUCE the possibilities to impersonate the true owner. Privacy is another thing. Anders Received: from slack.lne.com (NoBody@slack.lne.com [209.157.136.83]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA08406 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 09:01:06 -0800 (PST) Received: (from ericm@localhost) by slack.lne.com (8.9.0/8.9.0) id JAA01673; Sun, 5 Dec 1999 09:00:39 -0800 Message-ID: <19991205090039.04669@slack.lne.com> Date: Sun, 5 Dec 1999 09:00:39 -0800 From: Eric Murray <ericm@lne.com> To: Ilan Shacham <ilans@arx.com> Cc: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org> Subject: Re: QC's - for human eyes only? References: <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.76 In-Reply-To: <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com>; from Ilan Shacham on Sun, Dec 05, 1999 at 02:39:13PM +0200 On Sun, Dec 05, 1999 at 02:39:13PM +0200, Ilan Shacham wrote: > Hi all, > Section 3.2.4 of the QC profile, which describes the biometricInfo > extension states: > > " ...This extension SHALL only be used to store a hash of biometric > information suitable for human verification, i.e. where decision > whether this information is an accurate representation of the subject > is performed by a physical person. This implies a usage where the > biometric information is represented by for example a graphical > image, displayed to the relying party, which MAY be used by the > relying party to enhance identification of the subject..." > > I don't see why we should limit ourselves in such a way, and not allow > for machine verification of biometric data (such as finger-prints, etc.). > It seems to me that even if today biometrics aren't advanced enough, > we should not limit ourselves towards the future. There's nothing preventing one from sending the biometric outside the certificate to be machine verified. The hash is there to tie that into the cert. > Another shortcoming of the biometricInfo extension, is that it does > not allow for the actual biometric data to be included, but instead > mandates the data to be accessed through a URI. This approach > may be relevent today, when biometric data is large, and memory > on smartcards is limited, but surely advances in the future would > allow the actual biometric data to be put in the certificate, it would > be a shame to create a new extension for ActualBiometricInfo... Actually, that would make sense. Since there are a number of different ways of representing biometric data, there would need to be some indication of which method (and which biometric) was used. A seperate extension could describe that in the OID, rather than needing to put that data in the extension itself. It's possible to shrink some biometric information down small enough to get it on a smartcard with no problem- I have done some work in the past which allowed me to accurately represent a fingerprint in at little as 100 bytes... if both biometric readers use the same algorithm for finding minutae and matching them, all you need to send are the minutae points themselves. However putting a biometric in a certificate is like putting your Social Security Number and mother's maiden name in a certificate- it would allow anyone who receives the certificate to be able to use those irrevocable identifiers to impersonate you. So biometric data should only be sent encrypted in a session key, if it's ever sent at all. -- Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5 Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id FAA06868 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 05:56:03 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id OAA41417; Sun, 5 Dec 1999 14:53:47 +0100 Received: by HYDRA with Microsoft Mail id <01BF3F30.5F3A0040@HYDRA>; Sun, 5 Dec 1999 14:52:37 +0100 Message-ID: <01BF3F30.5F3A0040@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org>, "'Ilan Shacham'" <ilans@arx.com> Cc: "'Stefan Santesson'" <stefan@accurata.se>, "'Magnus Nystrom'" <magnus@rsasecurity.com> Subject: RE: QC's - for human eyes only? Date: Sun, 5 Dec 1999 14:52:35 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Ilan, I agree 100% to what you are saying and exactly the points given by you I put in this list about a year ago. I.e. Finger-print support, in-line biometric data option, and no mentioning of how the verification is actually performed. The reason for not putting in finger-print information was said to be due to no request for such data [I don't count apparently - now we are two :-)] and that finger-print techniques are not yet established. My reaction to this was: Who have been asked? The PKIX-list is maybe not the only place to look in. And there are at least 10 companies working and shipping biometric finger-print sensors. Several "standard" formats exist today. Regarding the in-line data of biometric data, the IETF chair has told me that current computer technology is not capable of processing certs of lets say 10K size. My reaction to this is: What systems do really have such limitations? Must we create a standard for the next Millennium based on Windows 3.1-type of platforms? The only sensible thing would be to add a biometric data-type that contains a MIME-type identifying the content-type and a blob holding the actual data. The in-line feature has huge advantages over the current definition as you reduce network overhead, remain compatible with current authentication and signing schemes, and get a nice persistent container for all user data. You are absolutely right on the networked certificate solution as well. Even a part of PKCS #15 I think. I.e. there are no TECHNICAL problems whatsoever with adding your suggested features! Regards Anders Rundgren [slightly flaming] Senior Internet e-commerce architect ---------- From: Ilan Shacham [SMTP:ilans@arx.com] Sent: Sunday, December 05, 1999 13:39 To: Ietf-Pkix (E-mail) Subject: QC's - for human eyes only? Hi all, Section 3.2.4 of the QC profile, which describes the biometricInfo extension states: " ...This extension SHALL only be used to store a hash of biometric information suitable for human verification, i.e. where decision whether this information is an accurate representation of the subject is performed by a physical person. This implies a usage where the biometric information is represented by for example a graphical image, displayed to the relying party, which MAY be used by the relying party to enhance identification of the subject..." I don't see why we should limit ourselves in such a way, and not allow for machine verification of biometric data (such as finger-prints, etc.). It seems to me that even if today biometrics aren't advanced enough, we should not limit ourselves towards the future. Another shortcoming of the biometricInfo extension, is that it does not allow for the actual biometric data to be included, but instead mandates the data to be accessed through a URI. This approach may be relevent today, when biometric data is large, and memory on smartcards is limited, but surely advances in the future would allow the actual biometric data to be put in the certificate, it would be a shame to create a new extension for ActualBiometricInfo... I could also see why it would be relevent not to rely on the network for maintaining all the information needed to validate a certificate. Comments? Ilan ------------------------------------------------------------------------ Ilan Shacham mailto:ilans@arx.com Algorithmic Research Ltd. http://www.arx.com 10 Nevatim St., phone: 972 - 3 - 9279540 Petach-Tikva, Israel Fax: 972 - 3 - 9230864 Received: from mx.arx.com (mx.arx.com [212.25.66.96]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA06131 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 04:36:02 -0800 (PST) Received: by mx.arx.com with Internet Mail Service (5.5.2448.0) id <VL213YFS>; Sun, 5 Dec 1999 14:39:15 +0200 Message-ID: <6097687B2BCFD211AFA0006008C9A1A317B693@mx.arx.com> From: Ilan Shacham <ilans@arx.com> To: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org> Subject: QC's - for human eyes only? Date: Sun, 5 Dec 1999 14:39:13 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="ISO-8859-1" Hi all, Section 3.2.4 of the QC profile, which describes the biometricInfo extension states: " ...This extension SHALL only be used to store a hash of biometric information suitable for human verification, i.e. where decision whether this information is an accurate representation of the subject is performed by a physical person. This implies a usage where the biometric information is represented by for example a graphical image, displayed to the relying party, which MAY be used by the relying party to enhance identification of the subject..." I don't see why we should limit ourselves in such a way, and not allow for machine verification of biometric data (such as finger-prints, etc.). It seems to me that even if today biometrics aren't advanced enough, we should not limit ourselves towards the future. Another shortcoming of the biometricInfo extension, is that it does not allow for the actual biometric data to be included, but instead mandates the data to be accessed through a URI. This approach may be relevent today, when biometric data is large, and memory on smartcards is limited, but surely advances in the future would allow the actual biometric data to be put in the certificate, it would be a shame to create a new extension for ActualBiometricInfo... I could also see why it would be relevent not to rely on the network for maintaining all the information needed to validate a certificate. Comments? Ilan ------------------------------------------------------------------------ Ilan Shacham mailto:ilans@arx.com Algorithmic Research Ltd. http://www.arx.com 10 Nevatim St., phone: 972 - 3 - 9279540 Petach-Tikva, Israel Fax: 972 - 3 - 9230864 Received: from mx.arx.com (mx.arx.com [212.25.66.96]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA02115 for <ietf-pkix@imc.org>; Sun, 5 Dec 1999 01:55:35 -0800 (PST) Received: by mx.arx.com with Internet Mail Service (5.5.2448.0) id <VL213YB8>; Sun, 5 Dec 1999 11:58:52 +0200 Message-ID: <6097687B2BCFD211AFA0006008C9A1A317B692@mx.arx.com> From: Ilan Shacham <ilans@arx.com> To: "Ietf-Pkix (E-mail)" <ietf-pkix@imc.org> Subject: Internal conflict in QC profile? Date: Sun, 5 Dec 1999 11:58:42 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="ISO-8859-1" Hi all, The QC profile, in section 3.1.2 states: " ...Of these attributes, the subject field SHALL include at least one of the following: Choice I: commonName Choice II: givenName Choice III: pseudonym Other attributes may be present but MUST NOT be necessary to distinguish the subject name from other subject names within the issuer domain. ... ... The dnQualifier attribute type SHALL, when present, be used to differentiate between names where the subject field would otherwise be identical. This qualifier