RE: NEW Data type for certificate selection ?
Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> Thu, 01 October 1998 01:48 UTC
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by ietf.org (8.8.5/8.8.7a) with ESMTP id VAA20401 for <pkix-archive@odin.ietf.org>; Wed, 30 Sep 1998 21:48:50 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA03186 for ietf-pkix-bks; Wed, 30 Sep 1998 16:21:27 -0700 (PDT)
Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA03180 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 16:21:04 -0700 (PDT)
Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX35284S>; Thu, 1 Oct 1998 09:25:21 +1000
Message-ID: <D1A949D4508DD1119C8100400533BEDC07B9C9@DSG1>
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
To: 'Dave Horvath ' <dave@chromatix.com>, 'Stefan Santesson ' <stefan@accurata.se>
Cc: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "''ietf-pkix@imc.org ' '" <ietf-pkix@imc.org>, "''list@seis.nc-forum.com ' '" <list@seis.nc-forum.com>, "''pgut001@cs.auckland.ac.nz ' '" <pgut001@cs.auckland.ac.nz>
Subject: RE: NEW Data type for certificate selection ?
Date: Thu, 01 Oct 1998 09:25:18 +1000
X-Priority: 3
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.0.1458.49)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-pkix@imc.org
Precedence: bulk
Sob story introduction - still on the road in the UK now - and flat chat with the upswing in big X.500 systems and PKIs from every point on the compass. So the details below may have been skipped... anyway. I always thought that the matching rules for certs and crls as defined in X.509 were like other matching rules in that objects/attrs of particular types can be searched for and managed whilst in the directory system. The issues is that the PKI /CA design has been designed as a set of "sort of related objects, but operationally there are multipaths and multi domains.. so we have an information relationship and managment issue (in an originators domain).. and in some form, knowledge of this "environment" must be propagated to the recipient of signed message with a cert - so that efficient validation can occur. The matching rule system is a mechanism for finding what one wants and it can be configured with the desired values - ie knowledge (not knowledge as per DSA access point knowledge) english meaning. It strikes me that this knowledge (and the certficate)of the originating domain should be transferred to the recipient domain and this knowledge supplimented by the recipient - where appropriate - and this applied through the matching rule mechanism into the directory system to achieve validation. the draft I submitted - draft-lloyd-dir-cert-stat starts the validation/matching rule direction off. And in fact permits orgainised knowledge of validity - which is maintained by a CA.. Any way please read. Its an information management and knowledge issue associated with CA/directory systems we are dealing with - it wont be fixed by more attributes on certficates and more protocols like OCSP. thoughts are welcome regards alan ---------- From: Stefan Santesson To: Dave Horvath Cc: Alan Lloyd; 'ietf-pkix@imc.org '; 'list@seis.nc-forum.com '; 'pgut001@cs.auckland.ac.nz ' Sent: 10/1/98 8:53:52 AM Subject: Re: NEW Data type for certificate selection ? Dave, (Sorry for misspelling your name before) I really do agree with you, sticking with the X.500 matching rules makes it possible to link a certificate select from a local application to a suitable directory. Say that the client certificates is stored in a directory and not in the client application (or any mix). When receiving the match rule from the server it would then be very easy to use the same match data to perform an extended lookup in the directory. The question is now, Should this be worked on in IETF ? Is there enough interest in getting this done and implemented? Steve and Warwick, what do you say? Is this something for PKIX? Unfortunately I just represent some of those service providers who need this to be done, I will not be implementing this myself. Personally I can just predict better business for all if we solve this. /Stefan At 01:20 PM 9/30/98 -0400, Dave Horvath wrote: >Stefan, > >Agreed, particularly on the point of not creating any new extensions. > >I would add that I firmly believe the matching rule mechanisms should be >compatible with the work being done in X.500 and LDAP. I would also like to >see X.500 and LDAP join forces and be compatible in the area of matching rules, >I am not sure where LDAP stands at this time. > > >Dave Horvath > >Stefan Santesson wrote: >> >> David, >> >> Thank's for putting this issue in the right focus. >> >> Alan, I don't suggest any new certificate extensions >> Ed, I don't want to define any universal criteria for how certificate >> selection SHALL be done or any who decides what for whom, regulations. >> >> All I want to do is to define some mechanisms that CAN be used, if >> required, by local PKI-related services in order to make it POSSIBLE for >> them to build working services with STANDARD components. >> >> Let me highlight this again and describe a realistic problem relevant to me. >> >> Bank A offer web-based banking applications. This requires the end user to >> get a specific certificate issued by Bank A. The certificate and the >> corresponding private key is processed through the standard web browser of >> the client. >> >> Two certificates and private keys are used in the normal process. >> 1) Certificate for SSL (TLS) security >> 2) Certificate for non-repudiation protection of Bank transactions. >> >> In addition to these certificates, a specific end-user may be populated >> with several other certificates, un-known to the Bank. >> >> The question is. How can this Bank create a web based application without >> distributing a customized client plug-in for the purpose. Well the Bank can >> get far using Java Scripts but it will fail due to the problem that the >> end-user may have to select a certificate. >> Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. >> >> I realize that today there is no way to do this without distributing >> customized plug-in components to end-users, but I strongly would like to se >> options developed that helps getting around this. The current matching >> mechanism in SSL and TLS is just not good enough to solve the problem. >> >> So If we instead had a standardized matching rule that could be invoked >> into protocols and Java Scripts etc, then the situation would be much more >> hopeful for the Bank in my case. >> >> They would then construct a match rule that with high probability would >> point out the right end-user certificate and invoke that matching rule both >> in the TLS protocol and in the Java Script, forming their secure >> transaction application. >> >> It wouldn't have to be perfect, just good enough to handle some 95%+ of the >> cases as long as the Bank could detect cases where it didn't work. Then the >> non-working cases could be fixed by personal customer service. >> >> I see even more use for this matching rule. It could be used in S/MIME so >> specify a preferred encryption certificate for replies to a mail. Of course >> this matching rule could be used for X.500 directories as well (that's what >> it was built for). MY concern here is however not _where_ the certificates >> are stored but, how to select 1 of several known certificates regardless of >> where they reside. >> >> Comments? >> How do wee proceed ? >> Could we have any comments from Microsoft and Netscape ? >> >> /Stefan >> >> At 11:15 AM 9/30/98 -0400, David Horvath wrote: >> >--- Message on the SEIS mailing list (list@seis.nc-forum.com) >> > >> >Alan, >> > >> >While I personally agree that X.500 provides a mature and feature rich >> >core to implement certificate repositories, I am having trouble >> >understanding some of your assertions as to why X.500 is the answer to >> >so many problems. >> > >> >It seems to me that the first step for locating certificates in a >> >repository is to define the fields in the certificate object that are a >> >prerequisite to perform the match. Matching rules are a good start and >> >foster the thought process required to provide a well designed solution. >> >Once the matching rules are defined, a protocol such as DAP or LDAP V3 >> >with extensions may be used to exploit the matching rules. In some >> >cases, clients may choose not to use the matching rules and retrieve all >> >certificates. Perhaps matching rules are not supported by the protocol >> >(LDAP V2 or HTTP), therefore the client will collect all the >> >certificates and perform the match locally. This may be even more >> >efficient than submitting multiple searches with different variations of >> >matching rules. It could easily be more efficient to submit one search >> >and retrieve 10 certificates, then to submit 3 searches with different >> >matching rules each time until the required certificate is found. This >> >should be defined by local policies based on performance analysis. >> > >> >Once the rules for matching certificates are defined ( and I think X.500 >> >matching rules are an excellent start ) the distribution model can be >> >analyzed. This is another case where X.500 may be superior to LDAP, but >> >unless you have a well planned global infrastructure neither X.500 or >> >LDAP can help with the distribution model. >> > >> >Dave Horvath >> > >> >Alan Lloyd wrote: >> >> >> >> >> >> Snip >> >> >> >> ---------- >> >> From: pgut001@cs.auckland.ac.nz >> >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >> >> list@seis.nc-forum.com >> >> Sent: 9/29/98 1:01:30 PM >> >> Subject: Re: NEW Data type for certificate selection ? >> >> >> >> Peter - you went through great lenghts to define the problem with >> >> relationships between and searching directory based objects and a >> >> distributed information issue and then you say: >> >> " >> >> If anyone has any useful solutions for this (apart from "We should >> >> force >> >> everyone to use an X.500 directory, that would solve everything" :-) I'd >> >> be interested in hearing them. >> >> >> >> " >> >> Oh well - that counts me out. I cannot do solutions - without the >> >> solution :-))) >> >> regards alan >> >> >> >> Peter. >> >> >> > >> > >> >----------------- SEIS mailing list (list@seis.nc-forum.com) >> >Info about this list: http://www.nc-forum.com/seis >> >SEIS Contact: info@seis.se >> > >> > >> > >> ------------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >> ------------------------------------------------------------------- > >-- > ================================================ > > _/_/_/ David J. Horvath > _/ _/ > _/ _/ Chromatix, Inc. > _/ _/ _/ 10451 Twin Rivers Road, Suite 265 >_/ _/_/ Columbia, MD 21044 > _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com > _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA06142 for ietf-pkix-bks; Wed, 30 Sep 1998 20:42:21 -0700 (PDT) Received: from laser.cps.softex.br (laser.cps.softex.br [143.106.29.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA06133 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 20:42:19 -0700 (PDT) Received: from laser (laser [143.106.29.34]) by laser.cps.softex.br (8.8.7/8.8.7) with SMTP id AAA28197; Thu, 1 Oct 1998 00:48:37 -0300 Date: Thu, 1 Oct 1998 00:48:37 -0300 (EST) From: Ed Gerck <egerck@laser.cps.softex.br> To: Stefan Santesson <stefan@accurata.se> cc: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? In-Reply-To: <3.0.32.19981001003423.00a2d2b0@m1.403.telia.com> Message-ID: <Pine.LNX.4.02.9810010015150.25643-100000@laser.cps.softex.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk On Thu, 1 Oct 1998, Stefan Santesson wrote: >Ed, > >Thank you for very interesting input. If I may try a very compressed sum of >your discussion it would be: > >1) In SSL the server may select preferred client certificate by Issuer DN, >and "certificate type" Stefan: pls add in your 1) "if the server is non-anonymous" pls add also a 0) "a self-signed common CA cert for the server and user certs can make your life and the customer's life a lot more pleasant" >2) You suggest hashed SSN (social security numbers) using "salt" if you must add SSN-based info in a public cert, IMO yes! > >Regarding "certificate type" I can't find this as an active selection >mechanism. It is however mentioned as prerequisite that the certificate >type have to match the selected key exchange algorithm. > I fail to see why you "can't find this as an active selection mechanism" together with the issuer DN, even if you want to keep the same type for your repudiable and non-repudiable cases (which I possibly would not, but that is another story). As I wrote: >> (for higher security) with a different CA cert for each type. and, again, later in the same msg: >> Or, for higher security, the Bank can use different CA certs for >> each type and send their DNs accordingly, in each case. >> so, all you need is to have different "types" (ie, DNs) of CA certs, where both "types" should be signed by the same root CA cert of course and the public-key root CA cert should be included in the distribution. Can you pls explain what causes selection difficulties for you in the above scenario? >Regardless of this I fail to see how this can be used to pick the right >"non-repudiation" certificate in the Java script application. Please read above, I hope it is clearer now. > I also fail >to understand if you suggest that the current SSL/TLS functions solves all >my problems or just a part of them. > ;-) If "all your problems" is what you stated, sure, all at one stop. >Do you suggest that a more general matching mechanism is not needed? > If the problem is what you defined, yes. >/Stefan > >P.s >Regarding hashed SSN with salt, I don't get how the "salt" solves this. If >the salt is unknown then the SSN can't be checked and if the salt is known >the dictionary attack is still possible. 1. The salt is only known to those entities that should know the SSN -- not to the evildoer that is trying to get SSNs from a list of cached client certs, in a common access area or in memory. 2. the salt is treated as client's private information -- and kept separate from the cert, in a protected area together with other private information from the client. BTW, this is similar to "dividing" a SSN "signature" into two parts, one public (in the cert) and another private (the salt). > I would say that your "salt" is >equal to suggest that the SSN should be encrypted with a secret key (where >the "salt" is being that secret key). > Yes, certainly -- but it is more appropriately called a keyed-MAC. BTW, I am glad that you now repudiate your phrase after your P.s above ;-) >You and I can argue for centuries if certificates handled in browsers >should, or should not, be allowed to contain SSN. No, I don't argue. As I wrote two msgs ago, some think they have valid reasons for it and I do not disagree with the need to preserve freedom. In that, I follow the C maxim -- even though I think that security work is perhaps not the best place to leave enough rope so that you may hang yourself with it if you so want or don't think it is dangerous... Cheers, Ed Gerck ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br http://novaware.cps.softex.br Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA03186 for ietf-pkix-bks; Wed, 30 Sep 1998 16:21:27 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA03180 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 16:21:04 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX35284S>; Thu, 1 Oct 1998 09:25:21 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B9C9@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Dave Horvath '" <dave@chromatix.com>, "'Stefan Santesson '" <stefan@accurata.se> Cc: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "''ietf-pkix@imc.org ' '" <ietf-pkix@imc.org>, "''list@seis.nc-forum.com ' '" <list@seis.nc-forum.com>, "''pgut001@cs.auckland.ac.nz ' '" <pgut001@cs.auckland.ac.nz> Subject: RE: NEW Data type for certificate selection ? Date: Thu, 1 Oct 1998 09:25:18 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Sob story introduction - still on the road in the UK now - and flat chat with the upswing in big X.500 systems and PKIs from every point on the compass. So the details below may have been skipped... anyway. I always thought that the matching rules for certs and crls as defined in X.509 were like other matching rules in that objects/attrs of particular types can be searched for and managed whilst in the directory system. The issues is that the PKI /CA design has been designed as a set of "sort of related objects, but operationally there are multipaths and multi domains.. so we have an information relationship and managment issue (in an originators domain).. and in some form, knowledge of this "environment" must be propagated to the recipient of signed message with a cert - so that efficient validation can occur. The matching rule system is a mechanism for finding what one wants and it can be configured with the desired values - ie knowledge (not knowledge as per DSA access point knowledge) english meaning. It strikes me that this knowledge (and the certficate)of the originating domain should be transferred to the recipient domain and this knowledge supplimented by the recipient - where appropriate - and this applied through the matching rule mechanism into the directory system to achieve validation. the draft I submitted - draft-lloyd-dir-cert-stat starts the validation/matching rule direction off. And in fact permits orgainised knowledge of validity - which is maintained by a CA.. Any way please read. Its an information management and knowledge issue associated with CA/directory systems we are dealing with - it wont be fixed by more attributes on certficates and more protocols like OCSP. thoughts are welcome regards alan ---------- From: Stefan Santesson To: Dave Horvath Cc: Alan Lloyd; 'ietf-pkix@imc.org '; 'list@seis.nc-forum.com '; 'pgut001@cs.auckland.ac.nz ' Sent: 10/1/98 8:53:52 AM Subject: Re: NEW Data type for certificate selection ? Dave, (Sorry for misspelling your name before) I really do agree with you, sticking with the X.500 matching rules makes it possible to link a certificate select from a local application to a suitable directory. Say that the client certificates is stored in a directory and not in the client application (or any mix). When receiving the match rule from the server it would then be very easy to use the same match data to perform an extended lookup in the directory. The question is now, Should this be worked on in IETF ? Is there enough interest in getting this done and implemented? Steve and Warwick, what do you say? Is this something for PKIX? Unfortunately I just represent some of those service providers who need this to be done, I will not be implementing this myself. Personally I can just predict better business for all if we solve this. /Stefan At 01:20 PM 9/30/98 -0400, Dave Horvath wrote: >Stefan, > >Agreed, particularly on the point of not creating any new extensions. > >I would add that I firmly believe the matching rule mechanisms should be >compatible with the work being done in X.500 and LDAP. I would also like to >see X.500 and LDAP join forces and be compatible in the area of matching rules, >I am not sure where LDAP stands at this time. > > >Dave Horvath > >Stefan Santesson wrote: >> >> David, >> >> Thank's for putting this issue in the right focus. >> >> Alan, I don't suggest any new certificate extensions >> Ed, I don't want to define any universal criteria for how certificate >> selection SHALL be done or any who decides what for whom, regulations. >> >> All I want to do is to define some mechanisms that CAN be used, if >> required, by local PKI-related services in order to make it POSSIBLE for >> them to build working services with STANDARD components. >> >> Let me highlight this again and describe a realistic problem relevant to me. >> >> Bank A offer web-based banking applications. This requires the end user to >> get a specific certificate issued by Bank A. The certificate and the >> corresponding private key is processed through the standard web browser of >> the client. >> >> Two certificates and private keys are used in the normal process. >> 1) Certificate for SSL (TLS) security >> 2) Certificate for non-repudiation protection of Bank transactions. >> >> In addition to these certificates, a specific end-user may be populated >> with several other certificates, un-known to the Bank. >> >> The question is. How can this Bank create a web based application without >> distributing a customized client plug-in for the purpose. Well the Bank can >> get far using Java Scripts but it will fail due to the problem that the >> end-user may have to select a certificate. >> Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. >> >> I realize that today there is no way to do this without distributing >> customized plug-in components to end-users, but I strongly would like to se >> options developed that helps getting around this. The current matching >> mechanism in SSL and TLS is just not good enough to solve the problem. >> >> So If we instead had a standardized matching rule that could be invoked >> into protocols and Java Scripts etc, then the situation would be much more >> hopeful for the Bank in my case. >> >> They would then construct a match rule that with high probability would >> point out the right end-user certificate and invoke that matching rule both >> in the TLS protocol and in the Java Script, forming their secure >> transaction application. >> >> It wouldn't have to be perfect, just good enough to handle some 95%+ of the >> cases as long as the Bank could detect cases where it didn't work. Then the >> non-working cases could be fixed by personal customer service. >> >> I see even more use for this matching rule. It could be used in S/MIME so >> specify a preferred encryption certificate for replies to a mail. Of course >> this matching rule could be used for X.500 directories as well (that's what >> it was built for). MY concern here is however not _where_ the certificates >> are stored but, how to select 1 of several known certificates regardless of >> where they reside. >> >> Comments? >> How do wee proceed ? >> Could we have any comments from Microsoft and Netscape ? >> >> /Stefan >> >> At 11:15 AM 9/30/98 -0400, David Horvath wrote: >> >--- Message on the SEIS mailing list (list@seis.nc-forum.com) >> > >> >Alan, >> > >> >While I personally agree that X.500 provides a mature and feature rich >> >core to implement certificate repositories, I am having trouble >> >understanding some of your assertions as to why X.500 is the answer to >> >so many problems. >> > >> >It seems to me that the first step for locating certificates in a >> >repository is to define the fields in the certificate object that are a >> >prerequisite to perform the match. Matching rules are a good start and >> >foster the thought process required to provide a well designed solution. >> >Once the matching rules are defined, a protocol such as DAP or LDAP V3 >> >with extensions may be used to exploit the matching rules. In some >> >cases, clients may choose not to use the matching rules and retrieve all >> >certificates. Perhaps matching rules are not supported by the protocol >> >(LDAP V2 or HTTP), therefore the client will collect all the >> >certificates and perform the match locally. This may be even more >> >efficient than submitting multiple searches with different variations of >> >matching rules. It could easily be more efficient to submit one search >> >and retrieve 10 certificates, then to submit 3 searches with different >> >matching rules each time until the required certificate is found. This >> >should be defined by local policies based on performance analysis. >> > >> >Once the rules for matching certificates are defined ( and I think X.500 >> >matching rules are an excellent start ) the distribution model can be >> >analyzed. This is another case where X.500 may be superior to LDAP, but >> >unless you have a well planned global infrastructure neither X.500 or >> >LDAP can help with the distribution model. >> > >> >Dave Horvath >> > >> >Alan Lloyd wrote: >> >> >> >> >> >> Snip >> >> >> >> ---------- >> >> From: pgut001@cs.auckland.ac.nz >> >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >> >> list@seis.nc-forum.com >> >> Sent: 9/29/98 1:01:30 PM >> >> Subject: Re: NEW Data type for certificate selection ? >> >> >> >> Peter - you went through great lenghts to define the problem with >> >> relationships between and searching directory based objects and a >> >> distributed information issue and then you say: >> >> " >> >> If anyone has any useful solutions for this (apart from "We should >> >> force >> >> everyone to use an X.500 directory, that would solve everything" :-) I'd >> >> be interested in hearing them. >> >> >> >> " >> >> Oh well - that counts me out. I cannot do solutions - without the >> >> solution :-))) >> >> regards alan >> >> >> >> Peter. >> >> >> > >> > >> >----------------- SEIS mailing list (list@seis.nc-forum.com) >> >Info about this list: http://www.nc-forum.com/seis >> >SEIS Contact: info@seis.se >> > >> > >> > >> ------------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >> ------------------------------------------------------------------- > >-- > ================================================ > > _/_/_/ David J. Horvath > _/ _/ > _/ _/ Chromatix, Inc. > _/ _/ _/ 10451 Twin Rivers Road, Suite 265 >_/ _/_/ Columbia, MD 21044 > _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com > _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA03019 for ietf-pkix-bks; Wed, 30 Sep 1998 15:50:00 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA03010 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 15:49:51 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id AAA07763; Thu, 1 Oct 1998 00:56:48 +0200 (CEST) Received: from stefans (t1o68p120.telia.com [62.20.138.120]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id AAA28412; Thu, 1 Oct 1998 00:56:46 +0200 (CEST) Message-Id: <3.0.32.19981001005315.009f7d30@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 01 Oct 1998 00:53:52 +0200 To: Dave Horvath <dave@chromatix.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: NEW Data type for certificate selection ? Cc: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id PAA03011 Sender: owner-ietf-pkix@imc.org Precedence: bulk Dave, (Sorry for misspelling your name before) I really do agree with you, sticking with the X.500 matching rules makes it possible to link a certificate select from a local application to a suitable directory. Say that the client certificates is stored in a directory and not in the client application (or any mix). When receiving the match rule from the server it would then be very easy to use the same match data to perform an extended lookup in the directory. The question is now, Should this be worked on in IETF ? Is there enough interest in getting this done and implemented? Steve and Warwick, what do you say? Is this something for PKIX? Unfortunately I just represent some of those service providers who need this to be done, I will not be implementing this myself. Personally I can just predict better business for all if we solve this. /Stefan At 01:20 PM 9/30/98 -0400, Dave Horvath wrote: >Stefan, > >Agreed, particularly on the point of not creating any new extensions. > >I would add that I firmly believe the matching rule mechanisms should be >compatible with the work being done in X.500 and LDAP. I would also like to >see X.500 and LDAP join forces and be compatible in the area of matching rules, >I am not sure where LDAP stands at this time. > > >Dave Horvath > >Stefan Santesson wrote: >> >> David, >> >> Thank's for putting this issue in the right focus. >> >> Alan, I don't suggest any new certificate extensions >> Ed, I don't want to define any universal criteria for how certificate >> selection SHALL be done or any who decides what for whom, regulations. >> >> All I want to do is to define some mechanisms that CAN be used, if >> required, by local PKI-related services in order to make it POSSIBLE for >> them to build working services with STANDARD components. >> >> Let me highlight this again and describe a realistic problem relevant to me. >> >> Bank A offer web-based banking applications. This requires the end user to >> get a specific certificate issued by Bank A. The certificate and the >> corresponding private key is processed through the standard web browser of >> the client. >> >> Two certificates and private keys are used in the normal process. >> 1) Certificate for SSL (TLS) security >> 2) Certificate for non-repudiation protection of Bank transactions. >> >> In addition to these certificates, a specific end-user may be populated >> with several other certificates, un-known to the Bank. >> >> The question is. How can this Bank create a web based application without >> distributing a customized client plug-in for the purpose. Well the Bank can >> get far using Java Scripts but it will fail due to the problem that the >> end-user may have to select a certificate. >> Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. >> >> I realize that today there is no way to do this without distributing >> customized plug-in components to end-users, but I strongly would like to se >> options developed that helps getting around this. The current matching >> mechanism in SSL and TLS is just not good enough to solve the problem. >> >> So If we instead had a standardized matching rule that could be invoked >> into protocols and Java Scripts etc, then the situation would be much more >> hopeful for the Bank in my case. >> >> They would then construct a match rule that with high probability would >> point out the right end-user certificate and invoke that matching rule both >> in the TLS protocol and in the Java Script, forming their secure >> transaction application. >> >> It wouldn't have to be perfect, just good enough to handle some 95%+ of the >> cases as long as the Bank could detect cases where it didn't work. Then the >> non-working cases could be fixed by personal customer service. >> >> I see even more use for this matching rule. It could be used in S/MIME so >> specify a preferred encryption certificate for replies to a mail. Of course >> this matching rule could be used for X.500 directories as well (that's what >> it was built for). MY concern here is however not _where_ the certificates >> are stored but, how to select 1 of several known certificates regardless of >> where they reside. >> >> Comments? >> How do wee proceed ? >> Could we have any comments from Microsoft and Netscape ? >> >> /Stefan >> >> At 11:15 AM 9/30/98 -0400, David Horvath wrote: >> >--- Message on the SEIS mailing list (list@seis.nc-forum.com) >> > >> >Alan, >> > >> >While I personally agree that X.500 provides a mature and feature rich >> >core to implement certificate repositories, I am having trouble >> >understanding some of your assertions as to why X.500 is the answer to >> >so many problems. >> > >> >It seems to me that the first step for locating certificates in a >> >repository is to define the fields in the certificate object that are a >> >prerequisite to perform the match. Matching rules are a good start and >> >foster the thought process required to provide a well designed solution. >> >Once the matching rules are defined, a protocol such as DAP or LDAP V3 >> >with extensions may be used to exploit the matching rules. In some >> >cases, clients may choose not to use the matching rules and retrieve all >> >certificates. Perhaps matching rules are not supported by the protocol >> >(LDAP V2 or HTTP), therefore the client will collect all the >> >certificates and perform the match locally. This may be even more >> >efficient than submitting multiple searches with different variations of >> >matching rules. It could easily be more efficient to submit one search >> >and retrieve 10 certificates, then to submit 3 searches with different >> >matching rules each time until the required certificate is found. This >> >should be defined by local policies based on performance analysis. >> > >> >Once the rules for matching certificates are defined ( and I think X.500 >> >matching rules are an excellent start ) the distribution model can be >> >analyzed. This is another case where X.500 may be superior to LDAP, but >> >unless you have a well planned global infrastructure neither X.500 or >> >LDAP can help with the distribution model. >> > >> >Dave Horvath >> > >> >Alan Lloyd wrote: >> >> >> >> >> >> Snip >> >> >> >> ---------- >> >> From: pgut001@cs.auckland.ac.nz >> >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >> >> list@seis.nc-forum.com >> >> Sent: 9/29/98 1:01:30 PM >> >> Subject: Re: NEW Data type for certificate selection ? >> >> >> >> Peter - you went through great lenghts to define the problem with >> >> relationships between and searching directory based objects and a >> >> distributed information issue and then you say: >> >> " >> >> If anyone has any useful solutions for this (apart from "We should >> >> force >> >> everyone to use an X.500 directory, that would solve everything" :-) I'd >> >> be interested in hearing them. >> >> >> >> " >> >> Oh well - that counts me out. I cannot do solutions - without the >> >> solution :-))) >> >> regards alan >> >> >> >> Peter. >> >> >> > >> > >> >----------------- SEIS mailing list (list@seis.nc-forum.com) >> >Info about this list: http://www.nc-forum.com/seis >> >SEIS Contact: info@seis.se >> > >> > >> > >> ------------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >> ------------------------------------------------------------------- > >-- > ================================================ > > _/_/_/ David J. Horvath > _/ _/ > _/ _/ Chromatix, Inc. > _/ _/ _/ 10451 Twin Rivers Road, Suite 265 >_/ _/_/ Columbia, MD 21044 > _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com > _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA02842 for ietf-pkix-bks; Wed, 30 Sep 1998 15:31:06 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA02838 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 15:31:04 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id AAA18769; Thu, 1 Oct 1998 00:37:58 +0200 (CEST) Received: from stefans (t1o68p120.telia.com [62.20.138.120]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id AAA23766; Thu, 1 Oct 1998 00:37:55 +0200 (CEST) Message-Id: <3.0.32.19981001003423.00a2d2b0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 01 Oct 1998 00:35:02 +0200 To: Ed Gerck <egerck@laser.cps.softex.br> From: Stefan Santesson <stefan@accurata.se> Subject: Re: NEW Data type for certificate selection ? Cc: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id PAA02839 Sender: owner-ietf-pkix@imc.org Precedence: bulk Ed, Thank you for very interesting input. If I may try a very compressed sum of your discussion it would be: 1) In SSL the server may select preferred client certificate by Issuer DN, and "certificate type" 2) You suggest hashed SSN (social security numbers) using "salt" Regarding "certificate type" I can't find this as an active selection mechanism. It is however mentioned as prerequisite that the certificate type have to match the selected key exchange algorithm. Regardless of this I fail to see how this can be used to pick the right "non-repudiation" certificate in the Java script application. I also fail to understand if you suggest that the current SSL/TLS functions solves all my problems or just a part of them. Do you suggest that a more general matching mechanism is not needed? /Stefan P.s Regarding hashed SSN with salt, I don't get how the "salt" solves this. If the salt is unknown then the SSN can't be checked and if the salt is known the dictionary attack is still possible. I would say that your "salt" is equal to suggest that the SSN should be encrypted with a secret key (where the "salt" is being that secret key). You and I can argue for centuries if certificates handled in browsers should, or should not, be allowed to contain SSN. The fact is that many organizations require this and they will create those certificates regardless of whether you and I like it or not. All we can do is to try to help building architectural principles that to the greatest extent is as forgiving as possible for those examples of bad engineering that by provable fact will show up out there. D.s. At 03:08 PM 9/30/98 -0300, Ed Gerck wrote: >On Wed, 30 Sep 1998, Stefan Santesson wrote: > >> >>Alan, I don't suggest any new certificate extensions >>Ed, I don't want to define any universal criteria for how certificate >>selection SHALL be done or any who decides what for whom, regulations. > >Stefan: > >Thank you for changing the focus and not requiring (as in your >previous examples) that Alice would have her SSN in a public cert :-) > >Your question below fits now the first part of my previous reply, >with a direct solution in SSL, as I present below. > >> >>All I want to do is to define some mechanisms that CAN be used, if >>required, by local PKI-related services in order to make it POSSIBLE for >>them to build working services with STANDARD components. >> >>Let me highlight this again and describe a realistic problem relevant to me. >> >>Bank A offer web-based banking applications. This requires the end user to >>get a specific certificate issued by Bank A. The certificate and the >>corresponding private key is processed through the standard web browser of >>the client. >> >>Two certificates and private keys are used in the normal process. >>1) Certificate for SSL (TLS) security >>2) Certificate for non-repudiation protection of Bank transactions. >> >>In addition to these certificates, a specific end-user may be populated >>with several other certificates, un-known to the Bank. >> >>The question is. How can this Bank create a web based application without >>distributing a customized client plug-in for the purpose. > > >Suppose the Bank signs its own CA certificate and uses that >self-signed CA cert to sign all Bank customer's certs of a certain >class (to make your problem still more realistic), for types (1) and >(2) above for each customer or, (for higher security) with a >different CA cert for each type. > >Of course, that CA cert can be easily registered in a costumer's >browser -- just using the standard menu options. This is justifiable >regarding trust acceptance by a Bank's customer, because the Bank >already exibits trusted functionality to the Bank's customer and the >Bank's CA cert is used in the realm of said trusted functionality in >regard to the customer's browser in cases (1) and (2) of your >example. In other words, it requires no new assumptions, for neither >party. > >Now, you have two phases: > >1. The customer's browser must automatically authenticate the Bank's >server, using the pre-acquired and trusted public-key Bank CA cert. > > If the Bank's server sends its server cert to the browser in SSL, > right after the "server hello" message and self-signed by their own > CA, the browser will be able to automatically verify and accept the > Bank's server cert -- since it can be checked by the public-key > contained in the Bank's own self-signed CA cert stored at the > costumer's browser. > >2. The Bank's server must authenticate the required customer's cert, >which is appropriately requested by the Bank's server and is >automatically presented by the customer's browser according to cert >class and cert type, from a larger collection. > > Since the Bank's server is non-anonymous, it can automatically > request the intended cert from the browser by sending only the DN of > their own appropriate (ie, for that customer's class) CA cert in the > "certificate request" message sent from server to browser in SSL -- > which Bank CA cert is exactly the one that signed the required > customer's cert. Since the Bank certainly did not use their own CA > cert to sign any other types of certs for the customer, the Bank > (and the customer) can trust the browser/SSL combination to block > other customer certs that could have been selected from the > customer's certificate pool and sent back in response. The server > can also specify in the "certificate request" message the customer's > "certificate type" it is requesting, as needed by the Bank -- for > example in your cases (1) and (2) above. Or, for higher security, > the Bank can use different CA certs for each type and send their DNs > accordingly, in each case. > > >It is important to note that *if* the customer's browser fails to >authenticate the Bank's server, then this will generate a fatal >handshake-failure alert in SSL if the non-authenticated Bank still >tries to go into phase 2 above -- so, the second phase is privacy >protected by the first. Perhaps, this also answers some of your >previous concerns and could allow more sensitive information (from >the customer) to be included in the customer's cert sent to the >server -- but, by all means, not in plain (eg, the SSN itself) if >privacy is really a concern since public client certificates are >stored in general access areas at the server. > > >Regarding possible problems of using hashes to protect US's SSN >numbers in public certs (as I suggested in my previous reply), I >include below one comentary I received and my reply -- since it may >be also useful in your context: > >=============================== >>This does not help. American SSN is only 9 digits long and only >>includes digits. It will be trivial to do a dictionary attack in >>this case. This may be true for other pieces of sensitive info as >>well. > >The solution is to add "salt" -- like it is done in UNIX passwords. >For example, you can add 50 chars of salt or as many as you want -- a >passphrase. The point here is that since you know the SSN and the >salt, no one else can guess the SSN from a dictionary attack on only >9 digits. Better still, you can change the hash in a new cert and >keep the SSN constant, by changing the salt, so no one can verify >your SSN in a new cert without your cooperation. > >Part of this technique is used in the MC-DN token in the >Meta-Certificate Standard being developed by the MCG. See >http://www.mcg.org.br/mcfaq.htm > >=============================== > > >Cheers, > >Ed Gerck >______________________________________________________________________ >Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br >http://novaware.cps.softex.br > > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA00464 for ietf-pkix-bks; Wed, 30 Sep 1998 11:04:46 -0700 (PDT) Received: from laser.cps.softex.br (laser.cps.softex.br [143.106.29.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA00443 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 11:02:19 -0700 (PDT) Received: from laser (laser [143.106.29.34]) by laser.cps.softex.br (8.8.7/8.8.7) with SMTP id PAA27526; Wed, 30 Sep 1998 15:08:28 -0300 Date: Wed, 30 Sep 1998 15:08:26 -0300 (EST) From: Ed Gerck <egerck@laser.cps.softex.br> To: Stefan Santesson <stefan@accurata.se> cc: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? In-Reply-To: <3.0.32.19980930164259.00a84cc0@m1.403.telia.com> Message-ID: <Pine.LNX.4.02.9809301211200.25643-100000@laser.cps.softex.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk On Wed, 30 Sep 1998, Stefan Santesson wrote: > >Alan, I don't suggest any new certificate extensions >Ed, I don't want to define any universal criteria for how certificate >selection SHALL be done or any who decides what for whom, regulations. Stefan: Thank you for changing the focus and not requiring (as in your previous examples) that Alice would have her SSN in a public cert :-) Your question below fits now the first part of my previous reply, with a direct solution in SSL, as I present below. > >All I want to do is to define some mechanisms that CAN be used, if >required, by local PKI-related services in order to make it POSSIBLE for >them to build working services with STANDARD components. > >Let me highlight this again and describe a realistic problem relevant to me. > >Bank A offer web-based banking applications. This requires the end user to >get a specific certificate issued by Bank A. The certificate and the >corresponding private key is processed through the standard web browser of >the client. > >Two certificates and private keys are used in the normal process. >1) Certificate for SSL (TLS) security >2) Certificate for non-repudiation protection of Bank transactions. > >In addition to these certificates, a specific end-user may be populated >with several other certificates, un-known to the Bank. > >The question is. How can this Bank create a web based application without >distributing a customized client plug-in for the purpose. Suppose the Bank signs its own CA certificate and uses that self-signed CA cert to sign all Bank customer's certs of a certain class (to make your problem still more realistic), for types (1) and (2) above for each customer or, (for higher security) with a different CA cert for each type. Of course, that CA cert can be easily registered in a costumer's browser -- just using the standard menu options. This is justifiable regarding trust acceptance by a Bank's customer, because the Bank already exibits trusted functionality to the Bank's customer and the Bank's CA cert is used in the realm of said trusted functionality in regard to the customer's browser in cases (1) and (2) of your example. In other words, it requires no new assumptions, for neither party. Now, you have two phases: 1. The customer's browser must automatically authenticate the Bank's server, using the pre-acquired and trusted public-key Bank CA cert. If the Bank's server sends its server cert to the browser in SSL, right after the "server hello" message and self-signed by their own CA, the browser will be able to automatically verify and accept the Bank's server cert -- since it can be checked by the public-key contained in the Bank's own self-signed CA cert stored at the costumer's browser. 2. The Bank's server must authenticate the required customer's cert, which is appropriately requested by the Bank's server and is automatically presented by the customer's browser according to cert class and cert type, from a larger collection. Since the Bank's server is non-anonymous, it can automatically request the intended cert from the browser by sending only the DN of their own appropriate (ie, for that customer's class) CA cert in the "certificate request" message sent from server to browser in SSL -- which Bank CA cert is exactly the one that signed the required customer's cert. Since the Bank certainly did not use their own CA cert to sign any other types of certs for the customer, the Bank (and the customer) can trust the browser/SSL combination to block other customer certs that could have been selected from the customer's certificate pool and sent back in response. The server can also specify in the "certificate request" message the customer's "certificate type" it is requesting, as needed by the Bank -- for example in your cases (1) and (2) above. Or, for higher security, the Bank can use different CA certs for each type and send their DNs accordingly, in each case. It is important to note that *if* the customer's browser fails to authenticate the Bank's server, then this will generate a fatal handshake-failure alert in SSL if the non-authenticated Bank still tries to go into phase 2 above -- so, the second phase is privacy protected by the first. Perhaps, this also answers some of your previous concerns and could allow more sensitive information (from the customer) to be included in the customer's cert sent to the server -- but, by all means, not in plain (eg, the SSN itself) if privacy is really a concern since public client certificates are stored in general access areas at the server. Regarding possible problems of using hashes to protect US's SSN numbers in public certs (as I suggested in my previous reply), I include below one comentary I received and my reply -- since it may be also useful in your context: =============================== >This does not help. American SSN is only 9 digits long and only >includes digits. It will be trivial to do a dictionary attack in >this case. This may be true for other pieces of sensitive info as >well. The solution is to add "salt" -- like it is done in UNIX passwords. For example, you can add 50 chars of salt or as many as you want -- a passphrase. The point here is that since you know the SSN and the salt, no one else can guess the SSN from a dictionary attack on only 9 digits. Better still, you can change the hash in a new cert and keep the SSN constant, by changing the salt, so no one can verify your SSN in a new cert without your cooperation. Part of this technique is used in the MC-DN token in the Meta-Certificate Standard being developed by the MCG. See http://www.mcg.org.br/mcfaq.htm =============================== Cheers, Ed Gerck ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br http://novaware.cps.softex.br Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA00258 for ietf-pkix-bks; Wed, 30 Sep 1998 10:37:53 -0700 (PDT) Received: from mailsvr.basit.com (mailsvr-gw.basit.com [128.209.1.213]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA00254 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 10:37:44 -0700 (PDT) Received: from klerer.basit.com (shiva120 [128.209.144.120]) by mailsvr.basit.com (Guess_again/1.8) with SMTP id NAA06626 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 13:44:11 -0400 (EDT) Message-ID: <008101bdec99$e9fa7a60$010ed180@klerer.basit.com> From: "Robert Klerer" <klerer@xhair.com> To: <ietf-pkix@imc.org> Subject: Re: NEW Data type for certificate selection ? Date: Wed, 30 Sep 1998 13:44:02 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan, If I can suggest a more trivial example. I have a key pair that others use to send me encrypted email and another for encrypting files on my hard disk. There are good reasons to use two key pairs (different escrow policies, key lengths etc.). Locally my applications can use various means of keeping my private keys straight. My CA, by policy, will put both certifucates in a repository. People who have access to the repository who want to send me mail have no distinguishing application usage to select the proper certificate. The answer is not "Don't put your file certificate in the repostory". >David, > >Thank's for putting this issue in the right focus. > >Alan, I don't suggest any new certificate extensions >Ed, I don't want to define any universal criteria for how certificate >selection SHALL be done or any who decides what for whom, regulations. > >All I want to do is to define some mechanisms that CAN be used, if >required, by local PKI-related services in order to make it POSSIBLE for >them to build working services with STANDARD components. > >Let me highlight this again and describe a realistic problem relevant to me. > >Bank A offer web-based banking applications. This requires the end user to >get a specific certificate issued by Bank A. The certificate and the >corresponding private key is processed through the standard web browser of >the client. > >Two certificates and private keys are used in the normal process. >1) Certificate for SSL (TLS) security >2) Certificate for non-repudiation protection of Bank transactions. > >In addition to these certificates, a specific end-user may be populated >with several other certificates, un-known to the Bank. > >The question is. How can this Bank create a web based application without >distributing a customized client plug-in for the purpose. Well the Bank can >get far using Java Scripts but it will fail due to the problem that the >end-user may have to select a certificate. >Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. > >I realize that today there is no way to do this without distributing >customized plug-in components to end-users, but I strongly would like to se >options developed that helps getting around this. The current matching >mechanism in SSL and TLS is just not good enough to solve the problem. > >So If we instead had a standardized matching rule that could be invoked >into protocols and Java Scripts etc, then the situation would be much more >hopeful for the Bank in my case. > >They would then construct a match rule that with high probability would >point out the right end-user certificate and invoke that matching rule both >in the TLS protocol and in the Java Script, forming their secure >transaction application. > >It wouldn't have to be perfect, just good enough to handle some 95%+ of the >cases as long as the Bank could detect cases where it didn't work. Then the >non-working cases could be fixed by personal customer service. > >I see even more use for this matching rule. It could be used in S/MIME so >specify a preferred encryption certificate for replies to a mail. Of course >this matching rule could be used for X.500 directories as well (that's what >it was built for). MY concern here is however not _where_ the certificates >are stored but, how to select 1 of several known certificates regardless of >where they reside. > > >Comments? >How do wee proceed ? >Could we have any comments from Microsoft and Netscape ? > >/Stefan > >At 11:15 AM 9/30/98 -0400, David Horvath wrote: >>--- Message on the SEIS mailing list (list@seis.nc-forum.com) >> >>Alan, >> >>While I personally agree that X.500 provides a mature and feature rich >>core to implement certificate repositories, I am having trouble >>understanding some of your assertions as to why X.500 is the answer to >>so many problems. >> >>It seems to me that the first step for locating certificates in a >>repository is to define the fields in the certificate object that are a >>prerequisite to perform the match. Matching rules are a good start and >>foster the thought process required to provide a well designed solution. >>Once the matching rules are defined, a protocol such as DAP or LDAP V3 >>with extensions may be used to exploit the matching rules. In some >>cases, clients may choose not to use the matching rules and retrieve all >>certificates. Perhaps matching rules are not supported by the protocol >>(LDAP V2 or HTTP), therefore the client will collect all the >>certificates and perform the match locally. This may be even more >>efficient than submitting multiple searches with different variations of >>matching rules. It could easily be more efficient to submit one search >>and retrieve 10 certificates, then to submit 3 searches with different >>matching rules each time until the required certificate is found. This >>should be defined by local policies based on performance analysis. >> >>Once the rules for matching certificates are defined ( and I think X.500 >>matching rules are an excellent start ) the distribution model can be >>analyzed. This is another case where X.500 may be superior to LDAP, but >>unless you have a well planned global infrastructure neither X.500 or >>LDAP can help with the distribution model. >> >>Dave Horvath >> >>Alan Lloyd wrote: >>> >>> >>> Snip >>> >>> ---------- >>> From: pgut001@cs.auckland.ac.nz >>> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >>> list@seis.nc-forum.com >>> Sent: 9/29/98 1:01:30 PM >>> Subject: Re: NEW Data type for certificate selection ? >>> >>> Peter - you went through great lenghts to define the problem with >>> relationships between and searching directory based objects and a >>> distributed information issue and then you say: >>> " >>> If anyone has any useful solutions for this (apart from "We should >>> force >>> everyone to use an X.500 directory, that would solve everything" :-) I'd >>> be interested in hearing them. >>> >>> " >>> Oh well - that counts me out. I cannot do solutions - without the >>> solution :-))) >>> regards alan >>> >>> Peter. >>> >> >> >>----------------- SEIS mailing list (list@seis.nc-forum.com) >>Info about this list: http://www.nc-forum.com/seis >>SEIS Contact: info@seis.se >> >> >> >------------------------------------------------------------------- >Stefan Santesson <stefan@accurata.se> >Accurata Systemsäkerhet AB >Lotsgatan 27 D Tel. +46-40 152211 >216 42 Malmö Fax. +46-40 150790 >Sweden Mobile +46-70 5247799 > >PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >------------------------------------------------------------------- > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA29980 for ietf-pkix-bks; Wed, 30 Sep 1998 10:14:37 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA29976 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 10:14:34 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id NAA08397; Wed, 30 Sep 1998 13:21:48 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <3612686B.C127798B@chromatix.com> Date: Wed, 30 Sep 1998 13:20:43 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Stefan Santesson <stefan@accurata.se> CC: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? References: <3.0.32.19980930164259.00a84cc0@m1.403.telia.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan, Agreed, particularly on the point of not creating any new extensions. I would add that I firmly believe the matching rule mechanisms should be compatible with the work being done in X.500 and LDAP. I would also like to see X.500 and LDAP join forces and be compatible in the area of matching rules, I am not sure where LDAP stands at this time. Dave Horvath Stefan Santesson wrote: > > David, > > Thank's for putting this issue in the right focus. > > Alan, I don't suggest any new certificate extensions > Ed, I don't want to define any universal criteria for how certificate > selection SHALL be done or any who decides what for whom, regulations. > > All I want to do is to define some mechanisms that CAN be used, if > required, by local PKI-related services in order to make it POSSIBLE for > them to build working services with STANDARD components. > > Let me highlight this again and describe a realistic problem relevant to me. > > Bank A offer web-based banking applications. This requires the end user to > get a specific certificate issued by Bank A. The certificate and the > corresponding private key is processed through the standard web browser of > the client. > > Two certificates and private keys are used in the normal process. > 1) Certificate for SSL (TLS) security > 2) Certificate for non-repudiation protection of Bank transactions. > > In addition to these certificates, a specific end-user may be populated > with several other certificates, un-known to the Bank. > > The question is. How can this Bank create a web based application without > distributing a customized client plug-in for the purpose. Well the Bank can > get far using Java Scripts but it will fail due to the problem that the > end-user may have to select a certificate. > Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. > > I realize that today there is no way to do this without distributing > customized plug-in components to end-users, but I strongly would like to se > options developed that helps getting around this. The current matching > mechanism in SSL and TLS is just not good enough to solve the problem. > > So If we instead had a standardized matching rule that could be invoked > into protocols and Java Scripts etc, then the situation would be much more > hopeful for the Bank in my case. > > They would then construct a match rule that with high probability would > point out the right end-user certificate and invoke that matching rule both > in the TLS protocol and in the Java Script, forming their secure > transaction application. > > It wouldn't have to be perfect, just good enough to handle some 95%+ of the > cases as long as the Bank could detect cases where it didn't work. Then the > non-working cases could be fixed by personal customer service. > > I see even more use for this matching rule. It could be used in S/MIME so > specify a preferred encryption certificate for replies to a mail. Of course > this matching rule could be used for X.500 directories as well (that's what > it was built for). MY concern here is however not _where_ the certificates > are stored but, how to select 1 of several known certificates regardless of > where they reside. > > Comments? > How do wee proceed ? > Could we have any comments from Microsoft and Netscape ? > > /Stefan > > At 11:15 AM 9/30/98 -0400, David Horvath wrote: > >--- Message on the SEIS mailing list (list@seis.nc-forum.com) > > > >Alan, > > > >While I personally agree that X.500 provides a mature and feature rich > >core to implement certificate repositories, I am having trouble > >understanding some of your assertions as to why X.500 is the answer to > >so many problems. > > > >It seems to me that the first step for locating certificates in a > >repository is to define the fields in the certificate object that are a > >prerequisite to perform the match. Matching rules are a good start and > >foster the thought process required to provide a well designed solution. > >Once the matching rules are defined, a protocol such as DAP or LDAP V3 > >with extensions may be used to exploit the matching rules. In some > >cases, clients may choose not to use the matching rules and retrieve all > >certificates. Perhaps matching rules are not supported by the protocol > >(LDAP V2 or HTTP), therefore the client will collect all the > >certificates and perform the match locally. This may be even more > >efficient than submitting multiple searches with different variations of > >matching rules. It could easily be more efficient to submit one search > >and retrieve 10 certificates, then to submit 3 searches with different > >matching rules each time until the required certificate is found. This > >should be defined by local policies based on performance analysis. > > > >Once the rules for matching certificates are defined ( and I think X.500 > >matching rules are an excellent start ) the distribution model can be > >analyzed. This is another case where X.500 may be superior to LDAP, but > >unless you have a well planned global infrastructure neither X.500 or > >LDAP can help with the distribution model. > > > >Dave Horvath > > > >Alan Lloyd wrote: > >> > >> > >> Snip > >> > >> ---------- > >> From: pgut001@cs.auckland.ac.nz > >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; > >> list@seis.nc-forum.com > >> Sent: 9/29/98 1:01:30 PM > >> Subject: Re: NEW Data type for certificate selection ? > >> > >> Peter - you went through great lenghts to define the problem with > >> relationships between and searching directory based objects and a > >> distributed information issue and then you say: > >> " > >> If anyone has any useful solutions for this (apart from "We should > >> force > >> everyone to use an X.500 directory, that would solve everything" :-) I'd > >> be interested in hearing them. > >> > >> " > >> Oh well - that counts me out. I cannot do solutions - without the > >> solution :-))) > >> regards alan > >> > >> Peter. > >> > > > > > >----------------- SEIS mailing list (list@seis.nc-forum.com) > >Info about this list: http://www.nc-forum.com/seis > >SEIS Contact: info@seis.se > > > > > > > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systemsäkerhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malmö Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA28790 for ietf-pkix-bks; Wed, 30 Sep 1998 07:39:59 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA28786 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 07:39:57 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id QAA02188; Wed, 30 Sep 1998 16:46:36 +0200 (CEST) Received: from stefans (t3o68p79.telia.com [62.20.139.79]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id QAA25183; Wed, 30 Sep 1998 16:46:29 +0200 (CEST) Message-Id: <3.0.32.19980930164259.00a84cc0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 30 Sep 1998 16:43:41 +0200 To: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> From: Stefan Santesson <stefan@accurata.se> Subject: Re: NEW Data type for certificate selection ? Cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA28787 Sender: owner-ietf-pkix@imc.org Precedence: bulk David, Thank's for putting this issue in the right focus. Alan, I don't suggest any new certificate extensions Ed, I don't want to define any universal criteria for how certificate selection SHALL be done or any who decides what for whom, regulations. All I want to do is to define some mechanisms that CAN be used, if required, by local PKI-related services in order to make it POSSIBLE for them to build working services with STANDARD components. Let me highlight this again and describe a realistic problem relevant to me. Bank A offer web-based banking applications. This requires the end user to get a specific certificate issued by Bank A. The certificate and the corresponding private key is processed through the standard web browser of the client. Two certificates and private keys are used in the normal process. 1) Certificate for SSL (TLS) security 2) Certificate for non-repudiation protection of Bank transactions. In addition to these certificates, a specific end-user may be populated with several other certificates, un-known to the Bank. The question is. How can this Bank create a web based application without distributing a customized client plug-in for the purpose. Well the Bank can get far using Java Scripts but it will fail due to the problem that the end-user may have to select a certificate. Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. I realize that today there is no way to do this without distributing customized plug-in components to end-users, but I strongly would like to se options developed that helps getting around this. The current matching mechanism in SSL and TLS is just not good enough to solve the problem. So If we instead had a standardized matching rule that could be invoked into protocols and Java Scripts etc, then the situation would be much more hopeful for the Bank in my case. They would then construct a match rule that with high probability would point out the right end-user certificate and invoke that matching rule both in the TLS protocol and in the Java Script, forming their secure transaction application. It wouldn't have to be perfect, just good enough to handle some 95%+ of the cases as long as the Bank could detect cases where it didn't work. Then the non-working cases could be fixed by personal customer service. I see even more use for this matching rule. It could be used in S/MIME so specify a preferred encryption certificate for replies to a mail. Of course this matching rule could be used for X.500 directories as well (that's what it was built for). MY concern here is however not _where_ the certificates are stored but, how to select 1 of several known certificates regardless of where they reside. Comments? How do wee proceed ? Could we have any comments from Microsoft and Netscape ? /Stefan At 11:15 AM 9/30/98 -0400, David Horvath wrote: >--- Message on the SEIS mailing list (list@seis.nc-forum.com) > >Alan, > >While I personally agree that X.500 provides a mature and feature rich >core to implement certificate repositories, I am having trouble >understanding some of your assertions as to why X.500 is the answer to >so many problems. > >It seems to me that the first step for locating certificates in a >repository is to define the fields in the certificate object that are a >prerequisite to perform the match. Matching rules are a good start and >foster the thought process required to provide a well designed solution. >Once the matching rules are defined, a protocol such as DAP or LDAP V3 >with extensions may be used to exploit the matching rules. In some >cases, clients may choose not to use the matching rules and retrieve all >certificates. Perhaps matching rules are not supported by the protocol >(LDAP V2 or HTTP), therefore the client will collect all the >certificates and perform the match locally. This may be even more >efficient than submitting multiple searches with different variations of >matching rules. It could easily be more efficient to submit one search >and retrieve 10 certificates, then to submit 3 searches with different >matching rules each time until the required certificate is found. This >should be defined by local policies based on performance analysis. > >Once the rules for matching certificates are defined ( and I think X.500 >matching rules are an excellent start ) the distribution model can be >analyzed. This is another case where X.500 may be superior to LDAP, but >unless you have a well planned global infrastructure neither X.500 or >LDAP can help with the distribution model. > >Dave Horvath > >Alan Lloyd wrote: >> >> >> Snip >> >> ---------- >> From: pgut001@cs.auckland.ac.nz >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >> list@seis.nc-forum.com >> Sent: 9/29/98 1:01:30 PM >> Subject: Re: NEW Data type for certificate selection ? >> >> Peter - you went through great lenghts to define the problem with >> relationships between and searching directory based objects and a >> distributed information issue and then you say: >> " >> If anyone has any useful solutions for this (apart from "We should >> force >> everyone to use an X.500 directory, that would solve everything" :-) I'd >> be interested in hearing them. >> >> " >> Oh well - that counts me out. I cannot do solutions - without the >> solution :-))) >> regards alan >> >> Peter. >> > > >----------------- SEIS mailing list (list@seis.nc-forum.com) >Info about this list: http://www.nc-forum.com/seis >SEIS Contact: info@seis.se > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA05527 for ietf-pkix-bks; Tue, 29 Sep 1998 20:00:40 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA05523 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 20:00:39 -0700 (PDT) Received: from chromatix.com (cc1020663-a.hwrd1.md.home.com [24.3.62.220]) by chromatix.com (8.8.8/8.8.8) with ESMTP id XAA06421; Tue, 29 Sep 1998 23:07:34 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <36124B27.2FE16E0C@chromatix.com> Date: Wed, 30 Sep 1998 11:15:51 -0400 From: David Horvath <dave@chromatix.com> Organization: @Home Network X-Mailer: Mozilla 4.05 [en]C-AtHome0404 (Win95; U) MIME-Version: 1.0 To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> CC: "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? References: <D1A949D4508DD1119C8100400533BEDC07B96A@DSG1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan, While I personally agree that X.500 provides a mature and feature rich core to implement certificate repositories, I am having trouble understanding some of your assertions as to why X.500 is the answer to so many problems. It seems to me that the first step for locating certificates in a repository is to define the fields in the certificate object that are a prerequisite to perform the match. Matching rules are a good start and foster the thought process required to provide a well designed solution. Once the matching rules are defined, a protocol such as DAP or LDAP V3 with extensions may be used to exploit the matching rules. In some cases, clients may choose not to use the matching rules and retrieve all certificates. Perhaps matching rules are not supported by the protocol (LDAP V2 or HTTP), therefore the client will collect all the certificates and perform the match locally. This may be even more efficient than submitting multiple searches with different variations of matching rules. It could easily be more efficient to submit one search and retrieve 10 certificates, then to submit 3 searches with different matching rules each time until the required certificate is found. This should be defined by local policies based on performance analysis. Once the rules for matching certificates are defined ( and I think X.500 matching rules are an excellent start ) the distribution model can be analyzed. This is another case where X.500 may be superior to LDAP, but unless you have a well planned global infrastructure neither X.500 or LDAP can help with the distribution model. Dave Horvath Alan Lloyd wrote: > > > Snip > > ---------- > From: pgut001@cs.auckland.ac.nz > To: cert-talk@structuredarts.com; ietf-pkix@imc.org; > list@seis.nc-forum.com > Sent: 9/29/98 1:01:30 PM > Subject: Re: NEW Data type for certificate selection ? > > Peter - you went through great lenghts to define the problem with > relationships between and searching directory based objects and a > distributed information issue and then you say: > " > If anyone has any useful solutions for this (apart from "We should > force > everyone to use an X.500 directory, that would solve everything" :-) I'd > be interested in hearing them. > > " > Oh well - that counts me out. I cannot do solutions - without the > solution :-))) > regards alan > > Peter. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA06015 for ietf-pkix-bks; Tue, 29 Sep 1998 10:32:40 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA06011 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 10:32:39 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id KAA18568; Tue, 29 Sep 1998 10:38:57 -0700 (PDT) Message-Id: <4.1.0.67.19980929132920.009c4d20@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.67 (Beta) Date: Tue, 29 Sep 1998 13:30:03 -0400 To: Allen_Rochkind@3com.com From: Russ Housley <housley@spyrus.com> Subject: Re: A question and comment about PKIX - Part 1, Version 11. Cc: ietf-pkix@imc.org In-Reply-To: <8825668D.00778D10.00@hqoutbound.ops.3com.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Allen: It means that the data in the CRL cannot be used to validate any certificates. Another source of revocation information must be used. Russ At 02:55 PM 9/28/98 -0700, Allen_Rochkind@3com.com wrote: >First the question. In Section 5.2 "CRL Extensions", p. 46, it says: > > "A CRL validation MUST fail if it encounters a critical extension >which it does not know how to process". > >My question is exactly what does it means that a "CRL validation fails"?. >Does this mean that the CRL is to be ignored and that any certificates that >might appear on the CRL are not invalidated by the CRL?. I would suppose >it is that interpretation rather than that a certificate validation fails >if such a CRL is encountered. > >And now a minor comment. I notice that RFC 2044 (on UTF8 strings) has been >obsoleted by RFC 2279. The comment is just to update the RFC reference in >the spec in Appendix A.1 under UTF8String (p.69). > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA03135 for ietf-pkix-bks; Tue, 29 Sep 1998 05:01:19 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA03131 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 05:01:18 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id IAA07388; Tue, 29 Sep 1998 08:06:01 -0400 (EDT) Message-Id: <199809291206.IAA07388@ietf.org> To: IETF-Announce: ; Cc: RFC Editor <rfc-editor@isi.edu> Cc: Internet Architecture Board <iab@isi.edu> Cc: ietf-pkix@imc.org From: The IESG <iesg-secretary@ietf.org> Subject: Protocol Action: Internet X.509 Public Key Infrastructure Certificate and CRL Profile to Proposed Standard Date: Tue, 29 Sep 1998 08:06:00 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk The IESG has approved the Internet-Draft Internet X.509 Public Key Infrastructure Certificate and CRL Profile <draft-ietf-pkix-ipki-part1-11.txt> as a Proposed Standard. This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Jeffrey Schiller and Marcus Leech. Technical Summary The PKIX Working Group is chartered to specify an Internet profile for the use of X.509 certificates. The focus of the profile is to ensure interoperation between implementations that conform to it. The Part I specification defines formats and requirements for Certificates and Certificate Revocation Lists (CRLs). It is part of a suite of documents, but can stand alone. Working Group Summary This document is the tenth revision of the Part I profile document. Input from many members of the community has gone into this draft which the working group has consensus on. Protocol Quality Many experts on Public Key Infrastructure and contributed and commented on this specification. Jeffrey I. Schiller reviewed the document for the IESG. Y2K Compliance The protocols and formats in this document are Year 2000 compliant. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA25568 for ietf-pkix-bks; Tue, 29 Sep 1998 00:26:22 -0700 (PDT) Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by mail.proper.com (8.8.8/8.8.5) with SMTP id AAA25564 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 00:26:14 -0700 (PDT) Received: from HYDRA ([195.67.109.114]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id JAA18103; Tue, 29 Sep 1998 09:32:34 +0200 Received: by HYDRA with Microsoft Mail id <01BDEB8B.32948E60@HYDRA>; Tue, 29 Sep 1998 09:26:11 +0200 Message-ID: <01BDEB8B.32948E60@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Ed Gerck'" <egerck@laser.cps.softex.br>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Date: Tue, 29 Sep 1998 09:26:09 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Peter, see in-line comment below. On Tue, 29 Sep 1998, Peter Gutmann wrote: >In that, the server application cannot define anything, at most could >suggest a list of CAs (see below), otherwise it would be easy either >to subvert the user's security choices or do a DoS attack. So, the >server must not be allowed to "help" in a decisive way which user >cert *will* be used -- as though it might seem useful at first: >> In order to make this user friendly, we have to create a mechanism >> where a server can help a client application to select one proper >> certificate out of many. In the example there is just 3 >> certificates to choose among but what if there is 20 or 30? >but such is not safe. The authenticating server may surely *suggest* a list of possible certificates that it may accept because it is always *you* (the user) that should manually select the proper one. In case you feel that a cert with SSN could create a disaster if you accidentally gave it to a wrong server the solution would be to have a local (user-defined) set of valid servers (i.e. their public keys). To insert a new server would require a few more clicks. I.e. similar to ActiveX controls or signed Java Applets. Such servers would typically be governmental (who gave you the SSN) and a *few* other parties that you hopefully trust like your bank or employer. A similar scheme could be used for defining a list of valid receivers of mail signed with a cert containing an SSN (or other sensitive information). I will come back soon with a server-to-cert selection scheme. Anders Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA07285 for ietf-pkix-bks; Mon, 28 Sep 1998 15:25:34 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id PAA07281 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 15:25:33 -0700 (PDT) Message-Id: <199809282225.PAA07281@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Mon, 28 Sep 1998 15:31:45 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: A question and comment about PKIX - Part 1, Version 11. In-Reply-To: <8825668D.00778D10.00@hqoutbound.ops.3com.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk >And now a minor comment. I notice that RFC 2044 (on UTF8 strings) has been >obsoleted by RFC 2279. The comment is just to update the RFC reference in >the spec in Appendix A.1 under UTF8String (p.69). Yes, please, since RFC 2279 had some technical corrections to RFC 2044, I believe. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA07078 for ietf-pkix-bks; Mon, 28 Sep 1998 14:49:02 -0700 (PDT) Received: from seattle.3com.com (seattle.3com.com [129.213.128.97]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA07074 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:49:01 -0700 (PDT) From: Allen_Rochkind@3com.com Received: from new-york.3com.com (new-york.3com.com [129.213.157.12]) by seattle.3com.com (8.8.8/8.8.8) with ESMTP id OAA21156 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:55:57 -0700 (PDT) Received: from hqoutbound.ops.3com.com (hqoutbound.OPS.3Com.COM [139.87.48.104]) by new-york.3com.com (8.8.8/8.8.8) with SMTP id OAA06803 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:55:56 -0700 (PDT) Received: by hqoutbound.ops.3com.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 8825668D.007878E7 ; Mon, 28 Sep 1998 14:55:52 -0700 X-Lotus-FromDomain: 3COM To: ietf-pkix@imc.org Message-ID: <8825668D.00778D10.00@hqoutbound.ops.3com.com> Date: Mon, 28 Sep 1998 14:55:42 -0700 Subject: A question and comment about PKIX - Part 1, Version 11. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk First the question. In Section 5.2 "CRL Extensions", p. 46, it says: "A CRL validation MUST fail if it encounters a critical extension which it does not know how to process". My question is exactly what does it means that a "CRL validation fails"?. Does this mean that the CRL is to be ignored and that any certificates that might appear on the CRL are not invalidated by the CRL?. I would suppose it is that interpretation rather than that a certificate validation fails if such a CRL is encountered. And now a minor comment. I notice that RFC 2044 (on UTF8 strings) has been obsoleted by RFC 2279. The comment is just to update the RFC reference in the spec in Appendix A.1 under UTF8String (p.69). Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA06782 for ietf-pkix-bks; Mon, 28 Sep 1998 14:07:46 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA06778 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:07:43 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX3528L9>; Tue, 29 Sep 1998 07:11:57 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B96A@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: RE: NEW Data type for certificate selection ? Date: Tue, 29 Sep 1998 07:11:56 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Snip ---------- From: pgut001@cs.auckland.ac.nz To: cert-talk@structuredarts.com; ietf-pkix@imc.org; list@seis.nc-forum.com Sent: 9/29/98 1:01:30 PM Subject: Re: NEW Data type for certificate selection ? Peter - you went through great lenghts to define the problem with relationships between and searching directory based objects and a distributed information issue and then you say: " If anyone has any useful solutions for this (apart from "We should force everyone to use an X.500 directory, that would solve everything" :-) I'd be interested in hearing them. " Oh well - that counts me out. I cannot do solutions - without the solution :-))) regards alan Peter. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA06221 for ietf-pkix-bks; Mon, 28 Sep 1998 12:40:54 -0700 (PDT) Received: from laser.cps.softex.br (laser.cps.softex.br [143.106.29.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA06217 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 12:40:51 -0700 (PDT) Received: from laser (laser [143.106.29.34]) by laser.cps.softex.br (8.8.7/8.8.7) with SMTP id QAA25781; Mon, 28 Sep 1998 16:47:26 -0300 Date: Mon, 28 Sep 1998 16:47:25 -0300 (EST) From: Ed Gerck <egerck@laser.cps.softex.br> To: Peter Gutmann <pgut001@cs.auckland.ac.nz> cc: cert-talk@structuredarts.com, ietf-pkix@imc.org, list@seis.nc-forum.com Subject: Re: NEW Data type for certificate selection ? In-Reply-To: <199809281406.HAA29579@gateway-ext.StructuredArts.COM> Message-ID: <Pine.LNX.4.02.9809281408220.25643-100000@laser.cps.softex.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk On Tue, 29 Sep 1998, Peter Gutmann wrote: >Stefan Santesson <stefan@accurata.se> writes: > >>The problem I want to solve is how to pick 1 out of many certificates within >>an end user application. > >>The problem is how to select the right certificate in every suitable occasion >>when several certificates is accessed by the same application. > >>In order to make this user friendly, we have to create a mechanism where a >>server can help a client application to select one proper certificate out of >>many. In the example there is just 3 certificates to choose among but what if >>there is 20 or 30? > >This was something I looked at about 6 months ago while trying to come up with >a general abstraction for a certificate store. The problem you face is that >while it's easy enough to go from certificate -> capabilities, it's very >difficult to go from capabilities -> certificate. Put another way, given a >cert it's easy to answer the query "Can I do X with this", but given a >collection of certs it's very difficult to answer the query "Which cert is >required to do X". Stefan and Peter: As I understood, Stefan's problem (and examples) was pertinent to *signing* and *user authentication*. Specifically, this leads to two different subproblems, which are how to: 1. select which user's private-key should be used in response to a web *signing* query to be done by the user -- when many private-keys exist that can be accessed by the same application (eg, web browser), and 2. select which user public-key certificate should be exported in response to a web *authentication* query on the user, without exporting any public-key cert that has sensitive attribute data (eg, Alice's SSN). Of course, one can argue that "public-key certs" are just what the name implies -- public. Hence, sensitive private data such as SSN should not be stored in them and it is immaterial which public-key cert you export, securitywise and privacywise. In this line of thought, if hardpressed one would include a hash of the sensitive data in the public cert but never the data itself. In this scenario, subproblem (2) is trivial: select any or all. Subproblem (1) is not trivial, due to non-repudiation bits and other qualifiers, but is answered by each application and its user customization/history -- how it allows signing to be done (eg, if signing is automatic, if it requires a yes/no decision, if it needs a passphrase, etc.), how each private-key certificate is stored (eg, in plain-text, off-line in a SC, encrypted, etc.), and so on. However, if we accept that there may be valid uses for "public-key certs" which are not public, with all the security and privacy risks that may ensue from such usage (such as when Bill trusts Monica that trusts Linda; or, when Bill cannot revoke a token that was given to Monica and which unfortunately Monica had to surrender) -- then we must consider that each "non-public" public-key cert and private-key will be handled either by a special application or by an interactive and possibly customized procedure in a general application (eg, a web browser). Which then answers subproblems (1) and (2) also for "non-public" public-key certs. In that, the server application cannot define anything, at most could suggest a list of CAs (see below), otherwise it would be easy either to subvert the user's security choices or do a DoS attack. So, the server must not be allowed to "help" in a decisive way which user cert *will* be used -- as though it might seem useful at first: >> In order to make this user friendly, we have to create a mechanism >> where a server can help a client application to select one proper >> certificate out of many. In the example there is just 3 >> certificates to choose among but what if there is 20 or 30? but such is not safe. Regarding Peter's statements above, they seem to address a more general scenario where also server authentication is involved -- not just user signing/authentication. The server already sends a list of server acceptable CAs, to the client in SSL, but indeed that does not help much as the server is gropping in the dark as to what CAs would be acceptable to the user and what their capabilities might be acceptable to the user at the time. Which seems to need a deeper look in terms of Peter's two questions, also as we ask ourselves if the first question (ie, the relation certificate -> capabilities) is really "easy enough" in a more general scenario. Cheers, Ed Gerck ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br http://novaware.cps.softex.br Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA05133 for ietf-pkix-bks; Mon, 28 Sep 1998 10:36:01 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA05129 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 10:36:00 -0700 (PDT) Received: id NAA23349; Mon, 28 Sep 1998 13:40:24 -0400 Received: by gateway id <TTXVY461>; Mon, 28 Sep 1998 13:36:56 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500139B046@sothmxs01.entrust.com> From: Robert Zuccherato <robert.zuccherato@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Time Stamp and Notary Drafts Date: Mon, 28 Sep 1998 13:36:34 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk As some of you may have noticed, I have submitted the latest versions of our Time Stamp and Data Certification Server drafts as PKIX Internet Drafts, in accordance with the decisions made in Chicago. These drafts are based on the drafts that we have been submitting independently on these topics for some time now and reporting to PKIX on their progress. The Time Stamp Draft describes a protocol in which a trusted Time Stamp Authority provides evidence that a message existed at a particular point in time. It is available at: http://www.ietf.org/internet-drafts/draft-ietf-pkix-time-stamp-00.txt The Data Certification Server provides "notary" type services (signature validation, certificate path validation) in support of non-repudiation. This draft is available at: http://www.ietf.org/internet-drafts/draft-ietf-pkix-dcs-00.txt As usual, comments are welcome. Robert Zuccherato. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA03570 for ietf-pkix-bks; Mon, 28 Sep 1998 07:54:56 -0700 (PDT) Received: from mail.student.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA03564 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 07:54:54 -0700 (PDT) Received: from cs26.cs.auckland.ac.nz (pgut001@cs26.cs.auckland.ac.nz [130.216.36.9]) by mail.student.auckland.ac.nz (8.8.6/8.8.6/cs-master) with SMTP id DAA31163; Tue, 29 Sep 1998 03:01:30 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: by cs26.cs.auckland.ac.nz (relaymail v0.9) id <90699489017466>; Tue, 29 Sep 1998 03:01:30 (NZST) From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: cert-talk@structuredarts.com, ietf-pkix@imc.org, list@seis.nc-forum.com Subject: Re: NEW Data type for certificate selection ? Reply-To: pgut001@cs.auckland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz Date: Tue, 29 Sep 1998 03:01:30 (NZST) Message-ID: <90699489017466@cs26.cs.auckland.ac.nz> Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan Santesson <stefan@accurata.se> writes: >The problem I want to solve is how to pick 1 out of many certificates within >an end user application. >The problem is how to select the right certificate in every suitable occasion >when several certificates is accessed by the same application. >In order to make this user friendly, we have to create a mechanism where a >server can help a client application to select one proper certificate out of >many. In the example there is just 3 certificates to choose among but what if >there is 20 or 30? This was something I looked at about 6 months ago while trying to come up with a general abstraction for a certificate store. The problem you face is that while it's easy enough to go from certificate -> capabilities, it's very difficult to go from capabilities -> certificate. Put another way, given a cert it's easy to answer the query "Can I do X with this", but given a collection of certs it's very difficult to answer the query "Which cert is required to do X". Take the example of using a cert for email encryption. You start by trying a search for one of the extKeyUsage's which cover email encryption. If this fails you try again with a Netscape cert-type. If that fails you try again with one of the appropriate keyUsage's. Finally, if that fails you try again with no particular usage specified. This is an incredible pain to do, especially since each step can involve matching on multiple usage attributes, possibly with some sort of preferred order for a match. I never really came up with a solution for this, the best I could do was define a meta-attribute which summarised the various usage types in a single place so I could perform a single query to match on "name = foo and usage = mail encryption" (rather than arbitrary numbers of queries with the possibility of conflicting usages). The disadvantages of this are that you have to keep extending it to cover new usage types, and it needs to be stored somewhere other than the cert itself. My general idea was to include a kind of TLB mechanism for cert lookups which would allow (reasonably) fast and simple matching for frequently-used certs, but this is messy to do in an abstract manner. After discussing it with various people I dropped it into the "leave it for the next release" basket. If anyone has any useful solutions for this (apart from "We should force everyone to use an X.500 directory, that would solve everything" :-) I'd be interested in hearing them. Peter. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA03363 for ietf-pkix-bks; Mon, 28 Sep 1998 07:26:38 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id HAA03359 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 07:26:37 -0700 (PDT) Message-Id: <199809281426.HAA03359@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Mon, 28 Sep 1998 07:32:49 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: Questions about PKIX In-Reply-To: <8525668D.002BF40F.00@mta2.lotus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Actually, those are questions about a specific PKIX implementation. As announced here earlier, that's being discussed on a different mailing list. See <http://www.imc.org/imc-pfl/> for information about signing up for the list and all the news that is known about the product. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA02828 for ietf-pkix-bks; Mon, 28 Sep 1998 06:08:00 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA02824 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 06:07:58 -0700 (PDT) Received: id JAA14392; Mon, 28 Sep 1998 09:12:56 -0400 Received: by gateway id <TTXVYTLB>; Mon, 28 Sep 1998 09:09:28 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500206DD8A@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Alan Lloyd'" <Alan.Lloyd@OpenDirectory.com.au> Cc: "'Warwick Ford'" <wford@verisign.com>, "'Steve Kent'" <kent@bbn.com> Subject: RE: comments on draft-ietf-pkix-ipki2opp-08.txt Date: Mon, 28 Sep 1998 09:07:02 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Alan, The PKIX WG embarked on this spec well over a year ago with the primary purpose being to standardize what was predominantly deployed at that time - LDAPv2 for use to access PKI repositories. A minimum subset of the LDAPv2 protocol was profiled, in order to enable relying party and certification authority systems to be able to access LDAP server PKI repositories without needing all the code a typical LDAP client would have. We were not attempting to standardize server to server communications, only a protocol for clients (relying parties and CAs) to use to access the repository. While I personally agree with some of your views about the more comprehensive functionality that can be provided in an X.500 based distributed systems environment, that wasn't the task we undertook. As the work on LDAPv2 dragged on and on and on we qestioned several times within the WG whether to drop this activity and concentrate instead on a more 'modern' directory technology such as LDAPv3, but every time this was raised, the PKIX WG agreed to proceed with the LDAPv2 specs and get them progressed since this is still a very widely deployed protocol, even though there is plenty of interest in LDAPv3 as well. The LDAPv2 protocol profile completed PKIX WG last call in January and the schema spec just a short time ago. No changes have been made to the protocol spec, the only reason it was re-issued was because it was about to expire becasue the schema spec (required for IESG approval of the protocol profile) took so long. I hope this answers your questions on 'why' the LDAP activity. Sharon > ---------- > From: Alan Lloyd[SMTP:Alan.Lloyd@OpenDirectory.com.au] > Sent: September 27, 1998 6:24 PM > To: 'ietf-pkix@imc.org' > Subject: comments on draft-ietf-pkix-ipki2opp-08.txt > > Comments: Internet X.509 Public Key Infrastructure > Operational Protocols - LDAPv2 > > Sorry for being my usual self. But what does this document do or solve. > > All it states is use LDAP V2 to a PKI repository? and highlights the > major failings of LDAP encoding when dealing with certificate attributes > with multiple values. ie. In that the client gets the lot (every > certificate - regardless) -- and if the client goes for CRLs as well - > and they are multi values of a CRL attribute - the client will get the > lot as well. > > Lets do some rough sums. A cert = 600 - 2k bytes average 1kb, 5-10 certs > per user, 3 certs in a path.. transfer = 20- 30kb just to verify a > signature. In addition CRLs - bad sites, and they could get large. > And LDAP accesses for the certs could be via referrals. Lets say that > we could be looking at optimistically at 10-30 seconds of validation > time. > I would be happy to be corrected here.. > > > Fundamental Problems with LDAP > > LDAP servers are "string based" and non distributed - hence the need to > use X.500 and migrate these LDAP servers to a distributed architecture. > Not all certificates one wishes to deal with will be in your local ldap > server - they will be in the directory system that one cooperates with. > > X.500 has certficate matching rules to enable selection of certificates > within a multi value attribute. > > I am not sure what cert matching rules LDAP servers have or even if they > support multi valued att matching or if they are compatible with X.500. > Again the encoding restrictions in LDAP could imply the non use of > these. > > It is obvious to most that LDAP is not very good generally and in the > case of PKI / certficate issues over a wider scale, totally unusable. > > In addition the process one builds into an LDAP client to deal with > referrals and LDAP certficate servers has to be lot larger and therefore > problematic, than that that uses distributed directories with sound > matching rules. > > ie. the best it can get depends on the tools to hand. > > I therefore beg why the document is being put forward because IMHO - it > promotes systems to be built that will not provide the business utility > demanded by companies using large scale EC/509 technologies. The result > can only be commercial disasters and pain for both suppliers and the > poor customer. > > Oh well - > > regards alan > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA02819 for ietf-pkix-bks; Mon, 28 Sep 1998 06:07:45 -0700 (PDT) Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA02815 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 06:07:43 -0700 (PDT) Received: from melcoweb.melco.co.jp ([133.141.191.73]) by florida.melco.co.jp (8.8.8+2.7Wbeta7/3.6Wbeta6-florida) with SMTP id WAA08964; Mon, 28 Sep 1998 22:03:40 +0900 (JST) Received: from inetgw.melco.co.jp (inetgw) by melcoweb.melco.co.jp (5.65+1.6W/3.5Wbeta) id AA04781; Mon, 28 Sep 98 22:08:15 JST Received: from katase.katase.isl.melco.co.jp ([133.141.13.135]) by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.6W-inetgw) with SMTP id WAA15195; Mon, 28 Sep 1998 22:20:13 +0900 (JST) Received: from iss.iss.isl.melco.co.jp by katase.katase.isl.melco.co.jp (4.1/6.4J.6-katase-2/) id AA27264; Mon, 28 Sep 98 22:14:03 JST Received: from zaku by iss.iss.isl.melco.co.jp (1.38.193.4/6.4J.6-isl2-2/iss-master) id AA23057; Mon, 28 Sep 1998 22:14:02 +0900 Message-Id: <360F8B0E.D3FD99CC@iss.isl.melco.co.jp> Date: Mon, 28 Sep 1998 22:11:42 +0900 From: "=?iso-2022-jp?B?GyRCNUhJcCEhPV8bKEI=?=" <yositake@iss.isl.melco.co.jp> X-Mailer: Mozilla 4.05 [ja] (Win95; I) Mime-Version: 1.0 To: Stefan Santesson <stefan@accurata.se> Cc: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com> Subject: Re: NEW Data type for certificate selection ? References: <3.0.32.19980928111642.00a76390@m1.403.telia.com> Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Mr. Santesson, I am not necessarily against you. I write all of my comments below because I would like to contribute to this issue. Stefan Santesson wrote: > Let me clarify my case. > > The problem I want to solve is how to pick 1 out of many certificates > within an end user application. > I think that the real problem is how an application select a suitable (or correct) certificate when there are multiple applications and multiple certificates within one PC. In your example below, S/MIME and another application (say, application X) hold Cert 1 in common. If we limit the situation to e-mail applications, this may be easy, but how do we realize it in a generalized way ? > An example. > > Alice has 4 certificates. > 1) E-mail based ID with low security > 2) Anonymous cert used for anonymous information services. > 3) Qualified ID-certificate (with her social security number) > 4) VISA SET-certificate. > > In this example: > - Cert 1 and 2 are issued by the same CA and have the same key usage. > - Cert 3 has key usage non-repudiation > > The problem is how to select the right certificate in every suitable > occasion when several certificates is accessed by the same application. > Clearly certificate 4 is no problem since it is used by a separate > application (the SET wallet). So starting the SET wallet application > automatically selects the right certificate. > > The problem in this case is not even S/MIME since Alice in this example > only uses certificate 1 in her mail application. > > Here the problem is her web-based applications since she use certificate > 1,2 and 3 with her browser. So every time she is asked to make a signature > or authenticate via TLS, there is a risk that she will select and export > the wrong certificate. In some cases maybe with a very unpleasant result. > In this example, I think the client application needs two kinds of information: which application it is and which level of security it needs. Something like "application identifier" and "secuirty level identifier" are necessary ? (Honestly speaking, I myself don't like the idea, "let's register an object identifier for each application in the world". Somebody has a good idea for this ?) Or something like "security context" which can determine a suitable certificate from among Cert 1, 2, or 3 ? > In order to make this user friendly, we have to create a mechanism where a > server can help a client application to select one proper certificate out > of many. In the example there is just 3 certificates to choose among but > what if there is 20 or 30? > This is not limited to that a server can help a client application. I think there is a case where a client application has to "think" which certificate it must select for itself. (I mean, without help from other party.) I think there is a case where an application has to select a certificate before it begins to communicate with other party, especially in the case of peer to peer communication. > The way to do this is, as I would suggest, a 2 step process: > 1) To define a general selective mechanism (such as the X.500 match rule) > 2) Get protocols, script languages and applications to support this. > Regretfully, the X.500 matching rule doesn't have "application identifer", "security level identifer", "security context", or something like that. I think we have to think a new mechanism outside it, if we don't modify or enhance it any more. > So this is not about whether selection should be done based on issuer name, > policy OID pr something else, but instead how to define a general > mechanisms which allows customized selection rules within a broad range of > applications and protocols. (In step 2 it is also about how a certificate > can be stored and marked so it won't be exported by any application without > the consent from its owner.) > For this purpose, too, I think we need a general mechanism to store and to select (namely, to manage) certificates within one machine. > I still think that The X.500 certificateMatch rule sounds interesting. > Is there any will to go further in this process? > As I said, I think we have to think a new mechanism outside the X.500 matching rules. I also think we can use the X.500 matching rules if we have some pieces of information within a certificate, but that in the situation which we are thinking, we are trying to select a certificate based on the information outside the certificate. (This is the one reason that I think of the term, "security context".) > To us this is a MAJOR factor for succeeding with a broad CA business case > and the vendors picking up this line will at least be in favor in those > procurements that I'm involved in. > > /Stefan (snip) Actually I have designed a system where there are a few applications and a few certificates in one PC. And I faced the problem how an application could select a suitable or correct certificate. In the end, I used something like "application identifier" for that system. But as I said, to "register an object identifier for each application in the world" don't seem to be a good idea. I have kept seeking a good solution since then ... Sorry that I can't show a clear and good solution, but I hope my comments will be of some help. Regards, Jun Yoshitake Mitsubishi Electric Corp. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA02371 for ietf-pkix-bks; Mon, 28 Sep 1998 05:12:10 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA02367 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 05:12:08 -0700 (PDT) Received: id IAA05607; Mon, 28 Sep 1998 08:16:44 -0400 Received: by gateway id <TTXVYT12>; Mon, 28 Sep 1998 08:13:15 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500206DD84@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt Date: Mon, 28 Sep 1998 08:13:13 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Santosh, This mechanism does allow Delta CRLs to be included in pkiCA entries. Both pkiCA and deltaCRL are auxiliary object classes. Multiple auxiliary object classes can be present in the same directory entry. Only one structural object class can be present in that same entry. For example, a CA entry could also be an organization entry. In that case, organization would be the structural object class. pkiCA would be an auxiliary class present in the same entry. If that CA used delta CRLs then the deltaCRL auxiliary object class would also be present in the same entry. The primary difference between structural and auxiliary object classes is that the structural object class is the one that is used to base the naming and the entry's location in in a directory tree structure, that's the reason there can only be one present in each entry. Auxiliary classes do not have this restriction. By defining the separate class for deltas we are now able to add them, in a uniform way, to entries of other types in future (e.g. possibly in attribute authority). Hope this helps. Happy to discuss further if required, give me a call. Sharon > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 27, 1998 12:32 PM > To: 'Internet-Drafts@ietf.org' > Cc: ietf-pkix@imc.org > Subject: RE: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt > > I find the schema acceptable for the certificates. > > I do not find the schema acceptable for delta CRL. I thought we had a > mechanism by which delta CRL could be stored in the object class pkiCA. > It does not seem to be the case. Sharon, I assume you recall the > comment and resolution in this forum. > > > -----Original Message----- > > From: Internet-Drafts@ietf.org [SMTP:Internet-Drafts@ietf.org] > > Sent: Thursday, September 24, 1998 10:27 AM > > Cc: ietf-pkix@imc.org > > Subject: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Public-Key Infrastructure (X.509) > > Working Group > > of the IETF. > > > > Title : Internet X.509 Public Key Infrastructure > > LDAPv2 Schema > > Author(s) : S. Boeyen, T. Howes, P. Richard > > Filename : draft-ietf-pkix-ldapv2-schema-02.txt > > Pages : 7 > > Date : 23-Sep-98 > > > > The schema defined in this document is a minimal schema to > > support > > PKIX in an LDAPv2 environment, as defined in > > draft-ietf-pkix- > > ipki2opp-07.txt. Only PKIX-specific components are specified > > here. > > LDAP servers, acting as PKIX repositories should support the > > auxi- > > liary object classes defined in this specification and > > integrate > > this schema specification with the generic and other > > application- > > specific schemas as appropriate, depending on the services to > > be > > supplied by that server. > > > > The key words 'MUST', 'SHALL', 'REQUIRED', 'SHOULD', > > 'RECOMMENDED', > > and 'MAY' in this document are to be interpreted as described > > in > > RFC 2119. > > > > Please send comments on this document to the ietf-pkix@imc.org > > mail > > list. > > > > Internet-Drafts are available by anonymous FTP. Login with the > > username > > "anonymous" and a password of your e-mail address. After logging in, > > type "cd internet-drafts" and then > > "get draft-ietf-pkix-ldapv2-schema-02.txt". > > A URL for the Internet-Draft is: > > ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ldapv2-schema-02.tx > > t > > > > Internet-Drafts directories are located at: > > > > Africa: ftp.is.co.za > > > > Europe: ftp.nordu.net > > ftp.nis.garr.it > > > > Pacific Rim: munnari.oz.au > > > > US East Coast: ftp.ietf.org > > > > US West Coast: ftp.isi.edu > > > > Internet-Drafts are also available by mail. > > > > Send a message to: mailserv@ietf.org. In the body type: > > "FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt". > > > > NOTE: The mail server at ietf.org can return the document in > > MIME-encoded form by using the "mpack" utility. To use this > > feature, insert the command "ENCODING mime" before the "FILE" > > command. To decode the response(s), you will need "munpack" or > > a MIME-compliant mail reader. Different MIME-compliant mail > > readers > > exhibit different behavior, especially when dealing with > > "multipart" MIME messages (i.e. documents which have been split > > up into multiple messages), so check your local documentation on > > how to manipulate these messages. > > > > > > Below is the data which will enable a MIME compliant mail reader > > implementation to automatically retrieve the ASCII version of the > > Internet-Draft. << Message: Untitled Attachment >> > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA29636 for ietf-pkix-bks; Mon, 28 Sep 1998 02:14:15 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA29632 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 02:14:11 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id LAA01066; Mon, 28 Sep 1998 11:20:25 +0200 (MET DST) Received: from stefans (t4o68p93.telia.com [62.20.139.213]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id LAA29513; Mon, 28 Sep 1998 11:20:09 +0200 (CEST) Message-Id: <3.0.32.19980928111642.00a76390@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 28 Sep 1998 11:17:31 +0200 To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com> From: Stefan Santesson <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id CAA29633 Sender: owner-ietf-pkix@imc.org Precedence: bulk Let me clarify my case. The problem I want to solve is how to pick 1 out of many certificates within an end user application. An example. Alice has 4 certificates. 1) E-mail based ID with low security 2) Anonymous cert used for anonymous information services. 3) Qualified ID-certificate (with her social security number) 4) VISA SET-certificate. In this example: - Cert 1 and 2 are issued by the same CA and have the same key usage. - Cert 3 has key usage non-repudiation The problem is how to select the right certificate in every suitable occasion when several certificates is accessed by the same application. Clearly certificate 4 is no problem since it is used by a separate application (the SET wallet). So starting the SET wallet application automatically selects the right certificate. The problem in this case is not even S/MIME since Alice in this example only uses certificate 1 in her mail application. Here the problem is her web-based applications since she use certificate 1,2 and 3 with her browser. So every time she is asked to make a signature or authenticate via TLS, there is a risk that she will select and export the wrong certificate. In some cases maybe with a very unpleasant result. In order to make this user friendly, we have to create a mechanism where a server can help a client application to select one proper certificate out of many. In the example there is just 3 certificates to choose among but what if there is 20 or 30? The way to do this is, as I would suggest, a 2 step process: 1) To define a general selective mechanism (such as the X.500 match rule) 2) Get protocols, script languages and applications to support this. So this is not about whether selection should be done based on issuer name, policy OID pr something else, but instead how to define a general mechanisms which allows customized selection rules within a broad range of applications and protocols. (In step 2 it is also about how a certificate can be stored and marked so it won't be exported by any application without the consent from its owner.) I still think that The X.500 certificateMatch rule sounds interesting. Is there any will to go further in this process? To us this is a MAJOR factor for succeeding with a broad CA business case and the vendors picking up this line will at least be in favor in those procurements that I'm involved in. /Stefan At 09:30 AM 9/27/98 +1000, Alan Lloyd wrote: >Yes I have views - see my draft lloyd-dir-cert-stat .. > >First one needs a fully distributed directory system. >Then one needs a good set of certificate matching rules in that >directory system to permit the selection of certficate components. >Including rules that can handle multi valued attributes. >Then one needs directory based certficate searches based on client >business semantics. >And then one needs certficate paths to associated with business >semantics in a trusted way rather than just crypto-cert-issuerId >mechanisms. > >I dont see the problem, simply because one has to add something else to >certs and pkis to make them work in a scaleable and useful way - and >that is big directory systems, matching rules that assist the >verification and a business information model that supports the >cert/crypto mechanisms. > > >I do not believe one will achieve much with to fix this issue without an >operational, business and information perspective. > > >just thoughts >regards alan > > > >---------- >From: Stefan Santesson >To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; >cert-talk@structuredarts.com >Sent: 9/24/98 10:41:23 PM >Subject: NEW Data type for certificate selection ? > >All, > >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an >environment >where the client is populated with many similar certificates for >different >purposes. > >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for >the >general case. > >In fact we can NEVER claim that we have an X.509 based architecture >ready >for the big market IF WE DON'T SOLVE THIS PROBLEM. > >A normal user (I.e grandmother) will never be able to pick the right >certificate by herself, if there is more than 1 to pick. > >The question raised here is: > >WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD >START. > >If we could create a standardized ASN.1 data type with the purpose of >defining the criteria for selecting 1 out of n certificates, then this >could be used as a common base for enhancing TLS, Java, Java script, >S/MIME >etc. > >The data type could be communicated from server to client, client to >server, server to server, client to client; I.e in any case where one >party >which to assist another party in selecting an appropriate certificate >for >any purpose (defined by the context). > >Do anyone have a better idea. > >I think this is a lost problem that has to be fixed, hopefully in a >standardized way. > >Comments, suggestions. > >/Stefan Santesson >------------------------------------------------------------------- >Stefan Santesson <stefan@accurata.se> >Accurata Systemsäkerhet AB >Lotsgatan 27 D Tel. +46-40 152211 >216 42 Malmö Fax. +46-40 150790 >Sweden Mobile +46-70 5247799 > >PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >------------------------------------------------------------------- > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA29311 for ietf-pkix-bks; Mon, 28 Sep 1998 01:12:47 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA29307 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 01:12:40 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX3528J0>; Mon, 28 Sep 1998 18:16:46 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B94C@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'tyone '" <tyone@iss.isl.melco.co.jp> Subject: RE: NEW Data type for certificate selection ? Date: Mon, 28 Sep 1998 18:16:45 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Tyone - the problem gets worse if one uses extensions - It means one is tying (by cryptography) the local context/usage of a certificate. And as you say, contexts may not be universal. In fact scaleability will hit once we force "application" tags into certificates, simply because - as you say, usage identifiers are open ended. Nothing will be perfect in this space, but my preference is to have certificate/permissions/business information approach that ties the crypto trust components to the User capabilities and applies these into a business context - all of which must be designed from a directory information perspective because of the authentication, access control, distribution and validation requirements demanded. As said, the requirement is to have a trusted EC environment. The components of such an environment include cert based fns, distributed dirs and a business/organisational directory schema and (as small as possible) client applications that rely on such services. Adding an extension in my mind does not solve the problem, it simply creates more because the "fix" is in the wrong place. And as you say correctly - its hard and difficult which just indicates IMHO that the problem is somewhere else. I personally think that one cannot add anymore detail to PKI/509 becuase the problems that are now being discussed are the limitations of LDAP to support efficient and scaleable PKI systems (when X.500 should be used) and the application,performance and trust of certificate based systems now depend on the application they are used for. And these are cost, operational, assurance and cost related issues. regards alan ---------- From: tyone To: ietf-pkix@imc.org Sent: 9/28/98 12:19:19 PM Subject: Re: NEW Data type for certificate selection ? Hi. What do you think of the idea that using cert policies extension for this purpose? The reason is, cert policies extension indicating how the certificate has been issued, and how the certificate should be used. If two different certificates have the same cert policies extension value and one can be used for application A, then it is reasonable that the other can be used for application A. if we decide to introduce a new extension or a new ASN1 field to X509 format, ,which indicates what kinds of applications can use the certificate, we first have to categorize applications from some view points( data sensitivity?). This categorizing work seems to be very hard and difficult. Takeshi Yoneda Mitsubishi Electric Corp. >All, >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an environment >where the client is populated with many similar certificates for different >purposes. >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for the >general case. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA28865 for ietf-pkix-bks; Mon, 28 Sep 1998 00:48:15 -0700 (PDT) Received: from lotus2.lotus.com (lotus2.lotus.com [192.233.136.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA28861 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 00:48:14 -0700 (PDT) From: Stefan_Salzmann/HAM/Lotus@lotus.com Received: from internet2.lotus.com (internet2 [9.95.4.236]) by lotus2.lotus.com (8.8.8/8.8.7) with ESMTP id DAA10830 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 03:59:14 -0400 (EDT) Received: from mta2.lotus.com (MTA2.lotus.com [9.95.5.6]) by internet2.lotus.com (8.8.8/8.8.7) with SMTP id DAA28532 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 03:53:32 -0400 (EDT) Received: by mta2.lotus.com(Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) id 8525668D.002BF5DA ; Mon, 28 Sep 1998 04:00:09 -0400 X-Lotus-FromDomain: LOTUSINT@LOTUS@MTA To: ietf-pkix@imc.org cc: Helmut_Speichermann/FRA/Lotus@lotus.com, Boris_Baltzer/MUC1/Lotus@lotus.com, Georg_Zyprian/FRA/Lotus@lotus.com Message-ID: <8525668D.002BF40F.00@mta2.lotus.com> Date: Mon, 28 Sep 1998 09:51:59 +0200 Subject: Questions about PKIX Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, I have got some questions concerning PKIX. So here they are: When will be the code of the PKIX reference available at the MIT Web Pages? What is Jonah in relation to PKIX? When starts the PKIX developers converence in October? Are there already White Papers available? Thanks for answering, Regards Stefan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA10325 for ietf-pkix-bks; Sun, 27 Sep 1998 19:17:09 -0700 (PDT) Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA10321 for <ietf-pkix@imc.org>; Sun, 27 Sep 1998 19:17:07 -0700 (PDT) Received: from melcoweb.melco.co.jp ([133.141.191.73]) by florida.melco.co.jp (8.8.8+2.7Wbeta7/3.6Wbeta6-florida) with SMTP id LAA05603 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 11:13:31 +0900 (JST) Received: from inetgw.melco.co.jp (inetgw) by melcoweb.melco.co.jp (5.65+1.6W/3.5Wbeta) id AA27021; Mon, 28 Sep 98 11:18:05 JST Received: from katase.katase.isl.melco.co.jp ([133.141.13.135]) by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.6W-inetgw) with SMTP id LAA04167 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 11:30:03 +0900 (JST) Received: from iss.iss.isl.melco.co.jp by katase.katase.isl.melco.co.jp (4.1/6.4J.6-katase-2/) id AA15585; Mon, 28 Sep 98 11:23:54 JST Received: from edberg by iss.iss.isl.melco.co.jp (1.38.193.4/6.4J.6-isl2-2/iss-master) id AA09263; Mon, 28 Sep 1998 11:23:53 +0900 Message-Id: <360EF227.7D17CD5B@iss.isl.melco.co.jp> Date: Mon, 28 Sep 1998 11:19:19 +0900 From: tyone <tyone@iss.isl.melco.co.jp> X-Mailer: Mozilla 4.05 [ja] (WinNT; I) Mime-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: NEW Data type for certificate selection ? Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi. What do you think of the idea that using cert policies extension for this purpose? The reason is, cert policies extension indicating how the certificate has been issued, and how the certificate should be used. If two different certificates have the same cert policies extension value and one can be used for application A, then it is reasonable that the other can be used for application A. if we decide to introduce a new extension or a new ASN1 field to X509 format, ,which indicates what kinds of applications can use the certificate, we first have to categorize applications from some view points( data sensitivity?). This categorizing work seems to be very hard and difficult. Takeshi Yoneda Mitsubishi Electric Corp. >All, >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an environment >where the client is populated with many similar certificates for different >purposes. >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for the >general case. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09408 for ietf-pkix-bks; Sun, 27 Sep 1998 15:20:57 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09403 for <ietf-pkix@imc.org>; Sun, 27 Sep 1998 15:20:53 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX352825>; Mon, 28 Sep 1998 08:24:58 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B944@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: comments on draft-ietf-pkix-ipki2opp-08.txt Date: Mon, 28 Sep 1998 08:24:56 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Comments: Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 Sorry for being my usual self. But what does this document do or solve. All it states is use LDAP V2 to a PKI repository? and highlights the major failings of LDAP encoding when dealing with certificate attributes with multiple values. ie. In that the client gets the lot (every certificate - regardless) -- and if the client goes for CRLs as well - and they are multi values of a CRL attribute - the client will get the lot as well. Lets do some rough sums. A cert = 600 - 2k bytes average 1kb, 5-10 certs per user, 3 certs in a path.. transfer = 20- 30kb just to verify a signature. In addition CRLs - bad sites, and they could get large. And LDAP accesses for the certs could be via referrals. Lets say that we could be looking at optimistically at 10-30 seconds of validation time. I would be happy to be corrected here.. Fundamental Problems with LDAP LDAP servers are "string based" and non distributed - hence the need to use X.500 and migrate these LDAP servers to a distributed architecture. Not all certificates one wishes to deal with will be in your local ldap server - they will be in the directory system that one cooperates with. X.500 has certficate matching rules to enable selection of certificates within a multi value attribute. I am not sure what cert matching rules LDAP servers have or even if they support multi valued att matching or if they are compatible with X.500. Again the encoding restrictions in LDAP could imply the non use of these. It is obvious to most that LDAP is not very good generally and in the case of PKI / certficate issues over a wider scale, totally unusable. In addition the process one builds into an LDAP client to deal with referrals and LDAP certficate servers has to be lot larger and therefore problematic, than that that uses distributed directories with sound matching rules. ie. the best it can get depends on the tools to hand. I therefore beg why the document is being put forward because IMHO - it promotes systems to be built that will not provide the business utility demanded by companies using large scale EC/509 technologies. The result can only be commercial disasters and pain for both suppliers and the poor customer. Oh well - regards alan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA08414 for ietf-pkix-bks; Sun, 27 Sep 1998 09:26:54 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA08410 for <ietf-pkix@imc.org>; Sun, 27 Sep 1998 09:26:53 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <T19XDQFB>; Sun, 27 Sep 1998 12:32:13 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1ADC@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Internet-Drafts@ietf.org'" <Internet-Drafts@ietf.org> Cc: ietf-pkix@imc.org Subject: RE: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt Date: Sun, 27 Sep 1998 12:32:11 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I find the schema acceptable for the certificates. I do not find the schema acceptable for delta CRL. I thought we had a mechanism by which delta CRL could be stored in the object class pkiCA. It does not seem to be the case. Sharon, I assume you recall the comment and resolution in this forum. > -----Original Message----- > From: Internet-Drafts@ietf.org [SMTP:Internet-Drafts@ietf.org] > Sent: Thursday, September 24, 1998 10:27 AM > Cc: ietf-pkix@imc.org > Subject: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Public-Key Infrastructure (X.509) > Working Group > of the IETF. > > Title : Internet X.509 Public Key Infrastructure > LDAPv2 Schema > Author(s) : S. Boeyen, T. Howes, P. Richard > Filename : draft-ietf-pkix-ldapv2-schema-02.txt > Pages : 7 > Date : 23-Sep-98 > > The schema defined in this document is a minimal schema to > support > PKIX in an LDAPv2 environment, as defined in > draft-ietf-pkix- > ipki2opp-07.txt. Only PKIX-specific components are specified > here. > LDAP servers, acting as PKIX repositories should support the > auxi- > liary object classes defined in this specification and > integrate > this schema specification with the generic and other > application- > specific schemas as appropriate, depending on the services to > be > supplied by that server. > > The key words 'MUST', 'SHALL', 'REQUIRED', 'SHOULD', > 'RECOMMENDED', > and 'MAY' in this document are to be interpreted as described > in > RFC 2119. > > Please send comments on this document to the ietf-pkix@imc.org > mail > list. > > Internet-Drafts are available by anonymous FTP. Login with the > username > "anonymous" and a password of your e-mail address. After logging in, > type "cd internet-drafts" and then > "get draft-ietf-pkix-ldapv2-schema-02.txt". > A URL for the Internet-Draft is: > ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ldapv2-schema-02.tx > t > > Internet-Drafts directories are located at: > > Africa: ftp.is.co.za > > Europe: ftp.nordu.net > ftp.nis.garr.it > > Pacific Rim: munnari.oz.au > > US East Coast: ftp.ietf.org > > US West Coast: ftp.isi.edu > > Internet-Drafts are also available by mail. > > Send a message to: mailserv@ietf.org. In the body type: > "FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt". > > NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail > readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. << Message: Untitled Attachment >> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA21031 for ietf-pkix-bks; Sat, 26 Sep 1998 16:25:58 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA21027 for <ietf-pkix@imc.org>; Sat, 26 Sep 1998 16:25:50 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TS1VBY1B>; Sun, 27 Sep 1998 09:30:03 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B92F@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'ietf-tls@consensus.com '" <ietf-tls@consensus.com>, "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com>, "'Stefan Santesson '" <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Date: Sun, 27 Sep 1998 09:30:02 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id QAA21028 Sender: owner-ietf-pkix@imc.org Precedence: bulk Yes I have views - see my draft lloyd-dir-cert-stat .. First one needs a fully distributed directory system. Then one needs a good set of certificate matching rules in that directory system to permit the selection of certficate components. Including rules that can handle multi valued attributes. Then one needs directory based certficate searches based on client business semantics. And then one needs certficate paths to associated with business semantics in a trusted way rather than just crypto-cert-issuerId mechanisms. I dont see the problem, simply because one has to add something else to certs and pkis to make them work in a scaleable and useful way - and that is big directory systems, matching rules that assist the verification and a business information model that supports the cert/crypto mechanisms. I do not believe one will achieve much with to fix this issue without an operational, business and information perspective. just thoughts regards alan ---------- From: Stefan Santesson To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; cert-talk@structuredarts.com Sent: 9/24/98 10:41:23 PM Subject: NEW Data type for certificate selection ? All, During the TLS session in Chicago (IETF meeting) I discussed with Jeff Weinstein, Netscape, the problem of certificate selection in an environment where the client is populated with many similar certificates for different purposes. We concluded that this is a general problem, not only for TLS, but for S/MIME, Java, Java script, etc, where signing and encryption based on an X.509 PKI is an option. I also conclude that the current TLS approach, using Issuer name as selection criteria, is hopelessly insufficient for the general case. In fact we can NEVER claim that we have an X.509 based architecture ready for the big market IF WE DON'T SOLVE THIS PROBLEM. A normal user (I.e grandmother) will never be able to pick the right certificate by herself, if there is more than 1 to pick. The question raised here is: WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. If we could create a standardized ASN.1 data type with the purpose of defining the criteria for selecting 1 out of n certificates, then this could be used as a common base for enhancing TLS, Java, Java script, S/MIME etc. The data type could be communicated from server to client, client to server, server to server, client to client; I.e in any case where one party which to assist another party in selecting an appropriate certificate for any purpose (defined by the context). Do anyone have a better idea. I think this is a lost problem that has to be fixed, hopefully in a standardized way. Comments, suggestions. /Stefan Santesson ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23104 for ietf-pkix-bks; Fri, 25 Sep 1998 09:18:29 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23100 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 09:18:29 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id JAA27992; Fri, 25 Sep 1998 09:22:39 -0700 (PDT) Received: from mmyers-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id JAA00996; Fri, 25 Sep 1998 09:24:33 -0700 (PDT) Message-Id: <3.0.32.19980925090738.0094f7e8@mail.verisign.com> X-Sender: mmyers@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 25 Sep 1998 09:24:36 -0700 To: Denis Pinkas <Denis.Pinkas@bull.net>, IETF-PXIX <ietf-pkix@imc.org> From: Michael Myers <mmyers@verisign.com> Subject: Re: Archive cutoff & Retention period Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA23101 Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis, At 10:03 AM 9/23/98 -0700, Denis Pinkas wrote: > >The "retention period" should be supported by all OCSP responders >and thus should be part of the standard response. Adding a >"retentionPeriod" after the "produceAt" from the ResponseData would >be simpler than defining an extension. We didn't want to break the response syntax, especially in light of the fact that support for long term retention of status data is not a core requirement. >Then, let us address the « Archive Cutoff » issue. > >If we were to support the archiving capability, with e.g. a 7 year >retention, we would need an additional time parameter in the request >to point to the equivalent of the right CRL issued at that time e.g. >7 years ago. This parameter is currently not present. Unless it is >added, the function cannot work. We thus have two options : add the >missing parameter or delete this capability. Opinions ? As the public debate on this issue had concluded, the requirement is to enable responders to assert a bound on the historical accuracy of their responses. The archive cutoff extension satisfies this requirement. This function speaks only to the most current status of the certificate, not to its status at any point in time. Mike Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22174 for ietf-pkix-bks; Fri, 25 Sep 1998 07:21:50 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22170 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 07:21:49 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA06021; Fri, 25 Sep 1998 10:27:54 -0400 (EDT) Message-Id: <199809251427.KAA06021@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki2opp-08.txt Date: Fri, 25 Sep 1998 10:27:54 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart Note: This revision reflects comments received during the last call period. A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 Author(s) : S. Boeyen, T. Howes, P. Richard Filename : draft-ietf-pkix-ipki2opp-08.txt Pages : 12 Date : 24-Sep-98 The protocol described in this document is designed to satisfy some of the operational requirements within the Internet X.509 Public Key Infrastructure (IPKI). Specifically, this document addresses requirements to provide access to Public Key Infrastructure (PKI) repositories for the purposes of retrieving PKI information and managing that same information. The mechanism described in this document is based on the Lightweight Directory Access Protocol (LDAP) v2, defined in RFC 1777, defining a profile of that protocol for use within the IPKI and updates encodings for certificates and revocation lists from RFC 1778. Additional mechanisms addressing PKIX operational requirements are specified in separate documents. The key words 'MUST', 'REQUIRED', 'SHOULD', 'RECOMMENDED', and 'MAY' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@imc.org mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki2opp-08.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ipki2opp-08.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki2opp-08.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980924132531.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki2opp-08.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki2opp-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980924132531.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA21217 for ietf-pkix-bks; Fri, 25 Sep 1998 04:31:00 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA21213 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 04:30:59 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id NAA16726; Fri, 25 Sep 1998 13:37:15 +0200 (CEST) Received: from stefans (t3o68p4.telia.com [62.20.139.4]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id NAA10344; Fri, 25 Sep 1998 13:37:14 +0200 (CEST) Message-Id: <3.0.32.19980925133351.00a88250@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 25 Sep 1998 13:34:29 +0200 To: "Miklos, Sue A." <samiklo@missi.ncsc.mil>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com'" <list@seis.nc-forum.com>, "'cert-talk@structuredarts.com'" <cert-talk@structuredarts.com> From: Stefan Santesson <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA21214 Sender: owner-ietf-pkix@imc.org Precedence: bulk Thank you Sue, This looks very useful. I could think of some enhancements, but since this is standard it's a very good way to start. Could you elaborate how the certificate mach rule could be invoked into a protocoll. Would it just be for the entity suggesting use of a certain type of certificate to communicate one (or a SEQUECE OF) CertificateAssertion data value(s)? If this is so, then all we have to do is to have this included in various protocolls and convince Microsoft, Netscape etc, to allow certificate selection using this maching rule. If we could achieve this then I think it would be a giant step in the right direction. What does Microsoft and Netscape say about this ??? Comments, suggestions! /Stefan Santesson At 12:02 PM 9/24/98 -0400, Miklos, Sue A. wrote: > > >Please consider the following matching rules for certificates, based on >the X.500 series. I would really like to see products developed that >can invoke them (as client) and products developed that can retrieve >them from the storage (as repository). I am not advocating this exact >syntax, but something very similar would be extremely beneficial. >Sandi > >>---------- >>From: Stefan Santesson[SMTP:stefan@accurata.se] >>Sent: Thursday, September 24, 1998 8:41 AM >>To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; >>cert-talk@structuredarts.com >>Subject: NEW Data type for certificate selection ? >> >>All, >> >>During the TLS session in Chicago (IETF meeting) I discussed with Jeff >>Weinstein, Netscape, the problem of certificate selection in an environment >>where the client is populated with many similar certificates for different >>purposes. >> >>We concluded that this is a general problem, not only for TLS, but for >>S/MIME, Java, Java script, etc, where signing and encryption based on an >>X.509 PKI is an option. I also conclude that the current TLS approach, >>using Issuer name as selection criteria, is hopelessly insufficient for the >>general case. >> >>In fact we can NEVER claim that we have an X.509 based architecture ready >>for the big market IF WE DON'T SOLVE THIS PROBLEM. >> >>A normal user (I.e grandmother) will never be able to pick the right >>certificate by herself, if there is more than 1 to pick. >> >>The question raised here is: >> >>WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. >> >>If we could create a standardized ASN.1 data type with the purpose of >>defining the criteria for selecting 1 out of n certificates, then this >>could be used as a common base for enhancing TLS, Java, Java script, S/MIME >>etc. >> >>The data type could be communicated from server to client, client to >>server, server to server, client to client; I.e in any case where one party >>which to assist another party in selecting an appropriate certificate for >>any purpose (defined by the context). >> >>Do anyone have a better idea. >> >>I think this is a lost problem that has to be fixed, hopefully in a >>standardized way. >> >>Comments, suggestions. >> >>/Stefan Santesson >>------------------------------------------------------------------- >>Stefan Santesson <stefan@accurata.se> >>Accurata Systemsäkerhet AB >>Lotsgatan 27 D Tel. +46-40 152211 >>216 42 Malmö Fax. +46-40 150790 >>Sweden Mobile +46-70 5247799 >> >>PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >>------------------------------------------------------------------- >> > >Attachment Converted: "c:\internet\eudora\attach\MATCH2.DOC" > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA18649 for ietf-pkix-bks; Fri, 25 Sep 1998 02:25:59 -0700 (PDT) Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA18645 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 02:25:52 -0700 (PDT) Received: from melcoweb.melco.co.jp ([133.141.191.73]) by florida.melco.co.jp (8.8.8+2.7Wbeta7/3.6Wbeta6-florida) with SMTP id SAA24749; Fri, 25 Sep 1998 18:21:35 +0900 (JST) Received: from inetgw.melco.co.jp (inetgw) by melcoweb.melco.co.jp (5.65+1.6W/3.5Wbeta) id AA00363; Fri, 25 Sep 98 18:26:06 JST Received: from katase.katase.isl.melco.co.jp ([133.141.13.135]) by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.6W-inetgw) with SMTP id SAA08497; Fri, 25 Sep 1998 18:37:55 +0900 (JST) Received: from iss.iss.isl.melco.co.jp by katase.katase.isl.melco.co.jp (4.1/6.4J.6-katase-2/) id AA29300; Fri, 25 Sep 98 18:31:52 JST Received: from zaku by iss.iss.isl.melco.co.jp (1.38.193.4/6.4J.6-isl2-2/iss-master) id AA19581; Fri, 25 Sep 1998 18:31:52 +0900 Message-Id: <360B627F.981A419E@iss.isl.melco.co.jp> Date: Fri, 25 Sep 1998 18:29:35 +0900 From: "=?iso-2022-jp?B?GyRCNUhJcCEhPV8bKEI=?=" <yositake@iss.isl.melco.co.jp> X-Mailer: Mozilla 4.05 [ja] (Win95; I) Mime-Version: 1.0 To: Stefan Santesson <stefan@accurata.se> Cc: ietf-pkix@imc.org, list@seis.nc-forum.com, ietf-tls@consensus.com, cert-talk@structuredarts.com Subject: Re: NEW Data type for certificate selection ? References: <3.0.32.19980924144039.00a6ccf0@m1.403.telia.com> Content-Type: text/plain; charset=iso-2022-jp X-Mime-Autoconverted: from 8bit to quoted-printable by inetgw.melco.co.jp id SAA08497 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id CAA18646 Sender: owner-ietf-pkix@imc.org Precedence: bulk I have two comments. 1. I'd like to clarify the scope. Is it limited to the case where one party which to assist another party ? I suggest that it include the case where a person has multiple certificates in his / her PC, WS, etc. It will be more useful and more efficient if there is a standardized mechanism for the case like this rather than that each application manages its certificates in its own way on one machine. Some applications could hold a certificate in common. 