has no defined semantics beyond ensuring uniqueness of subject names. It MAY contain a number or code assigned by the CA or an identifier assigned by a government or civil authority. It is the CA's responsibility to ensure that the dnQualifier is sufficient to resolve any subject name collisions..." It looks to me that the first of these paragraphs should be changed to something like: Other attributes may be present but MUST NOT be necessary to distinguish the subject name from other subject names within the issuer domain, except for the dnQualifier attribute which may be used as described below. Ilan ------------------------------------------------------------------------ Ilan Shacham mailto:ilans@arx.com Algorithmic Research Ltd. http://www.arx.com 10 Nevatim St., phone: 972 - 3 - 9279540 Petach-Tikva, Israel Fax: 972 - 3 - 9230864 Received: from hotmail.com (f9.law4.hotmail.com [216.33.149.9]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id UAA13733 for <ietf-pkix@imc.org>; Sat, 4 Dec 1999 20:16:32 -0800 (PST) Received: (qmail 27956 invoked by uid 0); 5 Dec 1999 04:18:45 -0000 Message-ID: <19991205041845.27955.qmail@hotmail.com> Received: from 168.70.232.233 by www.hotmail.com with HTTP; Sat, 04 Dec 1999 20:18:45 PST X-Originating-IP: [168.70.232.233] From: "Franklin Lee" <franklinlee@hotmail.com> To: ietf-pkix@imc.org Subject: CRL Distribution Mechanism Evaluation and Considerations Date: Sun, 05 Dec 1999 04:18:45 GMT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Dear all, I'm interested in all experts' views on evaulating the distribution of the CRL(Certificate Revocation List) - LADP over SSL vs. HTTPS (HTTP over SSL) e.g, - what are the key considerations (e.g, performance, infrastructure) for choosing either protocol? - what are the current preferred practice as performed by the various CAs? (e.g. Thawte, Verisign)? Thanks a lot and any comments (e.g., links to any relevant docu") are greatly appreciated. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3-ext.email.verio.net [129.250.36.43]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id UAA15520 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 20:29:02 -0800 (PST) Received: from dfw-mmp3.email.verio.net ([129.250.38.63]) by dfw-smtpout3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FM78KV00.4WS for <ietf-pkix@imc.org>; Sat, 4 Dec 1999 04:31:43 +0000 Received: from nma.com ([209.21.28.126]) by dfw-mmp3.email.verio.net (Netscape Messaging Server 4.05) with ESMTP id FM78JT00.KLV; Sat, 4 Dec 1999 04:31:05 +0000 Message-ID: <3848992E.BFE0BFF2@nma.com> Date: Fri, 03 Dec 1999 20:31:42 -0800 From: Ed Gerck <egerck@nma.com> X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Peter Williams <peterw@valicert.com> CC: ietf-pkix@imc.org Subject: Re: non-repudiation, was Re: proposed key usage text References: <27FF4FAEA8CDD211B97E00902745CBE231AB17@seine.valicert.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Peter Williams wrote: > <snip, snip> > > Perhaps, what we need is the "durable communications" > assertion bit. > > Binding NR to asymmetric signatures is just a bad idea, in > my view. Its pretty clear to me that the EC directive will > accept a SSL server-generated, certificate-supported, > key exchange blob-set as one or more admissable and effective > electronic signature(s), just as it would an asymmetric > signature blob. > > You may have got the NR defn off of the NSA-aberism of > time-dependent, not evidence-dependent semantics, but its > still linked to asymmetric signatures, and thus > at odds with the technology-neutral regulatory > frameworks. Peter: I have no doubt that non-repudiation can be based on symmetric signatures. This is also mentioned in this list's archives, and by more than one poster. I may say thus this WG is NOT binding NR to asymmetric signatures, but just specifying the least requirements for NR *when* it is based on asymmetric signatures. I think your comment helps make this clear. Now, I must also say that nowhere in X.509 it is specified that NR can NOT be based on symmetric signatures. It only so restricts *authentication*, to wit: "The strong authentication method specified in this Recommendation | International Standard is based upon public-key cryptosystems." Thus, since we did manage to more clearly differentiate between authentication and non-repudiation functions in PKIX, which separation X.509 also predicates as quoted in the archives, it is IMO clear that yours is a valid question to ask -- "Why stop the NR discussion at asymmetric signatures in PKIX? Why not be more technologically-neutral?" Well, PKIX itself is NOT technologically-neutral for authentication (see above) -- which may already preempt the "technology-neutral" argument for PKIX in the eyes of many. So, this may be one answer to your question -- it is not required. However, in time and again, I believe facts will show that unless we enlarge our models (e.g., with symmetric NR) we will not be able to represent the real-world as we ourselves enlarge it. Then, IMO your question will be rediscovered and a solution will be more clearly needed. But, right now, I believe we should try to achieve closure on the current (limited, but useful) definition of NR in PKIX. It will be always fun though to investigate the next issues. Cheers, Ed Gerck Received: from xeti.com ([208.163.59.148]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA11128 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 15:52:28 -0800 (PST) Received: from xeti.com by xeti.com (SMI-8.6/SMI-SVR4) id QAA05129; Fri, 3 Dec 1999 16:12:31 -0800 Message-ID: <38485840.B4C80218@xeti.com> Date: Fri, 03 Dec 1999 15:54:40 -0800 From: Lewis McCarthy <lewis@xeti.com> Organization: Critical Path http://www.criticalpath.net X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: PKIX WG <ietf-pkix@imc.org> CC: Denis.Pinkas@bull.net, Lewis McCarthy <lewis@xeti.com> Subject: TSP 4: socket protocol negPollRep message type Content-Type: multipart/mixed; boundary="------------412E8BA059D7AA24DC999717" This is a multi-part message in MIME format. --------------412E8BA059D7AA24DC999717 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, I'm trying to understand the purpose of the socket-based protocol's negPollRep message type in draft-...-time-stamp-04. I gather that the message type was copied from the CMP spec to the TSP draft. CMP section 5.2 specifies an intended usage of negPollRep messages: "Where a PKIConfirm message is to be transported (always from the initiator to the responder) then a pkiMsg message is sent and a negPollRep is returned." However I don't see a situation in TSP where a negPollRep message would be needed. The draft states that a negPollRep is a valid reply to a tsaMsg or a pollReq. But a message indicating normal completion of the transaction -- with no additional information included -- doesn't appear useful in response to a TimeStampReq tsaMsg or a pollReq. If the client is asking for further information, then the TSA should furnish further information or signal an error. Could negPollRep be removed from the TSP socket protocol? Regards -Lewis McCarthy lewis@xeti.com --------------412E8BA059D7AA24DC999717 Content-Type: text/x-vcard; charset=us-ascii; name="lewis.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Lewis McCarthy Content-Disposition: attachment; filename="lewis.vcf" begin:vcard n:McCarthy;Lewis tel;cell:1-408-499-5708 tel;work:1-650-694-6813 x-mozilla-html:TRUE url:http://www.criticalpath.net org:Critical Path version:2.1 email;internet:lewis@xeti.com title:Software Engineer adr;quoted-printable:;;5150 El Camino Real=0D=0ASuite A-32;Los Altos;CA;94022;USA fn:Lewis McCarthy end:vcard --------------412E8BA059D7AA24DC999717-- Received: from dfssl.exchange.microsoft.com (dfssl.exchange.microsoft.com [131.107.88.59]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id OAA10092 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 14:33:43 -0800 (PST) Received: from 127.0.0.1 by dfssl.exchange.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 03 Dec 1999 12:34:28 -0800 (Pacific Standard Time) Received: by dfssl with Internet Mail Service (5.5.2650.21) id <YG18L446>; Fri, 3 Dec 1999 12:34:28 -0800 Message-ID: <9BE3A7FF0D67C341819FCA57736D5BC50106D42A@dino.platinum.corp.microsoft.com> From: "Jim Schaad (Exchange)" <jimsch@Exchange.Microsoft.com> To: "'Johannes Farmer'" <Johannes.Farmer@iaik.at>, ietf-pkix@imc.org Subject: RE: Certificates with DSA keys Date: Fri, 3 Dec 1999 12:33:50 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01BF3DCD.CBA7836A" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BF3DCD.CBA7836A Content-Type: text/plain; charset="iso-8859-1" There are a set of certificates an keys in the smime-examples draft from the s/mime group. > -----Original Message----- > From: Johannes Farmer [mailto:Johannes.Farmer@iaik.at] > Sent: Friday, December 03, 1999 12:55 AM > To: ietf-pkix@imc.org > Subject: Certificates with DSA keys > > > Does anybody know of a certification authority issuing X.509 > certificates > with DSA keys where the parameters are not included in the > subjectPublicKeyInfo AlgorithmIdentifier and therefore have > to be got from > the issuer certificate? If so, it would be great if she/he > would send me the > corresponding cert chain. We are implementing a Java > Cryptography toolkit > including a X.509 library and are interested in parsing such > a chain (of > course, we can build it by ourselves with our tool, but it > would be better > to compare it against some other implementations). > > Thank you very much in advance > > -- > Johannes Farmer > > > > ------_=_NextPart_001_01BF3DCD.CBA7836A Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2650.12"> <TITLE>RE: Certificates with DSA keys</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>There are a set of certificates an keys in the smime-examples draft from the s/mime group.</FONT> </P> <P><FONT SIZE=2>> -----Original Message-----</FONT> <BR><FONT SIZE=2>> From: Johannes Farmer [<A HREF="mailto:Johannes.Farmer@iaik.at">mailto:Johannes.Farmer@iaik.at</A>]</FONT> <BR><FONT SIZE=2>> Sent: Friday, December 03, 1999 12:55 AM</FONT> <BR><FONT SIZE=2>> To: ietf-pkix@imc.org</FONT> <BR><FONT SIZE=2>> Subject: Certificates with DSA keys</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> Does anybody know of a certification authority issuing X.509 </FONT> <BR><FONT SIZE=2>> certificates</FONT> <BR><FONT SIZE=2>> with DSA keys where the parameters are not included in the</FONT> <BR><FONT SIZE=2>> subjectPublicKeyInfo AlgorithmIdentifier and therefore have </FONT> <BR><FONT SIZE=2>> to be got from</FONT> <BR><FONT SIZE=2>> the issuer certificate? If so, it would be great if she/he </FONT> <BR><FONT SIZE=2>> would send me the</FONT> <BR><FONT SIZE=2>> corresponding cert chain. We are implementing a Java </FONT> <BR><FONT SIZE=2>> Cryptography toolkit</FONT> <BR><FONT SIZE=2>> including a X.509 library and are interested in parsing such </FONT> <BR><FONT SIZE=2>> a chain (of</FONT> <BR><FONT SIZE=2>> course, we can build it by ourselves with our tool, but it </FONT> <BR><FONT SIZE=2>> would be better</FONT> <BR><FONT SIZE=2>> to compare it against some other implementations).