2. It would be better that we consider the generation management of a certificate. Suppose a certificate has expired and you get the new certificate on your PC. Namely, you have two certificates on your PC, the old one and the new one. Attention should be paid not to let an application select the old one. (Of course, things are easy if the old one is deleted. But is it really always good for all the cases, all applications,...?) (Issuer and Serial Number is nice, but you need the mechanism to record "this serial number is for the new one" when you get it for the first time.) Jun Yoshitake Mitsubishi Electric Corp. Stefan Santesson wrote: > All, > > During the TLS session in Chicago (IETF meeting) I discussed with Jeff > Weinstein, Netscape, the problem of certificate selection in an environment > where the client is populated with many similar certificates for different > purposes. > > We concluded that this is a general problem, not only for TLS, but for > S/MIME, Java, Java script, etc, where signing and encryption based on an > X.509 PKI is an option. I also conclude that the current TLS approach, > using Issuer name as selection criteria, is hopelessly insufficient for the > general case. > > In fact we can NEVER claim that we have an X.509 based architecture ready > for the big market IF WE DON'T SOLVE THIS PROBLEM. > > A normal user (I.e grandmother) will never be able to pick the right > certificate by herself, if there is more than 1 to pick. > > The question raised here is: > > WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. > > If we could create a standardized ASN.1 data type with the purpose of > defining the criteria for selecting 1 out of n certificates, then this > could be used as a common base for enhancing TLS, Java, Java script, S/MIME > etc. > > The data type could be communicated from server to client, client to > server, server to server, client to client; I.e in any case where one party > which to assist another party in selecting an appropriate certificate for > any purpose (defined by the context). > > Do anyone have a better idea. > > I think this is a lost problem that has to be fixed, hopefully in a > standardized way. > > Comments, suggestions. > > /Stefan Santesson > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systems$BgL(Berhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malm$Bö (B Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22412 for ietf-pkix-bks; Thu, 24 Sep 1998 08:55:58 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22408 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 08:55:56 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id MAA24293 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:02:10 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id MAA24288 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:02:09 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id MAA15598 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:01:26 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000285171@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:02:06 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDE7B3.263212E0@avenger.missi.ncsc.mil>; Thu, 24 Sep 1998 12:02:06 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980924160205Z-6343@avenger.missi.ncsc.mil> From: "Miklos, Sue A." <samiklo@missi.ncsc.mil> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com'" <list@seis.nc-forum.com>, "'ietf-tls@consensus.com'" <ietf-tls@consensus.com>, "'cert-talk@structuredarts.com'" <cert-talk@structuredarts.com>, "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Date: Thu, 24 Sep 1998 12:02:05 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01BDE7B3.26345CD0" Sender: owner-ietf-pkix@imc.org Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------ =_NextPart_000_01BDE7B3.26345CD0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 Please consider the following matching rules for certificates, based on the X.500 series. I would really like to see products developed that can invoke them (as client) and products developed that can retrieve them from the storage (as repository). I am not advocating this exact syntax, but something very similar would be extremely beneficial. Sandi >---------- >From: Stefan Santesson[SMTP:stefan@accurata.se] >Sent: Thursday, September 24, 1998 8:41 AM >To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; >cert-talk@structuredarts.com >Subject: NEW Data type for certificate selection ? > >All, > >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an = environment >where the client is populated with many similar certificates for = different >purposes. > >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on = an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for = the >general case. > >In fact we can NEVER claim that we have an X.509 based architecture = ready >for the big market IF WE DON'T SOLVE THIS PROBLEM. > >A normal user (I.e grandmother) will never be able to pick the right >certificate by herself, if there is more than 1 to pick. > >The question raised here is: > >WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD = START. > >If we could create a standardized ASN.1 data type with the purpose of >defining the criteria for selecting 1 out of n certificates, then this >could be used as a common base for enhancing TLS, Java, Java script, = S/MIME >etc. > >The data type could be communicated from server to client, client to >server, server to server, client to client; I.e in any case where one = party >which to assist another party in selecting an appropriate certificate = for >any purpose (defined by the context). > >Do anyone have a better idea. > >I think this is a lost problem that has to be fixed, hopefully in a >standardized way. > >Comments, suggestions. > >/Stefan Santesson >------------------------------------------------------------------- >Stefan Santesson <stefan@accurata.se> >Accurata Systems=E4kerhet AB =20 >Lotsgatan 27 D Tel. +46-40 152211 =20 >216 42 Malm=F6 Fax. +46-40 150790 =20 >Sweden Mobile +46-70 5247799 > >PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >------------------------------------------------------------------- > ------ =_NextPart_000_01BDE7B3.26345CD0 Content-Type: application/msword; name="MATCH.DOC" Content-Transfer-Encoding: base64 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAOwADAP7/CQAGAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAA EAAAAgAAAAEAAAD+////AAAAAAAAAAD///////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////9 ////HgAAAP7///8fAAAABQAAAAYAAAAHAAAACAAAAAkAAAAKAAAACwAAAAwAAAANAAAADgAAAA8A AAAQAAAAEQAAABIAAAATAAAAFAAAABUAAAAWAAAAFwAAABgAAAAZAAAAGgAAABsAAAAcAAAAHQAA ACAAAAD+/////v///yEAAAAiAAAAIwAAACQAAAAlAAAAJgAAACcAAAAoAAAAKQAAACoAAAArAAAA LAAAAP7///////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////1IA bwBvAHQAIABFAG4AdAByAHkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAWAAUA//////////8DAAAAAAkCAAAAAADAAAAAAAAARgAAAAAAAAAAAAAAAIZMlDsA6rwB AwAAAIADAAAAAAAAAQBDAG8AbQBwAE8AYgBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAABIAAgH///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAYgAAAAAAAABXAG8AcgBkAEQAbwBjAHUAbQBlAG4AdAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGgACAf////8EAAAA/////wAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAdTQAAAAAAAE8AYgBqAGUAYwB0AFAAbwBv AGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAEBAQAAAAIA AAD/////AAAAAAAAAAAAAAAAAAAAAAAAAACGTJQ7AOq8AYZMlDsA6rwBAAAAANQNNBRABNQNAQAA AP7///8DAAAABAAAAAUAAAAGAAAABwAAAAgAAAAJAAAACgAAAAsAAAAMAAAADQAAAP7///////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////8BAP7/ AwoAAP////8ACQIAAAAAAMAAAAAAAABGHAAAAE1pY3Jvc29mdCBXb3JkIDYuMCBEb2N1bWVudAAK AAAATVNXb3JkRG9jABAAAABXb3JkLkRvY3VtZW50LjYAAAAAADsAAwD+/wkABgAAAAAAAAAAAAAA AQAAAAEAAAAAAP7/AAADCgAAAAAAAAAAAAAAAAAAAAAAAAEAAADghZ/y+U9oEKuRCAArJ7PZMAAA ALACAAAOAAAABwAAAJgAAAACAAAA3AAAAAQAAAAAAQAACAAAACQBAAAMAAAASAEAAAsAAABsAQAA DQAAAJABAAAPAAAAtAEAABAAAADYAQAACgAAAPwBAAASAAAAIAIAAA4AAABEAgAACQAAAGgCAAAT AAAAjAIAAP//////////////////////////////////////////HgAAACgAAABDOlxNU09GRklD RVxXSU5XT1JEXFRFTVBMQVRFXE5PUk1BTC5ET1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAAAAFAAA ADEyLjcJTWF0Y2hpbmcgcnVsZXMAAAAAAAAAAAAeAAAADgAAAFN1ZSBBLiBNaWtsb3MAAAAAAAAA AAAAAAAAAAAeAAAADgAAAFN1ZSBBLiBNaWtsb3MAAAAAAAAAAAAAAAAAAABAAAAAhn3TndylZQA9 wAkEAAAAAGUAAAAAAAAAAAAAAAADAAAHMwAAHU0AAAAAAAAAAAAAAAAAAAAAAAAHMAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARAAAKAMAAABEAAAoAwAAKEcAAAAAAAAoRwAAAAAA AChHAAAAAAAAKEcAAAAAAAAoRwAAFAAAAKJHAAA8AAAAokcAAAAAAADeRwAAAAAAAN5HAAAAAAAA 3kcAAAAAAADeRwAAFgAAAPRHAAAiAAAAokcAAAAAAAAjTAAAZQAAABZIAAAAAAAAFkgAAAAAAAAW SAAAAAAAABZIAAAAAAAAFkgAAAAAAAAWSAAAAAAAABZIAAAAAAAAFkgAAAAAAAA4SAAAAgAAADpI AAAAAAAAOkgAAAAAAAA6SAAAIwAAAF1IAADUAQAAMUoAANQBAAAFTAAAHgAAAIhMAABUAAAA3EwA AEEAAAAjTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoRwAAAAAAABZIAAAAAAAAAAAaAB0AAwAFABZI AAAAAAAAFkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFkgAAAAAAAAWSAAAAAAAACNMAAAAAAAAFkgA AAAAAAAoRwAAAAAAAChHAAAAAAAAFkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFkgAAAAAAAAWSAAA AAAAABZIAAAAAAAAFkgAAAAAAAAWSAAAAAAAAChHAAAAAAAAFkgAAAAAAAAoRwAAAAAAABZIAAAA AAAAOEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPEcAACYAAABiRwAAQAAAAChHAAAAAAAAKEcAAAAA AAAoRwAAAAAAAChHAAAAAAAAFkgAAAAAAAA4SAAAAAAAABZIAAAiAAAAFkgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAEVYQ0VSUFRTIEZST00gVEhFIDE5OTcgWC41MDAgU2VyaWVz IG9mIFJlY29tbWVuZGF0aW9ucyBmb3IgSW5mb3JtYXRpb25hbCBQdXJwb3NlcyBPbmx5Lg0NMTIu NwlNYXRjaGluZyBydWxlcw1UaGlzIERpcmVjdG9yeSBTcGVjaWZpY2F0aW9uIGRlZmluZXMgbWF0 Y2hpbmcgcnVsZXMgZm9yIHVzZSB3aXRoIGF0dHJpYnV0ZXMgb2YgdHlwZSBDZXJ0aWZpY2F0ZSwg Q2VydGlmaWNhdGVQYWlyLCBDZXJ0aWZpY2F0ZUxpc3QsIGFuZCBTdXBwb3J0ZWRBbGdvcml0aG0s IHJlc3BlY3RpdmVseS4NMTIuNy4xCUNlcnRpZmljYXRlIGV4YWN0IG1hdGNoDVRoZSBjZXJ0aWZp Y2F0ZSBleGFjdCBtYXRjaCBydWxlIGNvbXBhcmVzIGZvciBlcXVhbGl0eSBhIHByZXNlbnRlZCB2 YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1ZSBvZiB0eXBlIENlcnRpZmljYXRlLiBJdCB1bmlx dWVseSBzZWxlY3RzIGEgc2luZ2xlIGNlcnRpZmljYXRlLg1jZXJ0aWZpY2F0ZUV4YWN0TWF0Y2gg TUFUQ0hJTkctUlVMRSA6Oj0gewsJU1lOVEFYCQlDZXJ0aWZpY2F0ZUV4YWN0QXNzZXJ0aW9uCwlJ RAkJCWlkLW1yLWNlcnRpZmljYXRlRXhhY3RNYXRjaCB9DUNlcnRpZmljYXRlRXhhY3RBc3NlcnRp b24gOjo9IFNFUVVFTkNFIHsLCXNlcmlhbE51bWJlcgkJQ2VydGlmaWNhdGVTZXJpYWxOdW1iZXIs Cwlpc3N1ZXIJCQlOYW1lIH0NVGhpcyBtYXRjaGluZyBydWxlIHJldHVybnMgVFJVRSBpZiB0aGUg Y29tcG9uZW50cyBpbiB0aGUgYXR0cmlidXRlIHZhbHVlIG1hdGNoIHRob3NlIGluIHRoZSBwcmVz ZW50ZWQgdmFsdWUuDTEyLjcuMglDZXJ0aWZpY2F0ZSBtYXRjaA1UaGUgY2VydGlmaWNhdGUgbWF0 Y2ggcnVsZSBjb21wYXJlcyBhIHByZXNlbnRlZCB2YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1 ZSBvZiB0eXBlIENlcnRpZmljYXRlLiBJdCBzZWxlY3RzIG9uZSBvciBtb3JlIGNlcnRpZmljYXRl cyBvbiB0aGUgYmFzaXMgb2YgdmFyaW91cyBjaGFyYWN0ZXJpc3RpY3MuDWNlcnRpZmljYXRlTWF0 Y2ggTUFUQ0hJTkctUlVMRSA6Oj0gewsJU1lOVEFYCQlDZXJ0aWZpY2F0ZUFzc2VydGlvbgsJSUQJ CQlpZC1tci1jZXJ0aWZpY2F0ZU1hdGNoIH0NQ2VydGlmaWNhdGVBc3NlcnRpb24gOjo9IFNFUVVF TkNFIHsLCXNlcmlhbE51bWJlcgkJWzBdIENlcnRpZmljYXRlU2VyaWFsTnVtYmVyCQlPUFRJT05B TCwLCWlzc3VlcgkJCQlbMV0gTmFtZSAJCQlPUFRJT05BTCwLCXN1YmplY3RLZXlJZGVudGlmaWVy CVsyXSBTdWJqZWN0S2V5SWRlbnRpZmllcgkJT1BUSU9OQUwsCwlhdXRob3JpdHlLZXlJZGVudGlm aWVyCVszXSBBdXRob3JpdHlLZXlJZGVudGlmaWVyIAkJT1BUSU9OQUwsCwljZXJ0aWZpY2F0ZVZh bGlkCQlbNF0gVVRDVGltZQkJCU9QVElPTkFMLAsJcHJpdmF0ZUtleVZhbGlkCQlbNV0gR2VuZXJh bGl6ZWRUaW1lCQlPUFRJT05BTCwLCXN1YmplY3RQdWJsaWNLZXlBbGdJRAlbNl0gT0JKRUNUIElE RU5USUZJRVIJCU9QVElPTkFMLAsJa2V5VXNhZ2UJCQlbN10gS2V5VXNhZ2UJCQlPUFRJT05BTCwL CXN1YmplY3RBbHROYW1lCQlbOF0gQWx0TmFtZVR5cGUJCU9QVElPTkFMLAsJcG9saWN5CQkJCVs5 XSBDZXJ0UG9saWN5U2V0CQlPUFRJT05BTCwLCXBhdGhUb05hbWUJCVsxMF0gTmFtZQkJCU9QVElP TkFMIH0NQWx0TmFtZVR5cGUgOjo9IENIT0lDRSB7IAsJYnVpbHRpbk5hbWVGb3JtCUVOVU1FUkFU RUQgewsJCQkJCXJmYzgyMk5hbWUJCSgxKSwLCQkJCQlkTlNOYW1lCQkoMiksCwkJCQkJeDQwMEFk ZHJlc3MJCSgzKSwLCQkJCQlkaXJlY3RvcnlOYW1lCSg0KSwLCQkJCQllZGlQYXJ0eU5hbWUJCSg1 KSwLCQkJCQl1bmlmb3JtUmVzb3VyY2VJZGVudGlmaWVyICg2KSwLCQkJCQlpUEFkZHJlc3MJCSg3 KSwLCQkJCQlyZWdpc3RlcmVkSWQJCSg4KSB9LAsJb3RoZXJOYW1lRm9ybQlPQkpFQ1QgSURFTlRJ RklFUiB9DVRoaXMgbWF0Y2hpbmcgcnVsZSByZXR1cm5zIFRSVUUgaWYgYWxsIG9mIHRoZSBjb21w b25lbnRzIHRoYXQgYXJlIHByZXNlbnQgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZSBtYXRjaCB0aGUg Y29ycmVzcG9uZGluZyBjb21wb25lbnRzIG9mIHRoZSBhdHRyaWJ1dGUgdmFsdWUsIGFzIGZvbGxv d3M6DWEpCXNlcmlhbE51bWJlciBtYXRjaGVzIGlmIHRoZSB2YWx1ZSBvZiB0aGlzIGNvbXBvbmVu dCBpbiB0aGUgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVzZW50ZWQgdmFs dWU7DWIpCWlzc3VlciBtYXRjaGVzIGlmIHRoZSB2YWx1ZSBvZiB0aGlzIGNvbXBvbmVudCBpbiB0 aGUgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVzZW50ZWQgdmFsdWU7DWMp CXN1YmplY3RLZXlJZGVudGlmaWVyIG1hdGNoZXMgaWYgdGhlIHZhbHVlIG9mIHRoaXMgY29tcG9u ZW50IGluIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVz ZW50ZWQgdmFsdWU7IHRoZXJlIGlzIG5vIG1hdGNoIGlmIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZh bHVlIGNvbnRhaW5zIG5vIHN1YmplY3Qga2V5IGlkZW50aWZpZXIgZXh0ZW5zaW9uOw1kKQlhdXRo b3JpdHlLZXlJZGVudGlmaWVyIG1hdGNoZXMgaWYgdGhlIHZhbHVlIG9mIHRoaXMgY29tcG9uZW50 IGluIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVzZW50 ZWQgdmFsdWU7IHRoZXJlIGlzIG5vIG1hdGNoIGlmIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVl IGNvbnRhaW5zIG5vIGF1dGhvcml0eSBrZXkgaWRlbnRpZmllciBleHRlbnNpb24gb3IgaWYgbm90 IGFsbCBjb21wb25lbnRzIGluIHRoZSBwcmVzZW50ZWQgdmFsdWUgYXJlIHByZXNlbnQgaW4gdGhl IHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWU7DWUpCWNlcnRpZmljYXRlVmFsaWQgbWF0Y2hlcyBpZiB0 aGUgcHJlc2VudGVkIHZhbHVlIGZhbGxzIHdpdGhpbiB0aGUgdmFsaWRpdHkgcGVyaW9kIG9mIHRo ZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOw1mKQlwcml2YXRlS2V5VmFsaWQgbWF0Y2hlcyBpZiB0 aGUgcHJlc2VudGVkIHZhbHVlIGZhbGxzIHdpdGhpbiB0aGUgcGVyaW9kIGluZGljYXRlZCBieSB0 aGUgcHJpdmF0ZSBrZXkgdXNhZ2UgcGVyaW9kIGV4dGVuc2lvbiBvZiB0aGUgc3RvcmVkIGF0dHJp YnV0ZSB2YWx1ZSBvciBpZiB0aGVyZSBpcyBubyBwcml2YXRlIGtleSB1c2FnZSBwZXJpb2QgZXh0 ZW5zaW9uIGluIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOw1nKQlzdWJqZWN0UHVibGljS2V5 QWxnSUQgbWF0Y2hlcyBpZiBpdCBpcyBlcXVhbCB0byB0aGUgYWxnb3JpdGhtIGNvbXBvbmVudCBv ZiB0aGUgYWxnb3JpdGhtSWRlbnRpZmllciBvZiB0aGUgc3ViamVjdFB1YmxpY0tleUluZm9ybWF0 aW9uIGNvbXBvbmVudCBvZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsNaCkJa2V5VXNhZ2Ug bWF0Y2hlcyBpZiBhbGwgb2YgdGhlIGJpdHMgc2V0IGluIHRoZSBwcmVzZW50ZWQgdmFsdWUgYXJl IGFsc28gc2V0IGluIHRoZSBrZXkgdXNhZ2UgZXh0ZW5zaW9uIGluIHRoZSBzdG9yZWQgYXR0cmli dXRlIHZhbHVlLCBvciBpZiB0aGVyZSBpcyBubyBrZXkgdXNhZ2UgZXh0ZW5zaW9uIGluIHRoZSBz dG9yZWQgYXR0cmlidXRlIHZhbHVlOw1pKQlzdWJqZWN0QWx0TmFtZSBtYXRjaGVzIGlmIHRoZSBz dG9yZWQgYXR0cmlidXRlIHZhbHVlIGNvbnRhaW5zIHRoZSBzdWJqZWN0IGFsdGVybmF0aXZlIG5h bWUgZXh0ZW5zaW9uIHdpdGggYW4gQWx0TmFtZXMgY29tcG9uZW50IG9mIHRoZSBzYW1lIG5hbWUg dHlwZSBhcyBpbmRpY2F0ZWQgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZTsNaikJcG9saWN5IG1hdGNo ZXMgaWYgYWxsIG9mIHRoZSBwb2xpY3kgZWxlbWVudHMgaWRlbnRpZmllZCBpbiBvbmUgb2YgdGhl IHByZXNlbnRlZCB2YWx1ZXMgYXJlIGNvbnRhaW5lZCBpbiB0aGUgc2V0IG9mIHBvbGljeUVsZW1l bnRJZHMgaW4gYW55IG9mIHRoZSBwb2xpY3lJbmZvcm1hdGlvbiB2YWx1ZXMgaW4gdGhlIGNlcnRp ZmljYXRlIHBvbGljaWVzIGV4dGVuc2lvbiBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsg IHRoZXJlIGlzIG5vIG1hdGNoIGlmIHRoZXJlIGlzIG5vIGNlcnRpZmljYXRlIHBvbGljaWVzIGV4 dGVuc2lvbiBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsNaykJcGF0aFRvTmFtZSBtYXRj aGVzIHVubGVzcyB0aGUgY2VydGlmaWNhdGUgaGFzIGEgbmFtZSBjb25zdHJhaW50cyBleHRlbnNp b24gd2hpY2ggaW5oaWJpdHMgdGhlIGNvbnN0cnVjdGlvbiBvZiBhIGNlcnRpZmljYXRpb24gcGF0 aCB0byB0aGUgcHJlc2VudGVkIG5hbWUgdmFsdWUuDTEyLjcuMwlDZXJ0aWZpY2F0ZSBwYWlyIGV4 YWN0IG1hdGNoDVRoZSBjZXJ0aWZpY2F0ZSBwYWlyIGV4YWN0IG1hdGNoIHJ1bGUgY29tcGFyZXMg Zm9yIGVxdWFsaXR5IGEgcHJlc2VudGVkIHZhbHVlIHdpdGggYW4gYXR0cmlidXRlIHZhbHVlIG9m IHR5cGUgQ2VydGlmaWNhdGVQYWlyLiBJdCB1bmlxdWVseSBzZWxlY3RzIGEgc2luZ2xlIGNyb3Nz LWNlcnRpZmljYXRlIHBhaXIuDWNlcnRpZmljYXRlUGFpckV4YWN0TWF0Y2ggTUFUQ0hJTkctUlVM RQk6Oj0JewsJU1lOVEFYCQlDZXJ0aWZpY2F0ZVBhaXJFeGFjdEFzc2VydGlvbgsJSUQJCQlpZC1t ci1jZXJ0aWZpY2F0ZVBhaXJFeGFjdE1hdGNoIH0NQ2VydGlmaWNhdGVQYWlyRXhhY3RBc3NlcnRp b24gOjo9IFNFUVVFTkNFIHsNCWZvcndhcmRBc3NlcnRpb24gCVswXSBDZXJ0aWZpY2F0ZUV4YWN0 QXNzZXJ0aW9uIE9QVElPTkFMLA0JcmV2ZXJzZUFzc2VydGlvbiAJWzFdIENlcnRpZmljYXRlRXhh Y3RBc3NlcnRpb24gT1BUSU9OQUwgfQ0JKCBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIGZvcndhcmRB c3NlcnRpb24gUFJFU0VOVH0gfA0JICBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIHJldmVyc2VBc3Nl cnRpb24gUFJFU0VOVH0gKQ1UaGlzIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBUUlVFIGlmIHRoZSBj b21wb25lbnRzIHRoYXQgYXJlIHByZXNlbnQgaW4gdGhlIGZvcndhcmRBc3NlcnRpb24gYW5kIHJl dmVyc2VBc3NlcnRpb24gY29tcG9uZW50cyBvZiB0aGUgcHJlc2VudGVkIHZhbHVlIG1hdGNoIHRo ZSBjb3JyZXNwb25kaW5nIGNvbXBvbmVudHMgb2YgdGhlIGZvcndhcmQgYW5kIHJldmVyc2UgY29t cG9uZW50cywgcmVzcGVjdGl2ZWx5LCBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZS4NMTIu Ny40CUNlcnRpZmljYXRlIHBhaXIgbWF0Y2gNVGhlIGNlcnRpZmljYXRlIHBhaXIgbWF0Y2ggcnVs ZSBjb21wYXJlcyBhIHByZXNlbnRlZCB2YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1ZSBvZiB0 eXBlIENlcnRpZmljYXRlUGFpci4gSXQgc2VsZWN0cyBvbmUgb3IgbW9yZSBjcm9zcy1jZXJ0aWZp Y2F0ZSBwYWlycyBvbiB0aGUgYmFzaXMgb2YgdmFyaW91cyBjaGFyYWN0ZXJpc3RpY3Mgb2YgZWl0 aGVyIHRoZSBmb3J3YXJkIG9yIHJldmVyc2UgY2VydGlmaWNhdGUgb2YgdGhlIHBhaXIuDWNlcnRp ZmljYXRlUGFpck1hdGNoIE1BVENISU5HLVJVTEUgOjo9CXsLCVNZTlRBWAkJQ2VydGlmaWNhdGVQ YWlyQXNzZXJ0aW9uCwlJRAkJCWlkLW1yLWNlcnRpZmljYXRlUGFpck1hdGNoIH0NQ2VydGlmaWNh dGVQYWlyQXNzZXJ0aW9uIDo6PSBTRVFVRU5DRSB7DQlmb3J3YXJkQXNzZXJ0aW9uIAlbMF0gQ2Vy dGlmaWNhdGVBc3NlcnRpb24gT1BUSU9OQUwsDQlyZXZlcnNlQXNzZXJ0aW9uIAlbMV0gQ2VydGlm aWNhdGVBc3NlcnRpb24gT1BUSU9OQUwgfQ0JKCBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIGZvcndh cmRBc3NlcnRpb24gUFJFU0VOVH0gfA0JICBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIHJldmVyc2VB c3NlcnRpb24gUFJFU0VOVH0gKQ1UaGlzIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBUUlVFIGlmIGFs bCBvZiB0aGUgY29tcG9uZW50cyB0aGF0IGFyZSBwcmVzZW50IGluIHRoZSBmb3J3YXJkQXNzZXJ0 aW9uIGFuZCByZXZlcnNlQXNzZXJ0aW9uIGNvbXBvbmVudHMgb2YgdGhlIHByZXNlbnRlZCB2YWx1 ZSBtYXRjaCB0aGUgY29ycmVzcG9uZGluZyBjb21wb25lbnRzIG9mIHRoZSBmb3J3YXJkIGFuZCBy ZXZlcnNlIGNvbXBvbmVudHMsIHJlc3BlY3RpdmVseSwgaW4gdGhlIHN0b3JlZCBhdHRyaWJ1dGUg dmFsdWUsIHVzaW5nIHRoZSBydWxlcyBnaXZlbiBpbiAxMi43LjIuDTEyLjcuNQlDZXJ0aWZpY2F0 ZSBsaXN0IGV4YWN0IG1hdGNoDVRoZSBjZXJ0aWZpY2F0ZSBsaXN0IGV4YWN0IG1hdGNoIHJ1bGUg Y29tcGFyZXMgZm9yIGVxdWFsaXR5IGEgcHJlc2VudGVkIHZhbHVlIHdpdGggYW4gYXR0cmlidXRl IHZhbHVlIG9mIHR5cGUgQ2VydGlmaWNhdGVMaXN0LiBJdCB1bmlxdWVseSBzZWxlY3RzIGEgc2lu Z2xlIENSTC4NY2VydGlmaWNhdGVMaXN0RXhhY3RNYXRjaCBNQVRDSElORy1SVUxFCTo6PQl7CwlT WU5UQVgJCUNlcnRpZmljYXRlTGlzdEV4YWN0QXNzZXJ0aW9uCwlJRAkJCWlkLW1yLWNlcnRpZmlj YXRlTGlzdEV4YWN0TWF0Y2ggfQ1DZXJ0aWZpY2F0ZUxpc3RFeGFjdEFzc2VydGlvbiA6Oj0gU0VR VUVOQ0Ugew0JaXNzdWVyCQkJTmFtZSwNCXRoaXNVcGRhdGUJCVVUQ1RpbWUsDQlkaXN0cmlidXRp b25Qb2ludAlEaXN0cmlidXRpb25Qb2ludE5hbWUgT1BUSU9OQUwgfQ1UaGUgcnVsZSByZXR1cm5z IFRSVUUgaWYgdGhlIGNvbXBvbmVudHMgaW4gdGhlIHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWUgbWF0 Y2ggdGhvc2UgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZS4gSWYgdGhlIGRpc3RyaWJ1dGlvblBvaW50 IGNvbXBvbmVudCBpcyBwcmVzZW50IHRoZW4gaXQgbXVzdCBtYXRjaCBpbiBhdCBsZWFzdCBvbmUg bmFtZSBmb3JtLg0xMi43LjYJQ2VydGlmaWNhdGUgbGlzdCBtYXRjaA1UaGUgY2VydGlmaWNhdGUg bGlzdCBtYXRjaCBydWxlIGNvbXBhcmVzIGEgcHJlc2VudGVkIHZhbHVlIHdpdGggYW4gYXR0cmli dXRlIHZhbHVlIG9mIHR5cGUgQ2VydGlmaWNhdGVMaXN0LiBJdCBzZWxlY3RzIG9uZSBvciBtb3Jl IENSTHMgb24gdGhlIGJhc2lzIG9mIHZhcmlvdXMgY2hhcmFjdGVyaXN0aWNzLg1jZXJ0aWZpY2F0 ZUxpc3RNYXRjaCBNQVRDSElORy1SVUxFIDo6PSB7DQlTWU5UQVgJQ2VydGlmaWNhdGVMaXN0QXNz ZXJ0aW9uCwlJRAkJaWQtbXItY2VydGlmaWNhdGVMaXN0TWF0Y2ggfQ1DZXJ0aWZpY2F0ZUxpc3RB c3NlcnRpb24gOjo9IFNFUVVFTkNFIHsNCWlzc3VlcgkJCU5hbWUJT1BUSU9OQUwsDQltaW5DUkxO dW1iZXIJCVswXQlDUkxOdW1iZXIJT1BUSU9OQUwsCwltYXhDUkxOdW1iZXIJCVsxXQlDUkxOdW1i ZXIJT1BUSU9OQUwsCwlyZWFzb25GbGFncwkJUmVhc29uRmxhZ3MJT1BUSU9OQUwsCwlkYXRlQW5k VGltZQkJVVRDVGltZQlPUFRJT05BTCwNCWRpc3RyaWJ1dGlvblBvaW50CQlbMl0JRGlzdHJpYnV0 aW9uUG9pbnROYW1lIE9QVElPTkFMIH0NVGhlIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBUUlVFIGlm IGFsbCBvZiB0aGUgY29tcG9uZW50cyB0aGF0IGFyZSBwcmVzZW50IGluIHRoZSBwcmVzZW50ZWQg dmFsdWUgbWF0Y2ggdGhlIGNvcnJlc3BvbmRpbmcgY29tcG9uZW50cyBvZiB0aGUgc3RvcmVkIGF0 dHJpYnV0ZSB2YWx1ZSwgYXMgZm9sbG93czoNYSkJaXNzdWVyIG1hdGNoZXMgaWYgdGhlIHZhbHVl IG9mIHRoaXMgY29tcG9uZW50IGluIHRoZSBhdHRyaWJ1dGUgdmFsdWUgZXF1YWxzIHRoYXQgaW4g dGhlIHByZXNlbnRlZCB2YWx1ZTsNYikJbWluQ1JMTnVtYmVyIG1hdGNoZXMgaWYgaXRzIHZhbHVl IGlzIGxlc3MgdGhhbiBvciBlcXVhbCB0byB0aGUgdmFsdWUgaW4gdGhlIENSTCBudW1iZXIgZXh0 ZW5zaW9uIG9mIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOyB0aGVyZSBpcyBubyBtYXRjaCBp ZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyBubyBDUkwgbnVtYmVyIGV4dGVu c2lvbjsNYykJbWF4Q1JMTnVtYmVyIG1hdGNoZXMgaWYgaXRzIHZhbHVlIGlzIGdyZWF0ZXIgdGhh biBvciBlcXVhbCB0byB0aGUgdmFsdWUgaW4gdGhlIENSTCBudW1iZXIgZXh0ZW5zaW9uIG9mIHRo ZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOyB0aGVyZSBpcyBubyBtYXRjaCBpZiB0aGUgc3RvcmVk IGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyBubyBDUkwgbnVtYmVyIGV4dGVuc2lvbjsNZCkJcmVh c29uRmxhZ3MgbWF0Y2hlcyBpZiBhbnkgb2YgdGhlIGJpdHMgdGhhdCBhcmUgYXJlIHNldCBpbiB0 aGUgcHJlc2VudGVkIHZhbHVlIGFyZSBhbHNvIHNldCBpbiB0aGUgb25seVNvbWVSZWFzb25zIGNv bXBvbmVudHMgb2YgdGhlIGlzc3VpbmcgZGlzdHJpYnV0aW9uIHBvaW50IGV4dGVuc2lvbiBvZiB0 aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsgdGhlcmUgaXMgbm8gbWF0Y2ggaWYgdGhlIHN0b3Jl ZCBhdHRyaWJ1dGUgdmFsdWUgY29udGFpbnMgbm8gaXNzdWluZyBkaXN0cmlidXRpb24gcG9pbnQg ZXh0ZW5zaW9uOw1lKQlkYXRlQW5kVGltZSBtYXRjaGVzIGlmIHRoZSB2YWx1ZSBpcyBlcXVhbCB0 byBvciBsYXRlciB0aGFuIHRoZSB2YWx1ZSBpbiB0aGUgdGhpc1VwZGF0ZSBjb21wb25lbnQgb2Yg dGhlIHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWUgYW5kIGlzIGVhcmxpZXIgdGhhbiB0aGUgdmFsdWUg aW4gdGhlIG5leHRVcGRhdGUgY29tcG9uZW50IG9mIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVl OyB0aGVyZSBpcyBubyBtYXRjaCBpZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlu cyBubyBuZXh0VXBkYXRlIGNvbXBvbmVudDsNZikJZGlzdHJpYnV0aW9uUG9pbnQgbWF0Y2hlcyBp ZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyBhbiBpc3N1aW5nIGRpc3RyaWJ1 dGlvbiBwb2ludCBleHRlbnNpb24gYW5kIHRoZSB2YWx1ZSBvZiB0aGlzIGNvbXBvbmVudCBpbiB0 aGUgcHJlc2VudGVkIHZhbHVlIGVxdWFscyB0aGUgY29ycmVzcG9uZGluZyB2YWx1ZSwgaW4gYXQg bGVhc3Qgb25lIG5hbWUgZm9ybSwgaW4gdGhhdCBleHRlbnNpb24uDTEyLjcuNwlBbGdvcml0aG0g aWRlbnRpZmllciBtYXRjaA1UaGUgYWxnb3JpdGhtIGlkZW50aWZpZXIgbWF0Y2ggcnVsZSBjb21w YXJlcyBmb3IgZXF1YWxpdHkgYSBwcmVzZW50ZWQgdmFsdWUgd2l0aCBhbiBhdHRyaWJ1dGUgdmFs dWUgb2YgdHlwZSBTdXBwb3J0ZWRBbGdvcml0aG0uIA1hbGdvcml0aG1JZGVudGlmaWVyTWF0Y2gg TUFUQ0hJTkctUlVMRQk6Oj0gICB7CwlTWU5UQVgJCUFsZ29yaXRobUlkZW50aWZpZXILCUlECQkJ aWQtbXItYWxnb3JpdGhtSWRlbnRpZmllck1hdGNoIH0NVGhlIHJ1bGUgcmV0dXJucyBUUlVFIGlm IHRoZSBwcmVzZW50ZWQgdmFsdWUgaXMgZXF1YWwgdG8gdGhlIGFsZ29yaXRobUlkZW50aWZpZXIg Y29tcG9uZW50IG9mIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlLg0xMy4zCUF0dHJpYnV0ZSBD ZXJ0aWZpY2F0ZSBNYXRjaGluZyBSdWxlDVRoZSBhdHRyaWJ1dGUgY2VydGlmaWNhdGUgbWF0Y2hp bmcgcnVsZSBjb21wYXJlcyBhIHByZXNlbnRlZCB2YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1 ZSBvZiB0eXBlIEF0dHJpYnV0ZUNlcnRpZmljYXRlLiBUaGlzIG1hdGNoaW5nIHJ1bGVzIGFsbG93 cyBtb3JlIGNvbXBsZXggbWF0Y2hpbmcgdGhhbiB0aGUgY2VydGlmaWNhdGVFeGFjdE1hdGNoLg1h dHRyaWJ1dGVDZXJ0aWZpY2F0ZU1hdGNoICBNQVRDSElORy1SVUxFICA6Oj0gIHsLCVNZTlRBWAlB dHRyaWJ1dGVDZXJ0aWZpY2F0ZUFzc2VydGlvbgsJSUQJCWlkLW1yLWF0dHJpYnV0ZUNlcnRpZmlj YXRlTWF0Y2ggIH0NQXR0cmlidXRlQ2VydGlmaWNhdGVBc3NlcnRpb24gIDo6PSAgU0VRVUVOQ0Ug IHsLCXN1YmplY3QJWzBdCUNIT0lDRSB7CwkJYmFzZUNlcnRpZmljYXRlSUQJWzBdICBJc3N1ZXJT ZXJpYWwsCwkJc3ViamVjdE5hbWUJCVsxXSAgR2VuZXJhbE5hbWVzfSBPUFRJT05BTCwLCWlzc3Vl cgkJWzFdCUdlbmVyYWxOYW1lcyBPUFRJT05BTCwLCWF0dENlcnRWYWxpZAlbMl0JR2VuZXJhbGl6 ZWRUaW1lIE9QVElPTkFMLA0JYXR0VHlwZQlbM10JU0VUIE9GIEF0dHJpYnV0ZVR5cGUgT1BUSU9O QUx9DZUJQXQgbGVhc3Qgb25lIGNvbXBvbmVudCBvZiB0aGUgc2VxdWVuY2UgbXVzdCBiZSBwcmVz ZW50DVRoZSBtYXRjaGluZyBydWxlIHJldHVybnMgVFJVRSBpZiBhbGwgb2YgdGhlIGNvbXBvbmVu dHMgdGhhdCBhcmUgcHJlc2VudCBpbiB0aGUgcHJlc2VudGVkIHZhbHVlIG1hdGNoIHRoZSBjb3Jy ZXNwb25kaW5nIGNvbXBvbmVudHMgb2YgdGhlIGF0dHJpYnV0ZSB2YWx1ZSwgYXMgZm9sbG93czoN YSkJYmFzZUNlcnRpZmljYXRlSUQgbWF0Y2hlcyBpZiBpdCBpcyBlcXVhbCB0byB0aGUgSXNzdWVy U2VyaWFsIGNvbXBvbmVudCBvZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsNYikJc3ViamVj dE5hbWUgbWF0Y2hlcyBpZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyB0aGUg bmFtZSBleHRlbnNpb24gd2l0aCB0aGUgc2FtZSBuYW1lIHR5cGUgYXMgaW5kaWNhdGVkIGluIHRo ZSBwcmVzZW50ZWQgdmFsdWU7DWMpCWlzc3VlciBtYXRjaGVzIGlmIHRoZSBzdG9yZWQgYXR0cmli dXRlIHZhbHVlIGNvbnRhaW5zIHRoZSBuYW1lIGNvbXBvbmVudCBvZiB0aGUgc2FtZSBuYW1lIHR5 cGUgYXMgaW5kaWNhdGVkIGluIHRoZSBwcmVzZW50ZWQgdmFsdWU7DWQpCWF0dENlcnRWYWxpZGQg bWF0Y2hlcyBpZiBpdCBmYWxscyB3aXRoaW4gdGhlIHNwZWNpZmllZCB2YWxpZGl0eSBwZXJpb2Qg b2YgdGhlIHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWUuDWUpIAlmb3IgZWFjaCBhdHRUeXBlIGluIHRo ZSBwcmVzZW50ZWQgdmFsdWUsIHRoZXJlIGlzIGFuIGF0dHJpYnV0ZSBvZiB0aGF0IHR5cGUgcHJl c2VudCBpbiB0aGUgYXR0cmlidXRlcyBjb21wb25lbnQgb2YgdGhlIHN0b3JlZCB2YWx1ZS4NMTgu Mi40CVJlYWRlciBhbmQgS2V5IElkZW50aWZpZXIgTWF0Y2hpbmcgUnVsZQ1BIG1hdGNoaW5nIHJ1 bGUgZm9yIGEgbGlzdCBvZiBhdXRob3JpemVkIHJlYWRlcnMgYW5kIHRoZWlyIGFzc29jaWF0ZWQg a2V5cyBpcyBhcyBmb2xsb3dzOg1yZWFkZXJBbmRLZXlJRE1hdGNoIE1BVENISU5HLVJVTEUgIDo6 PSAgewsJU1lOVEFYCVJlYWRlckFuZEtleUlEQXNzZXJ0aW9uCwlJRAkJaWQtbXItcmVhZGVyQW5k S2V5SURNYXRjaCAgfQ1SZWFkZXJBbmRLZXlJREFzc2VydGlvbiAgOjo9ICBTRVFVRU5DRSB7DQsJ a2V5SWRlbnRpZmllcglLZXlJZGVudGlmaWVyLAsJYXV0aFJlYWRlcnMJQXV0aFJlYWRlcnMgT1BU SU9OQUwgIH0NVGhlIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBhIFRSVUUgaWYgYWxsIG9mIHRoZSBj b21wb25lbnRzIHRoYXQgYXJlIHByZXNlbnQgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZSBtYXRjaCB0 aGUgY29ycmVzcG9uZGluZyBjb21wb25lbnRzIG9mIHRoZSBhdHRyaWJ1dGUgdmFsdWUsIGFzIGZv bGxvd3M6DWEpCWtleUlkZW50aWZpZXIgbWF0Y2hlcyBpZiBpdCBpcyBlcXVhbCB0byB0aGUga2V5 SWRlbnRpZmllciBjb21wb25lbnQgb2YgdGhlIFByb3RlY3RlZEtleSBpbiB0aGUgc3RvcmVkIGF0 dHJpYnV0ZSB2YWx1ZTsNYikJaWYgcHJlc2VudCB0aGUgYXV0aFJlYWRlcnMgbWF0Y2hlcyBpZiBp dCBpcyBlcXVhbCB0byBvbmUgb2YgdGhlIG5hbWVzIGluIHRoZSBhdXRoUmVhZGVycyBjb21wb25l bnQgb2YgdGhlIFByb3RlY3RlZEtleSBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZS4NDQ0N DQ0NDQ0NDQ0NUmVmLg1uby4HTWF0Y2hpbmcgUnVsZQdEB0FDUCAxMzMHTm90ZXMNKG15IHJlY29t bWVuZGVkIG9yZGVyIGZvciBzdXBwb3J0ICNuKQcHMS4HYWxnb3JpdGhtSWRlbnRpZmllck1hdGNo B28HbQcjMQcHMi4HYXR0cmlidXRlQ2VydGlmaWNhdGVNYXRjaAdvB20HIzYHBzMuB2F0dHJpYnV0 ZUludGVncml0eU1hdGNoB28HbwcHBzQuB2NlcnRpZmljYXRlRXhhY3RNYXRjaAdvB28HBwc1Lgdj ZXJ0aWZpY2F0ZUxpc3RFeGFjdE1hdGNoB28HbQcjNQcHNi4HY2VydGlmaWNhdGVMaXN0TWF0Y2gH bwdtByM0Bwc3LgdjZXJ0aWZpY2F0ZU1hdGNoB28HbQcjMgcHOC4HY2VydGlmaWNhdGVQYWlyRXhh Y3RNYXRjaAdvB28HBwc5LgdjZXJ0aWZpY2F0ZVBhaXJNYXRjaAdvB20HIzMHBzEwLgdyZWFkZXJB bmRLZXlJRE1hdGNoB28HbQdDb25kaXRpb25hbCBvbiBzdXBwb3J0IG9mIHRoZSBlbmNyeXB0ZWQg dmFyaWFudCBvZiBhdHRyaWJ1dGVzIGFzIGRlc2NyaWJlZCBpbiBQYXJhIDQwOCBvZiBBQ1AgMTMz DSM3BwcNDQ0NVGFibGUgZnJvbSBBQ1AgMTMzLCBBbm5leCBEIC0gVGFibGUgRC0xNS4NDVBsZWFz ZSBub3RlIHRoYXQgaXQgaXNuknQgdmFsaWQgZm9yIGEgRFNBIHRvIGJlIGFibGUgdG8gbWF0Y2gg YXNzZXJ0aW9ucywgdW5sZXNzIHRoZSBjbGllbnRzIGNhbiBhc3NlcnQgdGhlIG1hdGNoIGNyaXRl cmlhLg3QzxHgobEa4QAAAAAAAAAAAAAAAAAAAAA7AAMA/v8JAAYAAAAAAAAAAAAAAAEAAAABAAAA AAAAAAAQAAACAAAAAQAAAP7///8AAAAAAAAAAP////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////8FAFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0 AGkAbwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAACAP///////////////wAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADgAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////// ////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPtsvAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAhjMCGQDqvAEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAGKYxQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAeAAAAEwAAAE1pY3Jvc29mdCBXb3JkIDYuMAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAeAAAAAgAAADQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQzxHgobEa4QAAAAAAAAAAAAAAAAAA AAA7AAMA/v8JAP////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ////////////////////////////////AAMAAFkDAADBAwAAzAMAAM4DAADdAwAA3wMAAO4DAAD0 AwAABgQAABUEAAAWBAAAngQAAKkEAADUBAAA1QQAABQGAAAVBgAAhAYAAI8GAADdBgAA3gYAAC4L AAA6CwAAoAsAAKYLAAAMDAAAIAwAAOsMAAABDQAAKA4AADgOAACbDgAAqg4AAIsPAACgDwAAvw8A AMgPAADaDwAA7g8AAPUPAAAQEAAAPRAAAEUQAAALEQAAGREAAHgRAACAEQAAyREAAM8RAAA8EgAA TBIAAFsSAABsEgAAHBMAACYTAABOFAAAXRQAAJMUAACUFAAAaxYAAHsWAACAFgAAkBYAAN0WAADk FgAA6RYAAPAWAAApFwAAKhcAAKMXAACyFwAARBgAAEUYAAAFGgAAFRoAABoaAAAqGgAAdxoAAH4a AACDGgAAihoAAOQaAADlGgAAdxsAAIYbAACpGwAAqhsAAB8dAAAwHQAAcx0AAHQdAADtHQAA/B0A AGggAABpIAAAAP328Pb99v32/QD99v0A/QD99v0A/fb99v32/fb99v32/fb99v32/fb99v32/fb9 9v32/fb99v32/QD99v32/fb99v0A/fb9AP32/fb99v32/QD99v0A/fb9AP32/QAACl0DAGMSAEkB AAEADFWBXQMAYxIASQEAAQAESQEAAV9pIAAAbCAAAHIgAADYIAAA5CAAAK0hAAC5IQAAhSIAAJAi AADoIgAA9yIAALMjAAC+IwAA/yMAAAkkAABXJAAAYSQAAMckAADRJAAA4CQAAPEkAABcJgAAbiYA AHAmAABxJgAAIScAADQnAABdJwAAhycAAAAoAAA6KAAATygAAFEoAAABKQAACCkAAAkpAAANKQAA LikAAC8pAABPKQAAUCkAAFEpAABYKQAAXCkAAF0pAABeKQAAZykAAHEpAAB9KQAAgSkAAIIpAACO KQAA4ykAAOQpAADlKQAAHSoAAB4qAADEKgAAxSoAAMgqAADZKgAA+CoAAAQrAAAxKwAAPCsAAL8r AADFKwAARiwAAFMsAABzLAAAfSwAAKssAAC5LAAAwCwAAAstAAAWLQAAvi0AAJcuAABDLwAAUC8A AG8vAAB8LwAAji8AAJovAADMLwAA1i8AANcvAAAKMAAAFTAAACcwAAAzMAAA/fb99v32/fb99v32 /fb99v32/fb99v0A/fb9AP0A9AD9AP0A/QD9AP0A/QD9AP0A/QD9AP0A8ez9AP32/fb99v32/ef9 AP0A9AD0AOUA5wDnAPQA9ucA5wD0AAAAAANQFgAIVYFdAwBjEgAACFWBVoFJAQABAARVgVaBAAJV gQAMVYFdAwBjEgBJAQABAARJAQABWjMwAABfMAAAsDAAAMgwAADUMAAA7TAAADkxAABSMQAAXjEA AHIxAACaMQAAszEAAL0xAADRMQAA2TEAANoxAABcMgAABzMAAAD9+v36/fr9+v36/fr99/0AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVAWAFWBBEkBAAEAA1AWAAARAAMAAFgDAABZAwAAbQMAABYEAAA1BAAA1QQAAEYFAACoBQAA FQYAAC4GAADeBgAAQAcAAGUJAACDCgAAKwsAAJ0LAAAJDAAA6AwAACUOAACYDgAAiA8AADoQAAAI EQAAxhEAABkTAAC8EwAA4BMAAJQUAAARFQAAPhUAAHkVAAC1FQAA6xUAACEWAAAqFwAASBcAAEUY AACzGAAA2xgAABEZAABIGQAAfhkAAP0AAsAhCAH7AAHAIQgB+wABwCEIAfkAAsAh8AD3AAHAIfAA +QACwCHwAPMAA8Ah2ADzAAPAIdgA+QACwCHwAPcAAcAh8AD5AALAIfAA8wADwCHYAPMADMAh2ADz AAvAIdgA8QACwCHwAO8AAsAh8ADvAALAIfAA7wADwCHwAO8ABMAh8ADvAALAIfAA7wADwCHwAO8A A8Ah8ADvAAPAIfAA7wADwCHwAO8ABMAh8ADvAALAIfAA9wABwCHwAPkAAsAh8ADzAAPAIdgA8wAB wCHYAO0AAcAh2ADtAAHAIdgA7QABwCHYAO0AAcAh2AD5AAPAIfAA9wABwCHwAPkAA8Ah8ADzAAPA IdgA8wABwCHYAO0AAcAh2ADtAAHAIdgA7QABwCHYAAAAAAAAAAAAAREAAAEPAAABAAAAAxAAEAoA AAABBAAAARMAAAECAAACAgAFACp+GQAAtBkAAOUaAAAJGwAAqhsAACccAABUHAAAZBwAAHocAACu HAAAdB0AAJIdAABDHgAAbB4AAK8eAADXHgAA8B4AAIIfAAC7HwAAaSAAANUgAACqIQAAgiIAALAj AADdJAAAziUAAPAlAABxJgAA5CYAAF4nAACHJwAAUSgAANAoAAC5KQAA5SkAAB4qAADFKgAALisA ALwrAABDLAAArCwAADUtAABkLQAA/gABwCHYAPwAA8Ah8AD6AAHAIfAA/AACwCHwAPYAA8Ah2AD2 AAHAIdgA/gABwCHYAP4AAcAh2AD+AAHAIdgA/AACwCHwAPoAAcAh8AD0AALAIfAA9gABwCHYAP4A AsAh2AD2AAHAIdgA/gABwCHYAP4ABMAh2AD+AAHAIdgA/AACwCHwAPIAAsAh8ADyAAPAIfAA8gAD wCHwAPIABMAh8ADyAATAIfAA8gADwCHwAPoAAcAh8AD8AALAIfAA9gADwCHYAPwAAsAh8ADwAAHA IQgB/AACwCHwAO4AA8Ah2ADuAAbAIdgA/gABwCHYAOwAAcAh3QD8AALAIfAA8gACwCHwAPIAAsAh 8ADyAALAIfAA8gACwCHwAPIAAsAh8ADpAAHAISABAgkABQAAARQAAAEQAAABAgAAAQ8AAAESAAAD EAAQCgAAAAEEAAABEwAAAREAKmQtAAC+LQAAKi4AAFMuAACXLgAAQC8AALovAABTMAAAVDAAAFUw AABWMAAAVzAAAFgwAABZMAAAWjAAAFswAABcMAAAXTAAAF4wAABfMAAAZDAAAGgwAAB2MAAAeDAA AIAwAACGMAAArDAAAK0wAACwMAAAyTAAAMswAADNMAAA0DAAANEwAADUMAAA7jAAAPAwAADyMAAA 9TAAAPYwAAD5MAAA/gABwCHwAPwAA8Ah3QD8AAHAId0A/AADwCHdAP4AAsAh8AD6AALAIfAA+gAC wCHwAPoAAcAh8AD6AAHAIfAA+gABwCHwAPoAAcAh8AD6AAHAIfAA+gABwCHwAPoAAcAh8AD6AAHA IfAA+gABwCHwAPoAAcAh8AD6AAHAIfAA+gABwCHwAPQAAYoB3QD0AAGKAd0A9AABSw3dAPQAAUQB 3QD0AAKsAt0A9AAByxHdAPQAAcsR3QDgAAHLEd0A9AABigHdAPQAAUsN3QD0AAFEAd0A9AABrALd APQAAcsR3QDgAAHLEd0A9AABigHdAPQAAUsN3QD0AAFEAd0A9AABrALdAPQAAcsR3QDgAAHLEd0A 9AABigHdAAAAAAATAAAYARkBuGwAuwoACgAKAAoACQAJAL4OAAUU+3b9mgu2DToR3CMABRQAEAAA EQAAGAEAARUAAAEUAAABEwAo+TAAABExAAATMQAAFTEAABYxAAAXMQAAGjEAADAxAAAyMQAANDEA ADUxAAA2MQAAOTEAAFMxAABVMQAAVzEAAFoxAABbMQAAXjEAAHMxAAB1MQAAdzEAAHoxAAB7MQAA fjEAAI8xAACRMQAAkzEAAJYxAACXMQAAmjEAALQxAAC2MQAAuDEAALkxAAC6MQAAvTEAANIxAADU MQAA1jEAANkxAADaMQAA+gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A +gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6 AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYA AcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gAB Sw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGs At0A+gAByxHdAOYAAcsR3QAAAAAAABMAABgBGQG4bAC7CgAKAAoACgAJAAkAvg4ABRT7dv2aC7YN OhHcIwAFFAAQAAARAAAYASnaMQAA3jEAAPIxAAD0MQAA9jEAAFgyAABbMgAAXDIAAF0yAABeMgAA XzIAAGAyAACKMgAAizIAAAczAAD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGsAt0A+gACyxHdAPoA AcsR3QDmAAHLEd0A5AABwCHwAOQAAcAh8ADkAAHAIfAA5AABwCHwAOQAAcAh8ADkAAHAIfAA5AAC wCHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAABAAAAEwAAGAEZAbhsALsKAAoACgAKAAkACQC+DgAFFPt2/ZoLtg06 EdwjAAUUABAAABEAABgBDg4AFwAIAAEASwAPAAAAAAAaAABA8f8CABoABk5vcm1hbAACAAAAAwBh CQQALgABQAEAAgAuAAlIZWFkaW5nIDEAAAoAAQAIARXwABY8AAsAVYFdAgBjHABrHAAASgACQAEA AgBKAA5IZWFkaW5nIDIsMixsMQAhAAIABQMHAQgBERoDE+b8FTkBDw4ABBoDpwQ0BsEHAAAAAAAL AFWBXQQAYQkIYxYAACgAA0ABAAIAKAAJSGVhZGluZyAzAAAKAAMACAEV8AAWPAAFAFWBYxgAAEgA BEAxAAIASAAOSGVhZGluZyA0LDQsbDMAIgAEAAUDBwERGgMT5vwVtQAWAAAPDgAEGgOnBDQGwQcA AAAACQBdBABhCQhjFAAAAAAAAAAAAAAwAAlAEQACADAACUhlYWRpbmcgOQAADAAJAAUBBwEV4AEW AAAMAF0EAGEJCGMYAGsAACIAQUDy/6EAIgAWRGVmYXVsdCBQYXJhZ3JhcGggRm9udAAAAAAAAAAA AAAAOgD+TwEA8gA6AAhlbnVtbGV2MQAdAA8ABQMRpwQTc/4VVgAPDgAEGgOnBDQGwQcAAAAAAAYA XQQAYQkIRAD+TwEAEgFEAAVBU04uMQAAJAAQABWIAA8dAAn+Af0DpwQ0BmsIEwtKDQ8QYBQAAAAA AAAAAAALAFWBXQMAYQkIYxIAACAA/k8BARIBIAALQVNOLjEgQ29udC4AAAUAEQAVAAAAAAAkAP5P AQACACQAAmxiAA8AEgAFAwgBEA4AFYgAFngAAAMAXQQAADgAQkABADIBOAAJQm9keSBUZXh0AAAa ABMABQMViAAWeAAPDgAEGgOnBDQGwQcAAAAABgBdBABhCQheAP5PAQBCAV4AA2FzbgAAQwAUAAcB ECsAEWwCFCT/AAAWeAAPLwAPawKOBLIGHQmIC/MNXhDKEjUVoBcLGnYc4h5NIbgjQEBAQEBAQEBA QEBAQEBAAAgAVYFdAwBjEgAkAP5PAQBSASQAAmxpAA0AFQAFAxHQAhOY/hZ4AAAFAF0EAGIBABoA /k+iAGEBGgAKQVNOLjEgV29yZAADAGEABAAAAAAABzAAAAUA/////wAA/////wYABCH//wEAACH/ /wIABCH//wMAACH//wQABCH//wUAACD//wYAAAAAAEYHAAAhEwAAuxwAAB4nAABfLQAABzAAAAAA PQAAAAEACQEAAAIArgAAAAMApwAAAAQABQAAAAUAAAAAAAAAAADQJQAAHicAAC4oAAC8KAAAQykA AJcrAAAHMAAAmgAUAJoAFACaABMAmgATAJoAEwCaABQABgAAAAADAABpIAAAMzAAAAczAAAaABsA HAAAAwAAfhkAAGQtAAD5MAAA2jEAAAczAAAdAB4AHwAgACEAIgANU3VlIEEuIE1pa2xvcxFDOlxY NTAwXE1BVENILkRPQ/9ASFAgTGFzZXJKZXQgNVNpLzVTaSBNWABMUFQyOgBIUDVTSQBIUCBMYXNl ckpldCA1U2kvNVNpIE1YAAAAAAAAAAAAAAoDNwJEAJABA/cAAAEAAQDAGMASZAABAAcAWAIBAAEA WAICAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANwIBAAAACAAAAAEAA1BYAlgCBgACAAAAAQAAEFdJ TldPUkQAAAAAAAEAAAAAgAEAAQABAAAAAAAAAAAAAAAAAAABQ291cmllciBOZXcAAAAAAAAAAAAA AAAAAAAAAAAAAACwBJABAAADACAABwAAACgAAAAIAAEAAgABAAYAAwABAFgCAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdwlMUFQyAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEhQNVNJ AAAAAABIUCBMYXNlckpldCA1U2kvNVNpIE1YAAAAAAAAAAAAAAoDNwJEAJABA/cAAAEAAQDAGMAS ZAABAAcAWAIBAAEAWAICAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANwIBAAAACAAAAAEAA1BYAlgC BgACAAAAAQAAEFdJTldPUkQAAAAAAAEAAAAAgAEAAQABAAAAAAAAAAAAAAAAAAABQ291cmllciBO ZXcAAAAAAAAAAAAAAAAAAAAAAAAAAACwBJABAAADACAABwAAACgAAAAIAAEAAgABAAYAAwABAFgC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdwlMUFQyAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAEhQNVNJAAAAAAABgAEABjAAAAYwAAAJAACAAIAGMAAABQAAAFwvAABlABUWkAEAAFRp bWVzIE5ldyBSb21hbgAMFpABAgBTeW1ib2wACyaQAQAAQXJpYWwAFiKQAQAKSGVsdmV0aWNhAEFy aWFsAPIcEpABAAZUaW1lcwBUaW1lcyBOZXcgUm9tYW4AACIABAABCIgYAADQAgAAaAEAAAAAUPMV puErG2YAAAAABAAbAAAAAAAAAAAAAAAAAAAAAAAEAIMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AABZAkEAAAATMTIuNwlNYXRjaGluZyBydWxlcwAAAA1TdWUgQS4gTWlrbG9zDVN1ZSBBLiBNaWts b3MAAAAAAAAAAAAA0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAOwADAP7/CQAGAAAAAAAAAAAAAAAB AAAAAQAAAAAAAAAAEAAAAgAAAAEAAAD+////AAAAAAAAAAD///////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////8= ------ =_NextPart_000_01BDE7B3.26345CD0-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21795 for ietf-pkix-bks; Thu, 24 Sep 1998 07:59:51 -0700 (PDT) Received: from always.got.net (root@you.got.net [207.111.232.11]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21791 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:59:50 -0700 (PDT) Received: from got.net (SantaCruz-x2-3-133.got.net [209.66.100.133]) by always.got.net (8.8.8/8.8.7/Debian/GNU) with ESMTP id IAA22427; Thu, 24 Sep 1998 08:05:37 -0700 Message-ID: <360A5FAF.9012BC3D@got.net> Date: Thu, 24 Sep 1998 08:05:20 -0700 From: Michael McNeil <memcneil@got.net> Organization: GMT X-Mailer: Mozilla 4.04 [en] (WinNT; U) MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Stephen Kent <kent@bbn.com>, Warwick Ford <wford@verisign.com>, ietf-pkix@imc.org, Jeffrey Schiller <jis@mit.edu> Subject: Re: meeting minutes References: <v04011701b22c2cbc4e8e@[128.33.238.151]> <3609BEDD.B8F71C12@got.net> <360A8F3E.B7DA84C5@bull.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis Pinkas wrote: >Michael, >As you say it, the minutes from the meeting are correct. >>Stephen Kent wrote: >>[snip] >>>NEW TOPICS: >>>- Timestamp & Notary proposals (Carlisle Adams) >>> >>>Several folks continuing work on these topics and have published >>>an independent draft on these topics. The authors received a fair >>>amount of private feedback, and hope to be able to bring forward a >>>well-formed proposal. Jeff Schiller gave his permission to bring >>>this into the WG, based on the WG having made substantial progress >>>on the other work items. Thus we will expand the charter to >>>encompass these topics. >>This is what occurred during the PKIX sessions at the 42nd IETF >>meeting with regards to timestamping; however the above is not >>the whole story. >> >>Between sessions at the IETF meeting I talked with various people >>about the new Internet-Draft (authored by Dave Mills, Todd Glassey, >>and me) which extends the NTP protocol towards serving as a vehicle >>for PKI certified and secured time ("ephemeral" time; "what time is >>it *now*?" time), as well as also providing for *timestamps* of >>data -- within the same protocol, essentially as gravy (a different >>usage, I admit). >From your short description, people might think that the two drafts >are equivalent. Yes, thank you for pointing that out. The two sets of drafts are quite distinct, of course, as we're well aware. I thought insufficiently of the readers' perspective in wording the description unfortunately. >Let me highlight some of the main differences: >Let us call: > >"draft 1", the draft: >ftp://ietf.org/internet-drafts/draft-adams-time-stamp-02.txt Et al. >and "draft 2", the draft: >ftp://ietf.org/internet-drafts/draft-mills-ntp-auth-coexist-01.txt > >Draft 1 is all in ASN1, as the rest of the other messages supported >by PKIX, e.g. CMP. So it is in the spirit of the other documents. On >the contrary, Draft 2 is supporting 32 bits words and is much more >compact (unless that advantage will be lost by many extensions !) We think not, but good point. >The time formats are different between draft 1 and 2. Draft 1 is >using the same time format as the rest of the PKIX documents, while >draft 2 is using a 32 bits time representation. NTP actually uses 64 bits of time, with 32 bits of fractional second information. The 32-bit seconds count will roll over in 2038; I have suggested (Dave Mills and I disagree as to the desirability of this) that 8-bit extensions to the time fields be added in an extension field. >Draft 1 supports the time stamping of an imprint and as a side >effect, may provide a trusted time when using the optional nonces. The question is what would be the quality of the time (ephemeral time) passed using that protocol. A heavyweight protocol almost by definition takes more time to convey than a lightweight one -- and it's the quality of the time itself that we're interested in here (ignoring timestamps for the moment). A longer time to pass the time futzes the precision of the time. Moreover, draft 1 lacks the fractional seconds information NTP maintains, lacks the extra fields NTP possesses which allow it to communicate the accuracy of the time and the last time that the server's time was updated from a reliable source. These last deficiencies can be fixed, of course, in the draft 1 proposal (though perhaps not the "heavyweight" issue); any deficiencies in the draft 2 protocol noted below can also be repaired (except perhaps the "lightweight" issue). ;-) >Draft 2 is unclear about time stamping, in particular the indication >of the hash function used for the imprint and its protection. It >allows various extension fields and so the minimum format to be >supported is left undefined. Draft 2 is a work in progress (this last is the second version), and admittedly is less finished in this regard than draft 1. We expect to have another Internet-Draft ready for publication, with details of the important extensions fields fleshed out, by the 43rd IETF in December. >It is also unclear about the replay protection when only the time >is returned (unless that information is present is some other >documents ?). NTP has inherent replay resistance in that if your time is already reasonably good, replay attacks are instantly visible as being old. Moreover, NTP normally (despite conveying an absolute time) only steers the time -- it doesn't reset a machine to a radically different time, appearing out of the blue within an NTP packet. Even so, additional authentication is desirable to present spurious NTP attacks; that is the point of the "draft 2" Internet-Draft. A more fundamental protection against replay attacks, from a cryptographic point of view, is to require that the client as a sanity check do a unicast probe of the server every now and then, rather than depending on broadcast packets, including random bits of its own in its request -- which then get echoed back in the signed NTP reply from the server. Detecting its bits in the reply, the client knows it's in response to its own most recent request. >>I spoke with Jeff Schiller about this. After he'd had a chance >>to look over the Internet-Draft (i.e., >><draft-mills-ntp-auth-coexist-01.txt>), we spoke again, very near >>the end of the IETF meeting. Jeff at that time suggested that >>since it was now apparent to him that the issue of PKI and time >>goes well beyond the question of timestamps to the issue of how >>secure *time itself* can be conveyed over an insecure network, he >>thought that perhaps the PKIX working group was not equipped to >>properly address this expanded issue -- or at least Jeff thought >>the IESG ought to be consulted first on the question before the >>issue of PKIX handling it or a separate "time" working group >>being set up is laid to rest. >From what is above, "draft 2" would not be usable in a PKIX >environment, where the compactness of the messages is not the >issue, since the Time Stamp will be used mostly either in a >store and forward environment or in a local environment. > >However, there may be some good reasons to have a 32 bits >oriented and more compact protocol for acquiring a secure time >for other environments and therefore it can make sense to have >two protocols. I agree. >>Thus the issue stands as far as I know. I've addressed two e-mails >>to Jeff since the IETF meeting (on 8 and 21 September) but so far >>have not received a reply (I assume it takes time to poll the IESG >>membership). I have no particular stake in which way the decision >>goes (except I think *some* working group needs to address time >>*and* timestamping), >I am not sure that a *single* working group needs to address both >time and timestamping. Good point. >As a good example, we have already have the PKIX and the SPKI >working groups: PKIX is using ASN.1, while SPKI does not. >A similar parallelism ! :-) A parallelism I hope doesn't draw a rain of stones and bricks! ;-) >>but wished to alert you that despite the outcome of the PKIX sessions, >>the question of whether PKIX handles it appears not quite settled. Thank you for your comments, Denis! Regards, Michael McNeil GMT memcneil@got.net 1-831-438-7811 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21579 for ietf-pkix-bks; Thu, 24 Sep 1998 07:25:27 -0700 (PDT) Received: from bilbo.thawte.com (bilbo.thawte.com [196.25.207.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21575 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:25:14 -0700 (PDT) Received: from thawte.com (really [196.25.207.2]) by thawte.com via in.smtpd with esmtp id <m0zMCQA-0004eAC@bilbo.thawte.com> (Debian Smail3.2.0.101) for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 16:31:02 +0200 (SAST) Message-ID: <360A56AA.93669667@thawte.com> Date: Thu, 24 Sep 1998 16:26:50 +0200 From: Mark Shuttleworth <marks@thawte.com> Reply-To: marks@thawte.com Organization: Thawte Consulting X-Mailer: Mozilla 4.5b2 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: NEW Data type for certificate selection ? Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms78C9DE34404C8A045EF33A31" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms78C9DE34404C8A045EF33A31 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hiya I'd love to see a general solution to this problem. For example, this might enable servers to run multiple SSL servers on one IP/port address, instead of requiring an IP per secure domain. It might also work well with our Strong Extranet, because the server could say "I need a client cert from one of these CA's, and it must have an identity in this sxnet zone". -- Mark Shuttleworth Thawte --------------ms78C9DE34404C8A045EF33A31 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIH8AYJKoZIhvcNAQcCoIIH4TCCB90CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BhMwggLSMIICO6ADAgECAgItQzANBgkqhkiG9w0BAQQFADCBuTELMAkGA1UEBhMCWkExFTAT BgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxGjAYBgNVBAoTEVRo YXd0ZSBDb25zdWx0aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYgUlNBIElLIDE5OTguOS4xNiAx Nzo1NTE2MDQGA1UEAxMtVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIFJTQSBJc3N1ZXIgMTk5 OC45LjE2MB4XDTk4MDkxNjE4MzQ1NFoXDTk5MDkxNjE4MzQ1NFowczEVMBMGA1UEBBMMU2h1 dHRsZXdvcnRoMRUwEwYDVQQqEwxNYXJrIFJpY2hhcmQxIjAgBgNVBAMTGU1hcmsgUmljaGFy ZCBTaHV0dGxld29ydGgxHzAdBgkqhkiG9w0BCQEWEG1hcmtzQHRoYXd0ZS5jb20wXDANBgkq hkiG9w0BAQEFAANLADBIAkEAw8CXH/zhGBuu9boNBAXbPp+77G8rFuuuzboLsKl5DkqfgmXf /JOadF3bwNG1QetRQKuEQek4jTNQPqjxdiQo/QIDAQABo3IwcDARBglghkgBhvhCAQEEBAMC BaAwDgYDVR0PAQH/BAQDAgWgMBwGBStlAQQBBBMwEQIBADAMMAoCAQEEBW1hcmtzMAwGA1Ud EwEB/wQCMAAwHwYDVR0jBBgwFoAU/j5gnGuMD7DYM8bKxh5YsHE4teAwDQYJKoZIhvcNAQEE BQADgYEATUOQ3uxrewGzaUVHZZgsul+T2PrBsQMe/Tw2CZO7jjj0EM4ajBLo334y5xJNBtjo n9SoxhnEhfKo5GQsXgy+Ugb0FxFlrP3d1gMNHzDmg80gxw5JCPuzgN6IQGBXewnxdb2W2tse Gbo5uJjquMwIggkVMd8Hz2O8uQvIBm1LdZowggM5MIICoqADAgECAgEKMA0GCSqGSIb3DQEB BAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlD YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZp Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJl ZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20w HhcNOTgwOTE2MTc1NTM0WhcNMDAwOTE1MTc1NTM0WjCBuTELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxGjAYBgNVBAoTEVRoYXd0 ZSBDb25zdWx0aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYgUlNBIElLIDE5OTguOS4xNiAxNzo1 NTE2MDQGA1UEAxMtVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIFJTQSBJc3N1ZXIgMTk5OC45 LjE2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpeXU1NBfCALuByF9JL+ra44e6yAH AhWEa4/QkyQfG53uaLK5LE/pk2cXEBceoflDQSO5MKp2l7vz5/2BwLUxi/amUCZU8pUo6xmk HpcesOK4m8EEmjLQPAlsT+Q1T/B2vwATA09FCGDz/LTQkAGKEsmcun9S6iqTNTY8POQ1LwID AQABozcwNTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFHJJwnM0xlX0C3ZygX53 9IfnxrIOMA0GCSqGSIb3DQEBBAUAA4GBACzHgh8BQz4Hj+5pXKlkgvjAlq2TK8ubUNdAmoHC uqZ2nTyVQNxVweFVgnmrCimm1QzhVyg+j/m71d8Nk1iqWy2LjzPk3VgVNXZyFSm9QvRakgt3 X50n25otThuCBo7SjVa7ld7bDGUF3pWeAt1TF76+/GvDGiJ6FCthvcKfXnpaMYIBpTCCAaEC AQEwgcAwgbkxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcT C0R1cmJhbnZpbGxlMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEpMCcGA1UECxMgVGhh d3RlIFBGIFJTQSBJSyAxOTk4LjkuMTYgMTc6NTUxNjA0BgNVBAMTLVRoYXd0ZSBQZXJzb25h bCBGcmVlbWFpbCBSU0EgSXNzdWVyIDE5OTguOS4xNgICLUMwCQYFKw4DAhoFAKB9MBgGCSqG SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTk4MDkyNDE0MjY1MFowHgYJ KoZIhvcNAQkPMREwDzANBggqhkiG9w0DAgIBKDAjBgkqhkiG9w0BCQQxFgQUdte0yJez9q3I TJRb4V+uB9bopawwDQYJKoZIhvcNAQEBBQAEQDhgTnn8/oGeVEanel2njqWPQsFdd4BaZzO6 6aRt8q/LvBwyO+baEiC25qSgyfF6iOA8AV4l7WDZu5Y/2B6r6Eg= --------------ms78C9DE34404C8A045EF33A31-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21513 for ietf-pkix-bks; Thu, 24 Sep 1998 07:21:25 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21509 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:21:24 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02163; Thu, 24 Sep 1998 10:27:24 -0400 (EDT) Message-Id: <199809241427.KAA02163@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt Date: Thu, 24 Sep 1998 10:27:24 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure LDAPv2 Schema Author(s) : S. Boeyen, T. Howes, P. Richard Filename : draft-ietf-pkix-ldapv2-schema-02.txt Pages : 7 Date : 23-Sep-98 The schema defined in this document is a minimal schema to support PKIX in an LDAPv2 environment, as defined in draft-ietf-pkix- ipki2opp-07.txt. Only PKIX-specific components are specified here. LDAP servers, acting as PKIX repositories should support the auxi- liary object classes defined in this specification and integrate this schema specification with the generic and other application- specific schemas as appropriate, depending on the services to be supplied by that server. The key words 'MUST', 'SHALL', 'REQUIRED', 'SHOULD', 'RECOMMENDED', and 'MAY' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@imc.org mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ldapv2-schema-02.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923172008.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ldapv2-schema-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923172008.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21495 for ietf-pkix-bks; Thu, 24 Sep 1998 07:20:40 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21491 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:20:39 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02093; Thu, 24 Sep 1998 10:26:39 -0400 (EDT) Message-Id: <199809241426.KAA02093@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-dcs-00.txt Date: Thu, 24 Sep 1998 10:26:39 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Data Certification Server Protocols Author(s) : C. Adams, R. Zuccherato Filename : draft-ietf-pkix-dcs-00.txt Pages : 14 Date : 23-Sep-98 This document describes a general data certification service and the protocols to be used when communicating with it. The Data Certification Server is a Trusted Third Party (TTP) that can be used as one component in building reliable non-repudiation services (see [ISONR]). Useful Data Certification Server responsibilities in a PKI are to validate signatures and to provide up-to-date information regarding the status of public key certificates. We give examples of how to use the Data Certification Server to extend the lifetime of a signature beyond key expiry or revocation and to query the Data Certification Server regarding the status of a public key certificate. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in RFC 2119 [RFC2119]. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-dcs-00.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dcs-00.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-dcs-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923134838.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-dcs-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-dcs-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923134838.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21490 for ietf-pkix-bks; Thu, 24 Sep 1998 07:20:35 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21486 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:20:34 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02081; Thu, 24 Sep 1998 10:26:34 -0400 (EDT) Message-Id: <199809241426.KAA02081@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-time-stamp-00.txt Date: Thu, 24 Sep 1998 10:26:34 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Time Stamp Protocols Author(s) : C. Adams, P. Cain, B. Pinkas, R. Zuccherato Filename : draft-ietf-pkix-time-stamp-00.txt Pages : 15 Date : 23-Sep-98 This document describes the format of the data returned by a Time Stamp Authority and the protocols to be used when communicating with it. The time stamping service can be used as a Trusted Third Party (TTP) as one component in building reliable non-repudiation services (see [ISONR]). In order to reduce the amount of trust required of a TSA we introduce (in Appendix C) the optional Temporal Data Authority (TDA) whose function is to provide further corroborating evidence of the time contained in the token. We also give an example of how to place a signature at a particular point in time, from which the appropriate certificate status information (e.g. CRLs) may be checked. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-time-stamp-00.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-time-stamp-00.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-time-stamp-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923134327.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-time-stamp-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-time-stamp-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923134327.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21482 for ietf-pkix-bks; Thu, 24 Sep 1998 07:20:10 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21477 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:20:08 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02063; Thu, 24 Sep 1998 10:26:09 -0400 (EDT) Message-Id: <199809241426.KAA02063@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki-part1-11.txt Date: Thu, 24 Sep 1998 10:26:08 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart Note: This revision reflects comments received during the last call period. A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Certificate and CRL Profile Author(s) : R. Housley, W. Ford, T. Polk, D. Solo Filename : draft-ietf-pkix-ipki-part1-11.txt Pages : 128 Date : 23-Sep-98 This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use in the Internet. An overview of the approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms (e.g., IP addresses). Standard certificate extensions are described, and a set of required extensions is defined. The X.509 v2 CRL format is described and a required extension set is defined as well. An algorithm for X.509 certificate path validation is described. Supplemental information is provided describing the format of public keys and digital signatures in X.509 certificates for common Internet public key encryption algorithms (i.e., RSA, DSA, and Diffie-Hellman). ASN.1 modules and examples are provided in the appendices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@imc.org mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki-part1-11.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ipki-part1-11.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki-part1-11.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923132903.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki-part1-11.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki-part1-11.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923132903.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21425 for ietf-pkix-bks; Thu, 24 Sep 1998 07:06:55 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21421 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:06:54 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id HAA09631; Thu, 24 Sep 1998 07:12:51 -0700 (PDT) Message-Id: <199809241412.HAA09631@spyrus.com> X-Sender: rhousley@mail.spyrus.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.52 (Beta) Date: Thu, 24 Sep 1998 09:56:50 -0400 To: "Todd S. Glassey" <TSGman@earthlink.net> From: Russ Housley <housley@spyrus.com> Subject: Re: Amending the PKIX-WG Charter to reflect the addition of timestamping Cc: ietf-pkix@imc.org In-Reply-To: <001c01bde698$615e7640$200ba8c0@tsg-laptop> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk It looks okay to me..... At 07:17 PM 9/22/98 -0700, you wrote: >Hi All, back in February we were working to amend the PKI WG's charter to >encompass timestamping and the certified timer resources that enable these >facilities. Now that Jeff Schiller has OK'd PKIX's having its own >timestamping/timebase facility we need to finish the charter update process. >here then is a proposed charter for your review and comments. > >Thanks, > >----- > >Todd Glassey > >Stephen Kent's report of the meeting minutes - excerpt below - > >- Timestamp & Notary proposals (Carlisle Adams) > >Several folks continuing work on these topics and have published an >independent draft on >these topics. The authors received a fair amount of private feedback, and >hope to be able to >bring forward a well-formed proposal. Jeff Schiller gave his permission to >bring this into >the WG, based on the WG having made substantial progress on the other work >items. Thus >we will expand the charter to encompass these topics. > > >----- BEGINNING OF CHARTER TEXT ---- > >Public-Key Infrastructure (X.509) (PKIX) >-------------------------------------------------- > > Charter > Last Modified: September 18, 1998 > > Current Status: Active Working Group > >Chair(s): >Stephen Kent <kent@bbn.com> >Warwick Ford <wford@verisign.com> > >Security Area Director(s): >Jeffrey Schiller <jis@mit.edu> >Marcus Leech <mleech@nortel.ca> > >Security Area Advisor: >Jeffrey Schiller <jis@mit.edu> > >Mailing Lists: >General Discussion:ietf-pkix@imc.org >To Subscribe: ietf-pkix-request@imc.org >In Body: subscribe (In Body) >Archive: http://www.imc.org/ietf-pkix > >Description of Working Group: >Many Internet protocols and applications which use the Internet employ >public-key technology for security purposes and require a public-key >infrastructure (PKI) to securely manage public keys for widely-distributed >users or systems. The X.509 standard constitutes a widely-accepted basis >for such >an infrastructure, defining data formats and procedures related to >distribution >of public keys via certificates digitally signed by certification >authorities >(CAs). > >For example, RFC 1422 specified the basis of an X.509-based PKI, targeted >primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). >Since RFC 1422 was issued, application requirements for an Internet PKI have >broadened tremendously, and the capabilities of X.509 have advanced with the >development of standards defining the X.509 version 3 certificate and >version 2 certificate revocation list (CRL). > >Charter of the Working Group: >The charter of the working group will be to develop Internet standards >needed to support the use of an X.509-based PKI. The goal of this Working >Group (WG) >will be to further facilitate the use of X.509 certificates in applications >that >make use of the Internet and to promote interoperability between different >implementations choosing to make use of X.509 certificates. > >The resulting PKI is intended to provide a framework, which will support a >range of trust/hierarchy environments and a range of usage environments >(RFC1422 >is an example of one such model). > >Candidate applications to be served by this PKI include, but are not limited >to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), IPSEC protocols, Internet >payment protocols, time based authentication, timestamping, and www >protocols. > >This project will not preclude use of non-infrastructure public-key >distribution techniques nor of non-X.509 PKIs by such applications. Efforts >will be made to coordinate with the IETF White Pages (X.500/WHOIS++) >project. > >The group will focus on tailoring and profiling the features available in >the v3 X.509 certificate to best match the requirements and characteristics >of the >Internet environment. > >Other topics to be addressed potentially include: > > * Alternatives for CA-to-CA certification links and structures, >including > guidelines for constraints > > * Revocation alternatives, including profiling of X.509 v2 CRL >extensions > * Certificate and CRL distribution options (X.500-based, >non-X.500-based) > * Guidelines for policy definition and registration > * Administrative protocols and procedures, including certificate > generation, revocation notification, cross-certification, and >key-pair > updating > * Naming and name forms (how entities are identified, e.g., email > address, URN, DN, misc.) > * Generation of client key pairs by the PKI > * Services that support non-repudiation. This can include sources of > credible time data and/or certificate path validation services. > >----- END OF CHARTER TEXT ---- > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20975 for ietf-pkix-bks; Thu, 24 Sep 1998 05:50:11 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA20971 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 05:50:10 -0700 (PDT) Received: id IAA22113; Thu, 24 Sep 1998 08:54:41 -0400 Received: by gateway id <S2S6ZMGZ>; Thu, 24 Sep 1998 08:51:16 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500206DD59@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: CryptoNEWS@aol.com, "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org Subject: RE: X.509 Documentation Date: Thu, 24 Sep 1998 08:51:15 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA20972 Sender: owner-ietf-pkix@imc.org Precedence: bulk On the server that Denis pointed to, you'll find the final text of the 1997 edition of X.509 (as submitted to the ITU and ISO for publication) at: ftp://ftp.bull.com/pub/OSIdirectory/ITU/97x509final.doc (the primary reason this is not yet available for purchase from either ITU or ISO is that they will not publish or sell it until all the other parts of the 1997 X.500 Series are also ready (soon we're told by the editor). As for current work underway in X.509, there is a Working Document which is currently being revised to reflect the outcome of the September meeting. The previous version of that document is available at: ftp://ftp.bull.com/pub/OSIdirectory/Phoenix98Output/CertificateExtensionsWD. doc When the revisions are complete (within 2 months) the new version will likely be found in: ftp://ftp.bull.com/pub/OSIdirectory/Beijing98/Vancouver98/ These two documents provide a complete picture of the X.509 activity except of course for defect reports. These are recorded together with the defects on the other parts of the X.500 Series at the bull.com site, but at present it is somewhat out of date (should be updated within 2 months as well). Hope this helps. Sharon > ---------- > From: Denis Pinkas[SMTP:Denis.Pinkas@bull.net] > Sent: September 24, 1998 2:59 PM > To: CryptoNEWS@aol.com > Cc: ietf-pkix@imc.org > Subject: Re: X.509 Documentation > > CryptoNEWS@aol.com a écrit: > > > Ladies and Gentlemen, > > > > Some body posted an address of a site where a document for X.509 can be > > obtained. > > Can that kind person post the information again? > > Take a look at :ftp://ftp.bull.com/pub/OSIdirectory/ > > Denis > > > Thanks, > > > > CryptoNEWS > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20857 for ietf-pkix-bks; Thu, 24 Sep 1998 05:38:06 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA20853 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 05:38:04 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by maild.telia.com (8.8.8/8.8.8) with ESMTP id OAA03085; Thu, 24 Sep 1998 14:44:08 +0200 (CEST) Received: from stefans (t4o68p1.telia.com [62.20.139.121]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id OAA25911; Thu, 24 Sep 1998 14:44:02 +0200 (CEST) Message-Id: <3.0.32.19980924144039.00a6ccf0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 24 Sep 1998 14:41:23 +0200 To: ietf-pkix@imc.org, list@seis.nc-forum.com, ietf-tls@consensus.com, cert-talk@structuredarts.com From: Stefan Santesson <stefan@accurata.se> Subject: NEW Data type for certificate selection ? Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA20854 Sender: owner-ietf-pkix@imc.org Precedence: bulk All, During the TLS session in Chicago (IETF meeting) I discussed with Jeff Weinstein, Netscape, the problem of certificate selection in an environment where the client is populated with many similar certificates for different purposes. We concluded that this is a general problem, not only for TLS, but for S/MIME, Java, Java script, etc, where signing and encryption based on an X.509 PKI is an option. I also conclude that the current TLS approach, using Issuer name as selection criteria, is hopelessly insufficient for the general case. In fact we can NEVER claim that we have an X.509 based architecture ready for the big market IF WE DON'T SOLVE THIS PROBLEM. A normal user (I.e grandmother) will never be able to pick the right certificate by herself, if there is more than 1 to pick. The question raised here is: WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. If we could create a standardized ASN.1 data type with the purpose of defining the criteria for selecting 1 out of n certificates, then this could be used as a common base for enhancing TLS, Java, Java script, S/MIME etc. The data type could be communicated from server to client, client to server, server to server, client to client; I.e in any case where one party which to assist another party in selecting an appropriate certificate for any purpose (defined by the context). Do anyone have a better idea. I think this is a lost problem that has to be fixed, hopefully in a standardized way. Comments, suggestions. /Stefan Santesson ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA20658 for ietf-pkix-bks; Thu, 24 Sep 1998 04:54:03 -0700 (PDT) Received: from mail.student.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA20654 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 04:54:02 -0700 (PDT) Received: from cs26.cs.auckland.ac.nz (pgut001@cs26.cs.auckland.ac.nz [130.216.36.9]) by mail.student.auckland.ac.nz (8.8.6/8.8.6/cs-master) with SMTP id XAA13067; Thu, 24 Sep 1998 23:59:34 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: by cs26.cs.auckland.ac.nz (relaymail v0.9) id <90663837419831>; Thu, 24 Sep 1998 23:59:34 (NZST) From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: Petra.Gloeckner@darmstadt.gmd.de, ietf-pkix@imc.org Subject: Re: basic constraint extension Reply-To: pgut001@cs.auckland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz Date: Thu, 24 Sep 1998 23:59:34 (NZST) Message-ID: <90663837419831@cs26.cs.auckland.ac.nz> Sender: owner-ietf-pkix@imc.org Precedence: bulk >the draft-ietf-pkix-ipki-part1-10 says the basic constraint extension MUST >appear as a critical extension in all CA certificates but it SHOULD NOT >appear in end entity certificates. > >Why should the basic constraint extension not appear in end entity >certificates? Looking back through the different versions, this has been in there since at least -08, although not worded quite as strongly as this. It seems like a Bad Thing, since this clashes with the (US) federal profile and Australian profile and... well I'm not going to enumerate them all, but unless there's some really good reason for it I don't see why it should be absent, especially since the generally accepted way (other profiles notwithstanding) seems to be to encode it as an empty sequence in end-user certs. Peter. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA18001 for ietf-pkix-bks; Thu, 24 Sep 1998 02:51:43 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA17997 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 02:51:41 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id LAA09608; Thu, 24 Sep 1998 11:59:00 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id LAA15648; Thu, 24 Sep 1998 11:59:08 +0200 (DFT) Message-ID: <360A968C.FD285E0E@bull.net> Date: Thu, 24 Sep 1998 11:59:24 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: CryptoNEWS@aol.com CC: ietf-pkix@imc.org Subject: Re: X.509 Documentation References: <4932bdcf.360a0cc8@aol.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk CryptoNEWS@aol.com a écrit: > Ladies and Gentlemen, > > Some body posted an address of a site where a document for X.509 can be > obtained. > Can that kind person post the information again? Take a look at :ftp://ftp.bull.com/pub/OSIdirectory/ Denis > Thanks, > > CryptoNEWS Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA17852 for ietf-pkix-bks; Thu, 24 Sep 1998 02:21:50 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA17848 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 02:21:47 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id LAA12895; Thu, 24 Sep 1998 11:28:09 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id LAA16688; Thu, 24 Sep 1998 11:27:58 +0200 (DFT) Message-ID: <360A8F3E.B7DA84C5@bull.net> Date: Thu, 24 Sep 1998 11:28:15 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Michael McNeil <memcneil@got.net> CC: Stephen Kent <kent@bbn.com>, Warwick Ford <wford@verisign.com>, ietf-pkix@imc.org, Jeffrey Schiller <jis@mit.edu> Subject: Re: meeting minutes References: <v04011701b22c2cbc4e8e@[128.33.238.151]> <3609BEDD.B8F71C12@got.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Michael, As you say it, the minutes from the meeting are correct. > Stephen Kent wrote: > [snip] > >NEW TOPICS: > >- Timestamp & Notary proposals (Carlisle Adams) > > > >Several folks continuing work on these topics and have published > >an independent draft on these topics. The authors received a fair > >amount of private feedback, and hope to be able to bring forward a > >well-formed proposal. Jeff Schiller gave his permission to bring > >this into the WG, based on the WG having made substantial progress > >on the other work items. Thus we will expand the charter to > >encompass these topics. > > This is what occurred during the PKIX sessions at the 42nd IETF meeting > with regards to timestamping; however the above is not the whole story. > > Between sessions at the IETF meeting I talked with various people about > the new Internet-Draft (authored by Dave Mills, Todd Glassey, and me) > which extends the NTP protocol towards serving as a vehicle for PKI > certified and secured time ("ephemeral" time; "what time is it *now*?" > time), as well as also providing for *timestamps* of data -- within the > same protocol, essentially as gravy (a different usage, I admit). >From your short description, people might think that the two drafts are equivalent. Let me highlight some of the main differences: Let us call: "draft 1", the draft: ftp://ietf.org/internet-drafts/draft-adams-time-stamp-02.txt and "draft 2", the draft: ftp://ietf.org/internet-drafts/draft-mills-ntp-auth-coexist-01.txt Draft 1 is all in ASN1, as the rest of the other messages supported by PKIX, e.g. CMP. So it is in the spirit of the other documents. On the contrary, Draft 2 is supporting 32 bits words and is much more compact (unless that advantage will be lost by many extensions !) The time formats are different between draft 1 and 2. Draft 1 is using the same time format as the rest of the PKIX documents, while draft 2 is using a 32 bits time representation. Draft 1 supports the time stamping of an imprint and as a side effect, may provide a trusted time when using the optional nonces. Draft 2 is unclear about time stamping, in particular the indication of the hash function used for the imprint and its protection. It allows various extension fields and so the minimum format to be supported is left undefined. It is also unclear about the replay protection when only the time is returned (unless that information is present is some other documents ?). > I spoke with Jeff Schiller about this. After he'd had a chance to look > over the Internet-Draft (i.e., <draft-mills-ntp-auth-coexist-01.txt>), > we spoke again, very near the end of the IETF meeting. Jeff at that > time suggested that since it was now apparent to him that the issue of > PKI and time goes well beyond the question of timestamps to the issue of > how secure *time itself* can be conveyed over an insecure network, he > thought that perhaps the PKIX working group was not equipped to properly > address this expanded issue -- or at least Jeff thought the IESG ought > to be consulted first on the question before the issue of PKIX handling > it or a separate "time" working group being set up is laid to rest. >From what is above, "draft 2" would not be usable in a PKIX environment, where the compactness of the messages is not the issue, since the Time Stamp will be used mostly either in a store and forward environment or in a local environment. However, there may be some good reasons to have a 32 bits oriented and more compact protocol for acquiring a secure time for other environments and therefore it can make sense to have two protocols. > Thus the issue stands as far as I know. I've addressed two e-mails to > Jeff since the IETF meeting (on 8 and 21 September) but so far have not > received a reply (I assume it takes time to poll the IESG membership). > I have no particular stake in which way the decision goes (except I > think *some* working group needs to address time *and* timestamping), I am not sure that a *single* working group needs to address both time and timestamping. As a good example, we have already have the PKIX and the SPKI working groups: PKIX is using ASN.1, while SPKI does not. A similar parallelism ! :-) Regards, Denis > but wished to alert you that despite the outcome of the PKIX sessions, > the question of whether PKIX handles it appears not quite settled. > > Regards, > Michael McNeil > GMT > memcneil@got.net > 1-831-438-7811 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA17767 for ietf-pkix-bks; Thu, 24 Sep 1998 02:05:52 -0700 (PDT) Received: from imo26.mx.aol.com (imo26.mx.aol.com [198.81.17.70]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA17763 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 02:05:50 -0700 (PDT) From: CryptoNEWS@aol.com Received: from CryptoNEWS@aol.com by imo26.mx.aol.com (IMOv16.10) id 7HBDa02301 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 05:11:36 -0400 (EDT) Message-ID: <4932bdcf.360a0cc8@aol.com> Date: Thu, 24 Sep 1998 05:11:36 EDT To: ietf-pkix@imc.org Mime-Version: 1.0 Subject: X.509 Documentation Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 224 Sender: owner-ietf-pkix@imc.org Precedence: bulk Ladies and Gentlemen, Some body posted an address of a site where a document for X.509 can be obtained. Can that kind person post the information again? Thanks, CryptoNEWS Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA29806 for ietf-pkix-bks; Wed, 23 Sep 1998 20:33:18 -0700 (PDT) Received: from always.got.net (root@you.got.net [207.111.232.11]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA29799 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 20:33:17 -0700 (PDT) Received: from got.net (SantaCruz-x2-3-133.got.net [209.66.100.133]) by always.got.net (8.8.8/8.8.7/Debian/GNU) with ESMTP id UAA17148; Wed, 23 Sep 1998 20:39:22 -0700 Message-ID: <3609BEDD.B8F71C12@got.net> Date: Wed, 23 Sep 1998 20:39:10 -0700 From: Michael McNeil <memcneil@got.net> Organization: GMT X-Mailer: Mozilla 4.04 [en] (WinNT; U) MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com>, Warwick Ford <wford@verisign.com> CC: ietf-pkix@imc.org, Jeffrey Schiller <jis@mit.edu> Subject: Re: meeting minutes References: <v04011701b22c2cbc4e8e@[128.33.238.151]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Stephen Kent wrote: [snip] >NEW TOPICS: >- Timestamp & Notary proposals (Carlisle Adams) > >Several folks continuing work on these topics and have published >an independent draft on these topics. The authors received a fair >amount of private feedback, and hope to be able to bring forward a >well-formed proposal. Jeff Schiller gave his permission to bring >this into the WG, based on the WG having made substantial progress >on the other work items. Thus we will expand the charter to >encompass these topics. This is what occurred during the PKIX sessions at the 42nd IETF meeting with regards to timestamping; however the above is not the whole story. Between sessions at the IETF meeting I talked with various people about the new Internet-Draft (authored by Dave Mills, Todd Glassey, and me) which extends the NTP protocol towards serving as a vehicle for PKI certified and secured time ("ephemeral" time; "what time is it *now*?" time), as well as also providing for *timestamps* of data -- within the same protocol, essentially as gravy (a different usage, I admit). I spoke with Jeff Schiller about this. After he'd had a chance to look over the Internet-Draft (i.e., <draft-mills-ntp-auth-coexist-01.txt>), we spoke again, very near the end of the IETF meeting. Jeff at that time suggested that since it was now apparent to him that the issue of PKI and time goes well beyond the question of timestamps to the issue of how secure *time itself* can be conveyed over an insecure network, he thought that perhaps the PKIX working group was not equipped to properly address this expanded issue -- or at least Jeff thought the IESG ought to be consulted first on the question before the issue of PKIX handling it or a separate "time" working group being set up is laid to rest. Thus the issue stands as far as I know. I've addressed two e-mails to Jeff since the IETF meeting (on 8 and 21 September) but so far have not received a reply (I assume it takes time to poll the IESG membership). I have no particular stake in which way the decision goes (except I think *some* working group needs to address time *and* timestamping), but wished to alert you that despite the outcome of the PKIX sessions, the question of whether PKIX handles it appears not quite settled. Regards, Michael McNeil GMT memcneil@got.net 1-831-438-7811 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA24408 for ietf-pkix-bks; Wed, 23 Sep 1998 11:00:10 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA24404 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 11:00:08 -0700 (PDT) Message-Id: <199809231800.LAA24404@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Wed, 23 Sep 1998 11:05:32 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Fwd: I-D ACTION:draft-ietf-tls-ac509prof-00.txt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk I thought this might be of interest to the PKIX WG. --Paul Hoffman, Director --Internet Mail Consortium >To: IETF-Announce: ; >Cc: ietf-tls@consensus.com >From: Internet-Drafts@ietf.org >Reply-to: Internet-Drafts@ietf.org >Subject: I-D ACTION:draft-ietf-tls-ac509prof-00.txt >Date: Wed, 23 Sep 1998 10:43:01 -0400 >Sender: cclark@ns.cnri.reston.va.us > >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the Transport Layer Security Working Group of >the IETF. > > Title : An Internet AttributeCertificate Profile > for Authorization > Author(s) : S. Farrell > Filename : draft-ietf-tls-ac509prof-00.txt > Pages : 11 > Date : 22-Sep-98 > > Authorization support is required for various Internet > protocols, for example, TLS, CMS and their consumers, > and others. The X.509 AttributeCertificate provides a > structure which can form the basis for such services > [X.509]. This specification defines two profiles (a > simple one and a 'full' one) for the use of X.509 > AttributeCertificates to provide such authorization > services. > >Internet-Drafts are available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-tls-ac509prof-00.txt". >A URL for the Internet-Draft is: >ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-ac509prof-00.txt > >Internet-Drafts directories are located at: > > Africa: ftp.is.co.za > > Europe: ftp.nordu.net > ftp.nis.garr.it > > Pacific Rim: munnari.oz.au > > US East Coast: ftp.ietf.org > > US West Coast: ftp.isi.edu > >Internet-Drafts are also available by mail. > >Send a message to: mailserv@ietf.org. In the body type: > "FILE /internet-drafts/draft-ietf-tls-ac509prof-00.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >Content-Type: text/plain >Content-ID: <19980922141332.I-D@ietf.org> > >ENCODING mime >FILE /internet-drafts/draft-ietf-tls-ac509prof-00.txt > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-ac509prof-00.txt> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA22037 for ietf-pkix-bks; Wed, 23 Sep 1998 06:57:39 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA22033 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 06:57:37 -0700 (PDT) Received: id KAA28894; Wed, 23 Sep 1998 10:01:06 -0400 Received: by gateway id <S2S6Z20Q>; Wed, 23 Sep 1998 09:57:44 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC97BC@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Steve Kent'" <kent@bbn.com>, "'Warwick Ford'" <wford@verisign.com> Subject: Revised LDAPv2 specs have been submitted Date: Wed, 23 Sep 1998 09:57:43 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk A revision of the PKIX LDAPv2 protocol profile has been submitted and notice should appear shortly. The only reason for this revision is because the previous one (in the hands of the IESG pending submission of an accompanying schema spec) exires this month. No changes other than updating version number, date and the name of the ietf-pkix mail list were made. A revision of the PKIX LDAPv2 schema I-D has been submitted and notice should appear shortly. This revision addresses the comments submitted during PKIX WG last call. Sharon ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA21064 for ietf-pkix-bks; Wed, 23 Sep 1998 04:29:19 -0700 (PDT) Received: from maila.telia.com (root@maila.telia.com [194.236.189.