</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> Thank you very much in advance</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> --</FONT> <BR><FONT SIZE=2>> Johannes Farmer</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01BF3DCD.CBA7836A-- Received: from seine.valicert.com (corporate-gw.valicert.com [63.65.221.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA08787 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 12:55:42 -0800 (PST) Received: by seine.valicert.com with Internet Mail Service (5.5.2650.21) id <WZF04QAF>; Fri, 3 Dec 1999 12:54:13 -0800 Message-ID: <27FF4FAEA8CDD211B97E00902745CBE231AB17@seine.valicert.com> From: Peter Williams <peterw@valicert.com> To: Ed Gerck <egerck@nma.com>, ietf-pkix@imc.org Subject: RE: non-repudiation, was Re: proposed key usage text Date: Fri, 3 Dec 1999 12:54:12 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" http://europa.eu.int/comm/dg15/en/media/sign/elecsignen.pdf to get the benefits of QC, providers must use "durable means of [electronic] communication" to bind subscribers to governing terms and conditions concerning the use of certs. Is an SSL-server protocol session, using NON-signature-based data origin authentication, sufficient to act as a "durable means of communication", as it is used in Thawte/VeriSign CA world today to perform the binding of users to CPS-agreements? If it is, then "encryption-based" authentication **underpins** QC-grade, "signature-based" authentication and NR services. If encryption-based authentication is sufficient for this "durable" communciation purpose, why is it not sufficient for durable "authentication of communications" in general? If it can enable the contract which makes a QC-cert reliable, why cannot it enable other contract regimes!? Perhaps, what we need is the "durable communications" assertion bit. Binding NR to asymmetric signatures is just a bad idea, in my view. Its pretty clear to me that the EC directive will accept a SSL server-generated, certificate-supported, key exchange blob-set as one or more admissable and effective electronic signature(s), just as it would an asymmetric signature blob. You may have got the NR defn off of the NSA-aberism of time-dependent, not evidence-dependent semantics, but its still linked to asymmetric signatures, and thus at odds with the technology-neutral regulatory frameworks. > -----Original Message----- > From: Ed Gerck [mailto:egerck@nma.com] > Sent: Tuesday, November 30, 1999 11:04 AM > To: Peter Williams; ietf-pkix@imc.org > Subject: Re: non-repudiation, was Re: proposed key usage text > > > Peter: > > Thanks for the useful links, including patents. The topic > extension seems to be off-charter for PKIX -- though one may > expect that other standards and references may realign > themselves with PKIX, but this is on their turf. What could > be done here was IMO done to a large extent -- to clear the > PKIX discourse and to make NR useful and distinguished > from authentication, while reducing its potentially misleading > aspects. Especially useful was to clarify that NR has nothing > to do with "willful intent", it has to do with evidences. So, this > WG has now a rather objective agreement (if one also includes > the archives, for context) on NR and work can go on until this > agreement is again challenged by facts. Until then, I am happy > to pursue this discussion in private or in other technical fora > such as the MCG -- in particular on modeling NR as a "modus > tolens" logical affirmation in modal logic. > > Cheers, > > Ed Gerck > > Received: from ozspyrusmail.spyrus.com.au (fwuser@[203.46.55.130]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA08180 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 12:18:16 -0800 (PST) Message-ID: <001d01bf3dcb$e9a0ace0$3000010a@phenix.com.au> From: "Charles Moore" <cmoore@spyrus.com.au> To: "David P. Kemp" <dpkemp@missi.ncsc.mil>, <ietf-pkix@imc.org>, "Stefan Santesson" <stefan@accurata.se> References: <199912021503.KAA19187@ara.missi.ncsc.mil> <4.1.19991203140728.00d68500@mail.accurata.se> Subject: Re: unqualified topic - not solved yet. Date: Sat, 4 Dec 1999 06:20:39 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit ----- Original Message ----- From: Stefan Santesson <stefan@accurata.se> To: Charles Moore <cmoore@spyrus.com.au>; David P. Kemp <dpkemp@missi.ncsc.mil>; <ietf-pkix@imc.org> Sent: Friday, December 03, 1999 11:15 PM Subject: Re: unqualified topic - not solved yet. Charles, At 06:36 AM 12/3/99 +1000, Charles Moore wrote: <Snip> >> The description of the Subject is not as clear, but in a roundabout >> manner it indicates that the unmistakable identity of the subject is >> specified using a set of attributes where no single attribute is >> required to be populated. > >cm> This is the point... > >As we seem to agree, just need to make the text align... > I don't get it. We seems to agree that no unique identifier must be present. cm> I agree that a unique identifiy needs to be present, when and only when, there is a need to disabiguate non unique ( using whatever criteria one requires) people. This means that a) there is not a requirenment to populate either Dnq or Serial number ( the legacy attributes) if there s already unique identifiaction information present. On a policy basis, these values MAY be populated subject to national requirements. Note: The RFC is for open systems, a closed or propriety system may do what ever it likes, so a company system can make mandatory any of the above, but this is outside the scope of the RFC... But where do we have to align the text ????? cm> Make it represent what we agree without ambiguity.... If you assume that the term "unmistakable identity" = unique identifying code in a single attribute, then you must have missed the definition of unmistakable identity (section 2.4) cm> I dont, see above... "An unmistakable identity denotes a set of attributes and/or data elements, which forms an identity that by unmistakable means relates to a specific entity. The unmistakable connection between the identity and the entity may be dependent on the context within which the name is formed. This context should however be evident for any relying party given the information in the certificate. Some contexts, such as when identities are based on pseudonyms, may require assistance from the CA or a registration authority, to obtain a corresponding officially registered identity under some predefined circumstances, such as investigation of criminal offence." So, what is the problem here? cm> Does not address the issue. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata AB http://www.accurata.se Slagthuset Tel. +46-40 108588 211 20 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: from btec-fw.certco.com (btec-fw.certco.com [209.2.102.3]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA02814 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 05:39:19 -0800 (PST) From: BalluffiF@CertCo.com Received: from nycertco-srv1.ny.certco.com (nycertco-srv1.certco.com [10.100.24.12]) by btec-fw.certco.com (Postfix) with ESMTP id E309232DE0; Fri, 3 Dec 1999 08:41:31 -0500 (EST) Received: by nycertco-srv1.certco.com with Internet Mail Service (5.5.2650.21) id <XRZL88MD>; Fri, 3 Dec 1999 08:42:55 -0500 Message-ID: <1C01AEF219EAD2119DAF0000F840E64E0B7ED1@nycertco-srv1.certco.com> To: Johannes.Farmer@iaik.at, ietf-pkix@imc.org Subject: RE: Certificates with DSA keys Date: Fri, 3 Dec 1999 08:42:54 -0500 X-Mailer: Internet Mail Service (5.5.2650.21) There are two ways to represent a DSA public key: with its parameters without its paramets One is identified by id-dsa and the other by id-dsa-common. I forget which is which and would have to do some research to figure out which is which. Hope this helps. Frank Balluffi CertCo -----Original Message----- From: Johannes Farmer [mailto:Johannes.Farmer@iaik.at] Sent: Friday, December 03, 1999 3:55 AM To: ietf-pkix@imc.org Subject: Certificates with DSA keys Does anybody know of a certification authority issuing X.509 certificates with DSA keys where the parameters are not included in the subjectPublicKeyInfo AlgorithmIdentifier and therefore have to be got from the issuer certificate? If so, it would be great if she/he would send me the corresponding cert chain. We are implementing a Java Cryptography toolkit including a X.509 library and are interested in parsing such a chain (of course, we can build it by ourselves with our tool, but it would be better to compare it against some other implementations). Thank you very much in advance -- Johannes Farmer Received: from popmail.inbox.se (popmail.inbox.se [193.12.72.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA02356 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 05:12:43 -0800 (PST) Received: from stefan2 (accurata.inbox.se [193.12.72.24]) by popmail.inbox.se (8.9.3/8.9.3) with SMTP id OAA14042; Fri, 3 Dec 1999 14:15:09 +0100 Message-Id: <4.1.19991203140728.00d68500@mail.accurata.se> X-Sender: mb517@mail.accurata.se X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Fri, 03 Dec 1999 14:15:45 +0100 To: "Charles Moore" <cmoore@spyrus.com.au>, "David P. Kemp" <dpkemp@missi.ncsc.mil>, <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: Re: unqualified topic - not solved yet. In-Reply-To: <001701bf3d04$e4d8a4f0$3000010a@phenix.com.au> References: <199912021503.KAA19187@ara.missi.ncsc.mil> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id FAA02357 Charles, At 06:36 AM 12/3/99 +1000, Charles Moore wrote: <Snip> >> The description of the Subject is not as clear, but in a roundabout >> manner it indicates that the unmistakable identity of the subject is >> specified using a set of attributes where no single attribute is >> required to be populated. > >cm> This is the point... > >As we seem to agree, just need to make the text align... > I don't get it. We seems to agree that no unique identifier must be present. But where do we have to align the text ????? If you assume that the term "unmistakable identity" = unique identifying code in a single attribute, then you must have missed the definition of unmistakable identity (section 2.4) "An unmistakable identity denotes a set of attributes and/or data elements, which forms an identity that by unmistakable means relates to a specific entity. The unmistakable connection between the identity and the entity may be dependent on the context within which the name is formed. This context should however be evident for any relying party given the information in the certificate. Some contexts, such as when identities are based on pseudonyms, may require assistance from the CA or a registration authority, to obtain a corresponding officially registered identity under some predefined circumstances, such as investigation of criminal offence." So, what is the problem here? /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata AB http://www.accurata.se Slagthuset Tel. +46-40 108588 211 20 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: from iaik.tu-graz.ac.at (excalibur.iaik.tu-graz.ac.at [129.27.152.30]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id AAA27430 for <ietf-pkix@imc.org>; Fri, 3 Dec 1999 00:56:17 -0800 (PST) Received: from cicero [129.27.152.137] by iaik.tu-graz.ac.at (SMTPD32-5.05) id A57D5B30052; Fri, 03 Dec 1999 09:55:25 +0100 Received: from localhost [127.0.0.1] by cicero (IAIK S/MIME Mapper 2.0alpha2d 26/November/1999); Fri, 03 Dec 1999 09:55:09 +0100 Message-ID: <004101bf3d6c$19ea96f0$89981b81@iaik.at> From: "Johannes Farmer" <Johannes.Farmer@iaik.at> To: <ietf-pkix@imc.org> Subject: Certificates with DSA keys Date: Fri, 3 Dec 1999 09:55:07 +0100 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; boundary="--IAIK.SMIME.MAPPER.0BE64DA5--"; protocol="application/x-pkcs7-signature" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 This is a multipart MIME message, it may require a MIME capable user agent. ----IAIK.SMIME.MAPPER.0BE64DA5-- Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Does anybody know of a certification authority issuing X.509 certificates with DSA keys where the parameters are not included in the subjectPublicKeyInfo AlgorithmIdentifier and therefore have to be got from the issuer certificate? If so, it would be great if she/he would send me the corresponding cert chain. We are implementing a Java Cryptography toolkit including a X.509 library and are interested in parsing such a chain (of course, we can build it by ourselves with our tool, but it would be better to compare it against some other implementations). Thank you very much in advance -- Johannes Farmer ----IAIK.SMIME.MAPPER.0BE64DA5-- Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAA oIIUvDCCBBswggMHoAMCAQICAwGGzzAJBgUrDgMCHQUAMIIBEzELMAkGA1UEBhMC QVQxDzANBgNVBAgTBlN0eXJpYTENMAsGA1UEBxMER1JBWjEZMBcGA1UECRMQSW5m ZmVsZGdhc3NlIDE2YTEmMCQGA1UEChMdR1JBWiBVTklWRVJTSVRZIE9GIFRFQ0hO T0xPR1kxRzBFBgNVBAsTPkluc2l0dXRlIGZvciBBcHBsaWVkIEluZm9ybWF0aW9u IFByb2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25zMRkwFwYDVQQLExBJQUlLIElO VFJBTkVUIENBMRkwFwYDVQQDExBJQUlLIFRVLUdSQVogU0lHMSIwIAYDVQQMExlJ QUlLIGVsZWN0cm9uaWMgc2lnbmF0dXJlMB4XDTk5MTEyNTEzMTcyM1oXDTAwMTEy NTEzMTcyM1owgZgxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJ VFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQg SW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGDAWBgNV BAMTD0pvaGFubmVzIEZhcm1lcjCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEA pRW9GhKHHWzU1dj3YRAi1ffARNhAf+zD85GpmK4HXeBWaYoHswtjh1iHYcHeahPJ S6Dg08m5ABvChwYdX6vUBIYNtqFirfzpvH0eEpwewhG+CJr6KFTamI5a5k7fz3iD mUSFl8H32ecO1krGNQxlRVPhykWCJW4d/2Nkd96Vg2sCAQejfjB8MBEGCWCGSAGG +EIBAQQEAwIAoDAoBglghkgBhvhCAQ0EGxYZVXNlci1DZXJ0aWZpY2F0ZSBJTlRS QU5FVDAMBgNVHRMEBTADAQEAMCIGA1UdEQQbMBmBF0pvaGFubmVzLkZhcm1lckBp YWlrLmF0MAsGA1UdDwQEAwIGwDAJBgUrDgMCHQUAA4IBAQBphMi1ssvvYfNIWXUq Aa5F/DAGg/HCkUAaN0Txw1gtMSko72C9xSaLBGIhBO6sJydejcr05OcvSaMNFv+l ytW2lDPAyuBEnqtf4I3qVRb9h8wqzbHbf1l6a0HvK8UUS4ClnA7OKj6oU3aaHtBP FgDh9Qr4gc3Zh4/GFi0+mBysIUWOAbhwJD64OOyUL0oB9QEHL5csfgY/xDOp5x4h ikPRPWacHo9WHgUwkViP3cbEoPL8RohfXwaT1yFArsC+YJeH8ltoxZsAm5E/Flxm Y0LvRUI8zRYK/fovqI31DNdW0KnQny/ZkkwWduqfGuThMUq9t68twLz236CNCG61 zUdWMIIEVDCCA0CgAwIBAgICTiAwCQYFKw4DAh0FADCBmTELMAkGA1UEBhMCQVQx JjAkBgNVBAoTHUdSQVogVU5JVkVSU0lUWSBPRiBURUNITk9MT0dZMUcwRQYDVQQL Ez5JbnNpdHV0ZSBmb3IgQXBwbGllZCBJbmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFu ZCBDb21tdW5pY2F0aW9uczEZMBcGA1UEAxMQSUFJSyBJTlRSQU5FVCBDQTAeFw05 OTExMTQxMjUxNDlaFw0wMjEyMzEyMjU5MzBaMIIBEzELMAkGA1UEBhMCQVQxDzAN BgNVBAgTBlN0eXJpYTENMAsGA1UEBxMER1JBWjEZMBcGA1UECRMQSW5mZmVsZGdh c3NlIDE2YTEmMCQGA1UEChMdR1JBWiBVTklWRVJTSVRZIE9GIFRFQ0hOT0xPR1kx RzBFBgNVBAsTPkluc2l0dXRlIGZvciBBcHBsaWVkIEluZm9ybWF0aW9uIFByb2Nl c3NpbmcgYW5kIENvbW11bmljYXRpb25zMRkwFwYDVQQLExBJQUlLIElOVFJBTkVU IENBMRkwFwYDVQQDExBJQUlLIFRVLUdSQVogU0lHMSIwIAYDVQQMExlJQUlLIGVs ZWN0cm9uaWMgc2lnbmF0dXJlMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKC AQEA0soSrmRrC9RD5OZjkxvEc4R0v1Wvv1mI7O2ZvdZ8FR7tflxSyXifOQCApEkO 8qvZVmvbq9+HMsGzYZf/UMWjgToh5DLwLl8bNgav7oXv4RG9U+14DtdqbRvNKkjj /P5yscNT15W1JHdaw/e9u5jv+bab2oBEH8+wmUOcCOB5KzcObh/77Ce9sEXEUxc5 h8v5zl92PbFy3f1e0xvI9cdKDVrEd29LRxFjPjnNUKuRXwpJ6DDAorUg9/HFCwgn CybVcZDomqVmmaw11ALob7IYbET45F4eiM6arGRLUSOuErqy6FFEoT79dPBCxOq3 0CrZvRTZ5RUQ/eeHYsHxR5KP5QIBBaMzMDEwEQYJYIZIAYb4QgEBBAQDAgACMA8G A1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMAkGBSsOAwIdBQADggEBAHNup75e Y0LKaKg9H846WZKhgEZhVY/bhzalaFrbasP8ureOjoSVHHjxJl5CrBT+DbghcdjM r5m1m+kekDUOVn6GqxlskN/NnEDepnHD0ucHg41wM2HhmVJMffSu9J3FcZMKu6yD QISbWq4tl0i8ZnwSck2K2blhIHeQvTQbn9rt4mcgK2qzij26wY2cY5l8AW2e7bHw IUlTBkq9jg4EHEI3+2Z3TSLEGS++R5DdtT4/v8d8JzAgEBedPj7fIqAIGf0gLncZ nWDa9orSNL5rFf8Yw9TULsG+vh8Jkdi8XJYTM609VW7Uw5ESw/4fCygtTqSlfJUJ UuyK/jnf1zWnyiYwggPKMIICsqADAgECAgEBMA0GCSqGSIb3DQEBBAUAMIGZMQsw CQYDVQQGEwJBVDEmMCQGA1UEChMdR1JBWiBVTklWRVJTSVRZIE9GIFRFQ0hOT0xP R1kxRzBFBgNVBAsTPkluc2l0dXRlIGZvciBBcHBsaWVkIEluZm9ybWF0aW9uIFBy b2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25zMRkwFwYDVQQDExBJQUlLIElOVFJB TkVUIENBMB4XDTk5MTExNDEyMzE1OVoXDTAyMTIzMTIyNTkzMFowgZkxCzAJBgNV BAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFH MEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vz c2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGTAXBgNVBAMTEElBSUsgSU5UUkFORVQg Q0EwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQDC6/iB3uqngLWC5H78 ckSOqIK7wT+YijxAWe4909clSS+wgzxh/IYD7COKrehZ84djLgKvOCUufM1+cS6h FAvxOccNccgM6KwuslsMRkYW/n704ODpTNiVbE5ciTuhfwVpV7mVN95YBpMv0V/O LCLVyoZoW1D7HJx2AbFSnEDuaxXEaySv+XNTIWv23EDVQ0GkMPh0Qr6+0+JgFWIv g1Sb+o29/dwqAwZ33xj/5nCJBRhTuQ+pcnz/EIkrNOvtLpyGFsFJ9WM0CNkTQQI1 6wrgCbZX+KmKxlwtPTXoPMpqCNrjoJaOrHFomV7f6a8VqIvm7T1/KFg5efuwxLQn 9K8fAgEHox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B AQQFAAOCAQEAH3TjCf3j5Zq2NH5ZIIi+r8kQwblhnCGgf6BqH54Cc20C2u19rIVs 6SIlab6OuF3IyAbqHKRK4SEH3NlGU0qmGE+0dlMnYdMFXqknFEbsLooRVET4SOxl gkqzcMptpa8LL2tl4fzE8s4V7Pb6NvXT9nY43pTfJ9+O3V4SiTmCdLbAOfN2nxCp ir5H8wG/rEC8RJj8mrEEwhiTHnP4loy07BA0Xwq0TmFYA2eDXAqYkUr/ZlsOrD2A fAoX+XyatcGhc5bhWElJLhduDSlaKa9ROHSrdi3Nc3TERkc7SkFnlIgS5KhQkMbI uoma5dZ7zAnRfrHLi4+xuJTbIcep9WXGmzCCBBswggMHoAMCAQICAwMNbzAJBgUr DgMCHQUAMIIBEzELMAkGA1UEBhMCQVQxDzANBgNVBAgTBlN0eXJpYTENMAsGA1UE BxMER3JhejEZMBcGA1UECRMQSW5mZmVsZGdhc3NlIDE2YTEmMCQGA1UEChMdR1JB WiBVTklWRVJTSVRZIE9GIFRFQ0hOT0xPR1kxRzBFBgNVBAsTPkluc2l0dXRlIGZv ciBBcHBsaWVkIEluZm9ybWF0aW9uIFByb2Nlc3NpbmcgYW5kIENvbW11bmljYXRp b25zMRkwFwYDVQQLExBJQUlLIElOVFJBTkVUIENBMRswGQYDVQQDExJJQUlLIFRV LUdSQVogQ1JZUFQxIDAeBgNVBAwTF0lBSUsgY29uZmlkZW50aWFsaXR5IENBMB4X DTk5MTEyNTEzMTgxNloXDTAwMTEyNTEzMTgxNlowgZgxCzAJBgNVBAYTAkFUMSYw JAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UECxM+ SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQg Q29tbXVuaWNhdGlvbnMxGDAWBgNVBAMTD0pvaGFubmVzIEZhcm1lcjCBnTANBgkq hkiG9w0BAQEFAAOBiwAwgYcCgYEA5/AaYpZQm1kSSfYWLChCui4dOdlTJjilAIo0 U9WzajiaMa3bEdlhz/7KVQKJ2s7zvvVW2Hcb6dpcj+6qqDZM6JAcgvtMqnzCBqHw DaXPNhgPGoQmA+U9ymiRqCthw3xCTFpNvzzZZs/EjmnxoZXWyw8kkqUzstkNvqr/ nBd+IdcCAQOjfjB8MBEGCWCGSAGG+EIBAQQEAwIAoDAoBglghkgBhvhCAQ0EGxYZ VXNlci1DZXJ0aWZpY2F0ZSBJTlRSQU5FVDAMBgNVHRMEBTADAQEAMCIGA1UdEQQb MBmBF0pvaGFubmVzLkZhcm1lckBpYWlrLmF0MAsGA1UdDwQEAwIDeDAJBgUrDgMC HQUAA4IBAQA+Z03ZapH4FPt3NHzlTRrZF2+L5igdStueegzFspcaJnCp/cVwLBhd tlKaHiUEuDoBL6TMO5mCPCPYBfsImtzgCuiOrExA4l5LrTPDGJfvF/xCW6xeMGNJ 4QT7wug8RF+mirfvzX34nBxtXozTPrWT+4kkuhXaUP/SkTuGOHbqMiibv179h2Ka WTsQPsb+TR1gBUGYFcS2100OR+XBSES9U6D+ngSqmJAXNBhXR201SYU4SuSv/NWH KqJGM0keRemugc1mKXiVuF0qEB7NgHIOMK/Mvv2o8f2NRNUq5hvpHHTq+3z6LKSg xWJjOisGFJYs0NmcYWCbvUM5TS27THnlMIIEVDCCA0CgAwIBAgICdTAwCQYFKw4D Ah0FADCBmTELMAkGA1UEBhMCQVQxJjAkBgNVBAoTHUdSQVogVU5JVkVSU0lUWSBP RiBURUNITk9MT0dZMUcwRQYDVQQLEz5JbnNpdHV0ZSBmb3IgQXBwbGllZCBJbmZv cm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEZMBcGA1UEAxMQ SUFJSyBJTlRSQU5FVCBDQTAeFw05OTExMTQxMjU1MzZaFw0wMjEyMzEyMjU5MzBa MIIBEzELMAkGA1UEBhMCQVQxDzANBgNVBAgTBlN0eXJpYTENMAsGA1UEBxMER3Jh ejEZMBcGA1UECRMQSW5mZmVsZGdhc3NlIDE2YTEmMCQGA1UEChMdR1JBWiBVTklW RVJTSVRZIE9GIFRFQ0hOT0xPR1kxRzBFBgNVBAsTPkluc2l0dXRlIGZvciBBcHBs aWVkIEluZm9ybWF0aW9uIFByb2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25zMRkw FwYDVQQLExBJQUlLIElOVFJBTkVUIENBMRswGQYDVQQDExJJQUlLIFRVLUdSQVog Q1JZUFQxIDAeBgNVBAwTF0lBSUsgY29uZmlkZW50aWFsaXR5IENBMIIBIDANBgkq hkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAwSfONq2Jz3TGLlVGavSLY7XpnVpISVAV mK2g28DMbD4p6E5O4p5SvkAseJv20Yic2b6M9NZUaX+7kdpvUlHNePTEArKq9n4q mEbLpqDpVwJXJImZ5jUCpMzRbvxd0VBeeVm5yIG/TQq2i6Vv8q2CHpzRg2CjhQxV 3GMYcnB6JtPUAa+UV7YGq6XC27A4ui8wi4jIceH6joXYddgpQHngYmmJrUHYh+ap ykEEV1i0OUfKvG6AHlCG6EujQGMPyMJ7wHaCRCcjbAh7J+kuUf67f9VACXXZxkqS pqo+k6A//Oex2HrZAFJputGW68Kn05Bb0zy76YmWvEghXC1OF/MhbQIBBaMzMDEw EQYJYIZIAYb4QgEBBAQDAgACMA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEG MAkGBSsOAwIdBQADggEBAFr6/gkjOpsHJ28U5o/90DkP8YtYRaM9MXy0pw+HGURg AEfx1bkTa2T+c0TYIPIaOQm1H6j2SIIMJrg3+qVzYt6kmlrQjbweLjAJ3QK7FJak S4Mc0Otbpj9tTyAnwOmyRWX6VHRAWSpIJYC7dtjR7ZW9R9+TaW2vHUq87ri8Zf5r JmfY/udoYc99iMIFZQrNbTNLxyFV/Rp6G7+pcW5kN/LUyUOASc+XUNDW9IsIyYUQ Nz32I3NwJTsguf5GBY81g9WEJSqgNDpu5fTSiF81VL84eCqRalrUcu8tFeoT02Zh Qm9+ETbMJjrDptMwTch8MJdFq3ZDe3A/j+I/3G2xNs8xggJ4MIICdAIBATCCARww ggETMQswCQYDVQQGEwJBVDEPMA0GA1UECBMGU3R5cmlhMQ0wCwYDVQQHEwRHUkFa MRkwFwYDVQQJExBJbmZmZWxkZ2Fzc2UgMTZhMSYwJAYDVQQKEx1HUkFaIFVOSVZF UlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxp ZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGTAX BgNVBAsTEElBSUsgSU5UUkFORVQgQ0ExGTAXBgNVBAMTEElBSUsgVFUtR1JBWiBT SUcxIjAgBgNVBAwTGUlBSUsgZWxlY3Ryb25pYyBzaWduYXR1cmUCAwGGzzAJBgUr DgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF MQ8XDTk5MTIwMzA4NTUwOVowIwYJKoZIhvcNAQkEMRYEFP+EEK7bq/L9Po1tCU6D E0plGPD6MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwIC AgCAMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMAcGBSsOAwIHMA0GCSqG SIb3DQEBAQUABIGAT3Yrx7eVbDAekEPsREd//fRnFAoDvKmDezsfPdrwDIICItLT Tpr5jFQk+520SDIQmmgqWw+Uz0EHXS1r9FSIJ6lNPKHb/sJJPba3Un4LRIUjnL8F Sfsc8bJcPzTuPNXdRdham0aPDMtU8SdU5Tii4JRT8X51WDtDowhj2kU4G3EAAAAAAAA= ----IAIK.SMIME.MAPPER.0BE64DA5---- Received: from ozspyrusmail.spyrus.com.au (fwuser@[203.46.55.130]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA04816 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 12:33:49 -0800 (PST) Message-ID: <001701bf3d04$e4d8a4f0$3000010a@phenix.com.au> From: "Charles Moore" <cmoore@spyrus.com.au> To: "David P. Kemp" <dpkemp@missi.ncsc.mil>, <ietf-pkix@imc.org> References: <199912021503.KAA19187@ara.missi.ncsc.mil> Subject: Re: unqualified topic - not solved yet. Date: Fri, 3 Dec 1999 06:36:00 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit ----- Original Message ----- From: David P. Kemp <dpkemp@missi.ncsc.mil> To: <ietf-pkix@imc.org> Sent: Friday, December 03, 1999 1:03 AM Subject: RE: unqualified topic - not solved yet. > The current QC profile (draft -02) does not require that any "feature" > be populated ... how did you get the impression that one particular > attribute might be special-cased in the next draft? cm> This email thread... > >snip > > The description of the Subject is not as clear, but in a roundabout > manner it indicates that the unmistakable identity of the subject is > specified using a set of attributes where no single attribute is > required to be populated. cm> This is the point... As we seem to agree, just need to make the text align... > > Dave Kemp > > > > > From: Charles Moore <cmoore@spyrus.com.au> > > > > -----Original Message----- > > From: Anders Rundgren [mailto:anders.rundgren@jaybis.com] > > Sent: Wednesday, 1 December 1999 20:18 > > To: 'ietf-pkix@imc.org'; 'Stefan Santesson'; 'Tony Bartoletti'; 'Charles > > Moore' > > Cc: 'David P. Kemp' > > Subject: RE: unqualified topic - not solved yet. > > > > > > Charles, > > > > <snip> > > > > cm> If all certs must have an unique identifier then one CANNOT control the > > usage of the number.... > > > > They don't. This is just a "feature" that some QC-implementations > > (profiles) require. > > > > If unique identifiers are bad or good is outside of the QC-draft. The > > technical reasons > > for using them are pretty clear. As well as the possible consequences as > > you point out. > > > > cm> My point was that the QC profile must not require that the "feature" is > > always populated... I belive that you agree.... > Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA29395; Thu, 2 Dec 1999 07:09:24 -0800 (PST) Received: from st12.ncsl.nist.gov (st12.ncsl.nist.gov [129.6.54.66]) by csmes.ncsl.nist.gov (8.9.3+Sun/8.6.4jck0) with SMTP id KAA13603; Thu, 2 Dec 1999 10:11:25 -0500 (EST) Message-Id: <3.0.5.32.19991202101537.01fbd140@csmes.ncsl.nist.gov> X-Sender: polk@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 02 Dec 1999 10:15:37 -0500 To: Paul Hoffman / IMC <phoffman@imc.org>, Russ Housley <housley@spyrus.com> From: Tim Polk <wpolk@nist.gov> Subject: Re: proposed key usaged text -- the final round Cc: Denis Pinkas <Denis.Pinkas@bull.net>, ietf-pkix@imc.org In-Reply-To: <4.2.1.19991201115521.053abd00@mail.imc.org> References: <4.2.0.58.19991201124526.009cf3b0@mail.spyrus.com> <3.0.5.32.19991126162233.01fd28b0@csmes.ncsl.nist.gov> <383D14D0.82279C4@bull.net> <4.2.0.58.19991124152024.009f3760@mail.spyrus.com> Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Russ & Paul, I agree, the security considerations section is the right place to address this. Do you have a problem with the paragraph if it goes there? Thanks, Tim At 11:56 AM 12/01/1999 -0800, Paul Hoffman / IMC wrote: >At 12:48 PM 12/1/99 -0500, Russ Housley wrote: >>>> <excerpt>>Denis Pinkas proposed the following: > > The protection afforded private keys is a critical factor in main- > taining security. On a small scale, failure of users to protect > their private keys will permit an attacker to masquerade as them, or > decrypt their personal information. [stuff about CA keys deleted] > >Tim Polk countered with the following: > > A CA may include the key usage extension and assert the >nonRepudiation bit > when issuing a certificate. This implies that a reliable third >party will > be able to determine the authenticity of signed data in the event of >a dispute. > If the certificate subject uses the private key in an insecure >environment, > it may be difficult to detect or prevent key compromise. This could >prevent a > reliable third party from determining the authenticity of signed >data. A CA > should consider the environment of the private key before asserting the > nonRepudiation bit. > >I have a problem with either paragraph being added to this >section. Consequences of detected and undetected compromise belong in the >Security Considerations section, not here. > >Russ </excerpt><<<<<<<< >> >I agree fully with Russ. There are dozens of places in this document where >we could also talk about the problem of the signing party's key being >compromised, and this one isn't all that important relative to the others. > >--Paul Hoffman, Director >--Internet Mail Consortium > > Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA29175 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 07:05:45 -0800 (PST) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id KAA15453 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 10:08:46 -0500 (EST) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id KAA15449 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 10:08:45 -0500 (EST) Received: from ara.missi.ncsc.mil (ara.missi.ncsc.mil [144.51.58.9]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id KAA07602 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 10:07:59 -0500 (EST) Received: from ara.missi.ncsc.mil (ara.missi.ncsc.mil [144.51.58.9]) by ara.missi.ncsc.mil (8.9.1b+Sun/8.9.1) with SMTP id KAA19187 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 10:03:24 -0500 (EST) Message-Id: <199912021503.KAA19187@ara.missi.ncsc.mil> Date: Thu, 2 Dec 1999 10:03:24 -0500 (EST) From: "David P. Kemp" <dpkemp@missi.ncsc.mil> Reply-To: "David P. Kemp" <dpkemp@missi.ncsc.mil> Subject: RE: unqualified topic - not solved yet. To: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: yn3/Q0lsKVU56TuxFseYLw== X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc The current QC profile (draft -02) does not require that any "feature" be populated ... how did you get the impression that one particular attribute might be special-cased in the next draft? The description of every attribute in the current draft, including dnQualifier, begins with: "The xxx attribute type SHALL, when present, be used to ..." The description of the Issuer is quite clear: "The unmistakable identity of the issuer SHALL be specified using an appropriate subset of the following attributes.:" The description of the Subject is not as clear, but in a roundabout manner it indicates that the unmistakable identity of the subject is specified using a set of attributes where no single attribute is required to be populated. Dave Kemp > From: Charles Moore <cmoore@spyrus.com.au> > > -----Original Message----- > From: Anders Rundgren [mailto:anders.rundgren@jaybis.com] > Sent: Wednesday, 1 December 1999 20:18 > To: 'ietf-pkix@imc.org'; 'Stefan Santesson'; 'Tony Bartoletti'; 'Charles > Moore' > Cc: 'David P. Kemp' > Subject: RE: unqualified topic - not solved yet. > > > Charles, > > <snip> > > cm> If all certs must have an unique identifier then one CANNOT control the > usage of the number.... > > They don't. This is just a "feature" that some QC-implementations > (profiles) require. > > If unique identifiers are bad or good is outside of the QC-draft. The > technical reasons > for using them are pretty clear. As well as the possible consequences as > you point out. > > cm> My point was that the QC profile must not require that the "feature" is > always populated... I belive that you agree.... Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id CAA22670 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 02:21:47 -0800 (PST) Received: from secude.com (ip27.secude.com [141.12.207.27]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id LAA01979 for <ietf-pkix@imc.org>; Thu, 2 Dec 1999 11:23:52 +0100 (MET) Message-ID: <38459958.98829EEC@secude.com> Date: Wed, 01 Dec 1999 22:55:36 +0100 From: Harald Giehl <giehl@secude.com> Organization: SECUDE Sicherheitstechnologie Informationssysteme GmbH X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: unsubscribe Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received: from ozspyrusmail.spyrus.com.au (fwuser@[203.46.55.130]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA01415 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 16:35:20 -0800 (PST) Message-ID: <917ACEDEAC7DD211A0660080C890305F093AE3@OZSPYRUSMAIL> From: Charles Moore <cmoore@spyrus.com.au> To: "'Anders Rundgren'" <anders.rundgren@jaybis.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefan@accurata.se>, "'Tony Bartoletti'" <azb@llnl.gov>, Charles Moore <cmoore@spyrus.com.au> Cc: "'David P. Kemp'" <dpkemp@missi.ncsc.mil> Subject: RE: unqualified topic - not solved yet. Date: Thu, 2 Dec 1999 10:38:42 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@jaybis.com] Sent: Wednesday, 1 December 1999 20:18 To: 'ietf-pkix@imc.org'; 'Stefan Santesson'; 'Tony Bartoletti'; 'Charles Moore' Cc: 'David P. Kemp' Subject: RE: unqualified topic - not solved yet. Charles, <snip> cm> If all certs must have an unique identifier then one CANNOT control the usage of the number.... They don't. This is just a "feature" that some QC-implementations (profiles) require. If unique identifiers are bad or good is outside of the QC-draft. The technical reasons for using them are pretty clear. As well as the possible consequences as you point out. cm> My point was that the QC profile must not require that the "feature" is always populated... I belive that you agree.... Regarding the changed serialnumber semantics: Does it break any existing code? I can hardly see that. cm> See assocaited email, that provides an example (not mine).... Anders Received: from v4j31 (ip12.proper.com [165.227.249.12]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA27222; Wed, 1 Dec 1999 11:52:51 -0800 (PST) Message-Id: <4.2.1.19991201115521.053abd00@mail.imc.org> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.1 Date: Wed, 01 Dec 1999 11:56:46 -0800 To: Russ Housley <housley@spyrus.com>, Tim Polk <wpolk@nist.gov> From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: proposed key usaged text -- the final round Cc: Denis Pinkas <Denis.Pinkas@bull.net>, ietf-pkix@imc.org In-Reply-To: <4.2.0.58.19991201124526.009cf3b0@mail.spyrus.com> References: <3.0.5.32.19991126162233.01fd28b0@csmes.ncsl.nist.gov> <383D14D0.82279C4@bull.net> <4.2.0.58.19991124152024.009f3760@mail.spyrus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed At 12:48 PM 12/1/99 -0500, Russ Housley wrote: >I have a problem with either paragraph being added to this >section. Consequences of detected and undetected compromise belong in the >Security Considerations section, not here. I agree fully with Russ. There are dozens of places in this document where we could also talk about the problem of the signing party's key being compromised, and this one isn't all that important relative to the others. --Paul Hoffman, Director --Internet Mail Consortium Received: from mail.spyrus.com (mail.spyrus.com [207.212.34.20]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA26807 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 11:34:18 -0800 (PST) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by mail.spyrus.com (8.9.3/8.9.3) with ESMTP id LAA23200; Wed, 1 Dec 1999 11:34:27 -0800 (PST) Message-Id: <4.2.0.58.19991201124526.009cf3b0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Wed, 01 Dec 1999 12:48:41 -0500 To: Tim Polk <wpolk@nist.gov> From: Russ Housley <housley@spyrus.com> Subject: Re: proposed key usaged text -- the final round Cc: Denis Pinkas <Denis.Pinkas@bull.net>, ietf-pkix@imc.org In-Reply-To: <3.0.5.32.19991126162233.01fd28b0@csmes.ncsl.nist.gov> References: <383D14D0.82279C4@bull.net> <4.2.0.58.19991124152024.009f3760@mail.spyrus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Denis Pinkas proposed the following: The protection afforded private keys is a critical factor in main- taining security. On a small scale, failure of users to protect their private keys will permit an attacker to masquerade as them, or decrypt their personal information. [stuff about CA keys deleted] Tim Polk countered with the following: A CA may include the key usage extension and assert the nonRepudiation bit when issuing a certificate. This implies that a reliable third party will be able to determine the authenticity of signed data in the event of a dispute. If the certificate subject uses the private key in an insecure environment, it may be difficult to detect or prevent key compromise. This could prevent a reliable third party from determining the authenticity of signed data. A CA should consider the environment of the private key before asserting the nonRepudiation bit. I have a problem with either paragraph being added to this section. Consequences of detected and undetected compromise belong in the Security Considerations section, not here. Russ Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA25859 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 10:59:54 -0800 (PST) Received: from catalyst (catalyst.llnl.gov [128.115.223.61]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with SMTP id LAA04308; Wed, 1 Dec 1999 11:01:55 -0800 (PST) Message-Id: <3.0.3.32.19991201110133.00a0d170@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 01 Dec 1999 11:01:33 -0800 To: Tim Polk <wpolk@nist.gov>, "Anders Rundgren" <anders.rundgren@jaybis.com>, "Denis Pinkas" <Denis.Pinkas@bull.net>, "Russ Housley" <housley@spyrus.com>, <ietf-pkix@imc.org> From: Tony Bartoletti <azb@llnl.gov> Subject: Re: Server-signatures: Re: proposed key usaged text -- the final round In-Reply-To: <3.0.5.32.19991201111839.00b3f100@csmes.ncsl.nist.gov> References: <002001bf3bb8$bce41a30$020000c0@mega.vincent.se> Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" At 11:18 AM 12/01/1999 -0500, Tim Polk wrote: >>>> <excerpt>Here is the full paragraph from RFC 2459. <bigger> The protection afforded private keys is a critical factor in maintaining security. On a small scale, failure of users to protect their private keys will permit an attacker to masquerade as them, or decrypt their personal information. On a larger scale, compromise of a CA's private signing key may have a catastrophic effect. If an attacker obtains the private key unnoticed, the attacker may issue bogus certificates and CRLs. Existence of bogus certificates and CRLs will undermine confidence in the system. If the compromise is detected, all certificates issued to the CA shall be revoked, preventing services between its users and users of other CAs. Rebuilding after such a compromise will be problematic, so CAs are advised to implement a combination of strong technical measures (e.g., tamper-resistant cryptographic modules) and appropriate management procedures (e.g., separation of duties) to avoid such an incident. </bigger></excerpt> Tim, Thanks. It helped to have the full paragraph. It now comes across as speaking to potential CAs more than to EEs. Compromise of CA signing keys is certainly catastrophic! ___tony___ <excerpt>Yes, things are slightly different if the key represents a corporate identity (instead of a person), but not much. Compromise still permits an attacker to masquerade, but as a corporate entity instead of as a person. In my opinion, the security considerations text can ignore these differences. The NR document, on the other hand, may need to address those subtleties. Thanks, Tim Polk </excerpt><<<<<<<< Tony Bartoletti LL IOWA Center LL LL Lawrence Livermore National Laboratory LL LL LL PO Box 808, L - 089 LL LL LL Livermore, CA 94551-9900 LL LL LLLLLLLL phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL email: azb@llnl.gov LLLLLLLL Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA24588 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 10:39:17 -0800 (PST) Received: from catalyst (catalyst.llnl.gov [128.115.223.61]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with SMTP id KAA21633; Wed, 1 Dec 1999 10:41:37 -0800 (PST) Message-Id: <3.0.3.32.19991201104115.00a28480@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 01 Dec 1999 10:41:15 -0800 To: "Anders Rundgren" <anders.rundgren@jaybis.com>, "Denis Pinkas" <Denis.Pinkas@bull.net>, "Russ Housley" <housley@spyrus.com>, "Tim Polk" <wpolk@nist.gov>, <ietf-pkix@imc.org> From: Tony Bartoletti <azb@llnl.gov> Subject: Re: Server-signatures: Re: proposed key usaged text -- the final round In-Reply-To: <002001bf3bb8$bce41a30$020000c0@mega.vincent.se> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" At 04:58 AM 12/01/1999 -0000, Anders Rundgren wrote: >Tony, >I may be wrong but I assumed that the text below was to be included in the NR-document >and if so is the case it talks about things like "users" and "personal information" which >is not coherent with server-generated signatures. > >>> >The protection afforded private keys is a critical factor in main- >>> >taining security. On a small scale, failure of users to protect >>> >their private keys will permit an attacker to masquerade as them, or >>> >decrypt their personal information. [stuff about CA keys deleted] OK, I agree. There is no particular reason to assume that a "private signing key" is held by an "individual" (human) or necessarily controls access to human-related information. Perhaps the above paragraph could be reworded: The protection afforded private keys is a critical factor in maintaining security. Failure to protect the privacy of private signing keys may permit an attacker to masquerade as the key's owner or authorized agent. The consequences of private key compromise may include loss of privacy or integrity in key-controlled transactions. I intentionally dropped the qualifier "On a small scale". I did not understand its justification. Perhaps the original author(s) have a low expectation for the future ubiquity of key-controlled transactions. ___tony___ Tony Bartoletti LL IOWA Center LL LL Lawrence Livermore National Laboratory LL LL LL PO Box 808, L - 089 LL LL LL Livermore, CA 94551-9900 LL LL LLLLLLLL phone: 925-422-3881 fax: 925-423-8081 LL LLLLLLLL email: azb@llnl.gov LLLLLLLL Received: from sothmxs01.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA23970 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 10:00:45 -0800 (PST) Received: by sothmxs01.entrust.com with Internet Mail Service (5.5.2650.21) id <X7GCAAGL>; Wed, 1 Dec 1999 13:02:48 -0500 Message-ID: <ED026032A3FCD211AEDA00105A9C4696D3332F@sothmxs05.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Stefan Santesson'" <stefan@accurata.se>, Charles Moore <cmoore@spyrus.com.au>, "'Anders Rundgren'" <anders.rundgren@jaybis.com>, "'Tony Bartoletti'" <azb@llnl.gov>, ietf-pkix@imc.org Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil> Subject: RE: unqualified topic - not solved yet. Date: Wed, 1 Dec 1999 13:02:47 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01BF3C26.46B1DD8E" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BF3C26.46B1DD8E Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Just to clarify, My comment was based on a conversation with Hoyt Kesterson who chairs=20 the X.500 group. We both agree that this could be a minor defect. = However, we can't speak for the group and a defect report would need to be = submitted, reviewed and ballotted before we could be sure of the support for it. -----Original Message----- From: Stefan Santesson [mailto:stefan@accurata.se] Sent: Wednesday, December 01, 1999 4:38 AM To: Charles Moore; 'Anders Rundgren'; 'Tony Bartoletti'; ietf-pkix@imc.org Cc: David P. Kemp Subject: RE: unqualified topic - not solved yet. Charles, At 04:02 PM 12/1/99 +1000, Charles Moore wrote: <snip> >Back to the past.... > >I am not arguing that serial number or dnq be exclusively used, my = personal >preference would be dnq, but rather require we have a standard that reflects >reality and provides a long term solution that can be used by all = existing >communities...not selective interest groups... > >I have a problem with overloading of semantics, as they produce >indeterminate results... >I also dont believe a CP is the means to achieve this, keep the = protocol >clean and use rules/policy to determine the usage.... > One thing that may have to be clarified here is that I have had a = dialogue with Sharon Boyen, who is involved in the X.509, X.520 and X.521 standardization, and she claims that they are willing to change the definition of serialNumber and related object classes, so that this attribute can be used for any type of object. Sharon says that this is considered to be a minor adjustment that = almost was fixed 4 years ago but was forgotten in the process. This is the fundamental reason for proposing use of serialNumber. Having this in mind, I fail to see any problems. I' don't want to enter a privacy discussion here, but I just want to = stress that there is NOTHING in the QC profile that require inclusion of = privacy sensitive information. In fact, the possibility to use a Pseudonym name = is clearly stated. The use of a unique identifier doesn't necessarily = means that it is privacy sensitive. That depends completely what you can do = with that number. The fact is that we need to add support for inclusion of such = identifiers, regardless of their actual content. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata AB http://www.accurata.se Slagthuset Tel. +46-40 108588 =20 211 20 Malm=F6 Fax. +46-40 150790 =20 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- ------_=_NextPart_001_01BF3C26.46B1DD8E Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2650.12"> <TITLE>RE: unqualified topic - not solved yet.</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>Just to clarify,</FONT> </P> <P><FONT SIZE=2>My comment was based on a conversation with Hoyt Kesterson who chairs </FONT> <BR><FONT SIZE=2>the X.500 group. We both agree that this could be a minor defect. However,</FONT> <BR><FONT SIZE=2>we can't speak for the group and a defect report would need to be submitted, </FONT> <BR><FONT SIZE=2>reviewed and ballotted before we could be sure of the support for it.</FONT> </P> <P><FONT SIZE=2>-----Original Message-----</FONT> <BR><FONT SIZE=2>From: Stefan Santesson [<A HREF="mailto:stefan@accurata.se">mailto:stefan@accurata.se</A>]</FONT> <BR><FONT SIZE=2>Sent: Wednesday, December 01, 1999 4:38 AM</FONT> <BR><FONT SIZE=2>To: Charles Moore; 'Anders Rundgren'; 'Tony Bartoletti';</FONT> <BR><FONT SIZE=2>ietf-pkix@imc.org</FONT> <BR><FONT SIZE=2>Cc: David P. Kemp</FONT> <BR><FONT SIZE=2>Subject: RE: unqualified topic - not solved yet.</FONT> </P> <BR> <P><FONT SIZE=2>Charles,</FONT> </P> <P><FONT SIZE=2>At 04:02 PM 12/1/99 +1000, Charles Moore wrote:</FONT> <BR><FONT SIZE=2><snip></FONT> <BR><FONT SIZE=2>>Back to the past....</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>>I am not arguing that serial number or dnq be exclusively used, my personal</FONT> <BR><FONT SIZE=2>>preference would be dnq, but rather require we have a standard that reflects</FONT> <BR><FONT SIZE=2>>reality and provides a long term solution that can be used by all existing</FONT> <BR><FONT SIZE=2>>communities...not selective interest groups...</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>>I have a problem with overloading of semantics, as they produce</FONT> <BR><FONT SIZE=2>>indeterminate results...</FONT> <BR><FONT SIZE=2>>I also dont believe a CP is the means to achieve this, keep the protocol</FONT> <BR><FONT SIZE=2>>clean and use rules/policy to determine the usage....</FONT> <BR><FONT SIZE=2>></FONT> </P> <P><FONT SIZE=2>One thing that may have to be clarified here is that I have had a dialogue</FONT> <BR><FONT SIZE=2>with Sharon Boyen, who is involved in the X.509, X.520 and X.521</FONT> <BR><FONT SIZE=2>standardization, and she claims that they are willing to change the</FONT> <BR><FONT SIZE=2>definition of serialNumber and related object classes, so that this</FONT> <BR><FONT SIZE=2>attribute can be used for any type of object.</FONT> </P> <P><FONT SIZE=2>Sharon says that this is considered to be a minor adjustment that almost</FONT> <BR><FONT SIZE=2>was fixed 4 years ago but was forgotten in the process.</FONT> </P> <P><FONT SIZE=2>This is the fundamental reason for proposing use of serialNumber.</FONT> </P> <P><FONT SIZE=2>Having this in mind, I fail to see any problems.</FONT> </P> <BR> <P><FONT SIZE=2>I' don't want to enter a privacy discussion here, but I just want to stress</FONT> <BR><FONT SIZE=2>that there is NOTHING in the QC profile that require inclusion of privacy</FONT> <BR><FONT SIZE=2>sensitive information. In fact, the possibility to use a Pseudonym name is</FONT> <BR><FONT SIZE=2>clearly stated. The use of a unique identifier doesn't necessarily means</FONT> <BR><FONT SIZE=2>that it is privacy sensitive. That depends completely what you can do with</FONT> <BR><FONT SIZE=2>that number.</FONT> </P> <P><FONT SIZE=2>The fact is that we need to add support for inclusion of such identifiers,</FONT> <BR><FONT SIZE=2>regardless of their actual content.</FONT> </P> <P><FONT SIZE=2>/Stefan</FONT> <BR><FONT SIZE=2>-------------------------------------------------------------------</FONT> <BR><FONT SIZE=2>Stefan Santesson <stefan@accurata.se></FONT> <BR><FONT SIZE=2>Accurata AB <A HREF="http://www.accurata.se" TARGET="_blank">http://www.accurata.se</A></FONT> <BR><FONT SIZE=2>Slagthuset Tel. +46-40 108588 </FONT> <BR><FONT SIZE=2>211 20 Malmö Fax. +46-40 150790 </FONT> <BR><FONT SIZE=2>Sweden Mobile +46-70 5247799</FONT> </P> <P><FONT SIZE=2>PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0</FONT> <BR><FONT SIZE=2>-------------------------------------------------------------------</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01BF3C26.46B1DD8E-- Received: from www.certifiedtime.com (w133.z208176006.sjc-ca.dsl.cnc.net [208.176.6.133]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA22861 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 08:41:52 -0800 (PST) Received: from gw (gw [208.176.6.131]) by www.certifiedtime.com (8.9.3/8.9.3) with SMTP id IAA11780 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 08:45:04 -0800 (PST) Message-ID: <059601bf3c1b$53a79b60$9106b0d0@corp.certifiedtime.com> From: "todd.glassey" <todd.glassey@certifiedtime.com> To: <ietf-pkix@imc.org> Subject: Date: Wed, 1 Dec 1999 08:44:25 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.5600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600 subscribe todd.glassey@certifiedtime.com Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA22404 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 08:12:56 -0800 (PST) Received: from st12.ncsl.nist.gov (st12.ncsl.nist.gov [129.6.54.66]) by csmes.ncsl.nist.gov (8.9.3+Sun/8.6.4jck0) with SMTP id LAA14273; Wed, 1 Dec 1999 11:14:30 -0500 (EST) Message-Id: <3.0.5.32.19991201111839.00b3f100@csmes.ncsl.nist.gov> X-Sender: polk@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 01 Dec 1999 11:18:39 -0500 To: "Anders Rundgren" <anders.rundgren@jaybis.com>, "Denis Pinkas" <Denis.Pinkas@bull.net>, "Russ Housley" <housley@spyrus.com>, <ietf-pkix@imc.org>, "Tony Bartoletti" <azb@llnl.gov> From: Tim Polk <wpolk@nist.gov> Subject: Re: Server-signatures: Re: proposed key usaged text -- the final round In-Reply-To: <002001bf3bb8$bce41a30$020000c0@mega.vincent.se> Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Anders, Actually, the text below was from the Security Considerations text in RFC 2459. At 04:58 AM 12/01/1999 -0000, Anders Rundgren wrote: >Tony, >I may be wrong but I assumed that the text below was to be included in the NR-document >and if so is the case it talks about things like "users" and "personal information" which >is not coherent with server-generated signatures. > >>> >The protection afforded private keys is a critical factor in main- >>> >taining security. On a small scale, failure of users to protect >>> >their private keys will permit an attacker to masquerade as them, or >>> >decrypt their personal information. [stuff about CA keys deleted] > > > [stuff deleted] Here is the full paragraph from RFC 2459. <bigger> The protection afforded private keys is a critical factor in maintaining security. On a small scale, failure of users to protect their private keys will permit an attacker to masquerade as them, or decrypt their personal information. On a larger scale, compromise of a CA's private signing key may have a catastrophic effect. If an attacker obtains the private key unnoticed, the attacker may issue bogus certificates and CRLs. Existence of bogus certificates and CRLs will undermine confidence in the system. If the compromise is detected, all certificates issued to the CA shall be revoked, preventing services between its users and users of other CAs. Rebuilding after such a compromise will be problematic, so CAs are advised to implement a combination of strong technical measures (e.g., tamper-resistant cryptographic modules) and appropriate management procedures (e.g., separation of duties) to avoid such an incident. </bigger>Yes, things are slightly different if the key represents a corporate identity (instead of a person), but not much. Compromise still permits an attacker to masquerade, but as a corporate entity instead of as a person. In my opinion, the security considerations text can ignore these differences. The NR document, on the other hand, may need to address those subtleties. Thanks, Tim Polk Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA21877 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 07:51:39 -0800 (PST) From: tgindin@us.ibm.com Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id KAA391886; Wed, 1 Dec 1999 10:52:53 -0500 Received: from D51MTA05.pok.ibm.com (d51mta05.pok.ibm.com [9.117.200.33]) by northrelay02.pok.ibm.com (8.8.8m2/NCO v2.06) with SMTP id KAA207520; Wed, 1 Dec 1999 10:53:35 -0500 Received: by D51MTA05.pok.ibm.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 8525683A.00574A85 ; Wed, 1 Dec 1999 10:53:27 -0500 X-Lotus-FromDomain: IBMUS To: "Anders Rundgren" <anders.rundgren@jaybis.com> cc: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Russ Housley" <housley@spyrus.com>, "Tim Polk" <wpolk@nist.gov>, ietf-pkix@imc.org, "Tony Bartoletti" <azb@llnl.gov> Message-ID: <8525683A.0057425D.00@D51MTA05.pok.ibm.com> Date: Wed, 1 Dec 1999 10:53:11 -0500 Subject: Re: Server-signatures: Re: proposed key usaged text -- the final round Mime-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id HAA21878 Shouldn't most of this distinction be handled by distinguishing between certificates based on the object class of the subject, especially the object classes organizational person, organizational role, application process, and application entity? Tom Gindin "Anders Rundgren" <anders.rundgren@jaybis.com> on 11/30/99 11:58:39 PM To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Russ Housley" <housley@spyrus.com>, "Tim Polk" <wpolk@nist.gov>, <ietf-pkix@imc.org>, "Tony Bartoletti" <azb@llnl.gov> cc: Subject: Re: Server-signatures: Re: proposed key usaged text -- the final round Tony, I may be wrong but I assumed that the text below was to be included in the NR-document and if so is the case it talks about things like "users" and "personal information" which is not coherent with server-generated signatures. >> >The protection afforded private keys is a critical factor in main- >> >taining security. On a small scale, failure of users to protect >> >their private keys will permit an attacker to masquerade as them, or >> >decrypt their personal information. [stuff about CA keys deleted] When I refer to server-based signatures I meant for example things like automated bills from energy and phone companies. Such bills are usually never touched by a human and would typically only have a company ID of some kind as subject when/if converted into an electronic digitally signed format. The user is "certificateSubject" or "entity owning the private keys" <snip> I agree with your nicely formulated lines regarding "company owned keys" below >Let me explore the latter application. Suppose I am a "company-trusted" >employee, using a company-owned "private key". I assume further that the >company has its own mechanism for (hoping to) control who has the use of >a given key at a given time, or at least who is responsible for its use. > >Now, I use the private key in question, entering into some obligation with >an external RP. Later, I attempt to deny my actions, causing this RP some >hardship. > >My understanding is that this "bindings" in question look like: > > RP <---> Transaction <---> Key/Cert <---> Company <---> Me > >That is, the RP must take up issue with the company, being the owner >(or certSubject or Operator) of the key, directly. It falls upon the >company to follow the chain, so to speak, and take me to task. > >The central point is that the RP has only a certificate, and its >"named holder", to point to in a dispute. If the means by which >the company above "secures the connection between key and user" >is hidden from view, no amount of NR-servicing on the RP side can >suffice to hold the "user" accountable. They are forced instead to >pressure the company, who may in turn pressure the employee. >Perhaps I don't fully understand all of the details you assume to >hold in the server-based example. I may be confusing different >scenarios: > >1. Cert says "owned by BigCorp, as key nnn" but I control its use, > or at least I did last Thursday when I checked it out. This is the hard one. "I" may have checked it out but I installed in an automated system which is administered and owned by BigCorp >2. Cert says "owned by Tony", and the company controls its use in > some automated system, with my supposed blessings/restrictions. > >In the second case, the RP would be expected to come after me directly. >If I am innocent, I am forced to take issue with the company. Unusual case but possible¨ > >In each case, the RP can turn only to the "certificateSubject". Absolutely! But the reference in the cited text in the beginning is slightly wrong if it deals woth personal data in situations like #1 Anders Received: from gauntlet.corecom.com ([206.74.64.137]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA21463 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 07:29:50 -0800 (PST) Received: by gauntlet.corecom.com; id KAA13468; Wed, 1 Dec 1999 10:56:15 -0500 (EST) Received: from unknown(207.86.152.184) by gauntlet.corecom.com via smap (V4.2) id xmaa13462; Wed, 1 Dec 99 10:55:50 -0500 Message-Id: <4.1.19991201101509.00a6c310@mail2.netreach.net> X-Sender: dave@corecom.com@mail2.netreach.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Dec 1999 10:15:16 -0500 To: ietf-pkix@imc.org From: Dave Piscitello <dave@corecom.com> Subject: TISC Call for Papers Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" The Fourth Internet Security Conference will be held April 24-28, 2000 in San Jose, CA, at the Fairmont Hotel. TISC is an educational forum for security professionals and practitioners. The TISC Security Symposium is an opportunity for individuals to share their expertise and practical experience with others involved in the design, implementation and deployment of networked security systems. For April, we have invited a few original papers from past TISC workshop instructors and speakers. Accepted papers will be presented at the conference. We cordially invite you to submit a session abstract for consideration, or if you prefer, to present a topic as a panel member. We encourage you to submit abstracts and topics by December 17. Further information can be found at http://tisc.corecom.com. Or send your proposal to me directly (mailto:dave@corecom.com). We look forward to your participation. Thank you. Warm Regards, Dave Piscitello On behalf of the TISC Advisory Board ------------------- David M. Piscitello Core Competence, Inc. 3 Myrtle Bank Lane Hilton Head, SC 29926 1.843.683-9988 dave@corecom.com PGP Fingerprint: 070A 9F01 C35C 4D41 A460 EF2C 2992 2F12 11D2 02DC http://www.corecom.com Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id CAA14737 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 02:21:20 -0800 (PST) Received: from HYDRA ([195.198.186.73]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id LAA22945; Wed, 1 Dec 1999 11:18:54 +0100 Received: by HYDRA with Microsoft Mail id <01BF3BED.AC536E20@HYDRA>; Wed, 1 Dec 1999 11:17:37 +0100 Message-ID: <01BF3BED.AC536E20@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefan@accurata.se>, "'Tony Bartoletti'" <azb@llnl.gov>, "'Charles Moore'" <cmoore@spyrus.com.au> Cc: "'David P. Kemp'" <dpkemp@missi.ncsc.mil> Subject: RE: unqualified topic - not solved yet. Date: Wed, 1 Dec 1999 11:17:35 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Charles, <snip> cm> If all certs must have an unique identifier then one CANNOT control the usage of the number.... They don't. This is just a "feature" that some QC-implementations (profiles) require. If unique identifiers are bad or good is outside of the QC-draft. The technical reasons for using them are pretty clear. As well as the possible consequences as you point out. Regarding the changed serialnumber semantics: Does it break any existing code? I can hardly see that. Anders Received: from ozspyrusmail.spyrus.com.au (fwuser@[203.46.55.130]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA13308 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 01:51:24 -0800 (PST) Message-ID: <917ACEDEAC7DD211A0660080C890305F093AE0@OZSPYRUSMAIL> From: Charles Moore <cmoore@spyrus.com.au> To: "'Anders Rundgren'" <anders.rundgren@jaybis.com>, Charles Moore <cmoore@spyrus.com.au>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Stefan Santesson'" <stefan@accurata.se>, "'Tony Bartoletti'" <azb@llnl.gov> Cc: "'David P. Kemp'" <dpkemp@missi.ncsc.mil> Subject: RE: unqualified topic - not solved yet. Date: Wed, 1 Dec 1999 19:56:04 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id BAA13309 >===== Original Message From Stefan Santesson <SMTP:stefan@accurata.se> ===== >Charles, > >At 04:02 PM 12/1/99 +1000, Charles Moore wrote: ><snip> >>Back to the past.... >> >>I am not arguing that serial number or dnq be exclusively used, my personal >>preference would be dnq, but rather require we have a standard that reflects >>reality and provides a long term solution that can be used by all existing >>communities...not selective interest groups... >> >>I have a problem with overloading of semantics, as they produce >>indeterminate results... >>I also dont believe a CP is the means to achieve this, keep the protocol >>clean and use rules/policy to determine the usage.... >> > >One thing that may have to be clarified here is that I have had a dialogue >with Sharon Boyen, who is involved in the X.509, X.520 and X.521 >standardization, and she claims that they are willing to change the >definition of serialNumber and related object classes, so that this >attribute can be used for any type of object. cm> Who is they?? I have not seen this proposal in the current ITU text, but then I could have missied it?? > >Sharon says that this is considered to be a minor adjustment that almost >was fixed 4 years ago but was forgotten in the process. > >This is the fundamental reason for proposing use of serialNumber. > >Having this in mind, I fail to see any problems. > cm> This issue we are addressing is one of existing usage, not an pure stanadards issue, I take some exception to people that change semantics or syntax and leave the OIDs the same. X.9.42 DH key as an example ( only saving grace was that there was very little deployments). In the end of the day these fall on the people that build systems.... > >I' don't want to enter a privacy discussion here, but I just want to stress >that there is NOTHING in the QC profile that require inclusion of privacy >sensitive information. In fact, the possibility to use a Pseudonym name is >clearly stated. cm> Pseudonyms are not the issue... The use of a unique identifier doesn't necessarily means >that it is privacy sensitive. That depends completely what you can do with >that number. cm> If all certs must have an unique identifier then one CANNOT control the usage of the number.... I understand the requirement for uniqueness or I prefer disabiguation information, just want to be sure it has the right objective... Hence the semantics of the proposal.... > >The fact is that we need to add support for inclusion of such identifiers, >regardless of their actual content. cm> Why?? > >/Stefan >------------------------------------------------------------------- >Stefan Santesson <stefan@accurata.se> >Accurata AB http://www.accurata.se >Slagthuset Tel. +46-40 108588 >211 20 Malmö Fax. +46-40 150790 >Sweden Mobile +46-70 5247799 > >PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >------------------------------------------------------------------- Received: from popmail.inbox.se (popmail.inbox.se [193.12.72.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA12975 for <ietf-pkix@imc.org>; Wed, 1 Dec 1999 01:35:36 -0800 (PST) Received: from stefan2 (accurata.inbox.se [193.12.72.24]) by popmail.inbox.se (8.9.3/8.9.3) with SMTP id KAA02985; Wed, 1 Dec 1999 10:37:33 +0100 Message-Id: <4.1.19991201101846.00badf00@mail.accurata.se> X-Sender: mb517@mail.accurata.se X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Dec 1999 10:38:06 +0100 To: Charles Moore <cmoore@spyrus.com.au>, "'Anders Rundgren'" <anders.rundgren@jaybis.com>, "'Tony Bartoletti'" <azb@llnl.gov>, ietf-pkix@imc.org From: Stefan Santesson <stefan@accurata.se> Subject: RE: unqualified topic - not solved yet. Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil> In-Reply-To: <917ACEDEAC7DD211A0660080C890305F093ADE@OZSPYRUSMAIL> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id BAA12978 Charles, At 04:02 PM 12/1/99 +1000, Charles Moore wrote: <snip> >Back to the past.... > >I am not arguing that serial number or dnq be exclusively used, my personal >preference would be dnq, but rather require we have a standard that reflects >reality and provides a long term solution that can be used by all existing >communities...not selective interest groups... > >I have a problem with overloading of semantics, as they produce >indeterminate results... >I also dont believe a CP is the means to achieve this, keep the protocol >clean and use rules/policy to determine the usage.... > One thing that may have to be clarified here is that I have had a dialogue with Sharon Boyen, who is involved in the X.509, X.520 and X.521 standardization, and she claims that they are willing to change the definition of serialNumber and related object classes, so that this attribute can be used for any type of object. Sharon says that this is considered to be a minor adjustment that almost was fixed 4 years ago but was forgotten in the process. This is the fundamental reason for proposing use of serialNumber. Having this in mind, I fail to see any problems. I' don't want to enter a privacy discussion here, but I just want to stress that there is NOTHING in the QC profile that require inclusion of privacy sensitive information. In fact, the possibility to use a Pseudonym name is clearly stated. The use of a unique identifier doesn't necessarily means that it is privacy sensitive. That depends completely what you can do with that number. The fact is that we need to add support for inclusion of such identifiers, regardless of their actual content. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata AB http://www.accurata.se Slagthuset Tel. +46-40 108588 211 20 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 -------------------------------------------------------------------
- Getting an OID Bruschi Danilo
- Re: Getting an OID Paul Hoffman / IMC
- Bridge Certification Authorities Snow Katrina
- Re: Bridge Certification Authorities Sam Schaen