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA21060 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 04:29:00 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by maila.telia.com (8.8.8/8.8.8) with ESMTP id NAA12330; Wed, 23 Sep 1998 13:35:13 +0200 (CEST) Received: from stefans (t4o68p71.telia.com [62.20.139.191]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id NAA26921; Wed, 23 Sep 1998 13:35:09 +0200 (CEST) Message-Id: <3.0.32.19980923133149.00a71210@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 23 Sep 1998 13:32:27 +0200 To: Al Arsenault <aarsenault@spyrus.com>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Stefan Santesson <stefan@accurata.se> Subject: Re: PKIX Roadmap Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA21061 Sender: owner-ietf-pkix@imc.org Precedence: bulk Al, I totally agree with everything you say in this last mail. /Stefan At 08:15 AM 9/22/98 -0400, Al Arsenault wrote: >At 06:25 AM 9/22/98 +0200, Stefan Santesson wrote: >>Al, >> >>Just a short reply to CA disaster (See below). >> >>Thanks for your reply, I still disagree to the disaster part. >> >>CA2 does not have to be dismanteled, since CA 2:s key is intact. >>What has to be done is that: >>- CA1 is rebuilt with new key >>- The compromise of CA1 and its new key has to be communicated with >>out-of-band means >>- CA1 cross certify CA2 (and other CA:s) using the new key >>- New cross certificates to CA1 has to be issued and published by other CA:s. >> >>Now all certificates issued by CA2 before the disaster of CA1 can be used >>and trusted. >>This since the disaster of CA1 didn't destroy CA2, just the link to CA2 >>from CA1. >> >>/Stefan > >Stefan, > > The more I think about this, the more I realize we agree. It's the words >that need figuring out. Perhaps the words in the draft roadmap are too >strong; we'll have to think about that. > > First, let me note that when CA1 and CA2 are cross-certified - that is, >have a peer relationship, with neither subordinate to the other - I agree >with you about what happens when CA1's key is compromised. > > Now, let us assume that there is a hierarchical relationship - CA2 is >subordinate to CA1. This means to me that the trust anchor used by end >entities below CA2 is not CA2 - it's CA1. When CA1's key is discovered to >be compromised, what you do is: > > 1 - communicate out of band the compromise. This means that CA2 and all >entities below it are essentially "out of action" temporarily; since CA1 is >the trust anchor, there's no way to construct a valid cert path > > 2 - reconstitute CA1 with a new key; > > 3 - get CA2's key to CA1 for certification (most likely through >out-of-band means). Yes, this can still be the same key; since CA2's key >wasn't compromised, it can still be used, and it will make things easier in >that you don't have to go re-signing end-entity certs with a new CA2 key. > >Now, you're back in action. > >If you agree that this is right, we can figure out words that say that. >The point I wanted to convey is that the entire PKI is dead in this case >until CA1 is brought up and a new CA2 cert is signed, because you can't >construct a valid path back to a valid trust anchor. > >(Of course, if trust anchor's compromised key happens to be on all >end-entity hardware tokens in a form that can't easily be changed, you've >still got a problem, but that's beyond the scope of PKIX :-) > > Al Arsenault > >- the above opinions are my own. They may or may not reflect the opinions >of my employer or of any other organization with which I have a relationship. > > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA17883 for ietf-pkix-bks; Wed, 23 Sep 1998 00:56:18 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA17879 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 00:56:16 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA15024 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 10:03:30 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id KAA17156 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 10:03:37 +0200 (DFT) Message-ID: <360929FB.C577E062@bull.net> Date: Wed, 23 Sep 1998 10:03:55 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: IETF-PXIX <ietf-pkix@imc.org> Subject: Archive cutoff & Retention period Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Archive cutoff & Retention period This item has been separated from my list of other comments since it might start a new thread. On page 12 there is section 5.4.4. named « Archive Cutoff ». In part PKIX-1 on page 12, we have the following sentence: An entry may be removed from the CRL after appearing on one regularly scheduled CRL issued beyond the revoked certificate's validity period. This means that a revoked entry has to stay at least "little bit" after the expiration date of the certificate. In practice this is a few days, but not necessarily years because the size of the information to keep would be pretty big. So we need to make a difference between a "retention period" of a few days and a possible archiving of the status information during years (see later). The "retention period" should be supported by all OCSP responders and thus should be part of the standard response. Adding a "retentionPeriod" after the "produceAt" from the ResponseData would be simpler than defining an extension. Then, let us address the « Archive Cutoff » issue. If we were to support the archiving capability, with e.g. a 7 year retention, we would need an additional time parameter in the request to point to the equivalent of the right CRL issued at that time e.g. 7 years ago. This parameter is currently not present. Unless it is added, the function cannot work. We thus have two options : add the missing parameter or delete this capability. Opinions ? Denis Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA17850 for ietf-pkix-bks; Wed, 23 Sep 1998 00:52:30 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA17846 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 00:52:25 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id JAA04146 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 09:59:15 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id JAA12434 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 09:59:22 +0200 (DFT) Message-ID: <360928FB.2D9D963E@bull.net> Date: Wed, 23 Sep 1998 09:59:40 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: IETF-PXIX <ietf-pkix@imc.org> Subject: Minor comments on OCSP-06 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Here are a few minor/editorial comments on OCSP-06. An additional comment (on "Archive cutoff") has been separated from this list of comments since it might generate a new thread. Some of them might be a duplication of comments already made. 1. On page 2, in the second paragraph of the section 3 a sentence may let think that once the OCSP server replies « good » the certificate can be accepted. The only thing that is known is « not revoked ». A better rewording would be : « An OCSP client issues a status request to an OCSP responder and obtains a revocation status of the certificate in question. » 2. On page 3, third paragraph before the bottom of the page. The term « produceAt » is used but not yet introduced. For clarity of reading a rephrasing should be made. Hereafter is a proposal : « At the minimum, this positive response indicates that the certificate is not revoked, but does not necessarily mean that the certificate was ever issued or that the current time is within the certificates validity interval ». 3. On page 3, second paragraph before the bottom of the page. « On hold » is reason code under « revoke ». In the explanations it would be nice to remember here that « on hold » is under this category. Here is a proposal: « The « revoked » state indicates that the certificate has been definitively or temporarily revoked (i.e. placed on hold). » 4. On page 4, in the fifth paragraph of the section 3.3. the response « certRequired » is of no use any more since only a CertId can be placed in the request. Therefore it should be deleted. [This comment has already be made]. 5. On page 6, the fifth item of the section 4.2. states : « The response is in its validity period ». It is unclear to understand what this means. It may be guessed that it is the time interval between the « thisUpdate » and « nextUpdate ». However in section 5.2.2.1. pages 9/10, nextUpdate is optional so this test cannot be done in general. By splitting this item into two items, a better wording would be : 6. The time at which the status being indicated is known to be correct (thisUpdate) is sufficiently recent. 7. When available, the time at or before which newer information will be available about the status of the certificate (nextUpdate)is greater than the current time. 8. On page 8, in the same way « certRequired (4) » should be deleted. [This comment has already be made] 9. On page 9, CRLReason should be expanded so that the « on hold » status can be made visible. This is pretty important since by trying again it is possible to get later on a « good » result. 10. On page 11, The section 5.4 "Extensions" should be renumbered 6 in order to have a section dealing with all the optional extensions. Denis Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA02987 for ietf-pkix-bks; Tue, 22 Sep 1998 19:13:48 -0700 (PDT) Received: from avocet.prod.itd.earthlink.net (avocet.prod.itd.earthlink.net [207.217.120.50]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA02983 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 19:13:47 -0700 (PDT) Received: from tsg-laptop (1Cust96.tnt4.sfo1.da.uu.net [208.250.191.96]) by avocet.prod.itd.earthlink.net (8.8.7/8.8.5) with SMTP id TAA10448 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 19:20:08 -0700 (PDT) From: "Todd S. Glassey" <TSGman@earthlink.net> To: "Ietf-Pkix" <ietf-pkix@imc.org> Subject: Amending the PKIX-WG Charter to reflect the addition of timestamping Date: Tue, 22 Sep 1998 19:17:57 -0700 Message-ID: <001c01bde698$615e7640$200ba8c0@tsg-laptop> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi All, back in February we were working to amend the PKI WG's charter to encompass timestamping and the certified timer resources that enable these facilities. Now that Jeff Schiller has OK'd PKIX's having its own timestamping/timebase facility we need to finish the charter update process. here then is a proposed charter for your review and comments. Thanks, ----- Todd Glassey Stephen Kent's report of the meeting minutes - excerpt below - - Timestamp & Notary proposals (Carlisle Adams) Several folks continuing work on these topics and have published an independent draft on these topics. The authors received a fair amount of private feedback, and hope to be able to bring forward a well-formed proposal. Jeff Schiller gave his permission to bring this into the WG, based on the WG having made substantial progress on the other work items. Thus we will expand the charter to encompass these topics. ----- BEGINNING OF CHARTER TEXT ---- Public-Key Infrastructure (X.509) (PKIX) -------------------------------------------------- Charter Last Modified: September 18, 1998 Current Status: Active Working Group Chair(s): Stephen Kent <kent@bbn.com> Warwick Ford <wford@verisign.com> Security Area Director(s): Jeffrey Schiller <jis@mit.edu> Marcus Leech <mleech@nortel.ca> Security Area Advisor: Jeffrey Schiller <jis@mit.edu> Mailing Lists: General Discussion:ietf-pkix@imc.org To Subscribe: ietf-pkix-request@imc.org In Body: subscribe (In Body) Archive: http://www.imc.org/ietf-pkix Description of Working Group: Many Internet protocols and applications which use the Internet employ public-key technology for security purposes and require a public-key infrastructure (PKI) to securely manage public keys for widely-distributed users or systems. The X.509 standard constitutes a widely-accepted basis for such an infrastructure, defining data formats and procedures related to distribution of public keys via certificates digitally signed by certification authorities (CAs). For example, RFC 1422 specified the basis of an X.509-based PKI, targeted primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). Since RFC 1422 was issued, application requirements for an Internet PKI have broadened tremendously, and the capabilities of X.509 have advanced with the development of standards defining the X.509 version 3 certificate and version 2 certificate revocation list (CRL). Charter of the Working Group: The charter of the working group will be to develop Internet standards needed to support the use of an X.509-based PKI. The goal of this Working Group (WG) will be to further facilitate the use of X.509 certificates in applications that make use of the Internet and to promote interoperability between different implementations choosing to make use of X.509 certificates. The resulting PKI is intended to provide a framework, which will support a range of trust/hierarchy environments and a range of usage environments (RFC1422 is an example of one such model). Candidate applications to be served by this PKI include, but are not limited to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), IPSEC protocols, Internet payment protocols, time based authentication, timestamping, and www protocols. This project will not preclude use of non-infrastructure public-key distribution techniques nor of non-X.509 PKIs by such applications. Efforts will be made to coordinate with the IETF White Pages (X.500/WHOIS++) project. The group will focus on tailoring and profiling the features available in the v3 X.509 certificate to best match the requirements and characteristics of the Internet environment. Other topics to be addressed potentially include: * Alternatives for CA-to-CA certification links and structures, including guidelines for constraints * Revocation alternatives, including profiling of X.509 v2 CRL extensions * Certificate and CRL distribution options (X.500-based, non-X.500-based) * Guidelines for policy definition and registration * Administrative protocols and procedures, including certificate generation, revocation notification, cross-certification, and key-pair updating * Naming and name forms (how entities are identified, e.g., email address, URN, DN, misc.) * Generation of client key pairs by the PKI * Services that support non-repudiation. This can include sources of credible time data and/or certificate path validation services. ----- END OF CHARTER TEXT ---- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA25907 for ietf-pkix-bks; Tue, 22 Sep 1998 05:29:18 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA25903 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 05:29:16 -0700 (PDT) Received: id IAA16369; Tue, 22 Sep 1998 08:31:45 -0400 Received: by gateway id <S2S6Z1VK>; Tue, 22 Sep 1998 08:28:25 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC97A8@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Steve Kent'" <kent@bbn.com>, "'Warwick Ford'" <wford@verisign.com>, "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Subject: text for attributes Date: Tue, 22 Sep 1998 08:28:14 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Although we have not reached specific wording which is 100% agreed by everyone, we have reached agreement on what the contents of the cACertificate and crossCertificatePair attributes are to be used for. In order to bring this to closure, Santosh and I plan to go with the advice of our co-chairs and proceed with the word 'realm', along with the clarification that its meaning is defined locally and hope everyone will be willing to live with that. Also, this will be liaised to the X.509 group as the PKIX recommendation to resolve the associated defect report in that standard. Thanks to everyone for their input and I assume I'm not the only one looking forward to a reduced amount of email each morning :-) ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA25745 for ietf-pkix-bks; Tue, 22 Sep 1998 05:13:14 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA25741 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 05:13:13 -0700 (PDT) Received: from intern_pc ([209.172.119.112]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id FAA15055; Tue, 22 Sep 1998 05:17:57 -0700 (PDT) Message-Id: <3.0.6.32.19980922081543.00902790@mail.spyrus.com> X-Sender: aarsenault@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Tue, 22 Sep 1998 08:15:43 -0400 To: Stefan Santesson <stefan@accurata.se>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Al Arsenault <aarsenault@spyrus.com> Subject: Re: PKIX Roadmap In-Reply-To: <3.0.32.19980922062458.00a7e6f0@m1.403.telia.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 06:25 AM 9/22/98 +0200, Stefan Santesson wrote: >Al, > >Just a short reply to CA disaster (See below). > >Thanks for your reply, I still disagree to the disaster part. > >CA2 does not have to be dismanteled, since CA 2:s key is intact. >What has to be done is that: >- CA1 is rebuilt with new key >- The compromise of CA1 and its new key has to be communicated with >out-of-band means >- CA1 cross certify CA2 (and other CA:s) using the new key >- New cross certificates to CA1 has to be issued and published by other CA:s. > >Now all certificates issued by CA2 before the disaster of CA1 can be used >and trusted. >This since the disaster of CA1 didn't destroy CA2, just the link to CA2 >from CA1. > >/Stefan Stefan, The more I think about this, the more I realize we agree. It's the words that need figuring out. Perhaps the words in the draft roadmap are too strong; we'll have to think about that. First, let me note that when CA1 and CA2 are cross-certified - that is, have a peer relationship, with neither subordinate to the other - I agree with you about what happens when CA1's key is compromised. Now, let us assume that there is a hierarchical relationship - CA2 is subordinate to CA1. This means to me that the trust anchor used by end entities below CA2 is not CA2 - it's CA1. When CA1's key is discovered to be compromised, what you do is: 1 - communicate out of band the compromise. This means that CA2 and all entities below it are essentially "out of action" temporarily; since CA1 is the trust anchor, there's no way to construct a valid cert path 2 - reconstitute CA1 with a new key; 3 - get CA2's key to CA1 for certification (most likely through out-of-band means). Yes, this can still be the same key; since CA2's key wasn't compromised, it can still be used, and it will make things easier in that you don't have to go re-signing end-entity certs with a new CA2 key. Now, you're back in action. If you agree that this is right, we can figure out words that say that. The point I wanted to convey is that the entire PKI is dead in this case until CA1 is brought up and a new CA2 cert is signed, because you can't construct a valid path back to a valid trust anchor. (Of course, if trust anchor's compromised key happens to be on all end-entity hardware tokens in a form that can't easily be changed, you've still got a problem, but that's beyond the scope of PKIX :-) Al Arsenault - the above opinions are my own. They may or may not reflect the opinions of my employer or of any other organization with which I have a relationship. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA25513 for ietf-pkix-bks; Tue, 22 Sep 1998 04:31:33 -0700 (PDT) Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by mail.proper.com (8.8.8/8.8.5) with SMTP id EAA25509 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 04:31:31 -0700 (PDT) Received: from HYDRA ([195.67.109.114]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id NAA78840; Tue, 22 Sep 1998 13:36:57 +0200 Received: by HYDRA with Microsoft Mail id <01BDE62D.342F16E0@HYDRA>; Tue, 22 Sep 1998 13:30:45 +0200 Message-ID: <01BDE62D.342F16E0@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: RE: OCSP - Public Key Dstribution Date: Tue, 22 Sep 1998 13:30:44 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis, > something that is nontrivial. And "Certificate Domain" is also missing. ??? Certificate Domain is some kind of indication of what kind of certificate(s) you want to validate. I.e. like SET-certificates, a National ID-card, OBI-trader etc. This could be of interest in both the request and in the response. I.e. a trusted OCSP server may support overlapping or disjunct domains and a typical subscriber may be interested in just one type. To standardize this seems unnecessary in the same sense as defining trust models in OCSP. It is a *deployment* issue like certificate policies and liabilities. Other extensions, like certificate validation might be considered once OCSP is closed. I assume that the "closing" of OCSP will be pretty theoretical when the definition of extensions starts. Already an IETF agenda item it seems Regards Anders Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA25221 for ietf-pkix-bks; Tue, 22 Sep 1998 03:35:04 -0700 (PDT) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA25217 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 03:35:01 -0700 (PDT) Received: from darmstadt.gmd.de (pc-ravenna [141.12.33.61]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id LAA28659; Tue, 22 Sep 1998 11:28:34 +0200 (MET DST) Message-ID: <36076D59.62280554@darmstadt.gmd.de> Date: Tue, 22 Sep 1998 11:26:49 +0200 From: "Petra Glöckner" <Petra.Gloeckner@darmstadt.gmd.de> X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: ietf-pkix@imc.org CC: herfert@darmstadt.gmd.de Subject: basic constraint extension References: <199809081502.LAA04610@ietf.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms6C21A3596B2679A5F64C275F" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms6C21A3596B2679A5F64C275F Content-Type: multipart/mixed; boundary="------------C84E92343668538B0D7F006C" This is a multi-part message in MIME format. --------------C84E92343668538B0D7F006C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello all, the draft-ietf-pkix-ipki-part1-10 says the basic constraint extension MUST appear as a critical extension in all CA certificates but it SHOULD NOT appear in end entity certificates. Why should the basic constraint extension not appear in end entity certificates ? Is it purely to safe some bits or is there another reason, like keeping the draft more flexibel, e.g. to allow an end entity to issue a certificate for his encryption key himself using his signature key and certificate ? In general, is it possible for an end entity to use his signature key and certificate to issue a certificate for his encryption key himself ? Or do you have to have the CA bit set to true in your certificate in order to be able to issue certificates for your own encryption keys ? Any ideas and thoughts are welcome ! Best regards - Petra --------------C84E92343668538B0D7F006C Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Petra Glöckner Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Petra Glöckner n: ;Petra Glöckner org: GMD-TKT email;internet: Petra.Gloeckner@darmstadt.gmd.de x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------C84E92343668538B0D7F006C-- --------------ms6C21A3596B2679A5F64C275F Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIO7wYJKoZIhvcNAQcCoIIO4DCCDtwCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC DVcwggMFMIICbqADAgECAgIC8zANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJERTEMMAoG A1UEChMDR01EMR8wHQYDVQQLExZDTEFTUyAwIFRSSUFMIFNFUlZJQ0VTMTgwNgYDVQQLEy9U cnVzdEZhY3RvcnkgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENlcnRpZmljYXRlczAeFw05ODA3 MTMxNzQ2NDlaFw0wMDAxMDEwMDAwMDBaMGYxCzAJBgNVBAYTAkRFMQwwCgYDVQQKEwNHTUQx LzAtBgkqhkiG9w0BCQEWIFBldHJhLkdsb2Vja25lckBkYXJtc3RhZHQuZ21kLmRlMRgwFgYD VQQDEw9QZXRyYSBHbG9lY2tuZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwgqVtX54BPIm LAu+u8i7lnOV6lf+79amGCL9Ao5UOStKuLHC2dwH7MP5A8gPVeeiP1kk2tr9hXJmIVDYP7kS cQIDAQABo4H1MIHyMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgCwMIHRBglghkgBhvhC AQ0EgcMWgcBDQVVUSU9OOiBUaGUgRGlnaXRhbCBJRCBzdWJqZWN0cyBvZiBJQ0UtVEVMCkNs YXNzIDAgVHJpYWwgU2VydmljZXMgYXJlIG5vdCBhdXRoZW50aWNhdGVkLgpJdCBtYXkgYmUg dGhlIGhvbGRlcidzIHJlYWwgbmFtZSBvciBhbiBhbGlhcy4KVXNlIHRoaXMgRGlnaXRhbCBJ RCBmb3IgdGVzdCBwdXJwb3NlZCBvbmx5LgooYykgR01EIDE5OTcwDQYJKoZIhvcNAQEEBQAD gYEASgeR+7xR+g2YPSXpdAojcDD1jeo2sMa1hyspawERPfLgagUDcaX5MS/TjYZ8K3lz3Tve G6U0pWPwRBtAnns/A8hoNApONSQEXupnhNgaRwljFEXm+shdanA33iZKfs6NVCnb1Mbs96pK xUgpXw4TRe//afL0nNiaRCmSfXohytgwggOhMIIDCqADAgECAgEBMA0GCSqGSIb3DQEBBAUA MGcxCzAJBgNVBAYTAkRFMQwwCgYDVQQKEwNHTUQxHzAdBgNVBAsTFkNMQVNTIDAgVFJJQUwg U0VSVklDRVMxKTAnBgNVBAsTIFRydXN0RmFjdG9yeSBEaWdpdGFsIElEIFNlcnZpY2VzMB4X DTk3MTIxNzA4MDMyNloXDTAwMDEwMTAwMDAwMFowdjELMAkGA1UEBhMCREUxDDAKBgNVBAoT A0dNRDEfMB0GA1UECxMWQ0xBU1MgMCBUUklBTCBTRVJWSUNFUzE4MDYGA1UECxMvVHJ1c3RG YWN0b3J5IEluZGl2aWR1YWwgU3Vic2NyaWJlciBDZXJ0aWZpY2F0ZXMwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBANQJUsDpSSmA85HJLPHj4jDUTWXPUwYaqNvA3r3AdhFqIacLQwtn FOoMR4CZqaewurOWI23kw2NK4/2I+GdTwkk5aEYAo4eA9FFwHBxq+b80xbO4ymTKxkah8DTv acv+JkLwFnjc7DEzuJoK61ywR8UJP/FQjD53o8ATXhoGNIIDAgMBAAGjggFMMIIBSDAfBgNV HSMEGDAWgBR43QkpxguDM6Uc3wFLHlNH8iD1SzAdBgNVHQ4EFgQUM47EbBv7+7Tjj2OaluUR VEIj7fwwDgYDVR0PAQH/BAQDAgH2MA8GA1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQD AgAHMIHRBglghkgBhvhCAQ0EgcMWgcBDQVVUSU9OOiBUaGUgRGlnaXRhbCBJRCBzdWJqZWN0 cyBvZiBJQ0UtVEVMCkNsYXNzIDAgVHJpYWwgU2VydmljZXMgYXJlIG5vdCBhdXRoZW50aWNh dGVkLgpJdCBtYXkgYmUgdGhlIGhvbGRlcidzIHJlYWwgbmFtZSBvciBhbiBhbGlhcy4KVXNl IHRoaXMgRGlnaXRhbCBJRCBmb3IgdGVzdCBwdXJwb3NlZCBvbmx5LgooYykgR01EIDE5OTcw DQYJKoZIhvcNAQEEBQADgYEAXWnV7vH1s9e0opHh/Hk1nOgpxEbx7XaSAbnVzdUoOxxKvbkl o0QaB79OV4oLkrFAscMU8iKWN9RkBmWuartRnq45DRsAWMur8DlgbrShlMBEC71OsE2I1FMP xGe/rJwp2x5Or1M1mchKI808S7WblPyJxCBOMt3Q1in7F1Boz1wwggNgMIICyaADAgECAgEB MA0GCSqGSIb3DQEBBAUAMEgxDzANBgNVBAcTBkV1cm9wZTEQMA4GA1UEChMHSUNFLVRFTDEj MCEGA1UECxMaQ0xBU1MgMCBUUklBTCBTRVJWSUNFUyBQS0kwHhcNOTcxMjE3MDgwMzI0WhcN MDAwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJERTEMMAoGA1UEChMDR01EMR8wHQYDVQQLExZD TEFTUyAwIFRSSUFMIFNFUlZJQ0VTMSkwJwYDVQQLEyBUcnVzdEZhY3RvcnkgRGlnaXRhbCBJ RCBTZXJ2aWNlczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7gWKqAf0MfIp/QL9wMe3 mzEt/+DYSUs6VqkgXehMSbLblwPV7v+QhzhH/JSUoQKVi85qQom7+tnXBJxylB4mfl4AsqyG SE4IGZPnVcxI4rzW5vhrNVCSzeAkqe2PnoPpZrlh8IYYYKINeGzmZ5QMWEmnDp8+M13zzAUD A/11ZFMCAwEAAaOCATkwggE1MB8GA1UdIwQYMBaAFLNK4JQgbBz8WKb6QycGs8Hxz6SyMB0G A1UdDgQWBBR43QkpxguDM6Uc3wFLHlNH8iD1SzAOBgNVHQ8BAf8EBAMCAfYwDwYDVR0TAQH/ BAUwAwEB/zCB0QYJYIZIAYb4QgENBIHDFoHAQ0FVVElPTjogVGhlIERpZ2l0YWwgSUQgc3Vi amVjdHMgb2YgSUNFLVRFTApDbGFzcyAwIFRyaWFsIFNlcnZpY2VzIGFyZSBub3QgYXV0aGVu dGljYXRlZC4KSXQgbWF5IGJlIHRoZSBob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMu ClVzZSB0aGlzIERpZ2l0YWwgSUQgZm9yIHRlc3QgcHVycG9zZWQgb25seS4KKGMpIEdNRCAx OTk3MA0GCSqGSIb3DQEBBAUAA4GBAK+hyS6CuuCt2kH7FlvTgpYf39q4sji5JytL3KCExfLe b4H+YPNbO7cy08KTGa9qSQyodh5+KwXFH9lUct5//bFkm4WfKHH7O2u4+rjWGfGZV6VB1ZCD dX5CdvVu8O3qNPoQThw60WowKJIS8FkW5BKLP7SB4VJetNrKMz9zwWnJMIIDQTCCAqqgAwIB AgIBADANBgkqhkiG9w0BAQQFADBIMQ8wDQYDVQQHEwZFdXJvcGUxEDAOBgNVBAoTB0lDRS1U RUwxIzAhBgNVBAsTGkNMQVNTIDAgVFJJQUwgU0VSVklDRVMgUEtJMB4XDTk3MTIxNzA3NTg0 NVoXDTAwMDEwMTAwMDAwMFowSDEPMA0GA1UEBxMGRXVyb3BlMRAwDgYDVQQKEwdJQ0UtVEVM MSMwIQYDVQQLExpDTEFTUyAwIFRSSUFMIFNFUlZJQ0VTIFBLSTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEA9jNYTNZLLl7MxMhg1dSc0wq+PiSq4LkPwDL9J+dQk1EJdLWaopkd/NNR uM37r03RVbSHeI0FPQoylnJpu0Kj6KNWxVwIeGeWGrIdhRShUSh3n2bFSD/0T5uHWvsN1U9f d6uxDaYHcnfLLCtTi76Piu2GCJK4eH3W76Oo3Ei4VoMCAwEAAaOCATkwggE1MB8GA1UdIwQY MBaAFLNK4JQgbBz8WKb6QycGs8Hxz6SyMB0GA1UdDgQWBBSzSuCUIGwc/Fim+kMnBrPB8c+k sjAOBgNVHQ8BAf8EBAMCAfYwDwYDVR0TAQH/BAUwAwEB/zCB0QYJYIZIAYb4QgENBIHDFoHA Q0FVVElPTjogVGhlIERpZ2l0YWwgSUQgc3ViamVjdHMgb2YgSUNFLVRFTApDbGFzcyAwIFRy aWFsIFNlcnZpY2VzIGFyZSBub3QgYXV0aGVudGljYXRlZC4KSXQgbWF5IGJlIHRoZSBob2xk ZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuClVzZSB0aGlzIERpZ2l0YWwgSUQgZm9yIHRl c3QgcHVycG9zZWQgb25seS4KKGMpIEdNRCAxOTk3MA0GCSqGSIb3DQEBBAUAA4GBALkKsGZG E5ckTCE0F7hTF2eZgnDZYgm709UJeozPRB/3KjuyjdxlbVj2eiCWVB9HpH0KK2kEqnhgiHWL xwQGuycFD7Px7SDIwjEC/7c9YERIw1GmGWe2g6EatOP3oS/4tCy72TODDhD5WeYAMFcpKihR Skp0N+zOhEuDvxyXGauuMYIBYDCCAVwCAQEwfDB2MQswCQYDVQQGEwJERTEMMAoGA1UEChMD R01EMR8wHQYDVQQLExZDTEFTUyAwIFRSSUFMIFNFUlZJQ0VTMTgwNgYDVQQLEy9UcnVzdEZh Y3RvcnkgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENlcnRpZmljYXRlcwICAvMwCQYFKw4DAhoF AKB9MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTk4MDkyMjA5 MjY0OVowHgYJKoZIhvcNAQkPMREwDzANBggqhkiG9w0DAgIBKDAjBgkqhkiG9w0BCQQxFgQU Ypl1kQvQEkbLfHbDhyuczu2HatYwDQYJKoZIhvcNAQEBBQAEQCWTOZQScCOMbV6jt7j/IN+M XcHMcvD2wgOSKEb1Sqr48Aof6oFV3oeBQseB8SJqpl93ZiCRYZBl+1T3SVMCdZc= --------------ms6C21A3596B2679A5F64C275F-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA03834 for ietf-pkix-bks; Mon, 21 Sep 1998 21:22:03 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA03830 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 21:22:01 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id GAA05716; Tue, 22 Sep 1998 06:28:20 +0200 (CEST) Received: from stefans (t2o68p111.telia.com [62.20.138.231]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id GAA27141; Tue, 22 Sep 1998 06:28:18 +0200 (CEST) Message-Id: <3.0.32.19980922062458.00a7e6f0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 22 Sep 1998 06:25:35 +0200 To: Al Arsenault <aarsenault@spyrus.com>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Stefan Santesson <stefan@accurata.se> Subject: Re: PKIX Roadmap Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id VAA03831 Sender: owner-ietf-pkix@imc.org Precedence: bulk Al, Just a short reply to CA disaster (See below). Thanks for your reply, I still disagree to the disaster part. CA2 does not have to be dismanteled, since CA 2:s key is intact. What has to be done is that: - CA1 is rebuilt with new key - The compromise of CA1 and its new key has to be communicated with out-of-band means - CA1 cross certify CA2 (and other CA:s) using the new key - New cross certificates to CA1 has to be issued and published by other CA:s. Now all certificates issued by CA2 before the disaster of CA1 can be used and trusted. This since the disaster of CA1 didn't destroy CA2, just the link to CA2 from CA1. /Stefan At 01:32 PM 9/21/98 -0400, Al Arsenault wrote: >Stefan, > > Thanks for your comments. Responses in line (Sean can make changes to the >draft as appropriate). > > >At 04:19 PM 9/21/98 +0200, Stefan Santesson wrote: >>Al, >> >>I finally got time to look a little bit deeper into the roadmap document. >>I think it is very well formed but I have some minor disagreements. >> >>1) Concerning definition and use of the term Root CA >>2) Result from CA compromise >>3) Use of certificates. >> >>1 - Root CA >>--------- >>Definition and use of the term Root CA in sections 2, 3.4.5 and 5.1.2 gives >>the impression that Root CA is at the top of some hierarchy. >> >>This does not seem to harmonize with the definition of root CA in >>"Certificate Management Protocols" >> >> "We use the term "root CA" to indicate a CA that is directly trusted by >> an end entity; that is, securely acquiring the value of a root CA public >> key requires some out-of-band step(s). This term is not meant to imply >> that a root CA is necessarily at the top of any hierarchy, simply that >> the CA in question is trusted directly." >> >>So in fact every CA in a domain is likely to be "root" for some of its >>subscribers. >>I personally prefer the rem "Top CA" when describing a hierarchy. >> > >You are correct; I was using the term "rootCA" to indicate the top of a >hierarchy (possibly, a hierarchy of depth one - two counting the end >entity). That is inconsistent with CMP. We'll have to resolve that. I >personally prefer using the term "rootCA" to mean the top of a hierarchy, >and "trust anchor" to mean the CA that the end-entity directly trusts. But >we'll figure out something - "topCA" is probably feasible for now. > > >> >>2 - CA compromise >>------------------ >>In section 3.4.5 it is said that compromise of a root CA is always >>catastrophic and that the entire infrastructure subordinate to that root CA >>has to be dismantled and started over again. This gives the impression that >>a subordinate CA has to be dismatled. >> >>My comment is that >>a) Since the rootCA does not denote any hierarchy we can't define which CA >>that is subordinate or not to a specific root CA >>b) A compromised CA does only require that particular CA to be dismantled. >>No other non-compromised CA has to be dismantled. Other CA:s has to revoke >>cross certificates to th compromised CA and all subscribers using the >>compromised CA as root CA, are totally cut off until they get another >>rootCA key, but that's another aspect. >> > >Your comment (a) is correct, given the different meaning of "rootCA" that I >didn't catch earlier. However, I disagree with part of your comment (b). >That to me goes to the heart of a "CA Certificate" vs. a >"Cross-certificate". > >Suppose that CA2 has no self-signed certificates (it might have a >self-issued certificate for key management, but that's not relevant at this >point). CA2's CA certificate is issued and signed by CA1. Thus, CA2 is >subordinate to CA1. Now, if CA1's private key is compromised, then CA2 >must be "dismantled". That is, there is no reliable way for an outside >entity to know whether CA2's cert was legitimately issued prior to the >compromise of CA1's key, or whether CA2's cert was signed by the malicious >party now holding the copy of CA1's private key. The only thing you can do >is kill CA2 and start over with a new cert issued by the new, re-installed >CA1. (Not to mention the mechanical problem of constructing a valid cert >path going through CA2 to the valid CA1:-). Of course, "dismantling" is a >strong word; you'd have to rebuild CA1 with a new key, and sign a new >certificate for CA2 using the new, un-compromised key. You wouldn't >necessarily need to erase CA2's database, train new people, buy a new >hardware platform, etc. :-) > >With a cross-certificate, as you point out, there's no need to do anything >over than revoke the cross-cert CA2 has issued for CA1 (if there is one). > > >>3 - Certificate usage >>--------------------- >>Section 3.1 states that: >>"Certificates is used in the process of validating signed data." >>This definition is leaving out any use for the purpose of encryption. I.e. >>data encryption, key agreement and key exchange. >> > >Agreed. > > > Al Arsenault > >- the above opinions are my own. They may or may not reflect the opinions >of my employer or of any other organization with which I have a relationship. > > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA29811 for ietf-pkix-bks; Mon, 21 Sep 1998 10:30:40 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA29807 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 10:30:39 -0700 (PDT) Received: from intern_pc ([209.172.119.112]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id KAA06046; Mon, 21 Sep 1998 10:35:08 -0700 (PDT) Message-Id: <3.0.6.32.19980921133257.009044e0@mail.spyrus.com> X-Sender: aarsenault@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Mon, 21 Sep 1998 13:32:57 -0400 To: Stefan Santesson <stefan@accurata.se>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Al Arsenault <aarsenault@spyrus.com> Subject: Re: PKIX Roadmap In-Reply-To: <3.0.32.19980921161854.00a71640@m1.403.telia.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan, Thanks for your comments. Responses in line (Sean can make changes to the draft as appropriate). At 04:19 PM 9/21/98 +0200, Stefan Santesson wrote: >Al, > >I finally got time to look a little bit deeper into the roadmap document. >I think it is very well formed but I have some minor disagreements. > >1) Concerning definition and use of the term Root CA >2) Result from CA compromise >3) Use of certificates. > >1 - Root CA >--------- >Definition and use of the term Root CA in sections 2, 3.4.5 and 5.1.2 gives >the impression that Root CA is at the top of some hierarchy. > >This does not seem to harmonize with the definition of root CA in >"Certificate Management Protocols" > > "We use the term "root CA" to indicate a CA that is directly trusted by > an end entity; that is, securely acquiring the value of a root CA public > key requires some out-of-band step(s). This term is not meant to imply > that a root CA is necessarily at the top of any hierarchy, simply that > the CA in question is trusted directly." > >So in fact every CA in a domain is likely to be "root" for some of its >subscribers. >I personally prefer the rem "Top CA" when describing a hierarchy. > You are correct; I was using the term "rootCA" to indicate the top of a hierarchy (possibly, a hierarchy of depth one - two counting the end entity). That is inconsistent with CMP. We'll have to resolve that. I personally prefer using the term "rootCA" to mean the top of a hierarchy, and "trust anchor" to mean the CA that the end-entity directly trusts. But we'll figure out something - "topCA" is probably feasible for now. > >2 - CA compromise >------------------ >In section 3.4.5 it is said that compromise of a root CA is always >catastrophic and that the entire infrastructure subordinate to that root CA >has to be dismantled and started over again. This gives the impression that >a subordinate CA has to be dismatled. > >My comment is that >a) Since the rootCA does not denote any hierarchy we can't define which CA >that is subordinate or not to a specific root CA >b) A compromised CA does only require that particular CA to be dismantled. >No other non-compromised CA has to be dismantled. Other CA:s has to revoke >cross certificates to th compromised CA and all subscribers using the >compromised CA as root CA, are totally cut off until they get another >rootCA key, but that's another aspect. > Your comment (a) is correct, given the different meaning of "rootCA" that I didn't catch earlier. However, I disagree with part of your comment (b). That to me goes to the heart of a "CA Certificate" vs. a "Cross-certificate". Suppose that CA2 has no self-signed certificates (it might have a self-issued certificate for key management, but that's not relevant at this point). CA2's CA certificate is issued and signed by CA1. Thus, CA2 is subordinate to CA1. Now, if CA1's private key is compromised, then CA2 must be "dismantled". That is, there is no reliable way for an outside entity to know whether CA2's cert was legitimately issued prior to the compromise of CA1's key, or whether CA2's cert was signed by the malicious party now holding the copy of CA1's private key. The only thing you can do is kill CA2 and start over with a new cert issued by the new, re-installed CA1. (Not to mention the mechanical problem of constructing a valid cert path going through CA2 to the valid CA1:-). Of course, "dismantling" is a strong word; you'd have to rebuild CA1 with a new key, and sign a new certificate for CA2 using the new, un-compromised key. You wouldn't necessarily need to erase CA2's database, train new people, buy a new hardware platform, etc. :-) With a cross-certificate, as you point out, there's no need to do anything over than revoke the cross-cert CA2 has issued for CA1 (if there is one). >3 - Certificate usage >--------------------- >Section 3.1 states that: >"Certificates is used in the process of validating signed data." >This definition is leaving out any use for the purpose of encryption. I.e. >data encryption, key agreement and key exchange. > Agreed. Al Arsenault - the above opinions are my own. They may or may not reflect the opinions of my employer or of any other organization with which I have a relationship. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA29336 for ietf-pkix-bks; Mon, 21 Sep 1998 09:17:24 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA29332 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 09:17:22 -0700 (PDT) Received: from [128.33.238.151] (TC151.BBN.COM [128.33.238.151]) by po1.bbn.com (8.8.6/8.8.6) with ESMTP id MAA05250 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 12:23:14 -0400 (EDT) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="============_-1305727475==_ma============" X-Sender: kent@po1.bbn.com Message-Id: <v04011701b22c2cbc4e8e@[128.33.238.151]> Date: Mon, 21 Sep 1998 12:20:00 -0400 To: ietf-pkix@imc.org From: Stephen Kent <kent@bbn.com> Subject: meeting minutes Sender: owner-ietf-pkix@imc.org Precedence: bulk --============_-1305727475==_ma============ Content-Type: text/plain; charset="us-ascii" Folks, I apologize for not having mailed these sooner, for review. They were done by Friday, of IETF week, but then got lost in an avalanche of travel and e-mail. Please review and respond to me with corrections by the end of this week. Thanks, Steve ----------------------- PKIX WG Meeting Minutes 8/26-27/98 The PKIX WG met twice during the 42nd IETF and a approximately 190 individuals participated in these meetings. The meeting began with a review of the status of all of the WG document, presented by Warwick Ford, WG co-chair. The following text summarizes the status of the documents: PKIX Certificate/CRL Profile (draft-ietf-pkix-ipki-part1-09.txt) - IESG Last Call KEA Algorithm Profile (draft-ietf-pkix-ipki-kea-02.txt) - Close to completion by Editors HTTP/FTP Operations (draft-ietf-pkix-opp-ftp-http-04.txt) - Ready for WG last call LDAP V2 Profile (March 98 draft)- At IESG, pending WG delivery of V2 Schema LDAP V2 Schema (draft-ietf-pkix-ldapv2-schema-01.txt) - In WG last call OCSP (draft-ietf-pkix-ocsp-05.txt) - In WG last call CMP (draft-ietf-pkix-ipki3cmp-08.txt) and CRMF (draft-ietf-pkix-crmf-01.txt) - In hands of IESG; pending IESG last call CMMF (draft-ietf-pkix-cmmf-02.txt) and CMC (draft-ietf-pkix-cmc-01.txt) - In WG last call Certificate Policy/Practices Guideline (draft-ietf-pkix-ipki-part4-03.txt) - In SA Director's hands, pending publication as Informational RFC REVIEWS OF ESTABLISHED PROJECTS: - PKIX Certificate and CRL Profile (Tim Polk) Ready for IESG ballot, after receipt of minor editorial comments during IETF last call. Straw polls used to resolve last few contentious issues, specifically mandating use of DNs for all Issuers, and mandating use of strict subtrees for the NameConstraints extension. Jeff Schiller noted that the IETF web site has pointers to the Entrust license required for inclusion of CRL distribution point within this document. The license is easy to execute; there is a reciprocity clause that requires licensing to Entrust any intellectual property associated with CRL distribution, as a side effect of - KEA and ECDS Algorithms (Tim Polk) Work on these algorithm IDs continues, subject to resolution of some intellectual property issues. - LDAP V2 Schema and Profile (Tim Moses, Dave Horvath, Santosh Chokhani) Most of the schema are not controversial; outstanding issues is whether all CA certificates should appear in the cross certificate directory attribute, or whether certificates that are internal to a domain should appear in the CA certificate attribute. There is consensus that any self-signed CA certificates belong in the latter attribute. The disagreement here revolves around alternative certificate validation algorithms; both approaches have been implemented and both work, each favoring a different PKI model. The CA certificate attribute has been a feature of X.509 for a long while, so the proposal to move all (non- self-signed) CA certificates to the cross CA certificate attribute represents a non-backward compatible change for systems not making use of cross certificates. Still, this is the direction currently being pursued by the X.509 committee in resolving this ambiguity in the original standard. Performance analysis of 6 different approaches, under varying assumptions of PKI models, shows that putting all (non-self signed) CA certificates in the cross certificate attribute results in worse performance. We can make a decision now to get this long overdue schema out, or postpone and discuss more (since this is a newly discovered issue). (Although this discussion is taking place in the context of LDAP v2, the same issue arises in LDAP v3. However, v3 has better filtering capabilities and this it is believed that the issue would be less of a concern, but this is not universally agreed upon.) Work on LDAP v3 is progressing in the IETF, and so if we postpone action on this ID, it may be OBE and we will need to focus on v3 instead. Proposed compromise approach is to duplicate intra-domain CA certificates in both attributes (#4 in Santosh's analysis posted to the WG list), and which has very good overall performance. One objection raised to this is that it can result in added data sent back if one retrieves both attribute contents. Straw poll conducted resulted on no clear winner, but the two finalists are the proposed compromise and the older, backward compatible approach; the WG rejected the proposal from the current LDAP schema. - OCSP (Tim Myers and Ambrish Malpani) Various minor, but technically important, edits to many parts of the document, in response to comments from the WG list. Changes included a uniform key identifier, optional use of TLS/SSL for privacy protection of exchanges, etc. An objection was raised to mandating use of a signature, when a lower layer protocol might be used to provide security. A straw poll overwhelmingly supported the mandatory use of signatures of in OCSP. Thus there appears to be no outstanding significant technical issues at this time. A separate OCSP response extensions document will be created to define additional responses - CMP and CRMF In IESG last call. No further status to report. - CMMF and CMC (Mike Myers) The CMMF draft has completed WG last call, minor changes have been made in response to comments received during last call, it and will be forwarded to the IESG. CMC also has completed WG last call, and undergone changes in response to comments received during that process. Pending approval of secure initialization issues briefed at this meeting, the document will be forwarded to the IESG. The secure initialization requirements for CMC include use of a shared secret in a keyed hash calculation, with this secret distributed via a confidentiality-secure channel. However, objections were raised to defining this as the only way to achieve secure initialization, e.g., as opposed to use of SecurID cards or S-KEY authentication in the context of an integrity and confidentiality secure channel. It seems likely that additional mechanisms should be allowed, but there is a desire to avoid an explosion of allowed user authentication techniques, which would hinder interoperability or greatly burden CA software. This issue will be brought to the list for resolution. - IBM PKIX Software Distribution (Charlie Kaufman) IBM is implementing PKIX technology and making it available for use in products, as well as in R&D environments. Code is a mix of C++ software plus Java GUIs. Provided facilities include CMP, CRMF, LDAP, basic CA and RA functions, and client certificate processing. No crypto is included in the distribution; the software makes calls to a CAPI. The first release relies on the Cylink cyrpto toolkit, which also will be available via this web site; later version will also make use of BSAFE. Initial distribution is via an MIT web site and is not exportable. A pointer for a mailing list was provided: imc-pfi@imc.org. NEW TOPICS: - Timestamp & Notary proposals (Carlisle Adams) Several folks continuing work on these topics and have published an independent draft on these topics. The authors received a fair amount of private feedback, and hope to be able to bring forward a well-formed proposal. Jeff Schiller gave his permission to bring this into the WG, based on the WG having made substantial progress on the other work items. Thus we will expand the charter to encompass these topics. - Web-based Integrated CA services Protocol (Mine Sakurai) This presentation describes use of HTTP as an underlying communication protocol among CAs, RAs, etc. The underlying model also defines issuing, validation, and publishing authority modules within the CA. ICAP has been implemented for use with S/MIME in a medical information system in Japan. An I-D has been published describing ICAP: draft-ietf-????. It was noted that the acronym "ICAP" is already in use by a calendar protocol, so another protocol acronym would be appropriate. - Enhanced CRL Distribution Options (Phillip Hallam-Baker & Warwick Ford) There is an I-D describing alternatives CRL distribution technique, which was developed in response to the intellectual property problem that temporarily prevented use of the CRL distribution point mechanism. The CRL format can be extended to specify the scope of the CRL, e.g., by serial number range, as an alternative to placing the pointer in the certificate. To address the CRL location aspect of CRL distribution points, one also can establish CRL managers that are either locally trusted or that represent a separate CRL distribution channel, perhaps serving multiple CAs. By adding two new CRL extensions, one can extend the CRL distribution model in interesting new ways. These suggestions are being forwarded to ISO for consideration. See the latest I-D, under the PKIX, for more details. - PKIX Roadmap (Al Arsenault) The set of PKIX documents has become rather large and potentially confusing. An outline was presented as a basis for a document that would become an informational RFC, to help explain the relationships among these documents, and to other efforts, e.g., SPKI. An initial draft is ready and will be made available immediately after this IETF meeting. - Qualified Certificates (Stefan Santesson) In EC a legal framework for "qualified certificates" is being developed, referring to individual certificates that will be accepted for legally binding, international transactions, and with legal liability implications for the CAs issuing such certificates. (These certificates are used only for non-repudiation.) It is analogous to some of the work under UNICTRAL for EDI. For PKIX, the potential work item would be a profile for such certificates, specifying which extensions are mandatory and optional, establishing values and semantics for some of the extensions. For example, one might mandate use of the policy extension with a specific value to identify such certificates, with policy qualifiers to express additional characteristics of policy variants, appropriate key usage flags, naming schema constraints, etc. --============_-1305727475==_ma============ Content-Type: text/enriched; charset="us-ascii" Folks, I apologize for not having mailed these sooner, for review. They were done by Friday, of IETF week, but then got lost in an avalanche of travel and e-mail. Please review and respond to me with corrections by the end of this week. Thanks, Steve ----------------------- <fontfamily><param>Times</param><bigger><bigger>PKIX WG Meeting Minutes 8/26-27/98 The PKIX WG met twice during the 42nd IETF and a approximately 190 individuals participated in these meetings. The meeting began with a review of the status of all of the WG document, presented by Warwick Ford, WG co-chair. The following text summarizes the status of the documents: PKIX Certificate/CRL Profile (draft-ietf-pkix-ipki-part1-09.txt) - IESG Last Call KEA Algorithm Profile (draft-ietf-pkix-ipki-kea-02.txt) - Close to completion by Editors HTTP/FTP Operations (draft-ietf-pkix-opp-ftp-http-04.txt) - Ready for WG last call LDAP V2 Profile (March 98 draft)- At IESG, pending WG delivery of V2 Schema LDAP V2 Schema (draft-ietf-pkix-ldapv2-schema-01.txt) - In WG last call OCSP (draft-ietf-pkix-ocsp-05.txt) - In WG last call CMP (draft-ietf-pkix-ipki3cmp-08.txt) and CRMF (draft-ietf-pkix-crmf-01.txt) - In hands of IESG; pending IESG last call CMMF (draft-ietf-pkix-cmmf-02.txt) and CMC (draft-ietf-pkix-cmc-01.txt) - In WG last call Certificate Policy/Practices Guideline (draft-ietf-pkix-ipki-part4-03.txt) - In SA Director's hands, pending publication as Informational RFC REVIEWS OF ESTABLISHED PROJECTS: - PKIX Certificate and CRL Profile (Tim Polk) Ready for IESG ballot, after receipt of minor editorial comments during IETF last call. Straw polls used to resolve last few contentious issues, specifically mandating use of DNs for all Issuers, and mandating use of strict subtrees for the NameConstraints extension. Jeff Schiller noted that the IETF web site has pointers to the Entrust license required for inclusion of CRL distribution point within this document. The license is easy to execute; there is a reciprocity clause that requires licensing to Entrust any intellectual property associated with CRL distribution, as a side effect of - KEA and ECDS Algorithms (Tim Polk) Work on these algorithm IDs continues, subject to resolution of some intellectual property issues. - LDAP V2 Schema and Profile (Tim Moses, Dave Horvath, Santosh Chokhani) Most of the schema are not controversial; outstanding issues is whether all CA certificates should appear in the cross certificate directory attribute, or whether certificates that are internal to a domain should appear in the CA certificate attribute. There is consensus that any self-signed CA certificates belong in the latter attribute. The disagreement here revolves around alternative certificate validation algorithms; both approaches have been implemented and both work, each favoring a different PKI model. The CA certificate attribute has been a feature of X.509 for a long while, so the proposal to move all (non- self-signed) CA certificates to the cross CA certificate attribute represents a non-backward compatible change for systems not making use of cross certificates. Still, this is the direction currently being pursued by the X.509 committee in resolving this ambiguity in the original standard. Performance analysis of 6 different approaches, under varying assumptions of PKI models, shows that putting all (non-self signed) CA certificates in the cross certificate attribute results in worse performance. We can make a decision now to get this long overdue schema out, or postpone and discuss more (since this is a newly discovered issue). (Although this discussion is taking place in the context of LDAP v2, the same issue arises in LDAP v3. However, v3 has better filtering capabilities and this it is believed that the issue would be less of a concern, but this is not universally agreed upon.) Work on LDAP v3 is progressing in the IETF, and so if we postpone action on this ID, it may be OBE and we will need to focus on v3 instead. Proposed compromise approach is to duplicate intra-domain CA certificates in both attributes (#4 in Santosh's analysis posted to the WG list), and which has very good overall performance. One objection raised to this is that it can result in added data sent back if one retrieves both attribute contents. Straw poll conducted resulted on no clear winner, but the two finalists are the proposed compromise and the older, backward compatible approach; the WG rejected the proposal from the current LDAP schema. - OCSP (Tim Myers and Ambrish Malpani) Various minor, but technically important, edits to many parts of the document, in response to comments from the WG list. Changes included a uniform key identifier, optional use of TLS/SSL for privacy protection of exchanges, etc. An objection was raised to mandating use of a signature, when a lower layer protocol might be used to provide security. A straw poll overwhelmingly supported the mandatory use of signatures of in OCSP. Thus there appears to be no outstanding significant technical issues at this time. A separate OCSP response extensions document will be created to define additional responses - CMP and CRMF In IESG last call. No further status to report. - CMMF and CMC (Mike Myers) The CMMF draft has completed WG last call, minor changes have been made in response to comments received during last call, it and will be forwarded to the IESG. CMC also has completed WG last call, and undergone changes in response to comments received during that process. Pending approval of secure initialization issues briefed at this meeting, the document will be forwarded to the IESG. The secure initialization requirements for CMC include use of a shared secret in a keyed hash calculation, with this secret distributed via a confidentiality-secure channel. However, objections were raised to defining this as the only way to achieve secure initialization, e.g., as opposed to use of SecurID cards or S-KEY authentication in the context of an integrity and confidentiality secure channel. It seems likely that additional mechanisms should be allowed, but there is a desire to avoid an explosion of allowed user authentication techniques, which would hinder interoperability or greatly burden CA software. This issue will be brought to the list for resolution. - IBM PKIX Software Distribution (Charlie Kaufman) IBM is implementing PKIX technology and making it available for use in products, as well as in R&D environments. Code is a mix of C++ software plus Java GUIs. Provided facilities include CMP, CRMF, LDAP, basic CA and RA functions, and client certificate processing. No crypto is included in the distribution; the software makes calls to a CAPI. The first release relies on the Cylink cyrpto toolkit, which also will be available via this web site; later version will also make use of BSAFE. Initial distribution is via an MIT web site and is not exportable. A pointer for a mailing list was provided: imc-pfi@imc.org. NEW TOPICS: - Timestamp & Notary proposals (Carlisle Adams) Several folks continuing work on these topics and have published an independent draft on these topics. The authors received a fair amount of private feedback, and hope to be able to bring forward a well-formed proposal. Jeff Schiller gave his permission to bring this into the WG, based on the WG having made substantial progress on the other work items. Thus we will expand the charter to encompass these topics. - Web-based Integrated CA services Protocol (Mine Sakurai) This presentation describes use of HTTP as an underlying communication protocol among CAs, RAs, etc. The underlying model also defines issuing, validation, and publishing authority modules within the CA. ICAP has been implemented for use with S/MIME in a medical information system in Japan. An I-D has been published describing ICAP: draft-ietf-????. It was noted that the acronym "ICAP" is already in use by a calendar protocol, so another protocol acronym would be appropriate. - Enhanced CRL Distribution Options (Phillip Hallam-Baker & Warwick Ford) There is an I-D describing alternatives CRL distribution technique, which was developed in response to the intellectual property problem that temporarily prevented use of the CRL distribution point mechanism. The CRL format can be extended to specify the scope of the CRL, e.g., by serial number range, as an alternative to placing the pointer in the certificate. To address the CRL location aspect of CRL distribution points, one also can establish CRL managers that are either locally trusted or that represent a separate CRL distribution channel, perhaps serving multiple CAs. By adding two new CRL extensions, one can extend the CRL distribution model in interesting new ways. These suggestions are being forwarded to ISO for consideration. See the latest I-D, under the PKIX, for more details. - PKIX Roadmap (Al Arsenault) The set of PKIX documents has become rather large and potentially confusing. An outline was presented as a basis for a document that would become an informational RFC, to help explain the relationships among these documents, and to other efforts, e.g., SPKI. An initial draft is ready and will be made available immediately after this IETF meeting. - Qualified Certificates (Stefan Santesson) In EC a legal framework for "qualified certificates" is being developed, referring to individual certificates that will be accepted for legally binding, international transactions, and with legal liability implications for the CAs issuing such certificates. (These certificates are used only for non-repudiation.) It is analogous to some of the work under UNICTRAL for EDI. For PKIX, the potential work item would be a profile for such certificates, specifying which extensions are mandatory and optional, establishing values and semantics for some of the extensions. For example, one might mandate use of the policy extension with a specific value to identify such certificates, with policy qualifiers to express additional characteristics of policy variants, appropriate key usage flags, naming schema constraints, etc. </bigger></bigger></fontfamily> --============_-1305727475==_ma============-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA28710 for ietf-pkix-bks; Mon, 21 Sep 1998 07:34:25 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA28706 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 07:34:21 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id QAA11344; Mon, 21 Sep 1998 16:40:31 +0200 (CEST) Received: from stefans (t4o68p96.telia.com [62.20.139.216]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id QAA06265; Mon, 21 Sep 1998 16:22:11 +0200 (CEST) Message-Id: <3.0.32.19980921161854.00a71640@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 21 Sep 1998 16:19:49 +0200 To: Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Stefan Santesson <stefan@accurata.se> Subject: Re: PKIX Roadmap Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA28707 Sender: owner-ietf-pkix@imc.org Precedence: bulk Al, I finally got time to look a little bit deeper into the roadmap document. I think it is very well formed but I have some minor disagreements. 1) Concerning definition and use of the term Root CA 2) Result from CA compromise 3) Use of certificates. 1 - Root CA --------- Definition and use of the term Root CA in sections 2, 3.4.5 and 5.1.2 gives the impression that Root CA is at the top of some hierarchy. This does not seem to harmonize with the definition of root CA in "Certificate Management Protocols" "We use the term "root CA" to indicate a CA that is directly trusted by an end entity; that is, securely acquiring the value of a root CA public key requires some out-of-band step(s). This term is not meant to imply that a root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly." So in fact every CA in a domain is likely to be "root" for some of its subscribers. I personally prefer the rem "Top CA" when describing a hierarchy. 2 - CA compromise ------------------ In section 3.4.5 it is said that compromise of a root CA is always catastrophic and that the entire infrastructure subordinate to that root CA has to be dismantled and started over again. This gives the impression that a subordinate CA has to be dismatled. My comment is that a) Since the rootCA does not denote any hierarchy we can't define which CA that is subordinate or not to a specific root CA b) A compromised CA does only require that particular CA to be dismantled. No other non-compromised CA has to be dismantled. Other CA:s has to revoke cross certificates to th compromised CA and all subscribers using the compromised CA as root CA, are totally cut off until they get another rootCA key, but that's another aspect. 3 - Certificate usage --------------------- Section 3.1 states that: "Certificates is used in the process of validating signed data." This definition is leaving out any use for the purpose of encryption. I.e. data encryption, key agreement and key exchange. Regards /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA22403 for ietf-pkix-bks; Mon, 21 Sep 1998 00:38:25 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA22390 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 00:36:58 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id JAA17478; Mon, 21 Sep 1998 09:18:26 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id JAA16740; Mon, 21 Sep 1998 09:18:25 +0200 (DFT) Message-ID: <36067C64.DE008EBB@bull.net> Date: Mon, 21 Sep 1998 09:18:44 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@jaybis.com> CC: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: OCSP - Public Key Dstribution References: <01BDE484.F1DA1820@HYDRA> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Anders Rundgren a écrit: > Salut Denis, This sounds a little bit familiar to me. :-( Please do not mix French and English. > Pardon my ignorance but does a returned issuerKeyHash give you the > possibility to verify a certificate signature *after* its status has been checked? Yes. > Don't you need the original (unhashed) issuer public key to to that? You can get it after the OCSP request. > I.e. does this enhanced OCSP draft essentially support my suggested OCSP++ > (previously I called it OCVP) system *without* requiring extensions? That would be > just fantastic! I took a look at the URL address you are providing. Since the description is pretty short, it is hard to answer your question. However the text says "an easy-to-use system for checking status and validity of a certificate." In this version of OCSP, there is no intent for checking the validity of the certificate but only its revocation/on-hold status. Checking the status would be far more complicated and controversial. Denis > http://www.jaybis.com/specifications/pkix/ocsp.html > > Please enlighten me! > > Regards > Anders Rundgren > > ---------- > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > Sent: Saturday, September 19, 1998 02:15 > To: Andreas Berger > Cc: Peter Sylvester; ambarish@valicert.com; ietf-pkix@imc.org > Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt > > Andreas, > > I share your concerns. > > The current definition of CertId is as follows: > > CertID ::= SEQUENCE { > hashAlgorithm AlgorithmIdentifier, > issuerNameHash OCTET STRING, -- Hash of Issuer's DN > issuerKeyHash OCTET STRING, -- Hash of Issuers public > key > serialNumber CertificateSerialNumber } > > CertID is used both in the request and in the response. > I would suggest to change it to: > > CertID ::= SEQUENCE { > hashAlgorithm AlgorithmIdentifier, > issuerNameHash OCTET STRING, -- Hash of Issuer's DN > issuerKeyHash OCTET STRING OPTIONAL, -- Hash of > Issuers public key > serialNumber CertificateSerialNumber } > > making the issuerKeyHash optional. > > The issuerKeyHash would be optional for a request but mandatory for > a response. The rational is as follows: the requester needs "at > some time" to get the public key of the issuer in order to verify > the certificate. If we mandate that field to be always present > thent it must get it *before* the request to the OCSP server. If we > make it optional, then it may get it before or after the request to > the OCSP server. This gives some flexibility, without too many > options. > > The OCSP server should anyway have the Issuers public key and thus > its hash. The hash may allow the requester to disambigous some > responses in case of anonymity. > > Denis > > > I agree with this discussion and would like to add some thoughts: > > > > Peter Sylvester wrote: > > > > I actually think OCVP is a bigger thing than just making the hash > > > > of the issuer's PUBLIC key NULL. That whole topic should be > > > > addressed at one shot > > > > > > > I am *not* really talking about OCVP, I am talking about 'CertID', > > > a short way to identify a certificate. The syntax > > > for the identification should be flexible enough > > > > > > - not to require more than the original certificate in > > > order to construct the identification. > > The is a very good assumption. While the authority key *may* be > > available, it certainly isn´t always available. > > > > > - to allow identification of a certificate in a given context > > > ==> serial number for example or/and hash of cert > > The serial number is a little bit weaker but supported by other parts of > > X.509, PKIX and several mail protocols, using issuer/serial for > > identification of a certificate. So issuer/serial or > > issuer/certificate-hash look like valid combinations. It may be a good > > idea to be able add a subject public key hash if necessary. > > > > > - to allow the OCSP provider to find the source of > > > information provider. > > > ==> name of issuer may be necessary, hash of issuer name > > > may not be sufficient. > > So for identification of issuer we probably have a choice of issuer-name > > or issuer-hash, probably in combination with issuer-public-key or > > issuer-public-key-hash as an optional parameter. > > > > > - to ensure that the creator of the certificate really has > > > a copy of a cert. > > > ==> hash of cert for example, or serialnumber if authority > > > allocates them in a sparse way. > > > If we assume that the orginal version of OCSP where it was > > > possible to just have a cert did make sense, thus I do not > > > see why there is a need for the issuer public key extract > > > in the certID. At least it should be optional in some way. > > > > > > It seems useful to me to fix a syntax for CertID that > > > is sufficiently open for extensions without requiring > > > a new protocol version.. > > > > The removal of the certificate proper as a means to "identify" a > > certificate forced us to specify an extension to OCSP to do this > > (transport the certificate in the request - optional, or in the reply - > > optional). If the consensus is that OCSP should not be able to transport > > the certificate proper, I think we should at least open the possibility > > to transport a certitficate hash. > > > > That leads me back to the idea of making a lot of the identification > > parameters in "CertID" optional. But we will get serious > > interoperability issues. So either we build specific CertIDs with > > specific purposes in mind or we need some profiling (and probably a > > means for the responder to transport valid combinations back to the > > client). > > > > Andreas > > -- > > Fifty-three percent of Fortune 1000 executives think the > > Arch Deluxe is something that helps to run a computer. > > -- Jericho Communications > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA22389 for ietf-pkix-bks; Mon, 21 Sep 1998 00:36:51 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA22383 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 00:36:11 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id JAA09835; Mon, 21 Sep 1998 09:29:18 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id JAA15096; Mon, 21 Sep 1998 09:29:22 +0200 (DFT) Message-ID: <36067EF5.8F246720@bull.net> Date: Mon, 21 Sep 1998 09:29:41 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Michael Myers <mmyers@verisign.com> CC: ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <3.0.32.19980918180005.00920ee4@mail.verisign.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Michael, I first suggest that you re-read my last proposal from Friday which does not contradicts your rational but contradicts your conclusion. > All, > > The intent was to provide an alternative to CRLs. Following that model, > there's an underlying assumption that the end-entity is in possession of > the CA's certificate (as would be needed to validate the signature on a CRL.) Yes, the underlying assumption that the end-entity has to get the CA's public key or certificate. But, we should not make any assumption whether that information must be obtained BEFORE or AFTER the OCSP request. > OCSP never had a requirement to validate an end-entity certificate in the > absence of the CA certificate at the requestor end. It's not just a > requirement on syntax at the request. This would also imply path > validation logic on the server. The consensus has been conclusively > established that full certificate validation is beyond the scope of this > protocol. I strongly agree with your last sentence. > There's consequently no need to alter the request syntax. I respectfully disagree with your conclusion. Denis > Mike -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA04797 for ietf-pkix-bks; Sun, 20 Sep 1998 17:02:12 -0700 (PDT) Received: from typhoon.dstc.qut.edu.au (root@typhoon.dstc.qut.edu.au [131.181.71.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA04793 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 17:02:06 -0700 (PDT) Received: from dstc.qut.edu.au (tornado.dstc.qut.edu.au [131.181.71.3]) by typhoon.dstc.qut.edu.au (8.8.5/8.8.5) with ESMTP id KAA06232 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 10:08:18 +1000 (EST) Message-Id: <199809210008.KAA06232@typhoon.dstc.qut.edu.au> X-Mailer: exmh version 2.0.2 2/24/98 To: ietf-pkix@imc.org Subject: Re: Testing the ASN.1 in Part 1 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 21 Sep 1998 10:08:16 +1000 From: Dean Povey <povey@dstc.qut.edu.au> Sender: owner-ietf-pkix@imc.org Precedence: bulk Just another minor point: id-ad, id-ad-ocsp and id-ad-caIssuers are defined in both PKIX1Implicit88 and PKIX1Explicit88. -- Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla: Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/ Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit: Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA02905 for ietf-pkix-bks; Sun, 20 Sep 1998 10:35:53 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA02901 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 10:35:51 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id TAA10451; Sun, 20 Sep 1998 19:41:59 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id TAA02115; Sun, 20 Sep 1998 19:41:58 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id TAA18646; Sun, 20 Sep 1998 19:41:58 +0200 Date: Sun, 20 Sep 1998 19:41:58 +0200 Message-Id: <199809201741.TAA18646@emeriau.edelweb.fr> To: anders.rundgren@jaybis.com Subject: Re: OCSP - Public Key Dstribution Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk Anders, the proposal of Denis solves a different problem. It makes the syntax easier for the client, it doesn't require a field that may be unnecessary. An interpretation of OCSP or OCVP is independant of the syntax change. It is the interpretation of the RESULT that counts: - In OCSP you interprete 'good' as 'I have not information that it is NOT GOOD'. - in OCSP you would interprete 'unknown' as 'I know that this CA has never issued the CA, or I do not know the CA'. Denis' proposal makes the proposal more lightweight. You can even consider that an OCSP or OCVP does not need more than just a serial number (because it operated in a very restricted environment of just one CA), but well, the protocol should be able to cover a large range of applications. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA02899 for ietf-pkix-bks; Sun, 20 Sep 1998 10:35:23 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA02895 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 10:35:21 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id TAA10447; Sun, 20 Sep 1998 19:41:29 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id TAA02111; Sun, 20 Sep 1998 19:41:28 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id TAA18643; Sun, 20 Sep 1998 19:41:28 +0200 Date: Sun, 20 Sep 1998 19:41:28 +0200 Message-Id: <199809201741.TAA18643@emeriau.edelweb.fr> To: ietf-pkix@imc.org, mmyers@verisign.com Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Sender: owner-ietf-pkix@imc.org Precedence: bulk > All, You :-) , > > The intent was to provide an alternative to CRLs. Following that model, > there's an underlying assumption that the end-entity is in possession of > the CA's certificate (as would be needed to validate the signature on a CRL.) This is a description that is somewhat strange. What is an alternative to CRLs? Read part1 of pkix. An alternative is something that replace completely the usage of CRLs. CRLs by definition are one means to detect revoked certs, YOUR intention was to have just access to a remotely manged CRL. There has been a lot of discussion that OCSP is a service that allows what it says in its definition, online status verification, and not just lookup of a remote CRL base. A lot of effort has been made to ensure that a minimal OCSP service can actually implemented using CRLs, otherwise one may have just used a certHash in the request, and not used the serial number. Anyway, an alternative has not a defined model, so what do we have to follow? And why is there any underlying model. This is NOT documented in OCSP, and the contrary seems to be indicated in pkix part 1. Splitting a local logic that looks into a list a CRLs into a client server protocol MAY require additional security (as it is mentioned in pkix part1). You MAY require that a request an a response to be signed by requestor and the responder sign the response. A server MAY require that the client proves in some way that it is actually in possession of a cert, or whatever else you can image. Or: CRLs are ONE way to obtain status information of certs OCSP is not a client server implemention of CRL lookup but a general mecanism to obtain status information about certificates, and it CAN be implemented using just CRLs on the server side but it is open to provide MORE service. > > OCSP never had a requirement to validate an end-entity certificate in the > absence of the CA certificate at the requestor end. It's not just a > requirement on syntax at the request. This would also imply path > validation logic on the server. The consensus has been conclusively > established that full certificate validation is beyond the scope of this > protocol. > The first version of the protocol allowed just to present a certificate in a request. Whether the client actually has the corresponding cert before or after the validation is left to the client. Denis proposal does not put any requirement for path validation on the server, on the contrary, The server otherwise tell: I know about ONE CA and it's public key hash is what I return in the response. It the request needs to contain a key hash, the server MUST validate the public key in order to return 'unknown' if it doesn't match. Thus, in some sense the actual text requires validation on the server, and Denis' proposal removes that requirement. The only TECHNICAL problem that can happen is that the server KNOWS about more than ONE certificate having the SAME serial number and the same CA name. In this case the server should return the status of all of them, and let the client decide. > There's consequently no need to alter the request syntax. You can always deduce everything from an empty or false premises. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA29413 for ietf-pkix-bks; Sun, 20 Sep 1998 01:54:00 -0700 (PDT) Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by mail.proper.com (8.8.8/8.8.5) with SMTP id BAA29409 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 01:53:57 -0700 (PDT) Received: from HYDRA ([195.67.109.114]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id KAA59705; Sun, 20 Sep 1998 10:59:56 +0200 Received: by HYDRA with Microsoft Mail id <01BDE484.F1DA1820@HYDRA>; Sun, 20 Sep 1998 10:53:48 +0200 Message-ID: <01BDE484.F1DA1820@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: OCSP - Public Key Dstribution Date: Sun, 20 Sep 1998 10:53:46 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id BAA29410 Sender: owner-ietf-pkix@imc.org Precedence: bulk Salut Denis, Pardon my ignorance but does a returned issuerKeyHash give you the possibility to verify a certificate signature *after* its status has been checked? Don't you need the original (unhashed) issuer public key to to that? I.e. does this enhanced OCSP draft essentially support my suggested OCSP++ (previously I called it OCVP) system *without* requiring extensions? That would be just fantastic! http://www.jaybis.com/specifications/pkix/ocsp.html Please enlighten me! Regards Anders Rundgren ---------- From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] Sent: Saturday, September 19, 1998 02:15 To: Andreas Berger Cc: Peter Sylvester; ambarish@valicert.com; ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Andreas, I share your concerns. The current definition of CertId is as follows: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber } CertID is used both in the request and in the response. I would suggest to change it to: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING OPTIONAL, -- Hash of Issuers public key serialNumber CertificateSerialNumber } making the issuerKeyHash optional. The issuerKeyHash would be optional for a request but mandatory for a response. The rational is as follows: the requester needs "at some time" to get the public key of the issuer in order to verify the certificate. If we mandate that field to be always present thent it must get it *before* the request to the OCSP server. If we make it optional, then it may get it before or after the request to the OCSP server. This gives some flexibility, without too many options. The OCSP server should anyway have the Issuers public key and thus its hash. The hash may allow the requester to disambigous some responses in case of anonymity. Denis > I agree with this discussion and would like to add some thoughts: > > Peter Sylvester wrote: > > > I actually think OCVP is a bigger thing than just making the hash > > > of the issuer's PUBLIC key NULL. That whole topic should be > > > addressed at one shot > > > > > I am *not* really talking about OCVP, I am talking about 'CertID', > > a short way to identify a certificate. The syntax > > for the identification should be flexible enough > > > > - not to require more than the original certificate in > > order to construct the identification. > The is a very good assumption. While the authority key *may* be > available, it certainly isn´t always available. > > > - to allow identification of a certificate in a given context > > ==> serial number for example or/and hash of cert > The serial number is a little bit weaker but supported by other parts of > X.509, PKIX and several mail protocols, using issuer/serial for > identification of a certificate. So issuer/serial or > issuer/certificate-hash look like valid combinations. It may be a good > idea to be able add a subject public key hash if necessary. > > > - to allow the OCSP provider to find the source of > > information provider. > > ==> name of issuer may be necessary, hash of issuer name > > may not be sufficient. > So for identification of issuer we probably have a choice of issuer-name > or issuer-hash, probably in combination with issuer-public-key or > issuer-public-key-hash as an optional parameter. > > > - to ensure that the creator of the certificate really has > > a copy of a cert. > > ==> hash of cert for example, or serialnumber if authority > > allocates them in a sparse way. > > If we assume that the orginal version of OCSP where it was > > possible to just have a cert did make sense, thus I do not > > see why there is a need for the issuer public key extract > > in the certID. At least it should be optional in some way. > > > > It seems useful to me to fix a syntax for CertID that > > is sufficiently open for extensions without requiring > > a new protocol version.. > > The removal of the certificate proper as a means to "identify" a > certificate forced us to specify an extension to OCSP to do this > (transport the certificate in the request - optional, or in the reply - > optional). If the consensus is that OCSP should not be able to transport > the certificate proper, I think we should at least open the possibility > to transport a certitficate hash. > > That leads me back to the idea of making a lot of the identification > parameters in "CertID" optional. But we will get serious > interoperability issues. So either we build specific CertIDs with > specific purposes in mind or we need some profiling (and probably a > means for the responder to transport valid combinations back to the > client). > > Andreas > -- > Fifty-three percent of Fortune 1000 executives think the > Arch Deluxe is something that helps to run a computer. > -- Jericho Communications -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA21235 for ietf-pkix-bks; Sat, 19 Sep 1998 13:51:03 -0700 (PDT) Received: from cylink.com ([204.160.108.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA21231 for <ietf-pkix@imc.org>; Sat, 19 Sep 1998 13:51:02 -0700 (PDT) Received: by cylink.com (8.8.8/SMI-SVR4) id OAA07962; Sat, 19 Sep 1998 14:01:17 -0700 (PDT) Received: from cylink252.cylink.com(205.226.82.252) by enforcer.cylink.com via smap (V2.0) id xma007960; Sat, 19 Sep 98 14:00:57 -0700 Reply-To: <amit@netcom.com> From: "Amit Kapoor" <amit@netcom.com> To: "PKIX" <ietf-pkix@imc.org> Subject: Testing the ASN.1 in Part 1 Date: Sat, 19 Sep 1998 13:58:24 -0700 Message-ID: <001a01bde410$3dbd7cc0$0a01040a@mordor.cylink.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk The following two in PKIX1Implicit93 (and 88): DistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, cRLIssuer [2] GeneralNames OPTIONAL } DistributionPointName ::= CHOICE { fullName [0] GeneralNames, nameRelativeToCRLIssuer [1] RelativeDistinguishedName } Is the tagging correct for DistributionPointName in DistributionPoint considering the package is defined as IMPLICIT tagging? How will will the decoder know which one of the two DistributionPointName (GeneralNames | RelativeDistinguishedName) is represented by [0]? Similarly for IssuingDistPointSyntax. I recall a message from someone from OSS a while back on somewhat a similar subject but afraid could not locate it in the archives. Thanks. Amit Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA26882 for ietf-pkix-bks; Fri, 18 Sep 1998 17:54:41 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA26878 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 17:54:40 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id RAA13604; Fri, 18 Sep 1998 17:58:14 -0700 (PDT) Received: from mmyers-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id SAA11253; Fri, 18 Sep 1998 18:00:07 -0700 (PDT) Message-Id: <3.0.32.19980918180005.00920ee4@mail.verisign.com> X-Sender: mmyers@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 18 Sep 1998 18:00:08 -0700 To: ietf-pkix@imc.org From: Michael Myers <mmyers@verisign.com> Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk All, The intent was to provide an alternative to CRLs. Following that model, there's an underlying assumption that the end-entity is in possession of the CA's certificate (as would be needed to validate the signature on a CRL.) OCSP never had a requirement to validate an end-entity certificate in the absence of the CA certificate at the requestor end. It's not just a requirement on syntax at the request. This would also imply path validation logic on the server. The consensus has been conclusively established that full certificate validation is beyond the scope of this protocol. There's consequently no need to alter the request syntax. Mike Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA25592 for ietf-pkix-bks; Fri, 18 Sep 1998 14:33:09 -0700 (PDT) Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA25586 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 14:33:07 -0700 (PDT) Received: from catalyst (catalyst.llnl.gov [128.115.223.10]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2) with SMTP id OAA19912; Fri, 18 Sep 1998 14:39:10 -0700 (PDT) Message-Id: <3.0.3.32.19980918143811.00b1f6e0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 18 Sep 1998 14:38:11 -0700 To: "Flanigan, Bill" <flanigab@ncr.disa.mil>, ietf-pkix@imc.org From: Tony Bartoletti <azb@llnl.gov> Subject: RE: proposed text for attributes In-Reply-To: <5F21F6A15446D211B0730020484016A34A8DED@RBMAIL103> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 04:39 PM 9/18/98 -0400, Flanigan, Bill wrote: >Hmm. I'm starting to have a what-does-it really-say/mean problem with >things like the "may" word, the "local policy" words, and, in fact, the >wording of the entire paragraph on the cACertificate attribute. What >happened to the "shall" word, and what does "local policy" add in the way >clarification? > It's not what goes where (we seem to have rough consensus here), but >rather how to express this with minimal ambiguity and number of words. How >about a single sentence along the lines of "The cACertificate attribute of a >CA's directory entry shall be used to store self-issued certificates (if >any) and certificates issued to this CA by CAs in the same realm as this >CA"? Why not replace "realm" (or domain or scope) with what the word(s) intend. I take "CA's in the same realm/domain" to mean "CA's acting under a common authority-to-issue". Does this help? ___tony___ Tony Bartoletti LL SPI-NET GURU LL LL Computer Security Technology Center LL LL LL Lawrence Livermore National Lab LL LL LL PO Box 808, L - 303 LL LL LLLLLLLL Livermore, CA 94551-9900 LL LLLLLLLL email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA25057 for ietf-pkix-bks; Fri, 18 Sep 1998 13:29:40 -0700 (PDT) Received: from rbhub100.chamb.disa.mil (rbhub100.chamb.disa.mil [209.22.120.23]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA25053 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 13:29:39 -0700 (PDT) Received: by rbhub100.chamb.disa.mil with Internet Mail Service (5.5.2232.9) id <TDQTCBB7>; Fri, 18 Sep 1998 16:34:34 -0400 Message-ID: <5F21F6A15446D211B0730020484016A34A8DED@RBMAIL103> From: "Flanigan, Bill" <flanigab@ncr.disa.mil> To: ietf-pkix@imc.org Subject: RE: proposed text for attributes Date: Fri, 18 Sep 1998 16:39:58 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hmm. I'm starting to have a what-does-it really-say/mean problem with things like the "may" word, the "local policy" words, and, in fact, the wording of the entire paragraph on the cACertificate attribute. What happened to the "shall" word, and what does "local policy" add in the way clarification? It's not what goes where (we seem to have rough consensus here), but rather how to express this with minimal ambiguity and number of words. How about a single sentence along the lines of "The cACertificate attribute of a CA's directory entry shall be used to store self-issued certificates (if any) and certificates issued to this CA by CAs in the same realm as this CA"? Bill Flanigan %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% William F. Flanigan, Jr., Ph.D. Voice: (703) 681-2318 Defense Information Systems Agency Fax: (703) 681-2814 Information Assurance Engineering DSN: 761 5600 Columbia Pike, Room 632 Voice Mail: (703) 681-2318 Falls Church, VA 22041-2717 Internet: <flanigab@ncr.disa.mil> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > -----Original Message----- > From: Paul Hoffman / IMC [SMTP:phoffman@imc.org] > Sent: Friday, September 18, 1998 12:39 PM > To: ietf-pkix@imc.org > Subject: Re: proposed text for attributes > > >Unless there are any other objections to the wording, I'll get the draft > >revised with this wording and submitted by Monday. > > I'd like to echo David Kurn's concern that the wording with respect to the > cACertificate attribute of a CA's directory entry. If you don't define > "realm", > then there doesn't seem much point to saying that "some things that person > accessing the directory cannot determine will appear in the cACertificate > attribute". Why is that still in the spec if it's up to local policy to > decide > what to put there? > > Maybe better wording would be "The cACertificate attribute of a CA's > directory > entry may be populated with certificates defined by local policy" and > leave > the > rest of the paragraph out. > > > --Paul Hoffman, Director > --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA23955 for ietf-pkix-bks; Fri, 18 Sep 1998 11:09:14 -0700 (PDT) Received: from romulus.cs.ut.ee (jan@romulus.cs.ut.ee [193.40.5.125]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA23951 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 11:09:12 -0700 (PDT) Received: from localhost (jan@localhost) by romulus.cs.ut.ee (8.9.1/8.9.1/romulus-1.4) with SMTP id VAA13259 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 21:15:08 +0300 (EET DST) Date: Fri, 18 Sep 1998 21:15:06 +0300 ( ) From: Jan Willemson <jan@cs.ut.ee> To: ietf-pkix@imc.org Subject: Who uses what? Message-ID: <Pine.GSO.4.02A.9809182058590.12460-100000@romulus.cs.ut.ee> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Hello! Excuse me please for being yet-another-newbie and asking a newbie question. But this is the only way to get smart. I have been reading ietf-pkix drafts for some time and found a lot of proposed X.509 extensions. On the other hand there are many companies (Netscape etc) producing cert-software that uses (as I understand) some of these extensions and some extensions of their own. So - is there somewhere out there an overview of who uses what? I believe there is, but my webcrawling has not been able to find it yet. I would be grateful for all hints/links etc. Thank you:) Jan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA23493 for ietf-pkix-bks; Fri, 18 Sep 1998 10:23:23 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA23488; Fri, 18 Sep 1998 10:23:22 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id KAA15812; Fri, 18 Sep 1998 10:28:13 -0700 (PDT) Message-Id: <199809181728.KAA15812@spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.52 (Beta) Date: Fri, 18 Sep 1998 13:29:49 -0400 To: Dean Povey <povey@dstc.qut.edu.au> From: Russ Housley <housley@spyrus.com> Subject: Re: Testing the ASN.1 in Part 1 Cc: Paul Hoffman / IMC <phoffman@imc.org>, ietf-pkix@imc.org In-Reply-To: <199809180548.PAA24765@typhoon.dstc.qut.edu.au> References: <Your message of "Tue, 15 Sep 1998 14:29:01 +1000." <199809150429.OAA08287@typhoon.dstc.qut.edu.au> Mime-Version: 1.0 Content-Type: text/html; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk <html> You found a minor editorial error in the document, but not an ASN.1 error.<br> <br> For some reason, CertificatePolicies is defined here and where it should be.<br> <br> The two lines with '*' at the front should be deleted:<br> <br> <font face="Courier New, Courier"> id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }<br> <br> * CertificatePoliciesSyntax ::=<br> * SEQUENCE SIZE (1..MAX) OF PolicyInformation<br> <br> PolicyConstraints ::= SEQUENCE {<br> requireExplicitPolicy [0] SkipCerts OPTIONAL,<br> inhibitPolicyMapping [1] SkipCerts OPTIONAL }<br> <br> SkipCerts ::= INTEGER (0..MAX)<br> <br> <br> </font>Russ<br> <br> <br> <br> At 03:47 PM 9/18/98 +1000, Dean Povey wrote:<br> ><br> >><br> >><br> >>>Anyone who plans to get around to checking the ASN.1 after part 1 becomes<br> >>>an RFC: could you do it now instead? This would be a great help to us all.<br> >>>Thanks!<br> >>><br> ><br> >More bugs in PKIX1ImplictXX<br> ><br> >The ASN.1 for PolicyConstraints is incorrect. In both the 88 and 93 versions <br> >it is specified as a SEQUENCE SIZE(1..MAX) OF SEQUENCE { ... }. This is <br> >inconsistent with the X.509 definition and it also doesn't make any sense for <br> >it to be a SEQUENCE OF. The definition of PolicyConstraints should be:<br> ><br> >PolicyConstraints ::= SEQUENCE {<br> ><x-tab> </x-tab>requireExplicitPolicy<x-tab> </x-tab>[0] SkipCerts OPTIONAL,<br> ><x-tab> </x-tab>inhibitPolicyMapping<x-tab> </x-tab>[1] SkipCerts OPTIONAL }<br> ><br> >Also the authorityInfoAccess OID is missing in the 88 module, it should be:<br> ><br> >id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }<br> ><br> >More as I find 'em :-).<br> ><br> ><br> >-- <br> >Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla:<br> >Research Scientist | ph: +61 7 3864 5120 | <a href="http://www.cryptozilla.org/" eudora="autourl">www.cryptozilla.org/</a><br> >Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit:<br> >Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/<br> ><br> ><br> </html> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23017 for ietf-pkix-bks; Fri, 18 Sep 1998 09:33:46 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23013 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 09:33:45 -0700 (PDT) Message-Id: <199809181633.JAA23013@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Fri, 18 Sep 1998 09:39:16 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: proposed text for attributes In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50AC9788@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk >Unless there are any other objections to the wording, I'll get the draft >revised with this wording and submitted by Monday. I'd like to echo David Kurn's concern that the wording with respect to the cACertificate attribute of a CA's directory entry. If you don't define "realm", then there doesn't seem much point to saying that "some things that person accessing the directory cannot determine will appear in the cACertificate attribute". Why is that still in the spec if it's up to local policy to decide what to put there? Maybe better wording would be "The cACertificate attribute of a CA's directory entry may be populated with certificates defined by local policy" and leave the rest of the paragraph out. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22573 for ietf-pkix-bks; Fri, 18 Sep 1998 08:40:12 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22569 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 08:40:10 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id RAA21236; Fri, 18 Sep 1998 17:41:08 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id RAA21071; Fri, 18 Sep 1998 17:41:07 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id RAA17885; Fri, 18 Sep 1998 17:41:07 +0200 Date: Fri, 18 Sep 1998 17:41:07 +0200 Message-Id: <199809181541.RAA17885@emeriau.edelweb.fr> To: aberger@darmstadt.gmd.de, Denis.Pinkas@bull.net Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Cc: ambarish@valicert.com, ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk I support the suggestion from Denis. I suggest that one adds an optional hash of the certificate. it MAY be returned by the OCSP server, and it MAY be requested by the OCSP server. one could use the now obsolete error code certrequired (rename it certhashrequired). Whenever a client actually has the cert I would expect that it always sets the certHash in the request, the OCSP server may remove the certHash in the response if the certHash value was not used in order for identification, e.g. when only the serialNumber was used. CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING OPTIONAL, -- Hash of Issuers public key serialNumber CertificateSerialNumber certHash OCTET STRING OPTIONAL, -- hash of the certificate. } Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22288 for ietf-pkix-bks; Fri, 18 Sep 1998 08:08:01 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22284 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 08:07:56 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id RAA16372; Fri, 18 Sep 1998 17:14:34 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id RAA17286; Fri, 18 Sep 1998 17:14:27 +0200 (DFT) Message-ID: <3602F778.27E7C98D@bull.net> Date: Fri, 18 Sep 1998 17:14:48 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Andreas Berger <aberger@darmstadt.gmd.de> CC: Peter Sylvester <Peter.Sylvester@edelweb.fr>, ambarish@valicert.com, ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <199809180856.KAA17797@emeriau.edelweb.fr> <360230B4.B31B53E8@darmstadt.gmd.de> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Andreas, I share your concerns. The current definition of CertId is as follows: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber } CertID is used both in the request and in the response. I would suggest to change it to: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING OPTIONAL, -- Hash of Issuers public key serialNumber CertificateSerialNumber } making the issuerKeyHash optional. The issuerKeyHash would be optional for a request but mandatory for a response. The rational is as follows: the requester needs "at some time" to get the public key of the issuer in order to verify the certificate. If we mandate that field to be always present thent it must get it *before* the request to the OCSP server. If we make it optional, then it may get it before or after the request to the OCSP server. This gives some flexibility, without too many options. The OCSP server should anyway have the Issuers public key and thus its hash. The hash may allow the requester to disambigous some responses in case of anonymity. Denis > I agree with this discussion and would like to add some thoughts: > > Peter Sylvester wrote: > > > I actually think OCVP is a bigger thing than just making the hash > > > of the issuer's PUBLIC key NULL. That whole topic should be > > > addressed at one shot > > > > > I am *not* really talking about OCVP, I am talking about 'CertID', > > a short way to identify a certificate. The syntax > > for the identification should be flexible enough > > > > - not to require more than the original certificate in > > order to construct the identification. > The is a very good assumption. While the authority key *may* be > available, it certainly isn´t always available. > > > - to allow identification of a certificate in a given context > > ==> serial number for example or/and hash of cert > The serial number is a little bit weaker but supported by other parts of > X.509, PKIX and several mail protocols, using issuer/serial for > identification of a certificate. So issuer/serial or > issuer/certificate-hash look like valid combinations. It may be a good > idea to be able add a subject public key hash if necessary. > > > - to allow the OCSP provider to find the source of > > information provider. > > ==> name of issuer may be necessary, hash of issuer name > > may not be sufficient. > So for identification of issuer we probably have a choice of issuer-name > or issuer-hash, probably in combination with issuer-public-key or > issuer-public-key-hash as an optional parameter. > > > - to ensure that the creator of the certificate really has > > a copy of a cert. > > ==> hash of cert for example, or serialnumber if authority > > allocates them in a sparse way. > > If we assume that the orginal version of OCSP where it was > > possible to just have a cert did make sense, thus I do not > > see why there is a need for the issuer public key extract > > in the certID. At least it should be optional in some way. > > > > It seems useful to me to fix a syntax for CertID that > > is sufficiently open for extensions without requiring > > a new protocol version.. > > The removal of the certificate proper as a means to "identify" a > certificate forced us to specify an extension to OCSP to do this > (transport the certificate in the request - optional, or in the reply - > optional). If the consensus is that OCSP should not be able to transport > the certificate proper, I think we should at least open the possibility > to transport a certitficate hash. > > That leads me back to the idea of making a lot of the identification > parameters in "CertID" optional. But we will get serious > interoperability issues. So either we build specific CertIDs with > specific purposes in mind or we need some profiling (and probably a > means for the responder to transport valid combinations back to the > client). > > Andreas > -- > Fifty-three percent of Fortune 1000 executives think the > Arch Deluxe is something that helps to run a computer. > -- Jericho Communications -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA21046 for ietf-pkix-bks; Fri, 18 Sep 1998 05:00:00 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id EAA21042 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 04:59:58 -0700 (PDT) Received: id IAA04558; Fri, 18 Sep 1998 08:03:06 -0400 Received: by gateway id <S2S6Y5Z8>; Fri, 18 Sep 1998 07:59:50 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9788@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: proposed text for attributes Date: Fri, 18 Sep 1998 07:59:42 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh and I prefer the use of 'realm'. Scope, although not as bad as domain, also has some other meanings associated with it in the PKI area. Unless there are any other objections to the wording, I'll get the draft revised with this wording and submitted by Monday. I also will be submitting a new version of the LDAPv2 protocol profile, but this is only because the current draft expires this month. There are no changes to it and it passed last call back in January (for those who weren't following this list at that time, the IESG would not allow it to progress to RFC without this accompanying schema). Sharon ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA18545 for ietf-pkix-bks; Fri, 18 Sep 1998 03:02:10 -0700 (PDT) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA18541 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 03:02:07 -0700 (PDT) Received: from darmstadt.gmd.de (aberger@pc-turin [141.12.33.71]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id MAA27586; Fri, 18 Sep 1998 12:06:18 +0200 (MET DST) Message-ID: <360230B4.B31B53E8@darmstadt.gmd.de> Date: Fri, 18 Sep 1998 12:06:44 +0200 From: Andreas Berger <aberger@darmstadt.gmd.de> X-Mailer: Mozilla 4.05 [en] (X11; I; Linux 2.0.35 i586) MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ambarish@valicert.com, ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <199809180856.KAA17797@emeriau.edelweb.fr> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree with this discussion and would like to add some thoughts: Peter Sylvester wrote: > > I actually think OCVP is a bigger thing than just making the hash > > of the issuer's PUBLIC key NULL. That whole topic should be > > addressed at one shot > > > I am *not* really talking about OCVP, I am talking about 'CertID', > a short way to identify a certificate. The syntax > for the identification should be flexible enough > > - not to require more than the original certificate in > order to construct the identification. The is a very good assumption. While the authority key *may* be available, it certainly isn´t always available. > - to allow identification of a certificate in a given context > ==> serial number for example or/and hash of cert The serial number is a little bit weaker but supported by other parts of X.509, PKIX and several mail protocols, using issuer/serial for identification of a certificate. So issuer/serial or issuer/certificate-hash look like valid combinations. It may be a good idea to be able add a subject public key hash if necessary. > - to allow the OCSP provider to find the source of > information provider. > ==> name of issuer may be necessary, hash of issuer name > may not be sufficient. So for identification of issuer we probably have a choice of issuer-name or issuer-hash, probably in combination with issuer-public-key or issuer-public-key-hash as an optional parameter. > - to ensure that the creator of the certificate really has > a copy of a cert. > ==> hash of cert for example, or serialnumber if authority > allocates them in a sparse way. > If we assume that the orginal version of OCSP where it was > possible to just have a cert did make sense, thus I do not > see why there is a need for the issuer public key extract > in the certID. At least it should be optional in some way. > > It seems useful to me to fix a syntax for CertID that > is sufficiently open for extensions without requiring > a new protocol version.. The removal of the certificate proper as a means to "identify" a certificate forced us to specify an extension to OCSP to do this (transport the certificate in the request - optional, or in the reply - optional). If the consensus is that OCSP should not be able to transport the certificate proper, I think we should at least open the possibility to transport a certitficate hash. That leads me back to the idea of making a lot of the identification parameters in "CertID" optional. But we will get serious interoperability issues. So either we build specific CertIDs with specific purposes in mind or we need some profiling (and probably a means for the responder to transport valid combinations back to the client). Andreas -- Fifty-three percent of Fortune 1000 executives think the Arch Deluxe is something that helps to run a computer. -- Jericho Communications Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA18216 for ietf-pkix-bks; Fri, 18 Sep 1998 01:56:54 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA18212 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 01:56:53 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id LAA08690; Fri, 18 Sep 1998 11:02:54 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id LAA17532; Fri, 18 Sep 1998 11:02:54 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id LAA17802; Fri, 18 Sep 1998 11:02:53 +0200 Date: Fri, 18 Sep 1998 11:02:53 +0200 Message-Id: <199809180902.LAA17802@emeriau.edelweb.fr> To: ietf-pkix@imc.org, danjw1@pacbell.net Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Sender: owner-ietf-pkix@imc.org Precedence: bulk > I thought the issue with this was that in a case of a request where the > certificate was sent in place of the certID, a response could not be > formed unless the responder already had the issuer cert (or at least > knew its key hash). This has been dealt with, since request now must > have a certID for each requested cert. Was there some additional issue > I wasn't aware of? The original text provided to USE a certificate and nothing else to form a request. This is no longer possible. CertID in its current form cannot be used as a replacement for a certificate in the case where the client does not have the issuer cert. The syntax for CertID has not been discussed in the context where this is the ONLY way to identify a cert. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA18176 for ietf-pkix-bks; Fri, 18 Sep 1998 01:50:30 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA18171 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 01:50:27 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id KAA08440; Fri, 18 Sep 1998 10:56:25 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id KAA17394; Fri, 18 Sep 1998 10:56:24 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id KAA17797; Fri, 18 Sep 1998 10:56:24 +0200 Date: Fri, 18 Sep 1998 10:56:24 +0200 Message-Id: <199809180856.KAA17797@emeriau.edelweb.fr> To: ambarish@valicert.com Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk > > > > I actually think OCVP is a bigger thing than just making the hash > of the issuer's PUBLIC key NULL. That whole topic should be > addressed at one shot > I am *not* really talking about OCVP, I am talking about 'CertID', a short way to identify a certificate. The syntax for the identification should be flexible enough - not to require more than the original certificate in order to construct the identification. - to allow identification of a certificate in a given context ==> serial number for example or/and hash of cert - to allow the OCSP provider to find the source of information provider. ==> name of issuer may be necessary, hash of issuer name may not be sufficient. - to ensure that the creator of the certificate really has a copy of a cert. ==> hash of cert for example, or serialnumber if authority allocates them in a sparse way. If we assume that the orginal version of OCSP where it was possible to just have a cert did make sense, thus I do not see why there is a need for the issuer public key extract in the certID. At least it should be optional in some way. It seems useful to me to fix a syntax for CertID that is sufficiently open for extensions without requiring a new protocol version.. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA18121 for ietf-pkix-bks; Fri, 18 Sep 1998 01:43:45 -0700 (PDT) Received: from mail-gw.pacbell.net (mail-gw.pacbell.net [206.13.28.25]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA18117 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 01:43:44 -0700 (PDT) Received: from pacbell.net (ppp-206-170-3-162.okld03.pacbell.net [206.170.3.162]) by mail-gw.pacbell.net (8.8.8/8.7.1+antispam) with ESMTP id BAA19674; Fri, 18 Sep 1998 01:49:45 -0700 (PDT) Message-ID: <36021C9D.7B5FFABE@pacbell.net> Date: Fri, 18 Sep 1998 01:41:01 -0700 From: Dan Weinstein <danjw1@pacbell.net> X-Mailer: Mozilla 4.5b2 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org, Peter.Sylvester@edelweb.fr Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk >some remarks about the lastest OCSP draft: > >- It seems that the remarks about not knowing the public > key of an issuer are not addressed. > > It seems sufficient to ME to allow that the > hash of the issure private key MAY be a length 0 octet string, > something like that, or one might add the public > key of the OCSP responder instead. > > Thoughts? I thought the issue with this was that in a case of a request where the certificate was sent in place of the certID, a response could not be formed unless the responder already had the issuer cert (or at least knew its key hash). This has been dealt with, since request now must have a certID for each requested cert. Was there some additional issue I wasn't aware of? Dan Weinstein danjw1@pacbell.net Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id WAA07834 for ietf-pkix-bks; Thu, 17 Sep 1998 22:42:05 -0700 (PDT) Received: from typhoon.dstc.qut.edu.au (root@typhoon.dstc.qut.edu.au [131.181.71.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id WAA07821; Thu, 17 Sep 1998 22:42:01 -0700 (PDT) Received: from dstc.qut.edu.au (tornado.dstc.qut.edu.au [131.181.71.3]) by typhoon.dstc.qut.edu.au (8.8.5/8.8.5) with ESMTP id PAA24765; Fri, 18 Sep 1998 15:48:00 +1000 (EST) Message-Id: <199809180548.PAA24765@typhoon.dstc.qut.edu.au> X-Mailer: exmh version 2.0.2 2/24/98 cc: Paul Hoffman / IMC <phoffman@imc.org>, ietf-pkix@imc.org Subject: Re: Testing the ASN.1 in Part 1 In-reply-to: Your message of "Tue, 15 Sep 1998 14:29:01 +1000." <199809150429.OAA08287@typhoon.dstc.qut.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 18 Sep 1998 15:47:57 +1000 From: Dean Povey <povey@dstc.qut.edu.au> Sender: owner-ietf-pkix@imc.org Precedence: bulk > > >>Anyone who plans to get around to checking the ASN.1 after part 1 becomes >>an RFC: could you do it now instead? This would be a great help to us all. >>Thanks! >> More bugs in PKIX1ImplictXX The ASN.1 for PolicyConstraints is incorrect. In both the 88 and 93 versions it is specified as a SEQUENCE SIZE(1..MAX) OF SEQUENCE { ... }. This is inconsistent with the X.509 definition and it also doesn't make any sense for it to be a SEQUENCE OF. The definition of PolicyConstraints should be: PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } Also the authorityInfoAccess OID is missing in the 88 module, it should be: id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } More as I find 'em :-). -- Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla: Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/ Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit: Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26263 for ietf-pkix-bks; Thu, 17 Sep 1998 14:47:40 -0700 (PDT) Received: from atlantic.valicert.com (qmailr@old-atlantic.valicert.com [209.185.6.135]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA26259 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 14:47:39 -0700 (PDT) Received: (qmail 2737 invoked from network); 17 Sep 1998 21:53:34 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by 209.185.6.162 with SMTP; 17 Sep 1998 21:53:34 -0000 Message-ID: <360184DB.74788BAE@valicert.com> Date: Thu, 17 Sep 1998 14:53:31 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b2 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <199809171636.SAA17487@emeriau.edelweb.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Peter, Great catches - comments follow: Peter Sylvester wrote: > > hello, > > some remarks about the lastest OCSP draft: > > - It seems that the remarks about not knowing the public > key of an issuer are not addressed. > > It seems sufficient to ME to allow that the > hash of the issure private key MAY be a length 0 octet string, > something like that, or one might add the public > key of the OCSP responder instead. > > Thoughts? > I actually think OCVP is a bigger thing than just making the hash of the issuer's PUBLIC key NULL. That whole topic should be addressed at one shot > > - the remark > > " Response extensions may be used to > convey additional information on assertions made by the responder > regarding the status of the certificate such as positive statement > about issuance, validity, etc." > > should be removed behind all possible responses since extensions > can also be used to indicate additional interpretations for > revoked, notknown. > > > - > The response "certRequired" is returned in cases where the server > > requires the client to supply the certificate data itself in order to > > construct a response. > > This paragraph should be removed > > etc for the ASN.1 response code > certRequired (4), --Must supply certificate Agreed - will be fixed. Thanks for catching this > > - A.1.1 : "Where privacy is a > requirement, OCSP transactions exchanged using HTTP SHOULD be protected > using either TLS or SSL." > > Shouldn't the SHOULD be a MAY ? > > one could also use a VPN for example Agreed. > > Or just add 'or by lower layer protection'. > > have fun. -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23625 for ietf-pkix-bks; Thu, 17 Sep 1998 09:30:23 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23621 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 09:30:22 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id SAA27290 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 18:36:02 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id SAA11058 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 18:36:02 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id SAA17487 for ietf-pkix@imc.org; Thu, 17 Sep 1998 18:36:01 +0200 Date: Thu, 17 Sep 1998 18:36:01 +0200 Message-Id: <199809171636.SAA17487@emeriau.edelweb.fr> To: ietf-pkix@imc.org Subject: fast review of draft-ietf-pkix-ocsp-06.txt Sender: owner-ietf-pkix@imc.org Precedence: bulk hello, some remarks about the lastest OCSP draft: - It seems that the remarks about not knowing the public key of an issuer are not addressed. It seems sufficient to ME to allow that the hash of the issure private key MAY be a length 0 octet string, something like that, or one might add the public key of the OCSP responder instead. Thoughts? - the remark " Response extensions may be used to convey additional information on assertions made by the responder regarding the status of the certificate such as positive statement about issuance, validity, etc." should be removed behind all possible responses since extensions can also be used to indicate additional interpretations for revoked, notknown. - > The response "certRequired" is returned in cases where the server > requires the client to supply the certificate data itself in order to > construct a response. This paragraph should be removed etc for the ASN.1 response code certRequired (4), --Must supply certificate - A.1.1 : "Where privacy is a requirement, OCSP transactions exchanged using HTTP SHOULD be protected using either TLS or SSL." Shouldn't the SHOULD be a MAY ? one could also use a VPN for example Or just add 'or by lower layer protection'. have fun. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23589 for ietf-pkix-bks; Thu, 17 Sep 1998 09:22:26 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23585 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 09:22:25 -0700 (PDT) Received: id MAA26121; Thu, 17 Sep 1998 12:26:32 -0400 Received: by gateway id <S2S6YV9W>; Thu, 17 Sep 1998 12:23:18 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9785@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: ietf-pkix@imc.org, "'bgmiller@dc.jones.com'" <bgmiller@dc.jones.com> Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attrib utes Date: Thu, 17 Sep 1998 12:23:15 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I'm flexible on the term and have passed that on to Santosh (awaiting his reply). I see nothing wrong with scope or realm and am open to suggestion. I agree that it would be good to select a term that doesn't have a predefined meaning in the IETF. It is important to keep the definition of the specific criteria for its use as a local matter so this mechanism can be used in different environments with different criteria for the 'hints' provided by the CA to relying parties, regardless of whether relying parties choose to examine those hints or not. That, we've been in agreement on thoughout this debate, but I'm quite agreeable to a different 'less loaded' term. > ---------- > From: bgmiller[SMTP:bgmiller@dc.jones.com] > Sent: September 16, 1998 10:26 PM > To: ietf-pkix@imc.org > Subject: Re: Storage of CA Certificates in LDAP and X.500 Directory > Attributes > > > > Paul Hoffman / IMC wrote: > > > I agree with David. The word "domain" has a specific meaning in the > IETF, > > and this definition doesn't match it. Could you use "realm" instead? Or > are > > there better words? > > How about "scope"? > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23104 for ietf-pkix-bks; Thu, 17 Sep 1998 08:38:23 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23100 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 08:38:22 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id IAA17795; Thu, 17 Sep 1998 08:44:19 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <SW42KV8H>; Thu, 17 Sep 1998 08:43:56 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF5B7@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'bgmiller@dc.jones.com'" <bgmiller@dc.jones.com>, ietf-pkix@imc.org Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attrib utes Date: Thu, 17 Sep 1998 08:43:54 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I think the actual choice of word here is not the issue. You can call it "Kingdom", but the flaw in the specification persists, since the last sentence implies that the word has a definition that depends upon the personal interpretation of the implementor. This doesn't make for portable programs. I think the reason the specification needs the word is so that the spec can give guidance about when to put a cross-cert in one bucket or in another bucket. And this, if I follow the recent conversations, has to do with advice about how to do path development. (I'm stepping out on shaky ground here). *IF* we wish to say to those writing path evaluation programs: "You should look in the first bucket (caCertificates) first, and then in the second bucket" then we can give some guidance about how to populate the two buckets, which could in effect would say: You should put certificates in the appropriate bucket according to your expectation about how to optimize the path development given that clients will look in the caCertificates first. Your choice will affect efficiency, not correctness. I go back to something I remember from learning about Object-Oriented programming .... don't ask "what is it", but rather "what does it do". David Kurn Compaq Computer Corp -----Original Message----- From: bgmiller [mailto:bgmiller@dc.jones.com] Sent: Wednesday, September 16, 1998 7:27 PM To: ietf-pkix@imc.org Subject: Re: Storage of CA Certificates in LDAP and X.500 Directory Attributes Paul Hoffman / IMC wrote: > I agree with David. The word "domain" has a specific meaning in the IETF, > and this definition doesn't match it. Could you use "realm" instead? Or are > there better words? How about "scope"? Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22458 for ietf-pkix-bks; Thu, 17 Sep 1998 07:04:25 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22454 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 07:04:24 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA14218; Thu, 17 Sep 1998 10:09:50 -0400 (EDT) Message-Id: <199809171409.KAA14218@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ocsp-06.txt Date: Thu, 17 Sep 1998 10:09:49 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP Author(s) : M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams Filename : draft-ietf-pkix-ocsp-06.txt Pages : 20 Date : 16-Sep-98 This document specifies a protocol useful in determining the current status of a digital certificate without requiring CRLs. Additional mechanisms addressing PKIX operational requirements are specified in separate documents. An overview of the protocol is provided in section 3. Functional requirements are specified in section 4. Details of the protocol are in section 5. We cover security issues with the protocol in section 6. Appendix A defines OCSP over HTTP, appendix B accumulates ASN.1 syntactic elements and appendix C specifies the mime types for the messages. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document (in uppercase, as shown) are to be interpreted as described in [RFC2119]. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ocsp-06.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ocsp-06.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ocsp-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980916113902.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ocsp-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ocsp-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980916113902.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA29190 for ietf-pkix-bks; Wed, 16 Sep 1998 19:24:20 -0700 (PDT) Received: from dc.jones.com (dc.jones.com [206.156.0.9]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA29186 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 19:24:18 -0700 (PDT) Received: from dc.jones.com (cm0714h.jones.com [208.159.209.173]) by dc.jones.com (8.8.8/8.8.8) with ESMTP id WAA19170 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 22:27:11 -0400 (EDT) Message-ID: <3600735C.98A336F8@dc.jones.com> Date: Wed, 16 Sep 1998 22:26:37 -0400 From: bgmiller <bgmiller@dc.jones.com> Reply-To: bgmiller@dc.jones.com Organization: Jones Internet Channel X-Mailer: Mozilla 4.05 [en]C-JIC-DC (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: Storage of CA Certificates in LDAP and X.500 Directory Attributes References: <199809162243.PAA27828@mail.proper.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Paul Hoffman / IMC wrote: > I agree with David. The word "domain" has a specific meaning in the IETF, > and this definition doesn't match it. Could you use "realm" instead? Or are > there better words? How about "scope"? Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA27832 for ietf-pkix-bks; Wed, 16 Sep 1998 15:43:37 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id PAA27828 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 15:43:36 -0700 (PDT) Message-Id: <199809162243.PAA27828@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 16 Sep 1998 15:49:01 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attributes In-Reply-To: <418B8B7ACE69D111879B00805F6F281DFFF5AE@exccup-25006.mis.ta ndem.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 03:22 PM 9/16/98 -0700, Kurn, David wrote: >I still think the use of "domain" is very confusing, and should be removed >from the text. I agree with David. The word "domain" has a specific meaning in the IETF, and this definition doesn't match it. Could you use "realm" instead? Or are there better words? --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA27652 for ietf-pkix-bks; Wed, 16 Sep 1998 15:16:39 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA27648 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 15:16:38 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id PAA23758; Wed, 16 Sep 1998 15:22:29 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <SW42KM98>; Wed, 16 Sep 1998 15:22:04 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF5AE@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, ietf-pkix@imc.org Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attrib utes Date: Wed, 16 Sep 1998 15:22:03 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I still think the use of "domain" is very confusing, and should be removed from the text. -----Original Message----- From: Santosh Chokhani [mailto:chokhani@cygnacom.com] Sent: Wednesday, September 16, 1998 2:23 PM To: ietf-pkix@imc.org Subject: Storage of CA Certificates in LDAP and X.500 Directory Attributes Based on the pkix co-chair request, Sharon and I jointly propose the following text: "The cACertificate attribute of a CA's directory entry shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward elements of the crossCertificatePair attribute of a CA's directory entry shall be used to store all certificates issued to this CA, which are not self-issued. Optionally, the reverse elements of the crossCertificatePair attribute, of a CA's directory entry may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present in a single attribute value, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. When a reverse element is present, the forward element value and the reverse element value need not be stored in the same attribute value; in other words, they can be stored in either a single attribute value or two attribute values. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. Santosh Chokhani CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA. 22102 (703) 848-0883 (voice) (703) 848-0960 (fax) chokhani@cygancom.com http://www.cygnacom.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA27294 for ietf-pkix-bks; Wed, 16 Sep 1998 14:18:03 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA27290 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 14:18:00 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7T51TK>; Wed, 16 Sep 1998 17:22:56 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1AAE@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: ietf-pkix@imc.org Subject: Storage of CA Certificates in LDAP and X.500 Directory Attributes Date: Wed, 16 Sep 1998 17:22:55 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Based on the pkix co-chair request, Sharon and I jointly propose the following text: "The cACertificate attribute of a CA's directory entry shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward elements of the crossCertificatePair attribute of a CA's directory entry shall be used to store all certificates issued to this CA, which are not self-issued. Optionally, the reverse elements of the crossCertificatePair attribute, of a CA's directory entry may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present in a single attribute value, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. When a reverse element is present, the forward element value and the reverse element value need not be stored in the same attribute value; in other words, they can be stored in either a single attribute value or two attribute values. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. Santosh Chokhani CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA. 22102 (703) 848-0883 (voice) (703) 848-0960 (fax) chokhani@cygancom.com http://www.cygnacom.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA12601 for ietf-pkix-bks; Tue, 15 Sep 1998 10:46:56 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA12597 for <ietf-pkix@imc.org>; Tue, 15 Sep 1998 10:46:55 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id KAA01587; Tue, 15 Sep 1998 10:50:19 -0700 (PDT) Received: from wford-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id KAA14084; Tue, 15 Sep 1998 10:52:08 -0700 (PDT) Message-Id: <3.0.32.19980915134441.0129cf5c@mail.verisign.com> X-Sender: wford@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 15 Sep 1998 13:52:32 -0700 To: ietf-pkix@imc.org From: Warwick Ford <wford@verisign.com> Subject: Schema Straw Poll Closure Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Well, thank you all for the enthusiastic balloting and commenting. Steve and I have at last managed to synch up, and here is how we interpret the Straw Poll result. There was no clear concensus winner in either Option 1 or Option 2. There was significant support for both options, at least on the basis of installed product, plus various positions on technical grounds. We clearly need to accommodate the requirements of option 1 supporters by permitting the population of the cACertificate attribute with self-issued certificates and certificates issued by another CA to this CA within the context of a locally defined domain. In fairness to all, we feel we should also accommodate the requirement of option 2 supporters to have all certificates issued by CAs to this CA (which are placed in the subject CA entry at all), regardless of the definition of domain, populated in the crossCertificatePair attribute forward element. As secondary points, there appears to be consensus that population of the reverse element is always optional. Text regarding optional, mutual cross-certification also needs to be finalized but this will hopefully not be contentious. This resolution should allow relying parties to operate under either option successfully; the main negative in this resolution seems to be that, in option 1 environments, there would necessarily be some duplication of data in the directory. This essentially means a compromise that hopefully all parties can live with, although we know it will not go down in history as the most brilliant technical decision of all time. In the absence of violent objections, we propose that Sharon and Santosh jointly craft text that follows this resolution, and that we seek to close debate on this topic ASAP. Warwick --------------------------------------------------------------------- Warwick Ford, VeriSign, Inc., Tel (781)2456996 x225; Fax (781)2456006 wford@verisign.com; 301 Edgewater Pl, Suite 210, Wakefield, MA 01880 --------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA11380 for ietf-pkix-bks; Tue, 15 Sep 1998 08:56:25 -0700 (PDT) Received: from firewall.globeset.com (root@firewall.globeset.com [207.239.133.67]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA11376 for <ietf-pkix@imc.org>; Tue, 15 Sep 1998 08:56:24 -0700 (PDT) Received: from drought.globeset.com (trevor@drought.globeset.com [10.1.192.39]) by firewall.globeset.com (8.9.0/8.9.0) with ESMTP id LAA26296 for <ietf-pkix@imc.org>; Tue, 15 Sep 1998 11:02:08 -0500 (CDT) Received: (from trevor@localhost) by drought.globeset.com (8.7.6/8.7.3) id LAA27450; Tue, 15 Sep 1998 11:02:03 -0500 From: Trevor Sosebee <trevor@globeset.com> Date: Tue, 15 Sep 1998 11:02:01 -0500 (CDT) To: ietf-pkix@imc.org Subject: UTF8String definition in PKIX-3 X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <13822.36613.678919.467432@drought> Mime-Version: 1.0 (generated by tm-edit 7.108) Content-Type: text/plain; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk In PKIX-3, UTF8String is defined as UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING. I was wondering I someone could point me to the version of X.680 where UTF8String is defined. Thanks, Trevor Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA14487 for ietf-pkix-bks; Mon, 14 Sep 1998 21:23:34 -0700 (PDT) Received: from typhoon.dstc.qut.edu.au (root@typhoon.dstc.qut.edu.au [131.181.71.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA14482; Mon, 14 Sep 1998 21:23:30 -0700 (PDT) Received: from dstc.qut.edu.au (tornado.dstc.qut.edu.au [131.181.71.3]) by typhoon.dstc.qut.edu.au (8.8.5/8.8.5) with ESMTP id OAA08287; Tue, 15 Sep 1998 14:29:04 +1000 (EST) Message-Id: <199809150429.OAA08287@typhoon.dstc.qut.edu.au> X-Mailer: exmh version 2.0.2 2/24/98 To: Paul Hoffman / IMC <phoffman@imc.org> cc: ietf-pkix@imc.org Subject: Re: Testing the ASN.1 in Part 1 In-reply-to: Your message of "Mon, 14 Sep 1998 08:36:12 MST." <199809141530.IAA08890@mail.proper.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 15 Sep 1998 14:29:01 +1000 From: Dean Povey <povey@dstc.qut.edu.au> Sender: owner-ietf-pkix@imc.org Precedence: bulk >Anyone who plans to get around to checking the ASN.1 after part 1 becomes >an RFC: could you do it now instead? This would be a great help to us all. >Thanks! > *grr* I was putting this off :-) I am using the 88ish syntax PKIX1Explicit88 parses fine, but there are stuff ups in the imports in PKIX1Implicit88 To the IMPORTS section in PKIX1Implicit88 add the following: id-pkix, BMPString, UniversalString, UTF8String And delete the following two redundant definitions: id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } Other than that it looks like so far so good. I'll have to do some more work until this is fully tested. -- Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla: Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/ Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit: Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA09835 for ietf-pkix-bks; Mon, 14 Sep 1998 10:17:45 -0700 (PDT) Received: from mail-out2.apple.com (mail-out2.apple.com [17.254.0.51]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA09830; Mon, 14 Sep 1998 10:17:43 -0700 (PDT) Received: from mailgate.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out2.apple.com (8.8.5/8.8.5) with ESMTP id KAA43924; Mon, 14 Sep 1998 10:19:03 -0700 Received: from scv1.apple.com (scv1.apple.com) by mailgate.apple.com (mailgate.apple.com - SMTPRS 2.0.15) with ESMTP id <B0002256729@mailgate.apple.com>; Mon, 14 Sep 1998 10:18:56 -0700 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv1.apple.com (8.8.5/8.8.5) with ESMTP id KAA10684; Mon, 14 Sep 1998 10:18:55 -0700 Message-Id: <199809141718.KAA10684@scv1.apple.com> X-Mailer: Microsoft Outlook Express for Macintosh - 4.01 (295) Date: Mon, 14 Sep 1998 10:18:54 -0700 Subject: Re: Testing the ASN.1 in Part 1 From: "Aram Perez" <aram@apple.com> To: "Paul Hoffman / IMC" <phoffman@imc.org>, ietf-pkix@imc.org MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Paul, Check the web site of Open Systems Solutions (http://www.oss.com). They do free ASN.1 syntax checking for groups such as IETF. Regards, Aram Perez Apple Computer, Inc. >Greetings, all. I know that all this discussion of LDAP is fascinating, but >I'd like to come back to draft-ietf-pkix-ipki-part1 for a second. It is in >IESG last call, almost ready (we hope) to become an RFC. Tim has just made >minor tweaks to it (it is now -10.txt), and we're almost there. > >Has anyone tested the full ASN.1 in part 1 lately? Given the anti-ASN.1 >sentiment in the IETF, it would be Very Embarassing if we got an RFC and >had to revise it due to an ASN.1 error. Worse yet, it would be bad if there >was an error and two implementors did different things to get around it. > >Anyone who plans to get around to checking the ASN.1 after part 1 becomes >an RFC: could you do it now instead? This would be a great help to us all. >Thanks! > >--Paul Hoffman, Director >--Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA09714 for ietf-pkix-bks; Mon, 14 Sep 1998 10:03:42 -0700 (PDT) Received: from atlantic.valicert.com (qmailr@old-atlantic.valicert.com [209.185.6.135]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA09709 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 10:03:41 -0700 (PDT) Received: (qmail 6298 invoked from network); 14 Sep 1998 17:09:19 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 14 Sep 1998 17:09:19 -0000 Message-ID: <35FD4DD3.C7E6F4F4@valicert.com> Date: Mon, 14 Sep 1998 10:09:39 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Andreas Berger <aberger@darmstadt.gmd.de> CC: pkix <ietf-pkix@imc.org> Subject: Re: OCSP ASN.1 comments References: <35FD13B7.DE69F00D@darmstadt.gmd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Andreas, Thanks for the comment - it has already been fixed. Regards, Ambarish Andreas Berger wrote: > > Hi, > > I am forwarding here parts of a comment of Mr. Thomas Garnatz, Security > Networks GmbH: > > There is a context sensitive coding in ResponseData and ResponderID > > ResponseData ::= SEQUENCE { > version [0] EXPLICIT Version DEFAULT v1, > reponderID ResponderID, > ... > } > > ResponderID ::= CHOICE { > byName [0] Name, > byKey [1] KeyHash > } > > Since the version field is optional (i.e. not present for version 1) it > is not very easy to distinguish between version (explicit [0]) and > byName [0]. The suggested idea is to either remove the DEFAULT or not to > use [0] for byName. > > I hope I got the translation right and made some sense to the ASN.1 > gurus (myself not being one). > > Andreas Berger > -- > Fifty-three percent of Fortune 1000 executives think the > Arch Deluxe is something that helps to run a computer. > -- Jericho Communications -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA08894 for ietf-pkix-bks; Mon, 14 Sep 1998 08:30:53 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA08890 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 08:30:52 -0700 (PDT) Message-Id: <199809141530.IAA08890@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Mon, 14 Sep 1998 08:36:12 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Testing the ASN.1 in Part 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Greetings, all. I know that all this discussion of LDAP is fascinating, but I'd like to come back to draft-ietf-pkix-ipki-part1 for a second. It is in IESG last call, almost ready (we hope) to become an RFC. Tim has just made minor tweaks to it (it is now -10.txt), and we're almost there. Has anyone tested the full ASN.1 in part 1 lately? Given the anti-ASN.1 sentiment in the IETF, it would be Very Embarassing if we got an RFC and had to revise it due to an ASN.1 error. Worse yet, it would be bad if there was an error and two implementors did different things to get around it. Anyone who plans to get around to checking the ASN.1 after part 1 becomes an RFC: could you do it now instead? This would be a great help to us all. Thanks! --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA07863 for ietf-pkix-bks; Mon, 14 Sep 1998 05:56:23 -0700 (PDT) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA07859 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 05:56:15 -0700 (PDT) Received: from darmstadt.gmd.de (aberger@pc-turin [141.12.33.71]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id PAA27331 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 15:01:21 +0200 (MET DST) Message-ID: <35FD13B7.DE69F00D@darmstadt.gmd.de> Date: Mon, 14 Sep 1998 15:01:43 +0200 From: Andreas Berger <aberger@darmstadt.gmd.de> X-Mailer: Mozilla 4.05 [en] (X11; I; Linux 2.0.30 i586) MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: OCSP ASN.1 comments Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, I am forwarding here parts of a comment of Mr. Thomas Garnatz, Security Networks GmbH: There is a context sensitive coding in ResponseData and ResponderID ResponseData ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, reponderID ResponderID, ... } ResponderID ::= CHOICE { byName [0] Name, byKey [1] KeyHash } Since the version field is optional (i.e. not present for version 1) it is not very easy to distinguish between version (explicit [0]) and byName [0]. The suggested idea is to either remove the DEFAULT or not to use [0] for byName. I hope I got the translation right and made some sense to the ASN.1 gurus (myself not being one). Andreas Berger -- Fifty-three percent of Fortune 1000 executives think the Arch Deluxe is something that helps to run a computer. -- Jericho Communications Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA06297 for ietf-pkix-bks; Sat, 12 Sep 1998 15:22:49 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA06293 for <ietf-pkix@imc.org>; Sat, 12 Sep 1998 15:22:48 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id AAA01228; Sun, 13 Sep 1998 00:28:21 +0200 (CEST) Received: from stefans (t1o68p15.telia.com [62.20.138.15]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id AAA03222; Sun, 13 Sep 1998 00:28:10 +0200 (CEST) Message-Id: <3.0.32.19980913002508.00a62ae0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sun, 13 Sep 1998 00:25:48 +0200 To: Mike Smith <mfsmith@zionsbank.com>, ietf-pkix@imc.org From: Stefan Santesson <stefan@accurata.se> Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id PAA06294 Sender: owner-ietf-pkix@imc.org Precedence: bulk Mike, First of all. I truly hope that I didn't offend you with my remark. I certainly didn't want that. Yes, the problem you raise is both real and relevant. I just don't share the same belief in automation through policy definition codings in certificate extensions. I do believe that it MAY work sufficient in a fairly closed environment where one organization has the control over interpretations and implementations. But international standard, no way. Actually I believe that the policy OID in certificates may serve automation just fine in real life. If trust automation is developing to be an competitive edge in a certain community, then CA:s will try to adopt to well known policies and indicate them in the certificates. So in that case there will just be a limited space of policy OID:s to consider. Whether this will happen or not is up to the market but the market sure has the tools needed if there is money to be made through interoperability. Over specifying things before the true need has emerged is always dangerous. And I'm sorry to say that we Europeans have some quite extensive experiences along that line. /Stefan At 10:11 AM 9/11/98 -0600, Mike Smith wrote: >OK, the quagmire consensus is taken for what it is. I first proposed enhancing automating some trust decisions using a new extension, then using the existing policy qualifier. The overwhelming response from people whose comments I respect is that we should consider the policy OID sufficient. > >If this is to be technological solution for automated processing, then we need to step backwards a few years and look at the definition of "to process" with regard to the actual CPS that the OID points towards. > >Maybe the old PKIX 1 needs to be restructured to retain its contents and menaing, but to specify a parsable structure and standardize (define rigidly) the terms used in the policies and practices or concept of operations (whatever people are using the OID to point towards). > >The goal here is not to reopen old wounds or pull people into yet another quagmire (my cletic genetics may predispose me to jumping inot bogs, however). The question that folks seem to be attemoting to address is the automation of trust domains. > >The feedback I get is not really "you are off track", but that "the problem is too big to solve", or that this group is incapable of solving this problem in a timely manner. > >I disagree. This group is comprised of the most experienced and, IMO, brightest technologists in the industry. > >So, I pose the question to the best and brightest: How do you suggest, then that we automate domain or trust processing? > >I think I know how we are going to operate across domains of trust in the finanical industry. I suggest that we in the IETF apply our great resources building AUTOMATED systems that have a high assurance of working together across the Internet. > >If, as some have suggested , I need to write a draft covering these issues, I am up for that (if Warwick and Stephen think it is worth the group's time). > >Michael > >>>> Stefan Santesson <stefan@accurata.se> 09/11 8:44 AM >>> >****************** InterScan Message (on zbc2) > >noname is scanned and no virus found >********************************************************* > ! >! > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA06115 for ietf-pkix-bks; Sat, 12 Sep 1998 14:23:54 -0700 (PDT) Received: from mail.spyrus.com.au (fwuser@[203.37.128.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA06111 for <ietf-pkix@imc.org>; Sat, 12 Sep 1998 14:23:47 -0700 (PDT) Message-ID: <A1019E9C2D34D211A501006008C2045001BF66@MAIL> From: Charles Moore <cmoore@spyrus.com.au> To: "'Peter Lipp'" <Peter.Lipp@iaik.tu-graz.ac.at>, Paul Koning <pkoning@xedia.com>, mfsmith@zionsbank.com Cc: ietf-pkix@imc.org Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Sun, 13 Sep 1998 07:31:56 +1000 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk All, we ( Australian National Standards Group) have been working on a simular problem. I.e how does a relying party know what evidence of Identity that the RA/CA makes a statement about when performing the registration process. There are assocaited issues, but lets start with this one. We have a working draft that proposes the use of a policy qualifier as below: pkaf-policy-Identification CERT-POLICY-QUALIFIER ::= { POLICY-QUALIFIER-ID id-pkaf-policy-Identification QUALIFIER-TYPE Identification } Identification ::= BIT STRING { driversLicense (0), passport (1), creditCard (2), organisationIDBadge (3), governmentIDBadge (4), articlesOfIncorp (5), companySeal (6), notarizedDoc (7), biometricThumb (8), biometricVoice (9), biometricFace (10), biometricRetina (11) } We have not used A CP ( or any reference to a CPS) alone to do this as experience is that within a given policy there is no direct mapping to the level of identification needed. Identification is not the driver for a CP or CPS, but rather a qualifier of these. Hope this assists the discussion. Regards Charles Moore SPYRUS Pty Ltd Phone: +61 73 256 7465, Extension 101 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA23955 for ietf-pkix-bks; Fri, 11 Sep 1998 12:52:46 -0700 (PDT) Received: from iaik.tu-graz.ac.at (archimedes.iaik.tu-graz.ac.at [129.27.234.31]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA23951 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 12:52:44 -0700 (PDT) Received: from plipp [129.27.239.102] by iaik.tu-graz.ac.at (SMTPD32-4.06) id A0D22800C6; Fri, 11 Sep 1998 21:58:10 +03d00 From: "Peter Lipp" <Peter.Lipp@iaik.tu-graz.ac.at> To: "Paul Koning" <pkoning@xedia.com>, <mfsmith@zionsbank.com> Cc: <ietf-pkix@imc.org> Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Fri, 11 Sep 1998 21:59:08 +0200 Message-ID: <000001bdddbe$a311f630$0a03a8c0@plipp.iaik.tu-graz.ac.at> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 In-Reply-To: <199809111807.OAA28256@tonga.xedia.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk > I very much doubt that a mapping from natural language legal > terminology to formal logic will be defined anytime in the next 10 > years. Come to think of it, thinking of Goedel makes me wonder if > it's even theoretically possible. But that would not be necessary. I could well imagine defining a set of attributes describing the most important elements of such statements like ... passport needed .... ... anything that looks like an ID with photo sufficient ... ... we don't check anything at all .... or things like that. The problem I see is in all cases the trust into the truthfulness of such statements - it does not help anybody if my machine can verify that indeed the CA claims to having seen a passport if I don't trust the CA not to lie in the first place. This needs checks by myself or trusted representatives in any case, and no formal logic will help. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA23179 for ietf-pkix-bks; Fri, 11 Sep 1998 11:32:59 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA23175 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 11:32:58 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Fri, 11 Sep 1998 12:33:29 -0600 Message-Id: <s5f91899.098@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 11 Sep 1998 12:33:22 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: pkoning@xedia.com Cc: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk I think you've got it. As far as being ahead of state of the art, I've been in meetings with many of the folks on this list several years ago when the same issues of parsing the CPS in order to automate were brought up. By the way, I was not suggesting parsing a free-form CPS, but structuring the CPS for automated processing, which might need then both a human and machine readable form or sections of the same CPS. The saying goes (Warren Miller, Ski Film producer): "If you don't do it now, You'll only be another year older when you do". Michael >>> Paul Koning <pkoning@xedia.com> 09/11 12:07 PM >>> >>>>> "Mike" == Mike Smith <mfsmith@zionsbank.com> writes: Mike> ...Maybe the old PKIX 1 needs to be restructured to retain its Mike> contents and menaing, but to specify a parsable structure and Mike> standardize (define rigidly) the terms used in the policies and Mike> practices or concept of operations (whatever people are using Mike> the OID to point towards). Mike> ...The feedback I get is not really "you are off track", but that Mike> "the problem is too big to solve", or that this group is Mike> incapable of solving this problem in a timely manner. Mike> I disagree. This group is comprised of the most experienced Mike> and, IMO, brightest technologists in the industry. Mike> So, I pose the question to the best and brightest: How do you Mike> suggest, then that we automate domain or trust processing? I think the question you pose is not a little, but vastly beyond the state of the art. As I understand it, the goal you're posing is: define a way for the CA to encode into the cert information that the relying party can use to decide whether the subject of that cert was authenticated by means strong enough to be satisfactory to the relying party. A somewhat analogous question (though not applicable to a particular cert) is whether the CA's CPS is strong enough for the relying party. It seems to me that this latter question is one you drop onto your company's lawyer to settle. It involves parsing natural language (well, anyway, legal language) to see what it means, and whether that meaning is satisfactory to your corporate requirements. I very much doubt that a mapping from natural language legal terminology to formal logic will be defined anytime in the next 10 years. Come to think of it, thinking of Goedel makes me wonder if it's even theoretically possible. The above would seem to be just as applicable to the cert subject authentication statement as it is to the CPS. After all, the authentication used in creating a particular cert is basically just the application of the CPS to that particular subject. paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA22902 for ietf-pkix-bks; Fri, 11 Sep 1998 11:03:49 -0700 (PDT) Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA22898 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 11:03:48 -0700 (PDT) Received: from xedia.com by relay3.UU.NET with SMTP (peer crosschecked as: madway.xedia.com [198.202.232.199]) id QQfgke24932; Fri, 11 Sep 1998 14:07:44 -0400 (EDT) Received: from tonga.xedia.com by xedia.com (4.1/SMI-4.1) id AA26501; Fri, 11 Sep 98 14:06:53 EDT Received: by tonga.xedia.com (SMI-8.6/SMI-SVR4) id OAA28256; Fri, 11 Sep 1998 14:07:42 -0400 Date: Fri, 11 Sep 1998 14:07:42 -0400 Message-Id: <199809111807.OAA28256@tonga.xedia.com> From: Paul Koning <pkoning@xedia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: mfsmith@zionsbank.com Cc: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication References: <s5f8f745.021@zionsbank.com> X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs Lucid Sender: owner-ietf-pkix@imc.org Precedence: bulk >>>>> "Mike" == Mike Smith <mfsmith@zionsbank.com> writes: Mike> ...Maybe the old PKIX 1 needs to be restructured to retain its Mike> contents and menaing, but to specify a parsable structure and Mike> standardize (define rigidly) the terms used in the policies and Mike> practices or concept of operations (whatever people are using Mike> the OID to point towards). Mike> ...The feedback I get is not really "you are off track", but that Mike> "the problem is too big to solve", or that this group is Mike> incapable of solving this problem in a timely manner. Mike> I disagree. This group is comprised of the most experienced Mike> and, IMO, brightest technologists in the industry. Mike> So, I pose the question to the best and brightest: How do you Mike> suggest, then that we automate domain or trust processing? I think the question you pose is not a little, but vastly beyond the state of the art. As I understand it, the goal you're posing is: define a way for the CA to encode into the cert information that the relying party can use to decide whether the subject of that cert was authenticated by means strong enough to be satisfactory to the relying party. A somewhat analogous question (though not applicable to a particular cert) is whether the CA's CPS is strong enough for the relying party. It seems to me that this latter question is one you drop onto your company's lawyer to settle. It involves parsing natural language (well, anyway, legal language) to see what it means, and whether that meaning is satisfactory to your corporate requirements. I very much doubt that a mapping from natural language legal terminology to formal logic will be defined anytime in the next 10 years. Come to think of it, thinking of Goedel makes me wonder if it's even theoretically possible. The above would seem to be just as applicable to the cert subject authentication statement as it is to the CPS. After all, the authentication used in creating a particular cert is basically just the application of the CPS to that particular subject. paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA22010 for ietf-pkix-bks; Fri, 11 Sep 1998 09:16:19 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA22006 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 09:16:18 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Fri, 11 Sep 1998 10:16:48 -0600 Message-Id: <s5f8f890.088@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 11 Sep 1998 10:16:37 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk OK, the quagmire consensus is taken for what it is. I first proposed automating some trust decisions using a new extension, then using the existing policy qualifier. The overwhelming response from people whose comments I respect is that we should consider the policy OID sufficient. If this is to be the technological solution for automated processing, then we need to step backwards a few years and look at the definition of "to process" with regard to the actual CPS that the OID points towards. Maybe the old PKIX 1 needs to be restructured to retain its contents and meaning, but to specify a parsable structure and standardize (define rigidly) the terms used in the policies , practices or concept of operations (whatever people are using the OID to point towards). The goal here is not to reopen old wounds or pull people into yet another quagmire (my Celtic genetics may predispose me to jumping inot bogs, however). The question that folks seem to be attempting to address is the automation of trust domains. The feedback I get is not really "you are off track", but that "the problem is too big to solve", or that this group is incapable of solving this problem in a timely manner. I disagree. This group is comprised of the most experienced and, IMO, brightest technologists in the industry. So, I pose the question to the best and brightest: How do you suggest, then, that we automate domain or trust processing? I think I know how we are going to operate across domains of trust in the finanical industry. I suggest that we in the IETF apply our great resources building AUTOMATED systems that have a high assurance of working together across the Internet. If, as some have suggested , I need to write a draft covering these issues, I am up for that (if Warwick and Stephen think it is worth the group's time). Michael >>> Stefan Santesson <stefan@accurata.se> 09/11 8:44 AM >>> ****************** InterScan Message (on zbc2) noname is scanned and no virus found ********************************************************* Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA21953 for ietf-pkix-bks; Fri, 11 Sep 1998 09:10:26 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA21948 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 09:10:25 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Fri, 11 Sep 1998 10:11:17 -0600 Message-Id: <s5f8f745.021@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 11 Sep 1998 10:11:04 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk OK, the quagmire consensus is taken for what it is. I first proposed enhancing automating some trust decisions using a new extension, then using the existing policy qualifier. The overwhelming response from people whose comments I respect is that we should consider the policy OID sufficient. If this is to be technological solution for automated processing, then we need to step backwards a few years and look at the definition of "to process" with regard to the actual CPS that the OID points towards. Maybe the old PKIX 1 needs to be restructured to retain its contents and menaing, but to specify a parsable structure and standardize (define rigidly) the terms used in the policies and practices or concept of operations (whatever people are using the OID to point towards). The goal here is not to reopen old wounds or pull people into yet another quagmire (my cletic genetics may predispose me to jumping inot bogs, however). The question that folks seem to be attemoting to address is the automation of trust domains. The feedback I get is not really "you are off track", but that "the problem is too big to solve", or that this group is incapable of solving this problem in a timely manner. I disagree. This group is comprised of the most experienced and, IMO, brightest technologists in the industry. So, I pose the question to the best and brightest: How do you suggest, then that we automate domain or trust processing? I think I know how we are going to operate across domains of trust in the finanical industry. I suggest that we in the IETF apply our great resources building AUTOMATED systems that have a high assurance of working together across the Internet. If, as some have suggested , I need to write a draft covering these issues, I am up for that (if Warwick and Stephen think it is worth the group's time). Michael >>> Stefan Santesson <stefan@accurata.se> 09/11 8:44 AM >>> ****************** InterScan Message (on zbc2) noname is scanned and no virus found ********************************************************* Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA21226 for ietf-pkix-bks; Fri, 11 Sep 1998 08:01:51 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA21222 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 08:01:49 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id LAA27778; Fri, 11 Sep 1998 11:05:58 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35F93C79.E50E1015@chromatix.com> Date: Fri, 11 Sep 1998 11:06:33 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Denis.Pinkas@bull.net CC: Santosh Chokhani <chokhani@cygnacom.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population References: <51BF55C30B4FD1118B4900207812701E1B1A60@WUHER> <35F96A8E.6C3A@bull.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Dennis, See comments below. Denis Pinkas wrote: > > Santosh, > > Here is my answer to your question. > > > Denis: > > > I agree with you. Clarification of the text is easy. > > ??? > > > However, I have a > > question. Must a certificate issued to a CA appear in the forward > > element, caCertificate or can it be missing altogether? > > "MUST" is the wrong verb. A certificate issued by another CA is not > mandated to be present at all. It MAY be present. > > Let me now re-phrase your question: May a certificate issued to a CA by > another CA appear in the forward element, caCertificate or can it be > missing altogether? > > My answer is the following: It may only appear in the forward element of > a crossCertificatePair. > > I was quite happy (and still am I !) with the original text. I still > wonder with the rational of the two buckets. > The problem with the original text is that it breaks the implementations that used the certificationAuthority-V2 object class. That object class stated the caCertificate was mandatory. This has been established and accepted, therefore the original text is not an option anymore. We have heard arguments from both sides for option 1 and option 2. Each of which have their own pros and cons. I suggest we stick with those two options and move forward. Furthermore, Santosh has submitted strong technical arguments for the two bucket approach. The two bucket approach allows you to logically distinguish between two types of CA Certs without mandating that a CA define its policies with respect to bucket population. If the CA publishes it in the "wrong" bucket it will NOT compromise security and it will NOT cause a denial of service, as long as clients look at both attributes. It lead to inefficient path construction in the worst case, but that's a given if you have a one bucket approach. Another issue is the duplication of certificates. After profiling at least one directory server we know that performance degrades after an entry reaches a certain size. In other words you can usually get excellent sub second response time out of a server ( in fact many responses per second ) if the entry stays small. As the entry grows in size, the response gets slower. We have tested with entries up to several megabytes in size and have proved this. Additionally, many companies still use small pipes for their network infrastructure, and those pipes can be easily saturated. We should make a conscious decision to attempt to minimize the amount of data a client will retrieve from a single entry while satisfying both option 1 and option 2 proponents. > Up to now, none of the arguments about the notion of "local domain" has > proven to be non-controversy. If the notion of local domain is important > (I still wonder about it), there might be a different way to look at the > issue. LDAPv2 allows to query any server that offers that interface, so > different set of queries could be considered: > > 1) Queries made to one or more local domain servers, > 2) Queries made to one or more public domain servers. > > As the name indicates it, local domain servers may not be publicly > accessible, e.g. protected by firewalls or some other access control > methods. Local domain servers would publish only what is relevant for > their notion of local domain. They must publish everything that is > relevant. > > Public domain servers would have no notion of "local domain". They must > publish everything certificate that is pertinent to a CA entry that they > publish. If entries for CA1, CA4 and CA5 are present, then all > certificates issued by these CAs must be present and all > cross-certificates, if any, between these CAs must also be present. > However, a cross-certificate issued by the CA 7 for the CA 1 would not > need to be present. Are you saying the schema/or the DIT structure will be different for a CA in a public directory vs a private directory? If so, I think we are going down a dangerous path. Given a globally unique DN why would you want to do this? Dave Horvath > > Denis > > > I think the text in terms of saying that the forward element need not be > > present in all cases is easy. > > > > > -----Original Message----- > > > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > > > Sent: Wednesday, September 09, 1998 8:44 PM > > > To: Santosh Chokhani > > > Cc: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: Re: forward & reverse elements - population > > > > > > Santosh, > > > > > > Your new proposed text does not address my concern correctly. > > > > > > For a crossCertificatePair Attribute, either the forward element only > > > MAY be present, or the reverse element only MAY be present, or the > > > reverse and the forward elements may be both present. > > > > > > Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward > > > element > > > shall not be mandated to be present in a crossCertificatePair > > > Attribute. > > > > > > Denis > > > > > > > Sharon: > > > > > > > I can agree to the following text for the two option instead. > > > Please > > > > note that I have further clarified cross-certificate by tying the DN > > > and > > > > public keys. > > > > > > > > I think the following texts are consistent with and further > > > > clarifications of the two options. > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > > particular CA's directory entry, shall be used to store certificates > > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > > element of the crossCertificatePair attribute, held in a particular > > > CA's > > > > directory entry, may contain a subset of certificates issued by this > > > CA > > > > to other CAs. When both the forward and the reverse elements are > > > > present, issuer name in one certificate shall match the subject name > > > in > > > > the other and vice versa, and the subject public key in one > > > certificate > > > > shall be capable of verifying the digital signature on the other > > > > certificate and vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA certificates > > > shall > > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > > particular CA's directory entry, shall be used to store all > > > certificates > > > > issued to this CA. Optionally, the reverse element of the > > > > crossCertificatePair attribute, held in a particular CA's directory > > > > entry, may contain a subset of certificates issued by this CA to > > > other > > > > CAs. When both the forward and the reverse elements are present, > > > issuer > > > > name in one certificate shall match the subject name in the other > > > and > > > > vice versa, and the subject public key in one certificate shall be > > > > capable of verifying the digital signature on the other certificate > > > and > > > > vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA certificates > > > shall > > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > -----Original Message----- > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > [] I agree. I do not have problem with the following > > > language. > > > > > > " A certificate issued to a CA by another shall be stored either > > > in > > > > > the > > > > > > caCertificate or forward component of crossCertificatePair > > > attribute > > > > > of > > > > > > the subject CA. Optionally, a subset of certificates issued by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA." > > > > > > > > > > > > Please note that to me subset includes none, some, or all. > > > If > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > Santosh, the only issue I have with this text is that (at least > > > with > > > > > the > > > > > rationale behind option 2) any cert that appears in the > > > cACertificate > > > > > attribute of a given CA > > > > > entry, should also appear in the crossCertificatePair attribute in > > > the > > > > > same > > > > > CA entry. > > > > > What about deleting the reference to the cACertificate attribute > > > from > > > > > your > > > > > text and proposing this as new text just for the > > > crossCertificatePair > > > > > attribute? > > > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > > together > > > > > in the > > > > > mutual case, so we should also consider adding the last paragraph > > > of > > > > > the > > > > > text David proposed for that. > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > > > forward component of crossCertificatePair attribute of > > > > > > the subject CA. Optionally, a subset of certificates issued by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA. When both elements are present in the same > > > value, > > > > > the > > > > > > value shall represent a mutual cross-certification of the two > > > CAs. " > > > > > > > > > > > If we can come to consensus on that attribute, then let's see what > > > we > > > > > can do > > > > > with the cACertificate attribute text. > > > > > > > > > > I agree with your view on what a subset is and I think that same > > > > > definition > > > > > would apply to the contents of the cACertificate attribute as a > > > subset > > > > > of > > > > > the crossCertificatePair forward elements in option 2. > > > > > > -- > > > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > > > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > > > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21102 for ietf-pkix-bks; Fri, 11 Sep 1998 07:41:23 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21098 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 07:41:22 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id QAA00126 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 16:46:47 +0200 (MET DST) Received: from stefans (t2o68p33.telia.com [62.20.138.153]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id QAA11065 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 16:46:46 +0200 (CEST) Message-Id: <3.0.32.19980911164344.00996d60@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 11 Sep 1998 16:44:21 +0200 To: <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA21099 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is really fascinating. When I read the proposal for a new extension I said to my self: Good this man i brave. I wonder how many seconds he will live before he is gunned down. Not because the idea is stupid. Just because of the obvious "quagmire" syndrome. I have recently studied one extensive trial to specify such extensions and I just want to join to the consensus here. - This is a quagmire and not suited for standardization (at least not within PKIX). - The policy OID solves the problem as far needed. And according to changing CPS:es. One CPS may change many times as long as it reflects the same policy. If security drops below policy requirements then a new policy OID has to be identified. So minimum security level is defined by policy and not by CPS. /Stefan At 01:48 PM 9/10/98 -0400, Phillip M Hallam-Baker wrote: > >> If we have standard identifiers, one byte each, provides 0 to 255 >> specific categories, with say, ten as internet standards. >> >> With initial authentication method, maybe we start with (decimal): >> 0 as anonymous, >> 1 as self-authenticated, >> 2 as driver license or government ID card >> 3 as passport >> 4 as military > >This is heading straight into the quagmire I spoke about... > >Decimal numbers is just about the worst approach since it means that >a central registry has to be kept - yet another task for IANA! and >the arbitrary limit of 255 sounds guaranteed to ensure that the >namespace will quickly become cluttered with ad hoc private >definitions being used on an 'experimental' basis. > >I don't see any value in the taxonomy presented. What is a 'military' >identification method? Is identification by the US army equivalent to >that of the Taleban in Afghanistan? > >The drivers license is particularly dubious. My UK drivers license >has no photograph and is valid until sometime after 2020. > >Are there CAs who actually want to specify their exact authorization >processes? Are such processes objectively definable? A commercial >CA does not define authorization procedures for every concievable >document they might accept in their CPS. The first time a US CA >decides on acceptable forms of authentication for a Monaco >corporation is likely to be when they get a purchase request. > > >If you want to take the matter further I suggest you write an >Internet Draft and see if the working group chairs want to >make it a work item. > > Phill > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA16901 for ietf-pkix-bks; Fri, 11 Sep 1998 02:16:50 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA16896 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 02:16:46 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id LAA13435; Fri, 11 Sep 1998 11:23:50 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id LAA15724; Fri, 11 Sep 1998 11:23:51 +0200 (DFT) Message-ID: <35F96A8E.6C3A@bull.net> Date: Fri, 11 Sep 1998 11:23:10 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Santosh Chokhani <chokhani@cygnacom.com> CC: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population References: <51BF55C30B4FD1118B4900207812701E1B1A60@WUHER> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh, Here is my answer to your question. > Denis: > I agree with you. Clarification of the text is easy. ??? > However, I have a > question. Must a certificate issued to a CA appear in the forward > element, caCertificate or can it be missing altogether? "MUST" is the wrong verb. A certificate issued by another CA is not mandated to be present at all. It MAY be present. Let me now re-phrase your question: May a certificate issued to a CA by another CA appear in the forward element, caCertificate or can it be missing altogether? My answer is the following: It may only appear in the forward element of a crossCertificatePair. I was quite happy (and still am I !) with the original text. I still wonder with the rational of the two buckets. Up to now, none of the arguments about the notion of "local domain" has proven to be non-controversy. If the notion of local domain is important (I still wonder about it), there might be a different way to look at the issue. LDAPv2 allows to query any server that offers that interface, so different set of queries could be considered: 1) Queries made to one or more local domain servers, 2) Queries made to one or more public domain servers. As the name indicates it, local domain servers may not be publicly accessible, e.g. protected by firewalls or some other access control methods. Local domain servers would publish only what is relevant for their notion of local domain. They must publish everything that is relevant. Public domain servers would have no notion of "local domain". They must publish everything certificate that is pertinent to a CA entry that they publish. If entries for CA1, CA4 and CA5 are present, then all certificates issued by these CAs must be present and all cross-certificates, if any, between these CAs must also be present. However, a cross-certificate issued by the CA 7 for the CA 1 would not need to be present. Denis > I think the text in terms of saying that the forward element need not be > present in all cases is easy. > > > -----Original Message----- > > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > > Sent: Wednesday, September 09, 1998 8:44 PM > > To: Santosh Chokhani > > Cc: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > Subject: Re: forward & reverse elements - population > > > > Santosh, > > > > Your new proposed text does not address my concern correctly. > > > > For a crossCertificatePair Attribute, either the forward element only > > MAY be present, or the reverse element only MAY be present, or the > > reverse and the forward elements may be both present. > > > > Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward > > element > > shall not be mandated to be present in a crossCertificatePair > > Attribute. > > > > Denis > > > > > Sharon: > > > > > I can agree to the following text for the two option instead. > > Please > > > note that I have further clarified cross-certificate by tying the DN > > and > > > public keys. > > > > > > I think the following texts are consistent with and further > > > clarifications of the two options. > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store certificates > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > element of the crossCertificatePair attribute, held in a particular > > CA's > > > directory entry, may contain a subset of certificates issued by this > > CA > > > to other CAs. When both the forward and the reverse elements are > > > present, issuer name in one certificate shall match the subject name > > in > > > the other and vice versa, and the subject public key in one > > certificate > > > shall be capable of verifying the digital signature on the other > > > certificate and vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store all > > certificates > > > issued to this CA. Optionally, the reverse element of the > > > crossCertificatePair attribute, held in a particular CA's directory > > > entry, may contain a subset of certificates issued by this CA to > > other > > > CAs. When both the forward and the reverse elements are present, > > issuer > > > name in one certificate shall match the subject name in the other > > and > > > vice versa, and the subject public key in one certificate shall be > > > capable of verifying the digital signature on the other certificate > > and > > > vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > -----Original Message----- > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > ---------- > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > Sent: September 8, 1998 10:05 AM > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > --stuff deleted > > > > > > > > > > > [] I agree. I do not have problem with the following > > language. > > > > > " A certificate issued to a CA by another shall be stored either > > in > > > > the > > > > > caCertificate or forward component of crossCertificatePair > > attribute > > > > of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA." > > > > > > > > > > Please note that to me subset includes none, some, or all. > > If > > > > > folks want further clarification, it is ok by me. > > > > > > > > > Santosh, the only issue I have with this text is that (at least > > with > > > > the > > > > rationale behind option 2) any cert that appears in the > > cACertificate > > > > attribute of a given CA > > > > entry, should also appear in the crossCertificatePair attribute in > > the > > > > same > > > > CA entry. > > > > What about deleting the reference to the cACertificate attribute > > from > > > > your > > > > text and proposing this as new text just for the > > crossCertificatePair > > > > attribute? > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > together > > > > in the > > > > mutual case, so we should also consider adding the last paragraph > > of > > > > the > > > > text David proposed for that. > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > > forward component of crossCertificatePair attribute of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA. When both elements are present in the same > > value, > > > > the > > > > > value shall represent a mutual cross-certification of the two > > CAs. " > > > > > > > > > If we can come to consensus on that attribute, then let's see what > > we > > > > can do > > > > with the cACertificate attribute text. > > > > > > > > I agree with your view on what a subset is and I think that same > > > > definition > > > > would apply to the contents of the cACertificate attribute as a > > subset > > > > of > > > > the crossCertificatePair forward elements in option 2. > > > > -- > > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA15497 for ietf-pkix-bks; Fri, 11 Sep 1998 00:54:12 -0700 (PDT) Received: from ns0.zergo.com (ns0.zergo.com [194.159.81.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA15489 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 00:54:09 -0700 (PDT) Message-Id: <199809110919.KAA08686@ns0.zergo.com> Received: forwarded by SMTP 3.0.6. From: Graham Bland <gbland@zergo.com> Date: Fri, 11 Sep 1998 8:49:49 +0000 To: ietf-pkix@imc.org Subject: RE: RE: New Extension Proposed: Method O MIME-version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Mailer: TFS Gateway /222000000/222041752/222002972/223090911/ Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id AAA15493 Sender: owner-ietf-pkix@imc.org Precedence: bulk I think this is impossible to achieve for the following reasons 1. 255 categories would be far too few, in practice they would expand to thousands. 2. With each category there are wide variations, drivers licences for example contain different details, have different validity periods, some have photos, some don't and they are issued by Governments (some of whom I would not trust). Are photocopies acceptable? Must the driving licence be presented in person or can it be posted? Need it be current? All these have a substantial bearing on the degree of trust I can place in a certificate. 3. It would take us years to agree on the categories and the meanings For these reasons this could not replace a CPS. Graham Bland > -----Original Message----- > From: mfsmith@zionsbank.com > Sent: 10 September 1998 18:06 > To: Ian Roberts; Graham Bland; Chris Wright; chokhani@cygnacom.com; > azb@llnl.gov; william.burr@nist.gov; BJUENEMAN@novell.com; > pbaker@verisign.com > Cc: ietf-pkix@imc.org > Subject: Re: RE: New Extension Proposed: Method O > > > -------------------------------------------------------------- > -------------- > Maybe "new" extension is too strong a phrase. How about > defining the policy > qulifiers to have some standard" meanings, then: > > reliance limit > licensure, licensing body > authentication method > etc. > > If we have standard identifiers, one byte each, provides 0 to > 255 specific > categories, with say, ten as internet standards. > > With initial authentication method, maybe we start with (decimal): > 0 as anonymous, > 1 as self-authenticated, > 2 as driver license or government ID card > 3 as passport > 4 as military > > then start with combinations including common attributes, > such as credit > bureau rating as of issuance, etc. > > I do understand that, while policy OIDs may be supported some largely > deployed systems do not support the policy qualifiers, but > the standards do, > so why don't we use them to improve our automation needs. > Any time we need > to rely on individ > uals obtaining, reading and being held accountable to a two > hundred page > contract (CPS), we limit its usability. > > Having standard definitions for the most common usages and > having these > signed as part of the cert by the issuer should facilitate > automatic policy > acceptance across those domains with multiple policies (if I > have accepted > all of the Verisig > n roots, then all of the categories of authentication are > accepted. If each > cert has the main characteristics of trust (initial authentication, CA > licensure, reliance liits, CPS location/OID, etc.), then I > should be able to > set my acceptanc > e on user selected criteria, > without re-reading the two hundred pages of each of the CAs > my company does > business with. > > Michael > > >>> Santosh Chokhani <chokhani@cygnacom.com> 09/09 1:25 PM >>> > The certificate policy is supposed to the represented in the > certificate > as an object identifier. The amendment to X.509 defines how the > applications process that field to determine if a certificate is > acceptable, including certificate policy and associated authentication > mechanism. > > X.509 amendment offer a rich set of capabilities in this area in terms > of what goes in a certificate, and how applications perform path > validation. > > > -----Original Message----- > > From: Tony Bartoletti [SMTP:azb@llnl.gov] > > Sent: Wednesday, September 09, 1998 3:12 PM > > To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; > > william.burr@nist.gov; BJUENEMAN@novell.com > > Cc: ietf-pkix@imc.org > > Subject: RE: New Extension Proposed: Method Of Authentication > > > > At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: > > >The subscriber authentication at the various stages (such > as initial > > >registration, registration after revocation, revocation request, > > normal > > >rekey, etc.) is supposed to be described in the certificate policy. > > >Thus, the certificate policy asserted points to the authentication > > >method. > > > > True, but this certainly places a limit upon the degree of > automation > > that can be employed in the future, at least until we have software > > that can read a CPS and base decisions upon it. No time soon. > > > > Granted, some 20 bits describing authentication method(s) would be > > contentious, but the very exercise would reveal much about where and > > how trust is really anchored, and the degree to which > automated agents > > could evolve. > > > > >There is NO need for another extension. > > > > Have enough work already? ;) > > > > ___tony___ > > > > >> -----Original Message----- > > >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > > >> Sent: Wednesday, September 09, 1998 1:16 PM > > >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > > >> Cc: ietf-pkix@imc.org > > >> Subject: RE: New Extension Proposed: Method Of Authentication > > >> > > >> > In using certificates, it is useful to know what form of > > >> > authentication is used by a CA to identify a new certificate > > >> > requester. A certificate extension seems the best > place to store > > > > >> > this information. > > >> > > >> This sounds to me like a trip into a quagmire. I don't think that > > >> it is possible to charaterize authentication mechanisms usefully > > >> in a set of binary flags. > > >> > > >> For example two CAs may be requiring presentation of a driving > > >> license for authentication, only one CA may be using a state of > > >> MA license with photo ID and another a UK driving license without > > >> photo ID. > > >> > > >> Even with documents such as passports there is considerable > > >> variation between countries in the strictness of their > proceedures. > > >> > > >> Then there are proceedural variations, is the applicant present > > >> in person or were the credentials merely faxed... > > >> > > >> > > >> Nor is the mechanism of authentication by itself particularly > > >> usefull unless there is an evaluation of the reliability of the > > >> party performing it. > > >> > > >> Of course one can start to characterise these characteristics > > >> as well but to do so merely throws up yet more information which > > >> might be relevant, factors which become increasingly subjective. > > >> > > >> > > >> This is a hard AI problem - establishing a shared vocabulary of > > >> terms which permits exchange of concepts whose semantics are > > >> not embedded in the communication mechanism or indeed any > > >> mechanism for which a formal description is available. > > >> > > >> Phill > > > > > > > > > > Tony Bartoletti LL > > SPI-NET GURU LL LL > > Computer Security Technology Center LL LL LL > > Lawrence Livermore National Lab LL LL LL > > PO Box 808, L - 303 LL LL LLLLLLLL > > Livermore, CA 94551-9900 LL LLLLLLLL > > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > -- Zergo Limited, The Square, Basing View, Basingstoke, Hants. RG21 4EG, UK Tel: + 44 (0) 1442 342 600 Fax: +44 (0) 1256 812 901 Website: http://www.zergo.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA24782 for ietf-pkix-bks; Thu, 10 Sep 1998 12:16:00 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA24777 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 12:15:55 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id PAA27185 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:21:19 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id PAA27171 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:21:17 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id PAA00818 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:20:38 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000267235@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:21:10 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDDCCE.A3748CA0@avenger.missi.ncsc.mil>; Thu, 10 Sep 1998 15:21:09 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980910192109Z-33919@avenger.missi.ncsc.mil> From: "Fillingham, David W." <dwfilli@missi.ncsc.mil> To: "'Mike Smith'" <mfsmith@zionsbank.com>, "'chokhani@cygnacom.com'" <chokhani@cygnacom.com>, "'azb@llnl.gov'" <azb@llnl.gov>, "'william.burr@nist.gov'" <william.burr@nist.gov>, "'BJUENEMAN@novell.com'" <BJUENEMAN@novell.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Thu, 10 Sep 1998 15:21:09 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree with Phillip. My folder containing the debate on the meaning of the non-repudiation key usage bit contains 97 messages from people trying to define what that one bit is supposed to mean. Trying to convey security policies via a similar method strikes me as doomed from the start. Dave Fillingham >---------- >From: Phillip M Hallam-Baker[SMTP:pbaker@verisign.com] >Sent: Thursday, September 10, 1998 1:48 PM >To: Mike Smith; chokhani@cygnacom.com; azb@llnl.gov; william.burr@nist.gov; >BJUENEMAN@novell.com >Cc: ietf-pkix@imc.org >Subject: RE: RE: New Extension Proposed: Method Of Authentication > > >> If we have standard identifiers, one byte each, provides 0 to 255 >> specific categories, with say, ten as internet standards. >> >> With initial authentication method, maybe we start with (decimal): >> 0 as anonymous, >> 1 as self-authenticated, >> 2 as driver license or government ID card >> 3 as passport >> 4 as military > >This is heading straight into the quagmire I spoke about... > >Decimal numbers is just about the worst approach since it means that >a central registry has to be kept - yet another task for IANA! and >the arbitrary limit of 255 sounds guaranteed to ensure that the >namespace will quickly become cluttered with ad hoc private >definitions being used on an 'experimental' basis. > >I don't see any value in the taxonomy presented. What is a 'military' >identification method? Is identification by the US army equivalent to >that of the Taleban in Afghanistan? > >The drivers license is particularly dubious. My UK drivers license >has no photograph and is valid until sometime after 2020. > >Are there CAs who actually want to specify their exact authorization >processes? Are such processes objectively definable? A commercial >CA does not define authorization procedures for every concievable >document they might accept in their CPS. The first time a US CA >decides on acceptable forms of authentication for a Monaco >corporation is likely to be when they get a purchase request. > > >If you want to take the matter further I suggest you write an >Internet Draft and see if the working group chairs want to >make it a work item. > > Phill > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24098 for ietf-pkix-bks; Thu, 10 Sep 1998 10:43:18 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24094 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 10:43:17 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id KAA16666; Thu, 10 Sep 1998 10:46:17 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id KAA12380; Thu, 10 Sep 1998 10:48:02 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Mike Smith" <mfsmith@zionsbank.com>, <chokhani@cygnacom.com>, <azb@llnl.gov>, <william.burr@nist.gov>, <BJUENEMAN@novell.com> Cc: <ietf-pkix@imc.org> Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Thu, 10 Sep 1998 13:48:20 -0400 Message-ID: <002001bddce3$3318eb80$9d07a8c0@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <s5f7a303.014@zionsbank.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk > If we have standard identifiers, one byte each, provides 0 to 255 > specific categories, with say, ten as internet standards. > > With initial authentication method, maybe we start with (decimal): > 0 as anonymous, > 1 as self-authenticated, > 2 as driver license or government ID card > 3 as passport > 4 as military This is heading straight into the quagmire I spoke about... Decimal numbers is just about the worst approach since it means that a central registry has to be kept - yet another task for IANA! and the arbitrary limit of 255 sounds guaranteed to ensure that the namespace will quickly become cluttered with ad hoc private definitions being used on an 'experimental' basis. I don't see any value in the taxonomy presented. What is a 'military' identification method? Is identification by the US army equivalent to that of the Taleban in Afghanistan? The drivers license is particularly dubious. My UK drivers license has no photograph and is valid until sometime after 2020. Are there CAs who actually want to specify their exact authorization processes? Are such processes objectively definable? A commercial CA does not define authorization procedures for every concievable document they might accept in their CPS. The first time a US CA decides on acceptable forms of authentication for a Monaco corporation is likely to be when they get a purchase request. If you want to take the matter further I suggest you write an Internet Draft and see if the working group chairs want to make it a work item. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23067 for ietf-pkix-bks; Thu, 10 Sep 1998 08:58:52 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA23063 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 08:58:51 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Thu, 10 Sep 1998 09:59:31 -0600 Message-Id: <s5f7a303.014@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Thu, 10 Sep 1998 09:59:21 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: chokhani@cygnacom.com, azb@llnl.gov, william.burr@nist.gov, BJUENEMAN@novell.com, pbaker@verisign.com Cc: ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Maybe "new" extension is too strong a phrase. How about defining the policy qulifiers to have some standard" meanings, then: reliance limit licensure, licensing body authentication method etc. If we have standard identifiers, one byte each, provides 0 to 255 specific categories, with say, ten as internet standards. With initial authentication method, maybe we start with (decimal): 0 as anonymous, 1 as self-authenticated, 2 as driver license or government ID card 3 as passport 4 as military then start with combinations including common attributes, such as credit bureau rating as of issuance, etc. I do understand that, while policy OIDs may be supported some largely deployed systems do not support the policy qualifiers, but the standards do, so why don't we use them to improve our automation needs. Any time we need to rely on individuals obtaining, reading and being held accountable to a two hundred page contract (CPS), we limit its usability. Having standard definitions for the most common usages and having these signed as part of the cert by the issuer should facilitate automatic policy acceptance across those domains with multiple policies (if I have accepted all of the Verisign roots, then all of the categories of authentication are accepted. If each cert has the main characteristics of trust (initial authentication, CA licensure, reliance liits, CPS location/OID, etc.), then I should be able to set my acceptance on user selected criteria, without re-reading the two hundred pages of each of the CAs my company does business with. Michael >>> Santosh Chokhani <chokhani@cygnacom.com> 09/09 1:25 PM >>> The certificate policy is supposed to the represented in the certificate as an object identifier. The amendment to X.509 defines how the applications process that field to determine if a certificate is acceptable, including certificate policy and associated authentication mechanism. X.509 amendment offer a rich set of capabilities in this area in terms of what goes in a certificate, and how applications perform path validation. > -----Original Message----- > From: Tony Bartoletti [SMTP:azb@llnl.gov] > Sent: Wednesday, September 09, 1998 3:12 PM > To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; > william.burr@nist.gov; BJUENEMAN@novell.com > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: > >The subscriber authentication at the various stages (such as initial > >registration, registration after revocation, revocation request, > normal > >rekey, etc.) is supposed to be described in the certificate policy. > >Thus, the certificate policy asserted points to the authentication > >method. > > True, but this certainly places a limit upon the degree of automation > that can be employed in the future, at least until we have software > that can read a CPS and base decisions upon it. No time soon. > > Granted, some 20 bits describing authentication method(s) would be > contentious, but the very exercise would reveal much about where and > how trust is really anchored, and the degree to which automated agents > could evolve. > > >There is NO need for another extension. > > Have enough work already? ;) > > ___tony___ > > >> -----Original Message----- > >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > >> Sent: Wednesday, September 09, 1998 1:16 PM > >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > >> Cc: ietf-pkix@imc.org > >> Subject: RE: New Extension Proposed: Method Of Authentication > >> > >> > In using certificates, it is useful to know what form of > >> > authentication is used by a CA to identify a new certificate > >> > requester. A certificate extension seems the best place to store > > >> > this information. > >> > >> This sounds to me like a trip into a quagmire. I don't think that > >> it is possible to charaterize authentication mechanisms usefully > >> in a set of binary flags. > >> > >> For example two CAs may be requiring presentation of a driving > >> license for authentication, only one CA may be using a state of > >> MA license with photo ID and another a UK driving license without > >> photo ID. > >> > >> Even with documents such as passports there is considerable > >> variation between countries in the strictness of their proceedures. > >> > >> Then there are proceedural variations, is the applicant present > >> in person or were the credentials merely faxed... > >> > >> > >> Nor is the mechanism of authentication by itself particularly > >> usefull unless there is an evaluation of the reliability of the > >> party performing it. > >> > >> Of course one can start to characterise these characteristics > >> as well but to do so merely throws up yet more information which > >> might be relevant, factors which become increasingly subjective. > >> > >> > >> This is a hard AI problem - establishing a shared vocabulary of > >> terms which permits exchange of concepts whose semantics are > >> not embedded in the communication mechanism or indeed any > >> mechanism for which a formal description is available. > >> > >> Phill > > > > > > Tony Bartoletti LL > SPI-NET GURU LL LL > Computer Security Technology Center LL LL LL > Lawrence Livermore National Lab LL LL LL > PO Box 808, L - 303 LL LL LLLLLLLL > Livermore, CA 94551-9900 LL LLLLLLLL > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22915 for ietf-pkix-bks; Thu, 10 Sep 1998 08:43:51 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA22911 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 08:43:50 -0700 (PDT) Message-Id: <199809101543.IAA22911@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Thu, 10 Sep 1998 08:49:00 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Fwd: I-D ACTION:draft-ietf-ipsec-pki-req-00.txt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk This draft may interest people in the PKIX group. It is also available from <http://www.imc.org/draft-ietf-ipsec-pki-req>. --Paul Hoffman, Director --Internet Mail Consortium >To: IETF-Announce: ; >Cc: ipsec@tis.com >From: Internet-Drafts@ietf.org >Reply-to: Internet-Drafts@ietf.org >Subject: I-D ACTION:draft-ietf-ipsec-pki-req-00.txt >Date: Thu, 10 Sep 1998 10:34:19 -0400 >Sender: cclark@ns.cnri.reston.va.us > >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the IP Security Protocol Working Group of the IETF. > > Title : PKI Requirements for IP Security > Author(s) : R. Thayer > Filename : draft-ietf-ipsec-pki-req-00.txt > Pages : 22 > Date : 09-Sep-98 > > The IP Security (IPSec) protocol set now being defined in the > IETF uses public key cryptography for authentication in it's key > management protocol. This document defines the requirements that > IPSec has for Public Key Infrastructure (PKI) protocols, formats, > and services. > > The key words 'SHALL', 'REQUIRED', 'SHOULD', 'RECOMMENDED', and > 'MAY' in this document are to be interpreted as described in RFC > 2119. > > Please send comments on this document to the ipsec@tis.com > mailing list. > >Internet-Drafts are available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-ipsec-pki-req-00.txt". >A URL for the Internet-Draft is: >ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-pki-req-00.txt > >Internet-Drafts directories are located at: > > Africa: ftp.is.co.za > > Europe: ftp.nordu.net > ftp.nis.garr.it > > Pacific Rim: munnari.oz.au > > US East Coast: ftp.ietf.org > > US West Coast: ftp.isi.edu > >Internet-Drafts are also available by mail. > >Send a message to: mailserv@ietf.org. In the body type: > "FILE /internet-drafts/draft-ietf-ipsec-pki-req-00.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >Content-Type: text/plain >Content-ID: <19980909162526.I-D@ietf.org> > >ENCODING mime >FILE /internet-drafts/draft-ietf-ipsec-pki-req-00.txt > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-pki-req-00.txt> > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22538 for ietf-pkix-bks; Thu, 10 Sep 1998 08:14:28 -0700 (PDT) Received: from slack.lne.com (NoBody@slack.lne.com [140.174.94.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22534 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 08:14:26 -0700 (PDT) Received: (from ericm@localhost) by slack.lne.com (8.9.0/8.9.0) id IAA12666; Thu, 10 Sep 1998 08:19:50 -0700 From: Eric Murray <ericm@lne.com> Message-Id: <199809101519.IAA12666@slack.lne.com> Subject: Re: New Extension Proposed: Method Of Authentication To: pkoning@xedia.com (Paul Koning) Date: Thu, 10 Sep 1998 08:19:49 -0700 (PDT) Cc: azb@llnl.gov, ietf-pkix@imc.org In-Reply-To: <199809101321.JAA14290@tonga.xedia.com> from "Paul Koning" at Sep 10, 98 09:21:30 am MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Paul Koning writes: > > Incidentally, as an aside -- this discussion made me worry about the > potential for unrestrained growth of certificates. As someone > involved in building diskless (embedded) systems, megabyte-sized certs > worry me a lot. Me too. Our company also does embedded systems which need to accept and verify certs. Please keep your certs small if you really want them to be ubiquitous. I'd much rather see a URI and perhaps a hash in the cert instead of the entire CPS. -- Eric Murray N*Able Technologies www.nabletech.com (email: ericm at the sites lne.com or nabletech.com) PGP keyid:E03F65E5 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21461 for ietf-pkix-bks; Thu, 10 Sep 1998 06:17:21 -0700 (PDT) Received: from relay5.UU.NET (relay5.UU.NET [192.48.96.15]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21457 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 06:17:20 -0700 (PDT) Received: from xedia.com by relay5.UU.NET with SMTP (peer crosschecked as: madway.xedia.com [198.202.232.199]) id QQfgft03924; Thu, 10 Sep 1998 09:21:34 -0400 (EDT) Received: from tonga.xedia.com by xedia.com (4.1/SMI-4.1) id AA09439; Thu, 10 Sep 98 09:20:42 EDT Received: by tonga.xedia.com (SMI-8.6/SMI-SVR4) id JAA14290; Thu, 10 Sep 1998 09:21:30 -0400 Date: Thu, 10 Sep 1998 09:21:30 -0400 Message-Id: <199809101321.JAA14290@tonga.xedia.com> From: Paul Koning <pkoning@xedia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: azb@llnl.gov Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication References: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> <3.0.3.32.19980909162025.00a06390@poptop.llnl.gov> X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs Lucid Sender: owner-ietf-pkix@imc.org Precedence: bulk >>>>> "Tony" == Tony Bartoletti <azb@llnl.gov> writes: >... Tony> Still, suppose the certificate did contain the CPS hash. Tony> Imagine that a client system, in the course of validating Tony> certificates, determines that a particular CPS has changed. Tony> That is, some of the certs point to the older CPS, and some to Tony> a brand new CPS. Assume further that it can (securely) Tony> retrieve both the older and newer CPS at will. It can still Tony> validate the older certs, but it can do nothing with the newer Tony> ones until a human steps in to read the new CPS, and then Tony> determine its sufficiency for the purpose(s) at hand. Tony> In terms of automation, "the bits stop here." I think that's as it should be. Whether a new CPS is sufficient for the purposes at hand, in any situation where someone cares enough to look at the CPS at all, is a question that undoubtedly involves lawyers, or even people involved in still less formal processes. Until and unless someone comes up with a mapping from legal english to formal logic (unlikely given Goedel's theorem) I believe the bits HAVE to stop where you said. Incidentally, as an aside -- this discussion made me worry about the potential for unrestrained growth of certificates. As someone involved in building diskless (embedded) systems, megabyte-sized certs worry me a lot. paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21325 for ietf-pkix-bks; Thu, 10 Sep 1998 06:02:10 -0700 (PDT) Received: from getafix.fcpl.co.in (Getafix.fcpl.co.in [196.1.104.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21320 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 06:02:03 -0700 (PDT) Received: from TinTins.fcpl.co.in ([196.1.104.84]) by getafix.fcpl.co.in (post.office MTA v2.0 0613 ID# 291-17719) with SMTP id AAA135 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 18:38:00 +0530 Message-ID: <000b01bddcbc$29a0ac40$546801c4@TinTins.fcpl.co.in> From: "Shailesh" <shailesh@fcpl.co.in> To: <ietf-pkix@imc.org> Subject: PKIX transports using HTTP Date: Thu, 10 Sep 1998 18:38:54 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk 1. What is more standard way of communicating PKIX messages on HTTP : Put them as a part of URL OR Put them in the "Entity (optional) part of the request and response" 2. What extensions of the HTTP or part of the core protocol talks about polling? How does one poll using HTTP? Thanks with best regards Shailesh Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA21056 for ietf-pkix-bks; Thu, 10 Sep 1998 05:47:22 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA21051 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:47:17 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id OAA01964; Thu, 10 Sep 1998 14:54:13 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id OAA19716; Thu, 10 Sep 1998 14:54:06 +0200 (DFT) Message-ID: <35F84A56.32A2@bull.net> Date: Thu, 10 Sep 1998 14:53:26 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Eric Murray <ericm@lne.com> CC: ietf-pkix@imc.org Subject: Re: New Extension Proposed: Method Of Authentication References: <199809091924.MAA11040@slack.lne.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Eric Murray wrote: > Santosh Chokhani writes: > > The subscriber authentication at the various stages (such as initial > > registration, registration after revocation, revocation request, normal > > rekey, etc.) is supposed to be described in the certificate policy. > > Thus, the certificate policy asserted points to the authentication > > method. > > There is NO need for another extension. > I agree that putting the policy into an extension is a quagmire. > However, given that most CPSs will be on web sites, and those > CPSs can be changed at any time, should there be a way to > indicate which CPS is in effect at any given time during > the certificate's life? > Say Fred is issued a cert by Carl the CA. Carl signs Fred's > cert under the then-current CPS 1.2, which required Carl > to verify Fred's identity using dental charts. Sometime > later, Carl changes his CPS to version 1.3, which no longer requires > dental charts as a form of identification, but instead > accepts a state driver's license. > Fred would like to sign a contract to purchase a house. The lender > requires a high-quality signature, and a cert with only a state > driver's license as identification isn't good enough. How does Fred > indicate that his cert was issued under the older, more rigorous CPS? You are adressing an important issue. When you sign a contract, you usually look at the back of the page where there is either the full terms of the contract or a short form of them with a pointer to a full form. It is thus important to know whether you agree or not with these: if yes, you sign, if not you don't. The equivalent in electronic terms is to point to a security policy and sign it (i.e. add the security policy to the core of the signed message and sign the whole). Different pointers may be used. Here are two examples: an OID, a URL address. If the policy changes, the pointer must change. A hash of the policy has to be used to make sure which terms you were agreeing with. These terms will indicate which CAs are adequate to be used by the signers and which security policies from that CA will be adequate to be used, relative to these terms. > One way to deal with this is to revoke all certs issued under a > given CPS when it is changed. I'm not sure that that provides any assurance > that a given cert was issued under the current CPS though- a receiving > party would have to depend on the current CPS stating that such > is the policy. And it's obviously very undesireable from a CA standpoint. Indeed ! > Another way would be to require the CA to sign their CPSs and include > version numbers, and to include in the cert extension which points to > the CPS, the version number of the CPS which was in effect when the cert > was issued. This will prevent CAs from updating CPSs "out from > underneath" existing certs. That may or may not be a desired effect. :-( > I did a very quick read of the draft and didn't see anything that > handles this problem. But I have not been following the discussion very > much and have not studied the draft, so I could well have missed it. If > there's already something in the draft to deal with this, or this > subject has already been discussed on the list, please accept my > apologies. You did not missed it, the draft is silent on this kind of topic, but it would not be the right place anyway to place it. At the Chicago meeting, we talked about expanding the work to handle non repudiation in more details. If such an extension of the work happens, then we could possibly deal with this kind of topic. Denis > -- > Eric Murray N*Able Technologies www.nabletech.com > (email: ericm at the sites lne.com or nabletech.com) PGP keyid:E03F65E5 -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20901 for ietf-pkix-bks; Thu, 10 Sep 1998 05:19:37 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA20897 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:19:34 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id OAA22350; Thu, 10 Sep 1998 14:26:25 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id OAA19816; Thu, 10 Sep 1998 14:26:20 +0200 (DFT) Message-ID: <35F843D4.7FF4@bull.net> Date: Thu, 10 Sep 1998 14:25:40 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Mike Smith <mfsmith@zionsbank.com> CC: william.burr@nist.gov, BJUENEMAN@novell.com, ietf-pkix@imc.org Subject: Re: New Extension Proposed: Method Of Authentication References: <s5f6527f.038@zionsbank.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Mike Smith wrote: > > In using certificates, it is useful to know what form of > authentication is used by a CA to identify a new certificate > requester. A certificate extension seems the best place to store > this information. > > At one time, Bob Jeuneman prepared a paper proposing this extension > and detailing many categories, from anonymous, self-authenticated, > self authenticated with data verifired (or with credit account, etc.), > authenticated in person, in person with governement-issued picture ID, > multiple forms of government picture IDs with current credit reports > and corporate D&B, etc. > The current practice, I beleive, is to embed the authentication > mechanism in a CA operations or policy statement tha may or may not > be online for someone to peruse and make their own judgement. > Putting a clear indicator in the signed cert would help. > Comments? Bob? If we were going in that direction then we might need to indicate whether one or more of the following has been presented: a driving license, a passport, an ID card, a bill from an Electricity supplier, a bill from a Telephone company, a bill from a Water supplier, etc ... We already have (too) many extensions. The policy statement is enough. There is no need for a verifier to understand the details of the policy, but only to know whether the policy is acceptable for the application. Denis > Michael -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20886 for ietf-pkix-bks; Thu, 10 Sep 1998 05:16:33 -0700 (PDT) Received: from getafix.fcpl.co.in (Getafix.fcpl.co.in [196.1.104.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA20879 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:16:12 -0700 (PDT) Received: from dynamo ([196.1.104.100]) by getafix.fcpl.co.in (post.office MTA v2.0 0613 ID# 291-17719) with SMTP id AAA142 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 17:52:05 +0530 Message-ID: <002b01bddcb6$078be850$646801c4@dynamo.fcpl.co.in> From: "Abhay Kulkarni" <abhay@fcpl.co.in> To: <ietf-pkix@imc.org> Subject: PKIX Certificate Management Protocols Date: Thu, 10 Sep 1998 17:54:53 +0530 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0028_01BDDCE4.1D99E100" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2110.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0028_01BDDCE4.1D99E100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello everybody, Where do we find extra information about how to use HTTP protocol as the = lower layer in the PKI certificate management protocol ? Thanks in advance. Regards. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Abhay Kulkarni Systems Engineer Frontier Computers Pvt. Ltd. EMail: abhay@fcpl.co.in Web: http://www.fcpl.co.in %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ------=_NextPart_000_0028_01BDDCE4.1D99E100 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.2106.6"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#fffbf0> <DIV><FONT color=3D#000000 size=3D2>Hello everybody,</FONT></DIV> <DIV><FONT size=3D2>Where do we find extra information about how to use = HTTP=20 protocol as the lower layer in the PKI certificate management protocol=20 ?</FONT></DIV> <DIV><FONT size=3D2>Thanks in advance.</FONT></DIV> <DIV><FONT size=3D2>Regards.</FONT></DIV> <DIV><FONT color=3D#000000 = size=3D2>%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%<BR>Abhay=20 Kulkarni<BR>Systems Engineer<BR>Frontier Computers Pvt. = Ltd.<BR>EMail: <A=20 href=3D"mailto:abhay@fcpl.co.in">abhay@fcpl.co.in</A><BR>Web: <A=20 href=3D"http://www.fcpl.co.in">http://www.fcpl.co.in</A><BR>%%%%%%%%%%%%%= %%%%%%%%%%%%%%%%%%%%%</FONT></DIV></BODY></HTML> ------=_NextPart_000_0028_01BDDCE4.1D99E100-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20830 for ietf-pkix-bks; Thu, 10 Sep 1998 05:10:30 -0700 (PDT) Received: from gatekeeper.domus.com ([198.166.58.193]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA20826 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:10:28 -0700 (PDT) Received: from dns_int.domus.com by gatekeeper1.domus.com (8.6.13/200.19.1.1) id IAA27690; Thu, 10 Sep 1998 08:07:14 -0400 Received: (from smap@localhost) by dns_int.domus.com (8.6.8/8.6.6) id HAA24702 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 07:35:30 -0400 Received: from wpgate.domus.com(198.166.59.10) by dns_int.domus.com via smap (V1.3) id sma024700; Thu Sep 10 07:35:22 1998 Received: from DOMUS-Message_Server by wpgate.domus.com with Novell_GroupWise; Thu, 10 Sep 1998 08:07:25 -0400 Message-Id: <s5f788bd.052@wpgate.domus.com> X-Mailer: Novell GroupWise 4.1 Date: Thu, 10 Sep 1998 08:07:16 -0400 From: William Dziadyk <WDziadyk@domus.com> To: ietf-pkix@imc.org Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk --------------------------------------------------------------------------------- William Dziadyk, PEng IT Security Services, DOMUS Software, Ottawa, Ontario, Canada (613) 230-6285 ext 342 ---- WDziadyk@DOMUS.com --------------------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id XAA12866 for ietf-pkix-bks; Wed, 9 Sep 1998 23:54:28 -0700 (PDT) Received: from genius.tisl.soft.net (genius.tisl.soft.net [164.164.20.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id XAA12861; Wed, 9 Sep 1998 23:54:22 -0700 (PDT) Received: from narayan ([32.97.253.98]) by genius.tisl.soft.net (AIX4.3/UCB 8.7/8.7) with ESMTP id MAA20198; Thu, 10 Sep 1998 12:25:52 -0530 (ist) Message-ID: <35F77875.E02C36B8@geocities.com> Date: Thu, 10 Sep 1998 12:27:57 +0530 From: Narayan Raghu <narry@geocities.com> X-Mailer: Mozilla 4.01 [en] (Win95; I) MIME-Version: 1.0 To: Paul Hoffman / IMC <phoffman@imc.org> CC: ietf-pkix@imc.org Subject: Re: New Extension Proposed: Method Of Authentication X-Priority: 3 (Normal) References: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> <199809092353.QAA27581@mail.proper.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hello, Ultimately, it is the verifier of a certificate who decides if a certification authority is to be trusted. Hence, the onus is on him to verify the policies of the CA and decide whether to designate that CA as the trusted root. IF a CA changes it's policy, it could simply generate another keypair, which signes certificates verifed by the new method. That way, the verifier can decide whether to designate the new CA certificate as trusted root or not, depending upon the new policy of the CA. The verifier can thus choose to trust all those certified by the old CA Certificate/Keypair, since the old policy was acceptable. The key here is that we link a new CA policy with a mandatory new CA signing keypair. I dont think it's required to mention the verifying method in the certificate, since it's the certificate verifier's responsibility. narayan ibm bangalore india Paul Hoffman / IMC wrote: > > At 04:20 PM 9/9/98 -0700, Tony Bartoletti wrote: > >There are two significant shortcomings with the existing situation, > >nonetheless. First, as pointed out by Eric Murray, is that this > >"pointer to the certificate policy" is a weak link in a critical > >chain to the foundation of trust. > > Then don't validate certs with CPSs; only validate ones with OIDs that > you > understand. > > Remember, these policies are for CAs who you have already decided you > trust > to sign someone else's key. If you don't trust them not to change > their > CPS, why do you trust that they are even following the CPS you looked > up > once? Any reasonable CA who changes their CPS will keep the old one at > the > original URL and create a new CPS with a new URL, and put the new URL > in > certs that conform to the new policy. > > --Paul Hoffman, Director > --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA27613 for ietf-pkix-bks; Wed, 9 Sep 1998 16:56:28 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA27609 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 16:56:27 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ879>; Wed, 9 Sep 1998 20:00:03 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A6C@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Tony Bartoletti'" <azb@llnl.gov>, Phillip M Hallam-Baker <pbaker@verisign.com>, Santosh Chokhani <chokhani@cygnacom.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com, Eric Murray <ericm@lne.com> Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 20:00:00 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Tony: I think certificate policies are supposed to take care of this. Clients need not read CP or CPS. One may put CPS digest in an already defined extension in the certificate. > -----Original Message----- > From: Tony Bartoletti [SMTP:azb@llnl.gov] > Sent: Wednesday, September 09, 1998 7:20 PM > To: Phillip M Hallam-Baker; Santosh Chokhani; Mike Smith; > william.burr@nist.gov; BJUENEMAN@novell.com; Eric Murray > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > At 03:39 PM 9/9/98 -0400, Phillip M Hallam-Baker wrote: > > > >> The subscriber authentication at the various stages (such as > initial > >> registration, registration after revocation, revocation request, > normal > >> rekey, etc.) is supposed to be described in the certificate policy. > >> Thus, the certificate policy asserted points to the authentication > >> method. > > > >True. What I interpreted the proposal to be however was an abstract > >syntax for describing certificate policy in a form that would allow > >automated evaluation. There is a big difference between putting a > >pointer to the certificate policy into a cert and attempting to > encode > >the certificate policy within the certificate itself. > > > >While such a facility would be 'nice to have' my experience is that > >it is a very hard AI problem, at least as hard as the problem of > >natural language understanding. > > Phill, > > I do understand, and would expect any attempt to address the stated > shortcomings via an extension (or any other method) to be a multi-year > effort:) > > There are two significant shortcomings with the existing situation, > nonetheless. First, as pointed out by Eric Murray, is that this > "pointer to the certificate policy" is a weak link in a critical > chain to the foundation of trust. I recall (two years ago!) this > very subject was debated on this list, with some calls to have the > cert contain a hash of the CPS in effect at the time of certificate > creation, so there could be no subtle (or not so subtle) rewording > of the CPS after the fact. Alas, no such provisions were included. > > Still, suppose the certificate did contain the CPS hash. Imagine > that a client system, in the course of validating certificates, > determines that a particular CPS has changed. That is, some of the > certs point to the older CPS, and some to a brand new CPS. Assume > further that it can (securely) retrieve both the older and newer CPS > at will. It can still validate the older certs, but it can do nothing > with the newer ones until a human steps in to read the new CPS, and > then determine its sufficiency for the purpose(s) at hand. > > In terms of automation, "the bits stop here." > > Its just an observation... > > ___tony___ > > >There is a project in the International Chamber of Commerce called > >ETerms which addresses the problem of providing a CPS repository > >and which has as a long term goal the establishment of a shared > >vocabulary of contract terms. > > > >This enterprise is best described as 'chock full o' lawyers'. Many > >of the issues being delt with involve subtle and obscure points > >of international law - such as the fact that the criteria for > >establishing constructive notice vary according to the jurisdiction. > > > >Significantly the E-Terms project is not attempting to establish a > >taxonomy of trade terms in common use. I don't think such a 'top > >down' approach is feasible. Instead what is being attempted is a > >convergence of the user community towards the use of a common > >vocabulary which is itself a product of the process. This is more > >of a bottom-up, evolutionary approach. > > > > Phill > > > > > > > > > > > > Tony Bartoletti LL > SPI-NET GURU LL LL > Computer Security Technology Center LL LL LL > Lawrence Livermore National Lab LL LL LL > PO Box 808, L - 303 LL LL LLLLLLLL > Livermore, CA 94551-9900 LL LLLLLLLL > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA27585 for ietf-pkix-bks; Wed, 9 Sep 1998 16:53:54 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id QAA27581 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 16:53:53 -0700 (PDT) Message-Id: <199809092353.QAA27581@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 09 Sep 1998 16:58:57 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication In-Reply-To: <3.0.3.32.19980909162025.00a06390@poptop.llnl.gov> References: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 04:20 PM 9/9/98 -0700, Tony Bartoletti wrote: >There are two significant shortcomings with the existing situation, >nonetheless. First, as pointed out by Eric Murray, is that this >"pointer to the certificate policy" is a weak link in a critical >chain to the foundation of trust. Then don't validate certs with CPSs; only validate ones with OIDs that you understand. Remember, these policies are for CAs who you have already decided you trust to sign someone else's key. If you don't trust them not to change their CPS, why do you trust that they are even following the CPS you looked up once? Any reasonable CA who changes their CPS will keep the old one at the original URL and create a new CPS with a new URL, and put the new URL in certs that conform to the new policy. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA27403 for ietf-pkix-bks; Wed, 9 Sep 1998 16:16:15 -0700 (PDT) Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA27399 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 16:16:14 -0700 (PDT) Received: from catalyst (catalyst.llnl.gov [128.115.223.10]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2) with SMTP id QAA10253; Wed, 9 Sep 1998 16:21:14 -0700 (PDT) Message-Id: <3.0.3.32.19980909162025.00a06390@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 09 Sep 1998 16:20:25 -0700 To: "Phillip M Hallam-Baker" <pbaker@verisign.com>, "Santosh Chokhani" <chokhani@cygnacom.com>, "Mike Smith" <mfsmith@zionsbank.com>, <william.burr@nist.gov>, <BJUENEMAN@novell.com>, Eric Murray <ericm@lne.com> From: Tony Bartoletti <azb@llnl.gov> Subject: RE: New Extension Proposed: Method Of Authentication Cc: <ietf-pkix@imc.org> In-Reply-To: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> References: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 03:39 PM 9/9/98 -0400, Phillip M Hallam-Baker wrote: > >> The subscriber authentication at the various stages (such as initial >> registration, registration after revocation, revocation request, normal >> rekey, etc.) is supposed to be described in the certificate policy. >> Thus, the certificate policy asserted points to the authentication >> method. > >True. What I interpreted the proposal to be however was an abstract >syntax for describing certificate policy in a form that would allow >automated evaluation. There is a big difference between putting a >pointer to the certificate policy into a cert and attempting to encode >the certificate policy within the certificate itself. > >While such a facility would be 'nice to have' my experience is that >it is a very hard AI problem, at least as hard as the problem of >natural language understanding. Phill, I do understand, and would expect any attempt to address the stated shortcomings via an extension (or any other method) to be a multi-year effort:) There are two significant shortcomings with the existing situation, nonetheless. First, as pointed out by Eric Murray, is that this "pointer to the certificate policy" is a weak link in a critical chain to the foundation of trust. I recall (two years ago!) this very subject was debated on this list, with some calls to have the cert contain a hash of the CPS in effect at the time of certificate creation, so there could be no subtle (or not so subtle) rewording of the CPS after the fact. Alas, no such provisions were included. Still, suppose the certificate did contain the CPS hash. Imagine that a client system, in the course of validating certificates, determines that a particular CPS has changed. That is, some of the certs point to the older CPS, and some to a brand new CPS. Assume further that it can (securely) retrieve both the older and newer CPS at will. It can still validate the older certs, but it can do nothing with the newer ones until a human steps in to read the new CPS, and then determine its sufficiency for the purpose(s) at hand. In terms of automation, "the bits stop here." Its just an observation... ___tony___ >There is a project in the International Chamber of Commerce called >ETerms which addresses the problem of providing a CPS repository >and which has as a long term goal the establishment of a shared >vocabulary of contract terms. > >This enterprise is best described as 'chock full o' lawyers'. Many >of the issues being delt with involve subtle and obscure points >of international law - such as the fact that the criteria for >establishing constructive notice vary according to the jurisdiction. > >Significantly the E-Terms project is not attempting to establish a >taxonomy of trade terms in common use. I don't think such a 'top >down' approach is feasible. Instead what is being attempted is a >convergence of the user community towards the use of a common >vocabulary which is itself a product of the process. This is more >of a bottom-up, evolutionary approach. > > Phill > > > > > Tony Bartoletti LL SPI-NET GURU LL LL Computer Security Technology Center LL LL LL Lawrence Livermore National Lab LL LL LL PO Box 808, L - 303 LL LL LLLLLLLL Livermore, CA 94551-9900 LL LLLLLLLL email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26368 for ietf-pkix-bks; Wed, 9 Sep 1998 14:15:07 -0700 (PDT) Received: from relay1.eds.com (relay1.eds.com [199.228.142.73]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA26364 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 14:15:05 -0700 (PDT) Received: from nnsa.eds.com (nnsa.eds.com [192.85.154.30] (may be forged)) by relay1.eds.com (8.8.8/8.8.8) with ESMTP id RAA03200 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 17:20:25 -0400 (EDT) Received: from usahm007.exmi01.exch.eds.com ([207.37.138.147]) by nnsa.eds.com (8.8.8/8.8.8) with ESMTP id RAA10704 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 17:19:54 -0400 (EDT) Received: by USAHM007 with Internet Mail Service (5.5.2232.9) id <S1N8LKJ3>; Wed, 9 Sep 1998 17:19:50 -0400 Message-ID: <92D60A12331ED2119F5300A02461F047B20386@USAHM009> From: "Corcoran, Dan" <dan.corcoran@eds.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 9 Sep 1998 17:19:49 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25592 for ietf-pkix-bks; Wed, 9 Sep 1998 12:38:45 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25588 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:38:32 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id PAA20000 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:43:40 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id PAA19994 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:43:39 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id PAA09823 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:42:59 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000265539@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Wed, 09 Sep 1998 15:43:23 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDDC08.BD7E9300@avenger.missi.ncsc.mil>; Wed, 9 Sep 1998 15:44:33 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980909194432Z-33291@avenger.missi.ncsc.mil> From: "Fillingham, David W." <dwfilli@missi.ncsc.mil> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, "'Mike Smith'" <mfsmith@zionsbank.com>, "'william.burr@nist.gov'" <william.burr@nist.gov>, "'BJUENEMAN@novell.com'" <BJUENEMAN@novell.com>, "'Tony Bartoletti'" <azb@llnl.gov> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 15:44:32 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Tony: I agree with Santosh and Phillip on this matter - I don't think an additional extension would help. The method of verifying a subscriber's identity is one element of a certificate policy that factors in the assurance of the binding between an identity and a public key - but only one. It seems we could go down a path of defining another extension for liability limits, which may be more important to many users, and another for technical security mechanisms (e.g., is the private key protected using hardware, or software), and another for "authorized certificate applications" (e.g., only good for Company X applications) and so on. I see no need to automatically read CPS documents - X.509 already specifies how the certificate policy extension should be processed. If a policy, including the subscriber I&A process, is acceptable to a relying party for a specific application, then the certificate processing application can accept the certificate asserting that policy. Some human being reads the policy, and makes this determination, based on the entire policy, and then asserts the policy as one that is "acceptable" for the application. If a public key system implementor wants to define a certificate policy based exclusively on the initial subscriber registration identification mechanism, they could do so. I don't think this would be a good idea, but it's certainly allowed by the standards, including the IETF Certificate Policy and CPS Framework, and to my mind, is preferable to defining another extension. Dave Fillingham >---------- >From: Tony Bartoletti[SMTP:azb@llnl.gov] >Sent: Wednesday, September 09, 1998 3:12 PM >To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; >william.burr@nist.gov; BJUENEMAN@novell.com >Cc: ietf-pkix@imc.org >Subject: RE: New Extension Proposed: Method Of Authentication > >At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: >>The subscriber authentication at the various stages (such as initial >>registration, registration after revocation, revocation request, normal >>rekey, etc.) is supposed to be described in the certificate policy. >>Thus, the certificate policy asserted points to the authentication >>method. > >True, but this certainly places a limit upon the degree of automation >that can be employed in the future, at least until we have software >that can read a CPS and base decisions upon it. No time soon. > >Granted, some 20 bits describing authentication method(s) would be >contentious, but the very exercise would reveal much about where and >how trust is really anchored, and the degree to which automated agents >could evolve. > >>There is NO need for another extension. > >Have enough work already? ;) > >___tony___ > >>> -----Original Message----- >>> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] >>> Sent: Wednesday, September 09, 1998 1:16 PM >>> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com >>> Cc: ietf-pkix@imc.org >>> Subject: RE: New Extension Proposed: Method Of Authentication >>> >>> > In using certificates, it is useful to know what form of >>> > authentication is used by a CA to identify a new certificate >>> > requester. A certificate extension seems the best place to store >>> > this information. >>> >>> This sounds to me like a trip into a quagmire. I don't think that >>> it is possible to charaterize authentication mechanisms usefully >>> in a set of binary flags. >>> >>> For example two CAs may be requiring presentation of a driving >>> license for authentication, only one CA may be using a state of >>> MA license with photo ID and another a UK driving license without >>> photo ID. >>> >>> Even with documents such as passports there is considerable >>> variation between countries in the strictness of their proceedures. >>> >>> Then there are proceedural variations, is the applicant present >>> in person or were the credentials merely faxed... >>> >>> >>> Nor is the mechanism of authentication by itself particularly >>> usefull unless there is an evaluation of the reliability of the >>> party performing it. >>> >>> Of course one can start to characterise these characteristics >>> as well but to do so merely throws up yet more information which >>> might be relevant, factors which become increasingly subjective. >>> >>> >>> This is a hard AI problem - establishing a shared vocabulary of >>> terms which permits exchange of concepts whose semantics are >>> not embedded in the communication mechanism or indeed any >>> mechanism for which a formal description is available. >>> >>> Phill >> >> > >Tony Bartoletti LL >SPI-NET GURU LL LL >Computer Security Technology Center LL LL LL >Lawrence Livermore National Lab LL LL LL >PO Box 808, L - 303 LL LL LLLLLLLL >Livermore, CA 94551-9900 LL LLLLLLLL >email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25538 for ietf-pkix-bks; Wed, 9 Sep 1998 12:34:48 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25534 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:34:47 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id MAA29427; Wed, 9 Sep 1998 12:37:44 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id MAA16381; Wed, 9 Sep 1998 12:39:30 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Santosh Chokhani" <chokhani@cygnacom.com>, "Mike Smith" <mfsmith@zionsbank.com>, <william.burr@nist.gov>, <BJUENEMAN@novell.com> Cc: <ietf-pkix@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 15:39:46 -0400 Message-ID: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 In-Reply-To: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Sender: owner-ietf-pkix@imc.org Precedence: bulk > The subscriber authentication at the various stages (such as initial > registration, registration after revocation, revocation request, normal > rekey, etc.) is supposed to be described in the certificate policy. > Thus, the certificate policy asserted points to the authentication > method. True. What I interpreted the proposal to be however was an abstract syntax for describing certificate policy in a form that would allow automated evaluation. There is a big difference between putting a pointer to the certificate policy into a cert and attempting to encode the certificate policy within the certificate itself. While such a facility would be 'nice to have' my experience is that it is a very hard AI problem, at least as hard as the problem of natural language understanding. There is a project in the International Chamber of Commerce called ETerms which addresses the problem of providing a CPS repository and which has as a long term goal the establishment of a shared vocabulary of contract terms. This enterprise is best described as 'chock full o' lawyers'. Many of the issues being delt with involve subtle and obscure points of international law - such as the fact that the criteria for establishing constructive notice vary according to the jurisdiction. Significantly the E-Terms project is not attempting to establish a taxonomy of trade terms in common use. I don't think such a 'top down' approach is feasible. Instead what is being attempted is a convergence of the user community towards the use of a common vocabulary which is itself a product of the process. This is more of a bottom-up, evolutionary approach. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25446 for ietf-pkix-bks; Wed, 9 Sep 1998 12:20:41 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25442 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:20:40 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ8LG>; Wed, 9 Sep 1998 15:25:49 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A67@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Tony Bartoletti'" <azb@llnl.gov>, Santosh Chokhani <chokhani@cygnacom.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 15:25:47 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk The certificate policy is supposed to the represented in the certificate as an object identifier. The amendment to X.509 defines how the applications process that field to determine if a certificate is acceptable, including certificate policy and associated authentication mechanism. X.509 amendment offer a rich set of capabilities in this area in terms of what goes in a certificate, and how applications perform path validation. > -----Original Message----- > From: Tony Bartoletti [SMTP:azb@llnl.gov] > Sent: Wednesday, September 09, 1998 3:12 PM > To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; > william.burr@nist.gov; BJUENEMAN@novell.com > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: > >The subscriber authentication at the various stages (such as initial > >registration, registration after revocation, revocation request, > normal > >rekey, etc.) is supposed to be described in the certificate policy. > >Thus, the certificate policy asserted points to the authentication > >method. > > True, but this certainly places a limit upon the degree of automation > that can be employed in the future, at least until we have software > that can read a CPS and base decisions upon it. No time soon. > > Granted, some 20 bits describing authentication method(s) would be > contentious, but the very exercise would reveal much about where and > how trust is really anchored, and the degree to which automated agents > could evolve. > > >There is NO need for another extension. > > Have enough work already? ;) > > ___tony___ > > >> -----Original Message----- > >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > >> Sent: Wednesday, September 09, 1998 1:16 PM > >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > >> Cc: ietf-pkix@imc.org > >> Subject: RE: New Extension Proposed: Method Of Authentication > >> > >> > In using certificates, it is useful to know what form of > >> > authentication is used by a CA to identify a new certificate > >> > requester. A certificate extension seems the best place to store > > >> > this information. > >> > >> This sounds to me like a trip into a quagmire. I don't think that > >> it is possible to charaterize authentication mechanisms usefully > >> in a set of binary flags. > >> > >> For example two CAs may be requiring presentation of a driving > >> license for authentication, only one CA may be using a state of > >> MA license with photo ID and another a UK driving license without > >> photo ID. > >> > >> Even with documents such as passports there is considerable > >> variation between countries in the strictness of their proceedures. > >> > >> Then there are proceedural variations, is the applicant present > >> in person or were the credentials merely faxed... > >> > >> > >> Nor is the mechanism of authentication by itself particularly > >> usefull unless there is an evaluation of the reliability of the > >> party performing it. > >> > >> Of course one can start to characterise these characteristics > >> as well but to do so merely throws up yet more information which > >> might be relevant, factors which become increasingly subjective. > >> > >> > >> This is a hard AI problem - establishing a shared vocabulary of > >> terms which permits exchange of concepts whose semantics are > >> not embedded in the communication mechanism or indeed any > >> mechanism for which a formal description is available. > >> > >> Phill > > > > > > Tony Bartoletti LL > SPI-NET GURU LL LL > Computer Security Technology Center LL LL LL > Lawrence Livermore National Lab LL LL LL > PO Box 808, L - 303 LL LL LLLLLLLL > Livermore, CA 94551-9900 LL LLLLLLLL > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25432 for ietf-pkix-bks; Wed, 9 Sep 1998 12:19:09 -0700 (PDT) Received: from slack.lne.com (NoBody@slack.lne.com [140.174.94.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25428 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:19:07 -0700 (PDT) Received: (from ericm@localhost) by slack.lne.com (8.9.0/8.9.0) id MAA11040; Wed, 9 Sep 1998 12:24:19 -0700 From: Eric Murray <ericm@lne.com> Message-Id: <199809091924.MAA11040@slack.lne.com> Subject: Re: New Extension Proposed: Method Of Authentication To: chokhani@cygnacom.com (Santosh Chokhani) Date: Wed, 9 Sep 1998 12:24:18 -0700 (PDT) Cc: pbaker@verisign.com, mfsmith@zionsbank.com, william.burr@nist.gov, BJUENEMAN@novell.com, ietf-pkix@imc.org In-Reply-To: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> from "Santosh Chokhani" at Sep 9, 98 01:44:32 pm MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Chokhani writes: > > The subscriber authentication at the various stages (such as initial > registration, registration after revocation, revocation request, normal > rekey, etc.) is supposed to be described in the certificate policy. > Thus, the certificate policy asserted points to the authentication > method. > > There is NO need for another extension. I agree that putting the policy into an extension is a quagmire. However, given that most CPSs will be on web sites, and those CPSs can be changed at any time, should there be a way to indicate which CPS is in effect at any given time during the certificate's life? Say Fred is issued a cert by Carl the CA. Carl signs Fred's cert under the then-current CPS 1.2, which required Carl to verify Fred's identity using dental charts. Sometime later, Carl changes his CPS to version 1.3, which no longer requires dental charts as a form of identification, but instead accepts a state driver's license. Fred would like to sign a contract to purchase a house. The lender requires a high-quality signature, and a cert with only a state driver's license as identification isn't good enough. How does Fred indicate that his cert was issued under the older, more rigorous CPS? One way to deal with this is to revoke all certs issued under a given CPS when it is changed. I'm not sure that that provides any assurance that a given cert was issued under the current CPS though- a receiving party would have to depend on the current CPS stating that such is the policy. And it's obviously very undesireable from a CA standpoint. Another way would be to require the CA to sign their CPSs and include version numbers, and to include in the cert extension which points to the CPS, the version number of the CPS which was in effect when the cert was issued. This will prevent CAs from updating CPSs "out from underneath" existing certs. That may or may not be a desired effect. I did a very quick read of the draft and didn't see anything that handles this problem. But I have not been following the discussion very much and have not studied the draft, so I could well have missed it. If there's already something in the draft to deal with this, or this subject has already been discussed on the list, please accept my apologies. -- Eric Murray N*Able Technologies www.nabletech.com (email: ericm at the sites lne.com or nabletech.com) PGP keyid:E03F65E5 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25299 for ietf-pkix-bks; Wed, 9 Sep 1998 12:07:59 -0700 (PDT) Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25295 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:07:58 -0700 (PDT) Received: from catalyst (catalyst.llnl.gov [128.115.223.10]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2) with SMTP id MAA14051; Wed, 9 Sep 1998 12:13:05 -0700 (PDT) Message-Id: <3.0.3.32.19980909121219.0094d830@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 09 Sep 1998 12:12:19 -0700 To: Santosh Chokhani <chokhani@cygnacom.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com From: Tony Bartoletti <azb@llnl.gov> Subject: RE: New Extension Proposed: Method Of Authentication Cc: ietf-pkix@imc.org In-Reply-To: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: >The subscriber authentication at the various stages (such as initial >registration, registration after revocation, revocation request, normal >rekey, etc.) is supposed to be described in the certificate policy. >Thus, the certificate policy asserted points to the authentication >method. True, but this certainly places a limit upon the degree of automation that can be employed in the future, at least until we have software that can read a CPS and base decisions upon it. No time soon. Granted, some 20 bits describing authentication method(s) would be contentious, but the very exercise would reveal much about where and how trust is really anchored, and the degree to which automated agents could evolve. >There is NO need for another extension. Have enough work already? ;) ___tony___ >> -----Original Message----- >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] >> Sent: Wednesday, September 09, 1998 1:16 PM >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com >> Cc: ietf-pkix@imc.org >> Subject: RE: New Extension Proposed: Method Of Authentication >> >> > In using certificates, it is useful to know what form of >> > authentication is used by a CA to identify a new certificate >> > requester. A certificate extension seems the best place to store >> > this information. >> >> This sounds to me like a trip into a quagmire. I don't think that >> it is possible to charaterize authentication mechanisms usefully >> in a set of binary flags. >> >> For example two CAs may be requiring presentation of a driving >> license for authentication, only one CA may be using a state of >> MA license with photo ID and another a UK driving license without >> photo ID. >> >> Even with documents such as passports there is considerable >> variation between countries in the strictness of their proceedures. >> >> Then there are proceedural variations, is the applicant present >> in person or were the credentials merely faxed... >> >> >> Nor is the mechanism of authentication by itself particularly >> usefull unless there is an evaluation of the reliability of the >> party performing it. >> >> Of course one can start to characterise these characteristics >> as well but to do so merely throws up yet more information which >> might be relevant, factors which become increasingly subjective. >> >> >> This is a hard AI problem - establishing a shared vocabulary of >> terms which permits exchange of concepts whose semantics are >> not embedded in the communication mechanism or indeed any >> mechanism for which a formal description is available. >> >> Phill > > Tony Bartoletti LL SPI-NET GURU LL LL Computer Security Technology Center LL LL LL Lawrence Livermore National Lab LL LL LL PO Box 808, L - 303 LL LL LLLLLLLL Livermore, CA 94551-9900 LL LLLLLLLL email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA25087 for ietf-pkix-bks; Wed, 9 Sep 1998 11:49:37 -0700 (PDT) Received: from relay1.eds.com (relay1.eds.com [199.228.142.73]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA25082 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 11:49:36 -0700 (PDT) From: randy.sanovic@gm.com Received: from nnsa.eds.com (nnsa.eds.com [192.85.154.30] (may be forged)) by relay1.eds.com (8.8.8/8.8.8) with ESMTP id OAA19121 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 14:54:51 -0400 (EDT) Received: from usabhmg01.mail.gm.com ([207.37.138.86]) by nnsa.eds.com (8.8.8/8.8.8) with SMTP id OAA04446 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 14:54:20 -0400 (EDT) Received: by usabhmg01.mail.gm.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 0525667A.006D0EAA ; Wed, 9 Sep 1998 14:51:11 -0500 X-Lotus-FromDomain: GM To: ietf-pkix@imc.org Message-ID: <0525667A.006CF616.00@usabhmg01.mail.gm.com> Date: Wed, 9 Sep 1998 14:51:15 -0500 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk For Option 2 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24576 for ietf-pkix-bks; Wed, 9 Sep 1998 10:59:45 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24572 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:59:44 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ8JL>; Wed, 9 Sep 1998 14:04:53 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A65@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Kurn, David'" <david.kurn@compaq.com>, Santosh Chokhani <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 14:04:50 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk You seem to have captured the essence. Please note that the preference could be reversed depending on the application need and/or the environment. You have to try a search to the end. I do not think in graphs like this there is an a priory way of encoding which links will lead to which paths. Depth first (or up to some depth) search is likely to be the PKI path development strategy in combination with judicious use of AKID, SKID, key usage, pathToName, and certificate policy matching rules. > -----Original Message----- > From: Kurn, David [SMTP:david.kurn@compaq.com] > Sent: Wednesday, September 09, 1998 1:51 PM > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Santosh > > Hmm.... I think I see. Perhaps the problem arises because of your use > of > the word domain. Consider your 2nd and 3rd paragraph rewritten to > omit the > word "domain", such as: > > The relying party will start with the assumption that the > subscriber with whom it is trying to form a key management > certificate > path or digital signature certificate verification path is > reachable > by starting with the entries in the caCertificate Attribute. > > If the above search fails, the > relying party will continue with the assumption that the > subscriber > with > whom it is trying to form a key management certificate path or > digital > signature certificate verification path is reachable by using > the > forward element of the crossCertificatePair attribute under > option 1 and forward element of the (crossCertificatePair - > caCertificate) under option 2 first. > > > > Does this capture your intent and avoid the word "domain"? > > Of course, I don't like my algorithm, because it appears to imply a > search > to the end before trying the other branch. > > David Kurn > > > > -----Original Message----- > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > Sent: Wednesday, September 09, 1998 10:32 AM > > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; > 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > > Let us say an application requires more communication within a > domain. > > > > Then the relying party will start with the assumption that the > > subscriber with whom it is trying to form a key management > certificate > > path or digital signature certificate verification path is also in > the > > same domain and hence will follow the caCertificate attribute link > > first. > > > > If the application requires more communication across the domain, > the > > relying party will start with the assumption that the subscriber > with > > whom it is trying to form a key management certificate path or > digital > > signature certificate verification path is in another domain and > hence > > will use forward element of the crossCertificatePair attribute under > > option 1 and forward element of the (crossCertificatePair - > > caCertificate) under option 2 first. > > > > If there is no bias in communication intra or inter domain, the > relying > > party has lost nothing and will always find a trust path, if there > is > > one. > > > <SNIP> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24448 for ietf-pkix-bks; Wed, 9 Sep 1998 10:45:42 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24444 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:45:41 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id KAA01170; Wed, 9 Sep 1998 10:50:49 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04M2FMK>; Wed, 9 Sep 1998 10:50:45 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF568@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 10:50:42 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Hmm.... I think I see. Perhaps the problem arises because of your use of the word domain. Consider your 2nd and 3rd paragraph rewritten to omit the word "domain", such as: The relying party will start with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is reachable by starting with the entries in the caCertificate Attribute. If the above search fails, the relying party will continue with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is reachable by using the forward element of the crossCertificatePair attribute under option 1 and forward element of the (crossCertificatePair - caCertificate) under option 2 first. Does this capture your intent and avoid the word "domain"? Of course, I don't like my algorithm, because it appears to imply a search to the end before trying the other branch. David Kurn > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Wednesday, September 09, 1998 10:32 AM > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Let us say an application requires more communication within a domain. > > Then the relying party will start with the assumption that the > subscriber with whom it is trying to form a key management certificate > path or digital signature certificate verification path is also in the > same domain and hence will follow the caCertificate attribute link > first. > > If the application requires more communication across the domain, the > relying party will start with the assumption that the subscriber with > whom it is trying to form a key management certificate path or digital > signature certificate verification path is in another domain and hence > will use forward element of the crossCertificatePair attribute under > option 1 and forward element of the (crossCertificatePair - > caCertificate) under option 2 first. > > If there is no bias in communication intra or inter domain, the relying > party has lost nothing and will always find a trust path, if there is > one. > <SNIP> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24302 for ietf-pkix-bks; Wed, 9 Sep 1998 10:39:26 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24298 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:39:24 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ820>; Wed, 9 Sep 1998 13:44:33 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 13:44:32 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk The subscriber authentication at the various stages (such as initial registration, registration after revocation, revocation request, normal rekey, etc.) is supposed to be described in the certificate policy. Thus, the certificate policy asserted points to the authentication method. There is NO need for another extension. > -----Original Message----- > From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > Sent: Wednesday, September 09, 1998 1:16 PM > To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > > In using certificates, it is useful to know what form of > > authentication is used by a CA to identify a new certificate > > requester. A certificate extension seems the best place to store > > this information. > > This sounds to me like a trip into a quagmire. I don't think that > it is possible to charaterize authentication mechanisms usefully > in a set of binary flags. > > For example two CAs may be requiring presentation of a driving > license for authentication, only one CA may be using a state of > MA license with photo ID and another a UK driving license without > photo ID. > > Even with documents such as passports there is considerable > variation between countries in the strictness of their proceedures. > > Then there are proceedural variations, is the applicant present > in person or were the credentials merely faxed... > > > Nor is the mechanism of authentication by itself particularly > usefull unless there is an evaluation of the reliability of the > party performing it. > > Of course one can start to characterise these characteristics > as well but to do so merely throws up yet more information which > might be relevant, factors which become increasingly subjective. > > > This is a hard AI problem - establishing a shared vocabulary of > terms which permits exchange of concepts whose semantics are > not embedded in the communication mechanism or indeed any > mechanism for which a formal description is available. > > Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24200 for ietf-pkix-bks; Wed, 9 Sep 1998 10:27:25 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24196 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:27:22 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ82Z>; Wed, 9 Sep 1998 13:32:31 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A62@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Kurn, David'" <david.kurn@compaq.com>, Santosh Chokhani <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 13:32:28 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Let us say an application requires more communication within a domain. Then the relying party will start with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is also in the same domain and hence will follow the caCertificate attribute link first. If the application requires more communication across the domain, the relying party will start with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is in another domain and hence will use forward element of the crossCertificatePair attribute under option 1 and forward element of the (crossCertificatePair - caCertificate) under option 2 first. If there is no bias in communication intra or inter domain, the relying party has lost nothing and will always find a trust path, if there is one. > -----Original Message----- > From: Kurn, David [SMTP:david.kurn@compaq.com] > Sent: Wednesday, September 09, 1998 1:12 PM > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Santosh > > I seem to sense a circularity of definition. If I interpret your > comment > correctly, you place a cert in the caCertificate attribute if it > belongs to > the same domain, and you can determine that it's in the same domain by > seeing if it's in the caCertificate attribute. Exactly how I would > use this > in a computer program is unclear. Perhaps you could sketch out some > program logic one would use. > > David > > > -----Original Message----- > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > Sent: Wednesday, September 09, 1998 9:53 AM > > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; > 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > > David: > > > > In both options 1 and 2, a relying party can determine which issuing > CAs > > are considered in the domain of the subject CA by looking at > > caCertificate attribute and the forward element of the > > crossCertificatePair attribute. > > > > In option 1, it is straightforward. > > > > In option 2, you have to subtract the caCertificate from the > > crossCertificatePair to get the two sets. > > > > These two domains are from the subject CA's perspective. It may or > may > > not be in the domain of the relying party. > > > > > -----Original Message----- > > > From: Kurn, David [SMTP:david.kurn@compaq.com] > > > Sent: Wednesday, September 09, 1998 12:16 PM > > > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: RE: forward & reverse elements - population > > > > > > Santosh > > > > > > Sorry to ask what must be a very naive question. If, as you > suggest, > > > the > > > "definition of a domain is purely a matter of local policy", then > I > > > think > > > that the term "domain" is undefined for the purposes of a > standard. > > > If so, > > > then I find it difficult to define any algorhithm (not necessarily > > > computer > > > based) or any process by which anyone could determine whether a CA > is > > > in the > > > same or a different domain. > > > > > > Think, for example, of a general purpose application program (like > a > > > mail > > > client) trying to answer the question "is that CA inside or > outside of > > > my > > > domain". > > > > > > Back in my college days, my math professors made it painfully > clear > > > that if > > > you define a set, you must also provide a rule whereby you can > > > determine > > > whether a given element is inside or outside of that set. Without > > > such a > > > rule, the set is undefined. > > > > > > It may be that the definition of "domain" is elsewhere in the > > > document, but > > > I cannot find it. > > > > > > David Kurn > > > Compaq Computer Corp > > > Electronic Commerce Stuff > > > > > > > -----Original Message----- > > > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > > > Sent: Wednesday, September 09, 1998 8:27 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > > Subject: RE: forward & reverse elements - population > > > > > > > > Yes. I agree. The following is the revised text. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. If there are any self-issued certificates > and > > > they > > > > require publication, the caCertificate attribute shall be used > to > > > store > > > > them. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store > certificates > > > > issued to this CA by CAs in other domains. Optionally, the > reverse > > > > element of the crossCertificatePair attribute, held in a > particular > > > CA's > > > > directory entry, may contain a subset of certificates issued by > this > > > CA > > > > to other CAs. When both the forward and the reverse elements > are > > > > present, issuer name in one certificate shall match the subject > name > > > in > > > > the other and vice versa, and the subject public key in one > > > certificate > > > > shall be capable of verifying the digital signature on the other > > > > certificate and vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. If there are any self-issued certificates > and > > > they > > > > require publication, the caCertificate attribute shall be used > to > > > store > > > > them. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store all > > > certificates > > > > issued to this CA. Optionally, the reverse element of the > > > > crossCertificatePair attribute, held in a particular CA's > directory > > > > entry, may contain a subset of certificates issued by this CA to > > > other > > > > CAs. When both the forward and the reverse elements are > present, > > > issuer > > > > name in one certificate shall match the subject name in the > other > > > and > > > > vice versa, and the subject public key in one certificate shall > be > > > > capable of verifying the digital signature on the other > certificate > > > and > > > > vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > -----Original Message----- > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > Sent: Wednesday, September 09, 1998 11:02 AM > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > I agree that the texts below are consistent with the original > > > intent > > > > > of the > > > > > 2 options and I also agree that they are clearer than the > original > > > > > texts > > > > > except, possibly for coverage of self issued certificates. > > > Shouldn't > > > > > we also > > > > > state explicitly that self issued certs are stored only in the > > > > > cACertificate > > > > > attribute for both options? > > > > > > > > > > > > > > > > ---------- > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > Sent: September 9, 1998 9:08 AM > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh > Chokhani > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > Sharon: > > > > > > > > > > > > I can agree to the following text for the two option > instead. > > > > > Please > > > > > > note that I have further clarified cross-certificate by > tying > > > the DN > > > > > and > > > > > > public keys. > > > > > > > > > > > > I think the following texts are consistent with and further > > > > > > clarifications of the two options. > > > > > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > > > > > And I option 2 :-) > > > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > > > > > The cACertificate attribute, held in a particular CA's > directory > > > > > entry, > > > > > > shall be used to store certificates issued to this CA by CAs > in > > > the > > > > > same > > > > > > domain as this CA. > > > > > > > > > > > > The forward element of the crossCertificatePair attribute, > held > > > in a > > > > > > particular CA's directory entry, shall be used to store > > > certificates > > > > > > issued to this CA by CAs in other domains. Optionally, the > > > reverse > > > > > > element of the crossCertificatePair attribute, held in a > > > particular > > > > > CA's > > > > > > directory entry, may contain a subset of certificates issued > by > > > this > > > > > CA > > > > > > to other CAs. When both the forward and the reverse > elements > > > are > > > > > > present, issuer name in one certificate shall match the > subject > > > name > > > > > in > > > > > > the other and vice versa, and the subject public key in one > > > > > certificate > > > > > > shall be capable of verifying the digital signature on the > other > > > > > > certificate and vice versa. > > > > > > > > > > > > In the case of V3 certificates, none of the above CA > > > certificates > > > > > shall > > > > > > include a basicConstraints extension with the cA value set > to > > > FALSE. > > > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > > > > > The cACertificate attribute, held in a particular CA's > directory > > > > > entry, > > > > > > shall be used to store certificates issued to this CA by CAs > in > > > the > > > > > same > > > > > > domain as this CA. > > > > > > > > > > > > The forward element of the crossCertificatePair attribute, > held > > > in a > > > > > > particular CA's directory entry, shall be used to store all > > > > > certificates > > > > > > issued to this CA. Optionally, the reverse element of the > > > > > > crossCertificatePair attribute, held in a particular CA's > > > directory > > > > > > entry, may contain a subset of certificates issued by this > CA to > > > > > other > > > > > > CAs. When both the forward and the reverse elements are > > > present, > > > > > issuer > > > > > > name in one certificate shall match the subject name in the > > > other > > > > > and > > > > > > vice versa, and the subject public key in one certificate > shall > > > be > > > > > > capable of verifying the digital signature on the other > > > certificate > > > > > and > > > > > > vice versa. > > > > > > > > > > > > In the case of V3 certificates, none of the above CA > > > certificates > > > > > shall > > > > > > include a basicConstraints extension with the cA value set > to > > > FALSE. > > > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > > > Subject: RE: forward & reverse elements - > population > > > > > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > > > > > [] I agree. I do not have problem with the > following > > > > > language. > > > > > > > > " A certificate issued to a CA by another shall be > stored > > > either > > > > > in > > > > > > > the > > > > > > > > caCertificate or forward component of > crossCertificatePair > > > > > attribute > > > > > > > of > > > > > > > > the subject CA. Optionally, a subset of certificates > issued > > > by > > > > > a CA > > > > > > > can > > > > > > > > be stored in the reverse component of > crossCertificatePair > > > > > attribute > > > > > > > of > > > > > > > > the issuing CA." > > > > > > > > > > > > > > > > Please note that to me subset includes none, > some, or > > > > > all. If > > > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > > > > > Santosh, the only issue I have with this text is that (at > > > least > > > > > with > > > > > > > the > > > > > > > rationale behind option 2) any cert that appears in the > > > > > cACertificate > > > > > > > attribute of a given CA > > > > > > > entry, should also appear in the crossCertificatePair > > > attribute in > > > > > the > > > > > > > same > > > > > > > CA entry. > > > > > > > What about deleting the reference to the cACertificate > > > attribute > > > > > from > > > > > > > your > > > > > > > text and proposing this as new text just for the > > > > > crossCertificatePair > > > > > > > attribute? > > > > > > > > > > > > > > Both Jan and David have indicated reasons to keep the > "pair" > > > > > together > > > > > > > in the > > > > > > > mutual case, so we should also consider adding the last > > > paragraph > > > > > of > > > > > > > the > > > > > > > text David proposed for that. > > > > > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > > > > > " A certificate issued to a CA by another shall be > stored in > > > the > > > > > > > > forward component of crossCertificatePair attribute of > > > > > > > > the subject CA. Optionally, a subset of certificates > issued > > > by > > > > > a CA > > > > > > > can > > > > > > > > be stored in the reverse component of > crossCertificatePair > > > > > attribute > > > > > > > of > > > > > > > > the issuing CA. When both elements are present in the > same > > > > > value, > > > > > > > the > > > > > > > > value shall represent a mutual cross-certification of > the > > > two > > > > > CAs. " > > > > > > > > > > > > > > > If we can come to consensus on that attribute, then let's > see > > > what > > > > > we > > > > > > > can do > > > > > > > with the cACertificate attribute text. > > > > > > > > > > > > > > I agree with your view on what a subset is and I think > that > > > same > > > > > > > definition > > > > > > > would apply to the contents of the cACertificate attribute > as > > > a > > > > > subset > > > > > > > of > > > > > > > the crossCertificatePair forward elements in option 2. > > > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA23916 for ietf-pkix-bks; Wed, 9 Sep 1998 10:11:15 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA23912 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:11:01 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id KAA26409; Wed, 9 Sep 1998 10:13:52 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id KAA05799; Wed, 9 Sep 1998 10:15:38 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Mike Smith" <mfsmith@zionsbank.com>, <william.burr@nist.gov>, <BJUENEMAN@novell.com> Cc: <ietf-pkix@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 13:15:46 -0400 Message-ID: <001f01bddc15$7bf63980$ee0110ac@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <s5f6527f.038@zionsbank.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk > In using certificates, it is useful to know what form of > authentication is used by a CA to identify a new certificate > requester. A certificate extension seems the best place to store > this information. This sounds to me like a trip into a quagmire. I don't think that it is possible to charaterize authentication mechanisms usefully in a set of binary flags. For example two CAs may be requiring presentation of a driving license for authentication, only one CA may be using a state of MA license with photo ID and another a UK driving license without photo ID. Even with documents such as passports there is considerable variation between countries in the strictness of their proceedures. Then there are proceedural variations, is the applicant present in person or were the credentials merely faxed... Nor is the mechanism of authentication by itself particularly usefull unless there is an evaluation of the reliability of the party performing it. Of course one can start to characterise these characteristics as well but to do so merely throws up yet more information which might be relevant, factors which become increasingly subjective. This is a hard AI problem - establishing a shared vocabulary of terms which permits exchange of concepts whose semantics are not embedded in the communication mechanism or indeed any mechanism for which a formal description is available. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA23875 for ietf-pkix-bks; Wed, 9 Sep 1998 10:07:22 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA23871 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:07:21 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id KAA25223; Wed, 9 Sep 1998 10:12:27 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04M21Q3>; Wed, 9 Sep 1998 10:12:23 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF566@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 10:12:22 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh I seem to sense a circularity of definition. If I interpret your comment correctly, you place a cert in the caCertificate attribute if it belongs to the same domain, and you can determine that it's in the same domain by seeing if it's in the caCertificate attribute. Exactly how I would use this in a computer program is unclear. Perhaps you could sketch out some program logic one would use. David > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Wednesday, September 09, 1998 9:53 AM > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > David: > > In both options 1 and 2, a relying party can determine which issuing CAs > are considered in the domain of the subject CA by looking at > caCertificate attribute and the forward element of the > crossCertificatePair attribute. > > In option 1, it is straightforward. > > In option 2, you have to subtract the caCertificate from the > crossCertificatePair to get the two sets. > > These two domains are from the subject CA's perspective. It may or may > not be in the domain of the relying party. > > > -----Original Message----- > > From: Kurn, David [SMTP:david.kurn@compaq.com] > > Sent: Wednesday, September 09, 1998 12:16 PM > > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > > Santosh > > > > Sorry to ask what must be a very naive question. If, as you suggest, > > the > > "definition of a domain is purely a matter of local policy", then I > > think > > that the term "domain" is undefined for the purposes of a standard. > > If so, > > then I find it difficult to define any algorhithm (not necessarily > > computer > > based) or any process by which anyone could determine whether a CA is > > in the > > same or a different domain. > > > > Think, for example, of a general purpose application program (like a > > mail > > client) trying to answer the question "is that CA inside or outside of > > my > > domain". > > > > Back in my college days, my math professors made it painfully clear > > that if > > you define a set, you must also provide a rule whereby you can > > determine > > whether a given element is inside or outside of that set. Without > > such a > > rule, the set is undefined. > > > > It may be that the definition of "domain" is elsewhere in the > > document, but > > I cannot find it. > > > > David Kurn > > Compaq Computer Corp > > Electronic Commerce Stuff > > > > > -----Original Message----- > > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > > Sent: Wednesday, September 09, 1998 8:27 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > Subject: RE: forward & reverse elements - population > > > > > > Yes. I agree. The following is the revised text. > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. If there are any self-issued certificates and > > they > > > require publication, the caCertificate attribute shall be used to > > store > > > them. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store certificates > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > element of the crossCertificatePair attribute, held in a particular > > CA's > > > directory entry, may contain a subset of certificates issued by this > > CA > > > to other CAs. When both the forward and the reverse elements are > > > present, issuer name in one certificate shall match the subject name > > in > > > the other and vice versa, and the subject public key in one > > certificate > > > shall be capable of verifying the digital signature on the other > > > certificate and vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. If there are any self-issued certificates and > > they > > > require publication, the caCertificate attribute shall be used to > > store > > > them. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store all > > certificates > > > issued to this CA. Optionally, the reverse element of the > > > crossCertificatePair attribute, held in a particular CA's directory > > > entry, may contain a subset of certificates issued by this CA to > > other > > > CAs. When both the forward and the reverse elements are present, > > issuer > > > name in one certificate shall match the subject name in the other > > and > > > vice versa, and the subject public key in one certificate shall be > > > capable of verifying the digital signature on the other certificate > > and > > > vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > -----Original Message----- > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > Sent: Wednesday, September 09, 1998 11:02 AM > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > Subject: RE: forward & reverse elements - population > > > > > > > > I agree that the texts below are consistent with the original > > intent > > > > of the > > > > 2 options and I also agree that they are clearer than the original > > > > texts > > > > except, possibly for coverage of self issued certificates. > > Shouldn't > > > > we also > > > > state explicitly that self issued certs are stored only in the > > > > cACertificate > > > > attribute for both options? > > > > > > > > > > > > > ---------- > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > Sent: September 9, 1998 9:08 AM > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > Sharon: > > > > > > > > > > I can agree to the following text for the two option instead. > > > > Please > > > > > note that I have further clarified cross-certificate by tying > > the DN > > > > and > > > > > public keys. > > > > > > > > > > I think the following texts are consistent with and further > > > > > clarifications of the two options. > > > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > > > And I option 2 :-) > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > > entry, > > > > > shall be used to store certificates issued to this CA by CAs in > > the > > > > same > > > > > domain as this CA. > > > > > > > > > > The forward element of the crossCertificatePair attribute, held > > in a > > > > > particular CA's directory entry, shall be used to store > > certificates > > > > > issued to this CA by CAs in other domains. Optionally, the > > reverse > > > > > element of the crossCertificatePair attribute, held in a > > particular > > > > CA's > > > > > directory entry, may contain a subset of certificates issued by > > this > > > > CA > > > > > to other CAs. When both the forward and the reverse elements > > are > > > > > present, issuer name in one certificate shall match the subject > > name > > > > in > > > > > the other and vice versa, and the subject public key in one > > > > certificate > > > > > shall be capable of verifying the digital signature on the other > > > > > certificate and vice versa. > > > > > > > > > > In the case of V3 certificates, none of the above CA > > certificates > > > > shall > > > > > include a basicConstraints extension with the cA value set to > > FALSE. > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > > entry, > > > > > shall be used to store certificates issued to this CA by CAs in > > the > > > > same > > > > > domain as this CA. > > > > > > > > > > The forward element of the crossCertificatePair attribute, held > > in a > > > > > particular CA's directory entry, shall be used to store all > > > > certificates > > > > > issued to this CA. Optionally, the reverse element of the > > > > > crossCertificatePair attribute, held in a particular CA's > > directory > > > > > entry, may contain a subset of certificates issued by this CA to > > > > other > > > > > CAs. When both the forward and the reverse elements are > > present, > > > > issuer > > > > > name in one certificate shall match the subject name in the > > other > > > > and > > > > > vice versa, and the subject public key in one certificate shall > > be > > > > > capable of verifying the digital signature on the other > > certificate > > > > and > > > > > vice versa. > > > > > > > > > > In the case of V3 certificates, none of the above CA > > certificates > > > > shall > > > > > include a basicConstraints extension with the cA value set to > > FALSE. > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > > > [] I agree. I do not have problem with the following > > > > language. > > > > > > > " A certificate issued to a CA by another shall be stored > > either > > > > in > > > > > > the > > > > > > > caCertificate or forward component of crossCertificatePair > > > > attribute > > > > > > of > > > > > > > the subject CA. Optionally, a subset of certificates issued > > by > > > > a CA > > > > > > can > > > > > > > be stored in the reverse component of crossCertificatePair > > > > attribute > > > > > > of > > > > > > > the issuing CA." > > > > > > > > > > > > > > Please note that to me subset includes none, some, or > > > > all. If > > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > > > Santosh, the only issue I have with this text is that (at > > least > > > > with > > > > > > the > > > > > > rationale behind option 2) any cert that appears in the > > > > cACertificate > > > > > > attribute of a given CA > > > > > > entry, should also appear in the crossCertificatePair > > attribute in > > > > the > > > > > > same > > > > > > CA entry. > > > > > > What about deleting the reference to the cACertificate > > attribute > > > > from > > > > > > your > > > > > > text and proposing this as new text just for the > > > > crossCertificatePair > > > > > > attribute? > > > > > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > > > together > > > > > > in the > > > > > > mutual case, so we should also consider adding the last > > paragraph > > > > of > > > > > > the > > > > > > text David proposed for that. > > > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > > > " A certificate issued to a CA by another shall be stored in > > the > > > > > > > forward component of crossCertificatePair attribute of > > > > > > > the subject CA. Optionally, a subset of certificates issued > > by > > > > a CA > > > > > > can > > > > > > > be stored in the reverse component of crossCertificatePair > > > > attribute > > > > > > of > > > > > > > the issuing CA. When both elements are present in the same > > > > value, > > > > > > the > > > > > > > value shall represent a mutual cross-certification of the > > two > > > > CAs. " > > > > > > > > > > > > > If we can come to consensus on that attribute, then let's see > > what > > > > we > > > > > > can do > > > > > > with the cACertificate attribute text. > > > > > > > > > > > > I agree with your view on what a subset is and I think that > > same > > > > > > definition > > > > > > would apply to the contents of the cACertificate attribute as > > a > > > > subset > > > > > > of > > > > > > the crossCertificatePair forward elements in option 2. > > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23614 for ietf-pkix-bks; Wed, 9 Sep 1998 09:48:09 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23601 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:48:05 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ81N>; Wed, 9 Sep 1998 12:53:13 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A61@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Kurn, David'" <david.kurn@compaq.com>, Santosh Chokhani <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 12:53:12 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk David: In both options 1 and 2, a relying party can determine which issuing CAs are considered in the domain of the subject CA by looking at caCertificate attribute and the forward element of the crossCertificatePair attribute. In option 1, it is straightforward. In option 2, you have to subtract the caCertificate from the crossCertificatePair to get the two sets. These two domains are from the subject CA's perspective. It may or may not be in the domain of the relying party. > -----Original Message----- > From: Kurn, David [SMTP:david.kurn@compaq.com] > Sent: Wednesday, September 09, 1998 12:16 PM > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Santosh > > Sorry to ask what must be a very naive question. If, as you suggest, > the > "definition of a domain is purely a matter of local policy", then I > think > that the term "domain" is undefined for the purposes of a standard. > If so, > then I find it difficult to define any algorhithm (not necessarily > computer > based) or any process by which anyone could determine whether a CA is > in the > same or a different domain. > > Think, for example, of a general purpose application program (like a > mail > client) trying to answer the question "is that CA inside or outside of > my > domain". > > Back in my college days, my math professors made it painfully clear > that if > you define a set, you must also provide a rule whereby you can > determine > whether a given element is inside or outside of that set. Without > such a > rule, the set is undefined. > > It may be that the definition of "domain" is elsewhere in the > document, but > I cannot find it. > > David Kurn > Compaq Computer Corp > Electronic Commerce Stuff > > > -----Original Message----- > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > Sent: Wednesday, September 09, 1998 8:27 AM > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > Subject: RE: forward & reverse elements - population > > > > Yes. I agree. The following is the revised text. > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. If there are any self-issued certificates and > they > > require publication, the caCertificate attribute shall be used to > store > > them. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store certificates > > issued to this CA by CAs in other domains. Optionally, the reverse > > element of the crossCertificatePair attribute, held in a particular > CA's > > directory entry, may contain a subset of certificates issued by this > CA > > to other CAs. When both the forward and the reverse elements are > > present, issuer name in one certificate shall match the subject name > in > > the other and vice versa, and the subject public key in one > certificate > > shall be capable of verifying the digital signature on the other > > certificate and vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. If there are any self-issued certificates and > they > > require publication, the caCertificate attribute shall be used to > store > > them. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store all > certificates > > issued to this CA. Optionally, the reverse element of the > > crossCertificatePair attribute, held in a particular CA's directory > > entry, may contain a subset of certificates issued by this CA to > other > > CAs. When both the forward and the reverse elements are present, > issuer > > name in one certificate shall match the subject name in the other > and > > vice versa, and the subject public key in one certificate shall be > > capable of verifying the digital signature on the other certificate > and > > vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > > -----Original Message----- > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > Sent: Wednesday, September 09, 1998 11:02 AM > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > Subject: RE: forward & reverse elements - population > > > > > > I agree that the texts below are consistent with the original > intent > > > of the > > > 2 options and I also agree that they are clearer than the original > > > texts > > > except, possibly for coverage of self issued certificates. > Shouldn't > > > we also > > > state explicitly that self issued certs are stored only in the > > > cACertificate > > > attribute for both options? > > > > > > > > > > ---------- > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > Sent: September 9, 1998 9:08 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > > Subject: RE: forward & reverse elements - population > > > > > > > > Sharon: > > > > > > > > I can agree to the following text for the two option instead. > > > Please > > > > note that I have further clarified cross-certificate by tying > the DN > > > and > > > > public keys. > > > > > > > > I think the following texts are consistent with and further > > > > clarifications of the two options. > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > And I option 2 :-) > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store > certificates > > > > issued to this CA by CAs in other domains. Optionally, the > reverse > > > > element of the crossCertificatePair attribute, held in a > particular > > > CA's > > > > directory entry, may contain a subset of certificates issued by > this > > > CA > > > > to other CAs. When both the forward and the reverse elements > are > > > > present, issuer name in one certificate shall match the subject > name > > > in > > > > the other and vice versa, and the subject public key in one > > > certificate > > > > shall be capable of verifying the digital signature on the other > > > > certificate and vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store all > > > certificates > > > > issued to this CA. Optionally, the reverse element of the > > > > crossCertificatePair attribute, held in a particular CA's > directory > > > > entry, may contain a subset of certificates issued by this CA to > > > other > > > > CAs. When both the forward and the reverse elements are > present, > > > issuer > > > > name in one certificate shall match the subject name in the > other > > > and > > > > vice versa, and the subject public key in one certificate shall > be > > > > capable of verifying the digital signature on the other > certificate > > > and > > > > vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > [] I agree. I do not have problem with the following > > > language. > > > > > > " A certificate issued to a CA by another shall be stored > either > > > in > > > > > the > > > > > > caCertificate or forward component of crossCertificatePair > > > attribute > > > > > of > > > > > > the subject CA. Optionally, a subset of certificates issued > by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA." > > > > > > > > > > > > Please note that to me subset includes none, some, or > > > all. If > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > Santosh, the only issue I have with this text is that (at > least > > > with > > > > > the > > > > > rationale behind option 2) any cert that appears in the > > > cACertificate > > > > > attribute of a given CA > > > > > entry, should also appear in the crossCertificatePair > attribute in > > > the > > > > > same > > > > > CA entry. > > > > > What about deleting the reference to the cACertificate > attribute > > > from > > > > > your > > > > > text and proposing this as new text just for the > > > crossCertificatePair > > > > > attribute? > > > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > > together > > > > > in the > > > > > mutual case, so we should also consider adding the last > paragraph > > > of > > > > > the > > > > > text David proposed for that. > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > " A certificate issued to a CA by another shall be stored in > the > > > > > > forward component of crossCertificatePair attribute of > > > > > > the subject CA. Optionally, a subset of certificates issued > by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA. When both elements are present in the same > > > value, > > > > > the > > > > > > value shall represent a mutual cross-certification of the > two > > > CAs. " > > > > > > > > > > > If we can come to consensus on that attribute, then let's see > what > > > we > > > > > can do > > > > > with the cACertificate attribute text. > > > > > > > > > > I agree with your view on what a subset is and I think that > same > > > > > definition > > > > > would apply to the contents of the cACertificate attribute as > a > > > subset > > > > > of > > > > > the crossCertificatePair forward elements in option 2. > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23427 for ietf-pkix-bks; Wed, 9 Sep 1998 09:34:54 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23423 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:34:53 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Wed, 9 Sep 1998 17:38:36 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: ietf-pkix@imc.org Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 09 Sep 1998 17:38:35 +0100 Message-ID: <21781.905359115@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23385 for ietf-pkix-bks; Wed, 9 Sep 1998 09:31:49 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23381 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:31:48 -0700 (PDT) Message-Id: <199809091631.JAA23381@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 09 Sep 1998 09:36:53 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: New Extension Proposed: Method Of Authentication In-Reply-To: <s5f6527f.038@zionsbank.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk It seems to me that the certificate policies (section 4.2.1.5) is still the proper place for this. If we create a set of bits that says how the CA is authenticating, unless the statement in the new bits is *exactly* what the CA is using, they should not commit to those bits because someone later can say "but you said you were doing such-and-so". The CPS is under their control. Can you be specific about the advantage of what you are proposing versus the certificate policy? --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23254 for ietf-pkix-bks; Wed, 9 Sep 1998 09:18:59 -0700 (PDT) Received: from hpb.hc-sc.gc.ca (hpb.hc-sc.gc.ca [198.103.237.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23250 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:18:58 -0700 (PDT) From: Alan_Buffett@hc-sc.gc.ca Received: from intdns.hwc.ca (intdns.hc-sc.gc.ca [198.103.172.78]) by hpb.hc-sc.gc.ca (8.8.7/8.7.3) with ESMTP id MAA10130 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:23:46 -0400 (EDT) Received: from smta00.hc-sc.gc.ca (smta00.hc-sc.gc.ca [142.4.1.25]) by intdns.hwc.ca (8.8.5/8.7.3) with SMTP id MAA21732 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:23:44 -0400 (EDT) Received: by smta00.hc-sc.gc.ca(Lotus SMTP MTA v1.1 (385.6 5-6-1997)) id 8525667A.005A117D ; Wed, 9 Sep 1998 12:23:47 -0400 X-Lotus-FromDomain: HWC To: ietf-pkix@imc.org Message-ID: <8525667A.005A035D.00@smta00.hc-sc.gc.ca> Date: Wed, 9 Sep 1998 12:23:30 -0400 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan Buffett 09/09/98 12:23 PM Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23155 for ietf-pkix-bks; Wed, 9 Sep 1998 09:10:39 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23151 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:10:38 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id JAA17200; Wed, 9 Sep 1998 09:15:41 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04M2DH3>; Wed, 9 Sep 1998 09:15:37 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF564@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 09:15:34 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Sorry to ask what must be a very naive question. If, as you suggest, the "definition of a domain is purely a matter of local policy", then I think that the term "domain" is undefined for the purposes of a standard. If so, then I find it difficult to define any algorhithm (not necessarily computer based) or any process by which anyone could determine whether a CA is in the same or a different domain. Think, for example, of a general purpose application program (like a mail client) trying to answer the question "is that CA inside or outside of my domain". Back in my college days, my math professors made it painfully clear that if you define a set, you must also provide a rule whereby you can determine whether a given element is inside or outside of that set. Without such a rule, the set is undefined. It may be that the definition of "domain" is elsewhere in the document, but I cannot find it. David Kurn Compaq Computer Corp Electronic Commerce Stuff > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Wednesday, September 09, 1998 8:27 AM > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > Subject: RE: forward & reverse elements - population > > Yes. I agree. The following is the revised text. > > NEW PROPOSED TEXT FOR OPTION 1 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. If there are any self-issued certificates and they > require publication, the caCertificate attribute shall be used to store > them. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. Optionally, the reverse > element of the crossCertificatePair attribute, held in a particular CA's > directory entry, may contain a subset of certificates issued by this CA > to other CAs. When both the forward and the reverse elements are > present, issuer name in one certificate shall match the subject name in > the other and vice versa, and the subject public key in one certificate > shall be capable of verifying the digital signature on the other > certificate and vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > NEW PROPOSED TEXT FOR OPTION 2 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. If there are any self-issued certificates and they > require publication, the caCertificate attribute shall be used to store > them. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store all certificates > issued to this CA. Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, may contain a subset of certificates issued by this CA to other > CAs. When both the forward and the reverse elements are present, issuer > name in one certificate shall match the subject name in the other and > vice versa, and the subject public key in one certificate shall be > capable of verifying the digital signature on the other certificate and > vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Wednesday, September 09, 1998 11:02 AM > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > Subject: RE: forward & reverse elements - population > > > > I agree that the texts below are consistent with the original intent > > of the > > 2 options and I also agree that they are clearer than the original > > texts > > except, possibly for coverage of self issued certificates. Shouldn't > > we also > > state explicitly that self issued certs are stored only in the > > cACertificate > > attribute for both options? > > > > > > > ---------- > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > Sent: September 9, 1998 9:08 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > Subject: RE: forward & reverse elements - population > > > > > > Sharon: > > > > > > I can agree to the following text for the two option instead. > > Please > > > note that I have further clarified cross-certificate by tying the DN > > and > > > public keys. > > > > > > I think the following texts are consistent with and further > > > clarifications of the two options. > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > And I option 2 :-) > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store certificates > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > element of the crossCertificatePair attribute, held in a particular > > CA's > > > directory entry, may contain a subset of certificates issued by this > > CA > > > to other CAs. When both the forward and the reverse elements are > > > present, issuer name in one certificate shall match the subject name > > in > > > the other and vice versa, and the subject public key in one > > certificate > > > shall be capable of verifying the digital signature on the other > > > certificate and vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store all > > certificates > > > issued to this CA. Optionally, the reverse element of the > > > crossCertificatePair attribute, held in a particular CA's directory > > > entry, may contain a subset of certificates issued by this CA to > > other > > > CAs. When both the forward and the reverse elements are present, > > issuer > > > name in one certificate shall match the subject name in the other > > and > > > vice versa, and the subject public key in one certificate shall be > > > capable of verifying the digital signature on the other certificate > > and > > > vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > -----Original Message----- > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > ---------- > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > Sent: September 8, 1998 10:05 AM > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > --stuff deleted > > > > > > > > > > > [] I agree. I do not have problem with the following > > language. > > > > > " A certificate issued to a CA by another shall be stored either > > in > > > > the > > > > > caCertificate or forward component of crossCertificatePair > > attribute > > > > of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA." > > > > > > > > > > Please note that to me subset includes none, some, or > > all. If > > > > > folks want further clarification, it is ok by me. > > > > > > > > > Santosh, the only issue I have with this text is that (at least > > with > > > > the > > > > rationale behind option 2) any cert that appears in the > > cACertificate > > > > attribute of a given CA > > > > entry, should also appear in the crossCertificatePair attribute in > > the > > > > same > > > > CA entry. > > > > What about deleting the reference to the cACertificate attribute > > from > > > > your > > > > text and proposing this as new text just for the > > crossCertificatePair > > > > attribute? > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > together > > > > in the > > > > mutual case, so we should also consider adding the last paragraph > > of > > > > the > > > > text David proposed for that. > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > > forward component of crossCertificatePair attribute of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA. When both elements are present in the same > > value, > > > > the > > > > > value shall represent a mutual cross-certification of the two > > CAs. " > > > > > > > > > If we can come to consensus on that attribute, then let's see what > > we > > > > can do > > > > with the cACertificate attribute text. > > > > > > > > I agree with your view on what a subset is and I think that same > > > > definition > > > > would apply to the contents of the cACertificate attribute as a > > subset > > > > of > > > > the crossCertificatePair forward elements in option 2. > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23089 for ietf-pkix-bks; Wed, 9 Sep 1998 09:03:17 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23085 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:03:16 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Wed, 09 Sep 1998 10:03:43 -0600 Message-Id: <s5f6527f.038@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Wed, 09 Sep 1998 10:03:36 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: william.burr@nist.gov, BJUENEMAN@novell.com Cc: ietf-pkix@imc.org Subject: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk In using certificates, it is useful to know what form of authentication is used by a CA to identify a new certificate requester. A certificate extension seems the best place to store this information. At one time, Bob Jeuneman prepared a paper proposing this extension and detailing many categories, from anonymous, self-authenticated, self authenticated with data verifired (or with credit account, etc.), authenticated in person, in person with governement-issued picture ID, multiple forms of government picture IDs with current credit reports and corporate D&B, etc. The current practice, I beleive, is to embed the authentication mechanism in a CA operations or policy statement tha may or may not be online for someone to peruse and make their own judgement. Putting a clear indicator in the signed cert would help. Comments? Bob? Michael Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23032 for ietf-pkix-bks; Wed, 9 Sep 1998 09:00:26 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23028 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:00:24 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ75P>; Wed, 9 Sep 1998 12:05:31 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A60@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Denis.Pinkas@bull.net'" <Denis.Pinkas@bull.net>, Santosh Chokhani <chokhani@cygnacom.com> Cc: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 12:05:30 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis: I agree with you. Clarification of the text is easy. However, I have a question. Must a certificate issued to a CA appear in the forward element, caCertificate or can it be missing altogether? I think the text in terms of saying that the forward element need not be present in all cases is easy. > -----Original Message----- > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > Sent: Wednesday, September 09, 1998 8:44 PM > To: Santosh Chokhani > Cc: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: Re: forward & reverse elements - population > > Santosh, > > Your new proposed text does not address my concern correctly. > > For a crossCertificatePair Attribute, either the forward element only > MAY be present, or the reverse element only MAY be present, or the > reverse and the forward elements may be both present. > > Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward > element > shall not be mandated to be present in a crossCertificatePair > Attribute. > > Denis > > > Sharon: > > > I can agree to the following text for the two option instead. > Please > > note that I have further clarified cross-certificate by tying the DN > and > > public keys. > > > > I think the following texts are consistent with and further > > clarifications of the two options. > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store certificates > > issued to this CA by CAs in other domains. Optionally, the reverse > > element of the crossCertificatePair attribute, held in a particular > CA's > > directory entry, may contain a subset of certificates issued by this > CA > > to other CAs. When both the forward and the reverse elements are > > present, issuer name in one certificate shall match the subject name > in > > the other and vice versa, and the subject public key in one > certificate > > shall be capable of verifying the digital signature on the other > > certificate and vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store all > certificates > > issued to this CA. Optionally, the reverse element of the > > crossCertificatePair attribute, held in a particular CA's directory > > entry, may contain a subset of certificates issued by this CA to > other > > CAs. When both the forward and the reverse elements are present, > issuer > > name in one certificate shall match the subject name in the other > and > > vice versa, and the subject public key in one certificate shall be > > capable of verifying the digital signature on the other certificate > and > > vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > > -----Original Message----- > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > ---------- > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > Sent: September 8, 1998 10:05 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > Subject: RE: forward & reverse elements - population > > > > > > > --stuff deleted > > > > > > > > > [] I agree. I do not have problem with the following > language. > > > > " A certificate issued to a CA by another shall be stored either > in > > > the > > > > caCertificate or forward component of crossCertificatePair > attribute > > > of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA." > > > > > > > > Please note that to me subset includes none, some, or all. > If > > > > folks want further clarification, it is ok by me. > > > > > > > Santosh, the only issue I have with this text is that (at least > with > > > the > > > rationale behind option 2) any cert that appears in the > cACertificate > > > attribute of a given CA > > > entry, should also appear in the crossCertificatePair attribute in > the > > > same > > > CA entry. > > > What about deleting the reference to the cACertificate attribute > from > > > your > > > text and proposing this as new text just for the > crossCertificatePair > > > attribute? > > > > > > Both Jan and David have indicated reasons to keep the "pair" > together > > > in the > > > mutual case, so we should also consider adding the last paragraph > of > > > the > > > text David proposed for that. > > > > > > Here's what the resulting text proposal would look like: > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > forward component of crossCertificatePair attribute of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA. When both elements are present in the same > value, > > > the > > > > value shall represent a mutual cross-certification of the two > CAs. " > > > > > > > If we can come to consensus on that attribute, then let's see what > we > > > can do > > > with the cACertificate attribute text. > > > > > > I agree with your view on what a subset is and I think that same > > > definition > > > would apply to the contents of the cACertificate attribute as a > subset > > > of > > > the crossCertificatePair forward elements in option 2. > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22846 for ietf-pkix-bks; Wed, 9 Sep 1998 08:41:31 -0700 (PDT) Received: from hpb.hc-sc.gc.ca (hpb.hc-sc.gc.ca [198.103.237.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22842 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:41:28 -0700 (PDT) From: Ross_Smith@hc-sc.gc.ca Received: from intdns.hwc.ca (intdns.hc-sc.gc.ca [198.103.172.78]) by hpb.hc-sc.gc.ca (8.8.7/8.7.3) with ESMTP id LAA05879 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 11:46:15 -0400 (EDT) Received: from smta00.hc-sc.gc.ca (smta00.hc-sc.gc.ca [142.4.1.25]) by intdns.hwc.ca (8.8.5/8.7.3) with SMTP id LAA17566 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 11:46:13 -0400 (EDT) Received: by smta00.hc-sc.gc.ca(Lotus SMTP MTA v1.1 (385.6 5-6-1997)) id 8525667A.0056A364 ; Wed, 9 Sep 1998 11:46:19 -0400 X-Lotus-FromDomain: HWC To: ietf-pkix@imc.org Message-ID: <8525667A.00567CC1.00@smta00.hc-sc.gc.ca> Date: Wed, 9 Sep 1998 11:46:08 -0400 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk 09/09/98 11:46 AM Ross Smith Ross Smith Ross Smith 09/09/98 11:46 AM 09/09/98 11:46 AM Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22806 for ietf-pkix-bks; Wed, 9 Sep 1998 08:38:00 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22800 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:37:57 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id RAA29000; Wed, 9 Sep 1998 17:44:48 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id RAA21158; Wed, 9 Sep 1998 17:44:51 +0200 (DFT) Message-ID: <35F720DC.42B3@bull.net> Date: Wed, 09 Sep 1998 17:44:12 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Santosh Chokhani <chokhani@cygnacom.com> CC: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population References: <51BF55C30B4FD1118B4900207812701E1B1A5C@WUHER> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh, Your new proposed text does not address my concern correctly. For a crossCertificatePair Attribute, either the forward element only MAY be present, or the reverse element only MAY be present, or the reverse and the forward elements may be both present. Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward element shall not be mandated to be present in a crossCertificatePair Attribute. Denis > Sharon: > I can agree to the following text for the two option instead. Please > note that I have further clarified cross-certificate by tying the DN and > public keys. > > I think the following texts are consistent with and further > clarifications of the two options. > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > NEW PROPOSED TEXT FOR OPTION 1 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. Optionally, the reverse > element of the crossCertificatePair attribute, held in a particular CA's > directory entry, may contain a subset of certificates issued by this CA > to other CAs. When both the forward and the reverse elements are > present, issuer name in one certificate shall match the subject name in > the other and vice versa, and the subject public key in one certificate > shall be capable of verifying the digital signature on the other > certificate and vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > NEW PROPOSED TEXT FOR OPTION 2 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store all certificates > issued to this CA. Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, may contain a subset of certificates issued by this CA to other > CAs. When both the forward and the reverse elements are present, issuer > name in one certificate shall match the subject name in the other and > vice versa, and the subject public key in one certificate shall be > capable of verifying the digital signature on the other certificate and > vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Tuesday, September 08, 1998 5:46 PM > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > Subject: RE: forward & reverse elements - population > > > > > > > > > ---------- > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > Sent: September 8, 1998 10:05 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: RE: forward & reverse elements - population > > > > > --stuff deleted > > > > > > > [] I agree. I do not have problem with the following language. > > > " A certificate issued to a CA by another shall be stored either in > > the > > > caCertificate or forward component of crossCertificatePair attribute > > of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA." > > > > > > Please note that to me subset includes none, some, or all. If > > > folks want further clarification, it is ok by me. > > > > > Santosh, the only issue I have with this text is that (at least with > > the > > rationale behind option 2) any cert that appears in the cACertificate > > attribute of a given CA > > entry, should also appear in the crossCertificatePair attribute in the > > same > > CA entry. > > What about deleting the reference to the cACertificate attribute from > > your > > text and proposing this as new text just for the crossCertificatePair > > attribute? > > > > Both Jan and David have indicated reasons to keep the "pair" together > > in the > > mutual case, so we should also consider adding the last paragraph of > > the > > text David proposed for that. > > > > Here's what the resulting text proposal would look like: > > > > > " A certificate issued to a CA by another shall be stored in the > > > forward component of crossCertificatePair attribute of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA. When both elements are present in the same value, > > the > > > value shall represent a mutual cross-certification of the two CAs. " > > > > > If we can come to consensus on that attribute, then let's see what we > > can do > > with the cACertificate attribute text. > > > > I agree with your view on what a subset is and I think that same > > definition > > would apply to the contents of the cACertificate attribute as a subset > > of > > the crossCertificatePair forward elements in option 2. -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22663 for ietf-pkix-bks; Wed, 9 Sep 1998 08:21:38 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22659 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:21:36 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ7VA>; Wed, 9 Sep 1998 11:26:44 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A5F@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 11:26:42 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Yes. I agree. The following is the revised text. NEW PROPOSED TEXT FOR OPTION 1 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. NEW PROPOSED TEXT FOR OPTION 2 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued to this CA. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Wednesday, September 09, 1998 11:02 AM > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > Subject: RE: forward & reverse elements - population > > I agree that the texts below are consistent with the original intent > of the > 2 options and I also agree that they are clearer than the original > texts > except, possibly for coverage of self issued certificates. Shouldn't > we also > state explicitly that self issued certs are stored only in the > cACertificate > attribute for both options? > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 9, 1998 9:08 AM > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > Subject: RE: forward & reverse elements - population > > > > Sharon: > > > > I can agree to the following text for the two option instead. > Please > > note that I have further clarified cross-certificate by tying the DN > and > > public keys. > > > > I think the following texts are consistent with and further > > clarifications of the two options. > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > And I option 2 :-) > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store certificates > > issued to this CA by CAs in other domains. Optionally, the reverse > > element of the crossCertificatePair attribute, held in a particular > CA's > > directory entry, may contain a subset of certificates issued by this > CA > > to other CAs. When both the forward and the reverse elements are > > present, issuer name in one certificate shall match the subject name > in > > the other and vice versa, and the subject public key in one > certificate > > shall be capable of verifying the digital signature on the other > > certificate and vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store all > certificates > > issued to this CA. Optionally, the reverse element of the > > crossCertificatePair attribute, held in a particular CA's directory > > entry, may contain a subset of certificates issued by this CA to > other > > CAs. When both the forward and the reverse elements are present, > issuer > > name in one certificate shall match the subject name in the other > and > > vice versa, and the subject public key in one certificate shall be > > capable of verifying the digital signature on the other certificate > and > > vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > -----Original Message----- > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > ---------- > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > Sent: September 8, 1998 10:05 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > Subject: RE: forward & reverse elements - population > > > > > > > --stuff deleted > > > > > > > > > [] I agree. I do not have problem with the following > language. > > > > " A certificate issued to a CA by another shall be stored either > in > > > the > > > > caCertificate or forward component of crossCertificatePair > attribute > > > of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA." > > > > > > > > Please note that to me subset includes none, some, or > all. If > > > > folks want further clarification, it is ok by me. > > > > > > > Santosh, the only issue I have with this text is that (at least > with > > > the > > > rationale behind option 2) any cert that appears in the > cACertificate > > > attribute of a given CA > > > entry, should also appear in the crossCertificatePair attribute in > the > > > same > > > CA entry. > > > What about deleting the reference to the cACertificate attribute > from > > > your > > > text and proposing this as new text just for the > crossCertificatePair > > > attribute? > > > > > > Both Jan and David have indicated reasons to keep the "pair" > together > > > in the > > > mutual case, so we should also consider adding the last paragraph > of > > > the > > > text David proposed for that. > > > > > > Here's what the resulting text proposal would look like: > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > forward component of crossCertificatePair attribute of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA. When both elements are present in the same > value, > > > the > > > > value shall represent a mutual cross-certification of the two > CAs. " > > > > > > > If we can come to consensus on that attribute, then let's see what > we > > > can do > > > with the cACertificate attribute text. > > > > > > I agree with your view on what a subset is and I think that same > > > definition > > > would apply to the contents of the cACertificate attribute as a > subset > > > of > > > the crossCertificatePair forward elements in option 2. > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22485 for ietf-pkix-bks; Wed, 9 Sep 1998 08:01:33 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA22479 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:01:31 -0700 (PDT) Received: id LAA08881; Wed, 9 Sep 1998 11:04:43 -0400 Received: by gateway id <S2S6XZC1>; Wed, 9 Sep 1998 11:01:41 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9752@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 11:01:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree that the texts below are consistent with the original intent of the 2 options and I also agree that they are clearer than the original texts except, possibly for coverage of self issued certificates. Shouldn't we also state explicitly that self issued certs are stored only in the cACertificate attribute for both options? > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 9, 1998 9:08 AM > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > Subject: RE: forward & reverse elements - population > > Sharon: > > I can agree to the following text for the two option instead. Please > note that I have further clarified cross-certificate by tying the DN and > public keys. > > I think the following texts are consistent with and further > clarifications of the two options. > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > And I option 2 :-) > NEW PROPOSED TEXT FOR OPTION 1 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. Optionally, the reverse > element of the crossCertificatePair attribute, held in a particular CA's > directory entry, may contain a subset of certificates issued by this CA > to other CAs. When both the forward and the reverse elements are > present, issuer name in one certificate shall match the subject name in > the other and vice versa, and the subject public key in one certificate > shall be capable of verifying the digital signature on the other > certificate and vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > NEW PROPOSED TEXT FOR OPTION 2 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store all certificates > issued to this CA. Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, may contain a subset of certificates issued by this CA to other > CAs. When both the forward and the reverse elements are present, issuer > name in one certificate shall match the subject name in the other and > vice versa, and the subject public key in one certificate shall be > capable of verifying the digital signature on the other certificate and > vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > > > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Tuesday, September 08, 1998 5:46 PM > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > Subject: RE: forward & reverse elements - population > > > > > > > > > ---------- > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > Sent: September 8, 1998 10:05 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: RE: forward & reverse elements - population > > > > > --stuff deleted > > > > > > > [] I agree. I do not have problem with the following language. > > > " A certificate issued to a CA by another shall be stored either in > > the > > > caCertificate or forward component of crossCertificatePair attribute > > of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA." > > > > > > Please note that to me subset includes none, some, or all. If > > > folks want further clarification, it is ok by me. > > > > > Santosh, the only issue I have with this text is that (at least with > > the > > rationale behind option 2) any cert that appears in the cACertificate > > attribute of a given CA > > entry, should also appear in the crossCertificatePair attribute in the > > same > > CA entry. > > What about deleting the reference to the cACertificate attribute from > > your > > text and proposing this as new text just for the crossCertificatePair > > attribute? > > > > Both Jan and David have indicated reasons to keep the "pair" together > > in the > > mutual case, so we should also consider adding the last paragraph of > > the > > text David proposed for that. > > > > Here's what the resulting text proposal would look like: > > > > > " A certificate issued to a CA by another shall be stored in the > > > forward component of crossCertificatePair attribute of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA. When both elements are present in the same value, > > the > > > value shall represent a mutual cross-certification of the two CAs. " > > > > > If we can come to consensus on that attribute, then let's see what we > > can do > > with the cACertificate attribute text. > > > > I agree with your view on what a subset is and I think that same > > definition > > would apply to the contents of the cACertificate attribute as a subset > > of > > the crossCertificatePair forward elements in option 2. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21587 for ietf-pkix-bks; Wed, 9 Sep 1998 06:34:38 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21583 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 06:34:36 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id PAA17200 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:41:24 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id PAA20994 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:41:28 +0200 (DFT) Message-ID: <35F703F0.53AA@bull.net> Date: Wed, 09 Sep 1998 15:40:49 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: IETF-PXIX <ietf-pkix@imc.org> Subject: For Option none Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk The straw poll is now obsolete since neither of the two original texts is acceptable as it is. Anyway since it was not a "vote", it was interresting to promote discussion on this topic and apparently that discussion has not yet ended ! Denis -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21260 for ietf-pkix-bks; Wed, 9 Sep 1998 06:03:20 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21256 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 06:03:19 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ7R4>; Wed, 9 Sep 1998 09:08:26 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A5C@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 09:08:23 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Sharon: I can agree to the following text for the two option instead. Please note that I have further clarified cross-certificate by tying the DN and public keys. I think the following texts are consistent with and further clarifications of the two options. I STILL AM STRONGLY IN FAVOR OF OPTION 1. NEW PROPOSED TEXT FOR OPTION 1 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. NEW PROPOSED TEXT FOR OPTION 2 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued to this CA. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Tuesday, September 08, 1998 5:46 PM > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > Subject: RE: forward & reverse elements - population > > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 8, 1998 10:05 AM > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > --stuff deleted > > > > > [] I agree. I do not have problem with the following language. > > " A certificate issued to a CA by another shall be stored either in > the > > caCertificate or forward component of crossCertificatePair attribute > of > > the subject CA. Optionally, a subset of certificates issued by a CA > can > > be stored in the reverse component of crossCertificatePair attribute > of > > the issuing CA." > > > > Please note that to me subset includes none, some, or all. If > > folks want further clarification, it is ok by me. > > > Santosh, the only issue I have with this text is that (at least with > the > rationale behind option 2) any cert that appears in the cACertificate > attribute of a given CA > entry, should also appear in the crossCertificatePair attribute in the > same > CA entry. > What about deleting the reference to the cACertificate attribute from > your > text and proposing this as new text just for the crossCertificatePair > attribute? > > Both Jan and David have indicated reasons to keep the "pair" together > in the > mutual case, so we should also consider adding the last paragraph of > the > text David proposed for that. > > Here's what the resulting text proposal would look like: > > > " A certificate issued to a CA by another shall be stored in the > > forward component of crossCertificatePair attribute of > > the subject CA. Optionally, a subset of certificates issued by a CA > can > > be stored in the reverse component of crossCertificatePair attribute > of > > the issuing CA. When both elements are present in the same value, > the > > value shall represent a mutual cross-certification of the two CAs. " > > > If we can come to consensus on that attribute, then let's see what we > can do > with the cACertificate attribute text. > > I agree with your view on what a subset is and I think that same > definition > would apply to the contents of the cACertificate attribute as a subset > of > the crossCertificatePair forward elements in option 2. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA18469 for ietf-pkix-bks; Wed, 9 Sep 1998 02:18:24 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA18465 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 02:18:12 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFPT>; Wed, 9 Sep 1998 19:22:05 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC073861@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Mike Smith '" <mfsmith@zionsbank.com>, "'fod@brd.ie '" <fod@brd.ie>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'Phillip M Hallam-Baker '" <pbaker@verisign.com> Cc: "'dave@chromatix.com '" <dave@chromatix.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: OFF TOPIC ???? RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Date: Wed, 9 Sep 1998 19:22:02 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks for the reply - comments in line. ---------- From: Phillip M Hallam-Baker To: Mike Smith; fod@brd.ie; Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com; ietf-pkix@imc.org Sent: 9/9/98 1:50:46 AM Subject: OFF TOPIC ???? RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Ph: I'm having a lot of trouble following this discussion. It appears to have begun a discussion of the relative merits of X.500 vs LDAP server models. This does not appear to be something which is relevant to PKIX. LDAP is merely a protocol. It does not define a product. Arguments based on the 'scalability' of a client-server protocol are almost without exception irrelevant since scaling depends on server-server communication. The idea that the same protocol should serve both purposes is questionable at best. alan: LDAP is just a protocol! That statement is curious given that features in protocol impact the system services that are conveyed to and available from " the protocol". eg. Replicated/Master certfificates .. How does LDAP get the Master copy of a certficate when it needs that. If the certficate happens to be outside the "domain of interest" how does LDAP control the extent of a search re Chaining.. It can not. If one is trying to build large scale certficate based systems supported by directory services, then "the protocol" used will affect the trust and performance of the system services applied.. LDAP does not deal with distributed systems - it deals with client interfaces to seperate servers. Cert Matching Rules and LDAP (non X.500)servers? - ask the vendors. Ph:I fail to see how improved search capabilities will greatly assist for the purposes of PKIX unless the directories have the ability to break open, readand understand attributes embedded in certificates. If people believe that support for a specific (and specified) search mechanism would lead to an improvement in efficiency that is important to PKIX let us discuss thatspecific extension. alan: See X.500/9 certficate matching rules, see the draft I posted last week. Cert and CRL matching rules can, in fact are intended to assist the management and validation of certificates. They should be applied to this end. As said in my draft, it seems pointless trying to get a client to understand all the information and revocation designs of any CA that might exist on this planet. X.509 is part of X.500 and the application of X.509 to be scaleable depends on the use and features of a directory services. The emphasis to date on CA design has been.. information objects for CA functions that "may" use a directory. OCSP is symptomatic of this approach ie. no directory service is considered. This = special client software and special servers and special CA databases. Hardly an approach for the large scale of the internet, the use of distributed, scaleable EC services and simple clients. To build a generalised, efficient, scaleable certificate infrastructure, X.500 directory systems (not LDAP servers) are fundamental. With added matching rules and common CA information doctrines (as applied to their DIBs) the PKIX problem is very solveable. Ph: We need to remember that we are charterted as an IETF working group and weare not in a position to endorse a particular directory strategy. alan: Well if "we" are chartered to build a car and it wants to be used, by definition should we not be making sure that the roads and wheels are in place. (eg directory systems). ie. when anything is designed, assumptions or statements about underlying (scaleable) services should be made. Ph: If we want to be able to offload client work to a server of some kind we should first consider the requirements that motivate such an architectural approach and the trust implications of doing so before considering protocol extensions. Indeed a critical step would be deciding which protocol to base an implementation on. Alan: X.500 was designed to deal with this issue (see X.500 1993 cert and CRL matching rules). There is no direct extension to the protocol" its the addition of convey service requirements and modified directory matching rule support. As for trust - then there is no trust in multitudes of chaotic CA information designs and complex clients that cannot verify certs for specific application and originator/recipient contexts. Finally - it seems a lot of the work on PKIX has been made so complex because of the limitations in LDAP, LDAP servers and "non directory system" application, eg OCSP, eg, . Taking X.500 infrastructure away from X.509 is like taking the wheels off a car and then trying to fix the car's resulting problems. So IMHO - if the charter of this group is to build a certficate infrastructure for the internet - should we not follow industry trends with directories ie LDAP or DAP access to X.500 that incorporates X.509? And extend this as per dir-cert-stat draft to make it scaleable and efficient. Thoughts are welcome. regards alan Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id WAA02151 for ietf-pkix-bks; Tue, 8 Sep 1998 22:11:59 -0700 (PDT) Received: from atlantic.valicert.com (qmailr@old-atlantic.valicert.com [209.185.6.135]) by mail.proper.com (8.8.8/8.8.5) with SMTP id WAA02147 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 22:11:57 -0700 (PDT) Received: (qmail 8338 invoked from network); 9 Sep 1998 05:17:13 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 9 Sep 1998 05:17:13 -0000 Message-ID: <35F60F60.37C6098E@valicert.com> Date: Tue, 08 Sep 1998 22:17:20 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Ed Posnak <ejp@xetex.com> CC: IETF PKIX <ietf-pkix@imc.org> Subject: Re: OCSP in Chicago References: <35F5A976.E3A03DCE@valicert.com> <35F5D996.DF96F76A@xetex.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Ed, Please take a look at section 4.4.4 (Archive Cutoff). See if that addresses your concerns. 4.4.4 Archive Cutoff An OCSP responder MAY choose to retain revocation information beyond a certificates expiration. The date obtained by subtracting this retention interval value from the producedAt time in a response is defined as the certificates archive cutoff date. OCSP-enabled applications would use an OCSP archive cutoff date to contribute to a proof that a digital signature was (or was not) reliable on the date it was produced even if the certificate needed to validate the signature has long since expired. OCSP servers that provide support for such historical reference SHOULD include an archive cutoff date extension in responses. If included, this value SHALL be provided as an OCSP singleResponse extension identified by id-pkix-ocsp-archive-cutoff and of syntax GeneralizedTime: id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } archiveCutoff ::= GeneralizedTime To illustrate, if a server is operated with a 7-year retention interval policy and status was produced at time t1 then the value for archiveCutoff in the response would be (t1 - 7 years). Regards, Ambarish Ed Posnak wrote: > > Does the following still apply to a "Good" status? > > [from version 05] "... it is quite possible that an OCSP responder > returns the notRevoked state if a certificate was revoked, but has since > expired (equivalent to a serial number being dropped from the CRL). " > > If so, perhaps the above sentence shouldn't have been dropped from the > description? > > ejp -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA29394 for ietf-pkix-bks; Tue, 8 Sep 1998 20:42:56 -0700 (PDT) Received: from 2gn.com (insectivora.unids.com [208.196.212.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA29390 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 20:42:55 -0700 (PDT) Received: from rodney (perm16-180.ij.net [209.4.16.180]) by 2gn.com (8.8.5/8.8.5) with SMTP id WAA25675; Tue, 8 Sep 1998 22:45:09 -0400 Message-Id: <199809090245.WAA25675@2gn.com> X-Sender: rodney@module-one.tillerman.nu X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2 Date: Tue, 08 Sep 1998 23:44:10 -0400 To: Pavel Krylov <versed@elvis.ru> From: Rodney Thayer <rodney@tillerman.nu> Subject: Re: depth Cc: ietf-pkix@imc.org In-Reply-To: <XFMail.980907213528.versed@elvis.ru> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk In researching this for IPSec, I've heard a depth of approximately four being used, and of course a single root, and sporadic use of deeper trees, as far as 8. At 12:35 AM 9/8/98 +0400, you wrote: > >My question: > What depth of certificate tree is exist now?? Average value? > >Sharon, Santosh? > >--------------------------------------- >Pavel V.Krylov versed@elvis.ru > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id SAA28554 for ietf-pkix-bks; Tue, 8 Sep 1998 18:18:59 -0700 (PDT) Received: from ns1.auntmimi.net ([209.19.106.141]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id SAA28550 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 18:18:58 -0700 (PDT) Received: from mail.xetex.com (1Cust101.tnt2.sfo3.da.uu.net [153.37.7.101]) by ns1.auntmimi.net (8.8.6/8.7.3) with SMTP id TAA21059; Tue, 8 Sep 1998 19:55:22 -0700 (PDT) Received: from xetex.com by mail.xetex.com (SMI-8.6/SMI-SVR4) id SAA08850; Tue, 8 Sep 1998 18:20:05 -0700 Message-ID: <35F5D996.DF96F76A@xetex.com> Date: Tue, 08 Sep 1998 18:27:51 -0700 From: Ed Posnak <ejp@xetex.com> Organization: Xetex Corporation X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: Ambarish Malpani <ambarish@valicert.com> CC: IETF PKIX <ietf-pkix@imc.org> Subject: Re: OCSP in Chicago References: <35F5A976.E3A03DCE@valicert.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Does the following still apply to a "Good" status? [from version 05] "... it is quite possible that an OCSP responder returns the notRevoked state if a certificate was revoked, but has since expired (equivalent to a serial number being dropped from the CRL). " If so, perhaps the above sentence shouldn't have been dropped from the description? ejp Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA26952 for ietf-pkix-bks; Tue, 8 Sep 1998 15:01:14 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA26948 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 15:01:13 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id PAA24508 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 15:05:56 -0700 (PDT) Message-Id: <4.1.0.52.19980908180708.009c44a0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.52 (Beta) Date: Tue, 08 Sep 1998 18:07:20 -0400 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Russ Housley <housley@spyrus.com> Subject: For Option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26881 for ietf-pkix-bks; Tue, 8 Sep 1998 14:57:32 -0700 (PDT) Received: from atlantic.valicert.com (atlantic.valicert.com [209.185.6.135] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA26871 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 14:57:31 -0700 (PDT) Received: (qmail 1104 invoked from network); 8 Sep 1998 22:02:24 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 8 Sep 1998 22:02:24 -0000 Message-ID: <35F5A976.E3A03DCE@valicert.com> Date: Tue, 08 Sep 1998 15:02:30 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: IETF PKIX <ietf-pkix@imc.org> Subject: OCSP in Chicago Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi All, For the benefit of those who were not in Chicago, it was resolved that the symbol for notRevoked be changed to good. We have put in the following explanation of the good state: The "good" state indicates a positive response to the status inquiry. At a minimum, this positive response indicates that the certificate is not revoked, but does not necessarily mean that the certificate was ever issued or that the producedAt time is within the certificate's validity interval. Response extensions may be used to convey additional information on assertions made by the responder regarding the status of the certificate such as positive statement about issuance, validity, etc.). Regards, Ambarish -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26782 for ietf-pkix-bks; Tue, 8 Sep 1998 14:46:42 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA26778 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 14:46:40 -0700 (PDT) Received: id RAA25638; Tue, 8 Sep 1998 17:49:05 -0400 Received: by gateway id <S2S6XV8N>; Tue, 8 Sep 1998 17:46:02 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC974B@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 17:46:01 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 8, 1998 10:05 AM > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > --stuff deleted > > > [] I agree. I do not have problem with the following language. > " A certificate issued to a CA by another shall be stored either in the > caCertificate or forward component of crossCertificatePair attribute of > the subject CA. Optionally, a subset of certificates issued by a CA can > be stored in the reverse component of crossCertificatePair attribute of > the issuing CA." > > Please note that to me subset includes none, some, or all. If > folks want further clarification, it is ok by me. > Santosh, the only issue I have with this text is that (at least with the rationale behind option 2) any cert that appears in the cACertificate attribute of a given CA entry, should also appear in the crossCertificatePair attribute in the same CA entry. What about deleting the reference to the cACertificate attribute from your text and proposing this as new text just for the crossCertificatePair attribute? Both Jan and David have indicated reasons to keep the "pair" together in the mutual case, so we should also consider adding the last paragraph of the text David proposed for that. Here's what the resulting text proposal would look like: > " A certificate issued to a CA by another shall be stored in the > forward component of crossCertificatePair attribute of > the subject CA. Optionally, a subset of certificates issued by a CA can > be stored in the reverse component of crossCertificatePair attribute of > the issuing CA. When both elements are present in the same value, the > value shall represent a mutual cross-certification of the two CAs. " > If we can come to consensus on that attribute, then let's see what we can do with the cACertificate attribute text. I agree with your view on what a subset is and I think that same definition would apply to the contents of the cACertificate attribute as a subset of the crossCertificatePair forward elements in option 2. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA25829 for ietf-pkix-bks; Tue, 8 Sep 1998 13:02:56 -0700 (PDT) Received: from mailext02.compaq.com (mailext02.compaq.com [207.18.199.33]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA25825 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 13:02:55 -0700 (PDT) Received: from mailext02.compaq.com by mailext02.compaq.com via smail with esmtp id <m0zGRZ9-0007GRC@mailext02.compaq.com> for <ietf-pkix@imc.org>; Tue, 8 Sep 98 12:28:31 -0500 (CDT) (/\##/\ Smail3.1.30.16 #30.9 built 21-jan-98) Received: from mail.compaq.com([207.18.199.32]) by mailext02.compaq.com with SMTP (peer mailint02.compaq.com[207.18.199.35]) id rcv009876; Tue, 8 Sep 1998 12:28:31 -0500 (CDT) Received: from exchou-conn01.im.hou.compaq.com(really [172.18.22.253]) by mail.compaq.com via sendmail with esmtp id <m0zGRYi-0005BsC@mail.compaq.com> for <ietf-pkix@imc.org>; Tue, 8 Sep 98 12:28:04 -0500 (CDT) (/\##/\ Smail3.1.30.16 #30.10 built 18-dec-97) Received: by EXCHOU-CONN01.im.hou.compaq.com with Internet Mail Service (5.5.1960.3) id <SQ38VL6L>; Tue, 8 Sep 1998 12:29:54 -0500 Message-ID: <895FABD47F78D011863400805FBEBA8E0319E7A7@EXCHOU-CA0301.im.hou.compaq.com> From: "Fuerst, Neal" <Neal.Fuerst@COMPAQ.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: FOR Option 2 Date: Tue, 8 Sep 1998 11:05:12 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks. Neal Fuerst Information Security Analyst Compaq Computer Corporation E-Mail: neal.fuerst@compaq.com Phone: 281.518.8072 Pager: 713.509.4586 Entrust validation string: OMCO-KGMF-KQZN "No matter how paranoid you are, you're not paranoid enough." Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25472 for ietf-pkix-bks; Tue, 8 Sep 1998 12:31:56 -0700 (PDT) Received: from docws001.shl.com (docws001.shl.com [159.249.56.252]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25468 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:31:55 -0700 (PDT) Received: from napmsnoc02.shl.com (napmsnoc02.shl.com [159.249.47.179]) by docws001.shl.com (8.7.3/8.7.3) with SMTP id OAA10756 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 14:21:38 -0500 Received: by napmsnoc02.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDDB25.6EC159C0@napmsnoc02.shl.com>; Tue, 8 Sep 1998 12:37:25 -0700 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980908193704Z-53756@napmsnoc02.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'David Boyce'" <D.Boyce@isode.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 12:37:04 -0700 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk in response to: >From: David Boyce[SMTP:D.Boyce@isode.com] >"PACHL, Jan" writes: >>If the forward and the reverse element are never both present in the >>same pair (=either one is present or the other, but never both, in any >>given pair), what is the point of having the attribute defined as >>"pair"? >>In that case it would make better sense to have two separate attributes >>instead -- "forward certificate" and "reverse certificate". > >Well, we are trying to work with the defined X.509 attributes, so >creating new ones which duplicate existing definitions will just muddy >things further. I agree, though, that things might have been >different. > Yes, I agree we should work with the defined attributes. Presumably the crossCertificationPair attribute was defined as a pair (and not as two separate attributes) for a good reason. Jan Pachl >SHL Systemhouse Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25463 for ietf-pkix-bks; Tue, 8 Sep 1998 12:31:26 -0700 (PDT) Received: from mail13.digital.com (mail13.digital.com [192.208.46.30]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25459 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:31:25 -0700 (PDT) Received: from mrohub2.mro.dec.com (mrohub2.mro.dec.com [16.34.192.32]) by mail13.digital.com (8.8.8/8.8.8/WV1.0g) with ESMTP id PAA00906 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 15:36:08 -0400 (EDT) Received: by mrohub2.mro.dec.com with Internet Mail Service (5.5.1960.3) id <SQZT8L16>; Tue, 8 Sep 1998 15:36:09 -0400 Message-ID: <D107B66CF5B9D111BA2A0000F86630AB8D822A@ogoexc1.ogo.dec.com> From: Daya Puls <Daya.Puls@digital.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 8 Sep 1998 15:36:23 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Daya Puls, CISSP Intelligent Infrastructure Security Architect COMPAQ, IM Security 40 Old Bolton Road, OGO1-2/V12, Stow, MA 01775-1299 Fon: 978-496-9560, Fax: 978-496-9191, Eml: daya.puls@digital.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25403 for ietf-pkix-bks; Tue, 8 Sep 1998 12:22:07 -0700 (PDT) Received: from 2keys.ca (cr318128-a.rchrd1.on.wave.home.com [24.112.92.155]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25399 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:22:06 -0700 (PDT) From: rpierce@2keys.ca Received: (from rpierce@localhost) by 2keys.ca (8.8.7/8.8.7) id LAA16441 for ietf-pkix@imc.org; Tue, 8 Sep 1998 11:23:54 -0400 Message-Id: <199809081523.LAA16441@2keys.ca> Subject: For Option 2 To: ietf-pkix@imc.org (IETF PKIX) Date: Tue, 8 Sep 1998 15:23:54 +0000 () Content-Type: text Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24057 for ietf-pkix-bks; Tue, 8 Sep 1998 10:11:58 -0700 (PDT) Received: from lion.harrisbank.com (lion.harrisbank.com [204.148.73.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA24053 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:11:54 -0700 (PDT) From: Dimitri.Vekris@bmo.com Received: by lion.harrisbank.com id AA24091 (SMTP Gateway 3.0 for ietf-pkix@imc.org); Tue, 8 Sep 1998 12:17:07 -0500 Received: by lion.harrisbank.com (Internal Mail Agent-1); Tue, 8 Sep 1998 12:17:07 -0500 To: ietf-pkiximcorg <ietf-pkix@imc.org> Subject: For Option 2 Message-Id: <0056090002874024000002L942*@MHS> Date: Tue, 8 Sep 1998 12:09:50 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23614 for ietf-pkix-bks; Tue, 8 Sep 1998 09:16:50 -0700 (PDT) Received: from smtp-gw.BayNetworks.COM (ns4.BayNetworks.COM [192.32.253.7]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23610 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 09:16:49 -0700 (PDT) Received: from mailhost.BayNetworks.COM ([141.251.211.49]) by smtp-gw.BayNetworks.COM (8.8.8/8.8.8) with ESMTP id MAA11637 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:21:27 -0400 (EDT) Received: from ns2.corpeast.Baynetworks.com (ns2.corpeast.baynetworks.com [192.32.72.17]) by mailhost.BayNetworks.COM (8.8.8/8.8.8) with SMTP id SAA01073 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 18:20:50 +0200 (MET DST) Received: from bl-mail2.corpeast.BayNetworks.com (bl-mail2-nf0) by ns2.corpeast.Baynetworks.com (4.1/BNET-97/04/29-S) id AA00939; Tue, 8 Sep 98 12:20:50 EDT for ietf-pkix@imc.org Received: from dgiglio.corpeast.baynetworks.com (bne-cnc-126.corpeast.baynetworks.com [132.245.134.126]) by bl-mail2.corpeast.BayNetworks.com (Post.Office MTA v3.5.1 release 219 ID# 0-51848U14000L14000S0V35) with SMTP id com for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:20:46 -0400 Message-Id: <3.0.32.19980908122045.00f2f688@bl-mail2.corpeast.baynetworks.com> X-Sender: dgiglio@bl-mail2.corpeast.baynetworks.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 08 Sep 1998 12:20:47 -0400 To: ietf-pkix@imc.org From: David_Giglio@baynetworks.com (David Giglio) Subject: For option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk ___________________________________________________________________ David Giglio - Senior Product Manager Bay Networks, Inc. Access Server Div. M/S BL8-05 dgiglio@baynetworks.com 5 Federal Street 978-916-4234 Office Billerica, MA 01821 978-916-4782 Fax Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23274 for ietf-pkix-bks; Tue, 8 Sep 1998 08:46:11 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23270 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:46:10 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id IAA04410; Tue, 8 Sep 1998 08:49:02 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id IAA13627; Tue, 8 Sep 1998 08:50:48 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Mike Smith" <mfsmith@zionsbank.com>, <fod@brd.ie>, <Alan.Lloyd@OpenDirectory.com.au> Cc: <dave@chromatix.com>, <ietf-pkix@imc.org> Subject: OFF TOPIC ???? RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Date: Tue, 8 Sep 1998 11:50:46 -0400 Message-ID: <004d01bddb40$7194a9c0$ee0110ac@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 In-Reply-To: <s5f398ef.030@zionsbank.com> Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk I'm having a lot of trouble following this discussion. It appears to have begun a discussion of the relative merits of X.500 vs LDAP server models. This does not appear to be something which is relevant to PKIX. LDAP is merely a protocol. It does not define a product. Arguments based on the 'scalability' of a client-server protocol are almost without exception irrelevant since scaling depends on server-server communication. The idea that the same protocol should serve both purposes is questionable at best. I fail to see how improved search capabilities will greatly assist for the purposes of PKIX unless the directories have the ability to break open, read and understand attributes embedded in certificates. If people believe that support for a specific (and specified) search mechanism would lead to an improvement in efficiency that is important to PKIX let us discuss that specific extension. We need to remember that we are charterted as an IETF working group and we are not in a position to endorse a particular directory strategy. If we want to be able to offload client work to a server of some kind we should first consider the requirements that motivate such an architectural approach and the trust implications of doing so before considering protocol extensions. Indeed a critical step would be deciding which protocol to base an implementation on. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23228 for ietf-pkix-bks; Tue, 8 Sep 1998 08:43:19 -0700 (PDT) Received: from lion.harrisbank.com (lion.harrisbank.com [204.148.73.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA23224 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:43:17 -0700 (PDT) From: Dimitri.Vekris@bmo.com Received: by lion.harrisbank.com id AA18645 (SMTP Gateway 3.0 for ietf-pkix@imc.org); Tue, 8 Sep 1998 10:48:27 -0500 Received: by lion.harrisbank.com (Internal Mail Agent-1); Tue, 8 Sep 1998 10:48:27 -0500 To: ietf-pkiximcorg <ietf-pkix@imc.org> Subject: For Option 2 Message-Id: <0056090002871633000002L932*@MHS> Date: Tue, 8 Sep 1998 10:41:10 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23117 for ietf-pkix-bks; Tue, 8 Sep 1998 08:34:16 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23113 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:34:14 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Tue, 8 Sep 1998 16:38:15 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: "PACHL, Jan" <jpachl@shl.com> cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population In-reply-to: Your message of "Tue, 08 Sep 1998 08:58:19 CDT." <c=US%a=MCI%p=SHL%l=DALFW03-980908135819Z-50946@dalmsdoc01.shl.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 08 Sep 1998 16:38:15 +0100 Message-ID: <20698.905269095@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk "PACHL, Jan" writes: >If the forward and the reverse element are never both present in the >same pair (=either one is present or the other, but never both, in any >given pair), what is the point of having the attribute defined as >"pair"? >In that case it would make better sense to have two separate attributes >instead -- "forward certificate" and "reverse certificate". Well, we are trying to work with the defined X.509 attributes, so creating new ones which duplicate existing definitions will just muddy things further. I agree, though, that things might have been different. >I can see some (limited?) use for populating both forward and reverse in >the same pair, to record mutual certification. Not primarily for path >discovery, but for answering other questions about certification >relationships. Yes. What I was trying to do was begin to pin down what it means when both elements are present in the same value, and conscious mutual certification seems an appropriate use. I suppose PKIX could specify that conforming CAs should not populate both elements in a value, but that applications processing the values for path development should not assume only one element is present. I note that the X.509 certificatePairExactMatch matching rule doesn't appear to cater for specifying 'values matching a forward certificate assertion which have no reverse certificate', or vice versa. Consequently, it may not be possible (using that Matching Rule, at least) to obtain ONLY the forward certificates. David. -- David Boyce Tel: +44 181 332 9091 Richmond, Surrey, ENGLAND I'net: d.boyce@isode.com Isode's WWW: http://www.isode.com/ X.400: I=d;S=boyce;P=isode;A=mailnet;C=fi; Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23093 for ietf-pkix-bks; Tue, 8 Sep 1998 08:32:20 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23089 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:32:18 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Tue, 8 Sep 1998 16:36:44 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Sharon Boeyen <sharon.boeyen@entrust.com> cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population In-reply-to: Your message of "Mon, 07 Sep 1998 20:01:30 EDT." <D789F71F24B4D111955D00A0C99B4F50AC9748@sothmxs01.entrust.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 08 Sep 1998 16:36:43 +0100 Message-ID: <20692.905269003@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk Sharon Boeyen writes: >3 - One more issue raised by David Boyce's proposed text was population of >the crossCertificatePair attribute in the case where certification between >two CAs is mutual. The syntax of the crossCertificatePair attribute is such >that a single value of the attribute is one of the following: >- only a forward element >- only a reverse element >- both a forward and reverse. > >I wonder though when one would be interested in retrieving a value that had >both forward and reverse present? Does anyone have an example of a >requirement for this? I can think of one example where population of both elements could be helpful for path development: the case when a strong bind request is received which contains just a signature, so that a certificate path has to be developed locally in order to verify the signature. If during this development, a mutual certificate pair is encountered, it might act as a hint that this is a good way to develop a certification path in the opposite direction for use when responding to the bind (assuming the responder intends to supply a certificate path in its response). Without this hint, building this path would be harder. > When doing path discovery, regardless of the >algorithm, wouldn't you be interested in one of the forward or reverse only >for a given operation? If that is true then wouldn't it be better not to >populate both forward and reverse in a single value but even in the case of >mutual certification, spread these certificates over different values of the >attribute? The reason I'm wondering about this is that the smallest unit of >information that LDAP can return is a whole attribute value (can't pull only >a forward or only a reverse from a single value). I'm trying to come up any >reason for wanting the two together in the mutual case and having trouble >coming up with a requirement. Again, when we get to the point of using >LDAPv3 and more complex filtering capabilities, we may get to a point where >we can retrieve single certs from the crossCertificatePair attribute, but if >both forward and reverse are populated in the same attribute value, you'll >get both certs. Views? I don't think that LDAPv3 will give you any finer-grained control over what is returned either. It would require transporting less than a whole value of an attribute, and it's hard to see how this would be something LDAPv3 would want to define. For path development purposes, I agree it's a pity to have to transport the reverse certificate with the forward, only to discard it because it's of no interest; but there it is. Some may feel that this bandwidth issue is enough to rule out populating both elements. It doesn't actively get in the way of path development, however, and there may be a meaningful population of both elements. David. -- David Boyce Tel: +44 181 332 9091 Richmond, Surrey, ENGLAND I'net: d.boyce@isode.com Isode's WWW: http://www.isode.com/ X.400: I=d;S=boyce;P=isode;A=mailnet;C=fi; Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22703 for ietf-pkix-bks; Tue, 8 Sep 1998 07:57:32 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22699 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:57:31 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id LAA04610; Tue, 8 Sep 1998 11:02:10 -0400 (EDT) Message-Id: <199809081502.LAA04610@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki-part1-10.txt Date: Tue, 08 Sep 1998 11:02:09 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart Note: This revision reflects comments received during the last call period. A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Certificate and CRL Profile Author(s) : R. Housley, W. Ford, T. Polk, D. Solo Filename : draft-ietf-pkix-ipki-part1-10.txt Pages : 129 Date : 04-Sep-98 This is the tenth draft of the Internet Public Key Infrastructure X.509 Certificate and CRL Profile. This draft is the result of Working Group Last Call, and includes modifications to reflect the group's final comments. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@tandem.com mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki-part1-10.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ipki-part1-10.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki-part1-10.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980904152252.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki-part1-10.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki-part1-10.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980904152252.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22660 for ietf-pkix-bks; Tue, 8 Sep 1998 07:50:40 -0700 (PDT) Received: from hpb.hc-sc.gc.ca (hpb.hc-sc.gc.ca [198.103.237.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22656 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:50:38 -0700 (PDT) From: Jean_Bernatchez@hc-sc.gc.ca Received: from intdns.hwc.ca (intdns.hc-sc.gc.ca [198.103.172.78]) by hpb.hc-sc.gc.ca (8.8.7/8.7.3) with ESMTP id KAA05514 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:55:00 -0400 (EDT) Received: from smta00.hc-sc.gc.ca (smta00.hc-sc.gc.ca [142.4.1.25]) by intdns.hwc.ca (8.8.5/8.7.3) with SMTP id KAA11820 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:54:45 -0400 (EDT) Received: by smta00.hc-sc.gc.ca(Lotus SMTP MTA v1.1 (385.6 5-6-1997)) id 85256679.0051E875 ; Tue, 8 Sep 1998 10:54:39 -0400 X-Lotus-FromDomain: HWC To: ietf-pkix@imc.org Message-ID: <85256679.0051E05C.00@smta00.hc-sc.gc.ca> Date: Tue, 8 Sep 1998 10:55:28 -0400 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk Jean Bernatchez 09/08/98 10:55 AM Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22068 for ietf-pkix-bks; Tue, 8 Sep 1998 07:00:36 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22063 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:00:32 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ5Q8>; Tue, 8 Sep 1998 10:05:31 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D248@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 10:05:30 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk comments in-line. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Monday, September 07, 1998 8:02 PM > To: 'ietf-pkix@imc.org' > Subject: forward & reverse elements - population > > Three related issues: > > 1 - raised by Denis - need to clarify how one way certification of a > CA to > another CA is represented in the crossCertificationPair attribute (as > opposed to bilateral) > > Denis - would adding some text along the lines of that proposed by > David > Boyce (that at least one of the forward or reverse elements must be > present > in a value of the crossCertificatePair attribute) satisfy that? > > 2 - raised by Santosh - population of the reverse element of the > crossCertificatePair attribute not to be mandated. > > Santosh, I tend to agree with this. I'm curious whether you (and > others) > think we can mandate, especially in a schema spec, that the forward > certificates be published by the subject CA either? Is a schema spec > really > the place to dictate CA behaviour? Or should the schema spec provide > the > tools to be used for publishing the certs, should the CA decide to > publish > them. > [] I agree. I do not have problem with the following language. " A certificate issued to a CA by another shall be stored either in the caCertificate or forward component of crossCertificatePair attribute of the subject CA. Optionally, a subset of certificates issued by a CA can be stored in the reverse component of crossCertificatePair attribute of the issuing CA." Please note that to me subset includes none, some, or all. If folks want further clarification, it is ok by me. > In the case of option 2, if we mandate neither, the > crossCertificatePair > attribute would contain all the certificates of the forward and > reverse > types that this CA has decided to publish. The content of the > cACertificate > attribute would still be a subset of the content of the > crossCertificatePair > attribute plus self issued certificates. This would result in a > situation > where some certificates would be published only in the issuing CAs > entry, > some only in the subject CAs entry and others in both. But in all > cases a > relying party would be able to find them in the crossCertificatePair > attribute and if the relying party understood the CAs definition of > domain > they could take advantage of the subset published in that CAs > cACertificate > attribute. > > Do you think this reflects the real business needs or do you think we > need > to mandate that the subject CA publish forward certificates issued for > it? I > lean toward not mandating either, but can go along with either > approach on > this one. > > 3 - One more issue raised by David Boyce's proposed text was > population of > the crossCertificatePair attribute in the case where certification > between > two CAs is mutual. The syntax of the crossCertificatePair attribute is > such > that a single value of the attribute is one of the following: > - only a forward element > - only a reverse element > - both a forward and reverse. > > I wonder though when one would be interested in retrieving a value > that had > both forward and reverse present? Does anyone have an example of a > requirement for this? When doing path discovery, regardless of the > algorithm, wouldn't you be interested in one of the forward or reverse > only > for a given operation? If that is true then wouldn't it be better not > to > populate both forward and reverse in a single value but even in the > case of > mutual certification, spread these certificates over different values > of the > attribute? The reason I'm wondering about this is that the smallest > unit of > information that LDAP can return is a whole attribute value (can't > pull only > a forward or only a reverse from a single value). I'm trying to come > up any > reason for wanting the two together in the mutual case and having > trouble > coming up with a requirement. Again, when we get to the point of using > LDAPv3 and more complex filtering capabilities, we may get to a point > where > we can retrieve single certs from the crossCertificatePair attribute, > but if > both forward and reverse are populated in the same attribute value, > you'll > get both certs. Views? > > > > > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA22025 for ietf-pkix-bks; Tue, 8 Sep 1998 06:55:51 -0700 (PDT) Received: from itsfw.CSE-CST.GC.CA (itsfw.cse.dnd.ca [131.136.196.7]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA22020 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 06:55:50 -0700 (PDT) From: jplachance@cse-cst.gc.ca Received: id JAA06138; Tue, 8 Sep 1998 09:57:04 -0400 Received: by gateway id <NWL91ZG3>; Tue, 8 Sep 1998 09:54:53 -0400 Message-ID: <C3222395B150D11185B300A0C9045CB90C3123@mailserverb.its.cse.dnd.ca> To: ietf-pkix@imc.org Subject: For Option 2 Date: Tue, 8 Sep 1998 10:03:01 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk To whom it may concern, For Option 2. Regards, J.P. Lachance Senior Systems Engineer PMO GOC PKI Communications Security Establishement Tel: 613-991-7504 Fax: 613-991-7455 Internet: jplachance@cse-cst.gc.ca Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA22008 for ietf-pkix-bks; Tue, 8 Sep 1998 06:53:13 -0700 (PDT) Received: from docws001.shl.com (docws001.shl.com [159.249.56.252]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA22004 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 06:53:11 -0700 (PDT) Received: from dalmsdoc01.shl.com (dalmsdoc01.shl.com [159.249.142.247]) by docws001.shl.com (8.7.3/8.7.3) with SMTP id IAA57036 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:42:50 -0500 Received: by dalmsdoc01.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDDB06.D7033400@dalmsdoc01.shl.com>; Tue, 8 Sep 1998 08:58:25 -0500 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980908135819Z-50946@dalmsdoc01.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 08:58:19 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk If the forward and the reverse element are never both present in the same pair (=either one is present or the other, but never both, in any given pair), what is the point of having the attribute defined as "pair"? In that case it would make better sense to have two separate attributes instead -- "forward certificate" and "reverse certificate". I can see some (limited?) use for populating both forward and reverse in the same pair, to record mutual certification. Not primarily for path discovery, but for answering other questions about certification relationships. Jan Pachl SHL Systemhouse >From: Sharon Boeyen[SMTP:sharon.boeyen@entrust.com] >[ ... ] > >3 - One more issue raised by David Boyce's proposed text was population of >the crossCertificatePair attribute in the case where certification between >two CAs is mutual. The syntax of the crossCertificatePair attribute is such >that a single value of the attribute is one of the following: >- only a forward element >- only a reverse element >- both a forward and reverse. > >I wonder though when one would be interested in retrieving a value that had >both forward and reverse present? Does anyone have an example of a >requirement for this? When doing path discovery, regardless of the >algorithm, wouldn't you be interested in one of the forward or reverse only >for a given operation? If that is true then wouldn't it be better not to >populate both forward and reverse in a single value but even in the case of >mutual certification, spread these certificates over different values of the >attribute? The reason I'm wondering about this is that the smallest unit of >information that LDAP can return is a whole attribute value (can't pull only >a forward or only a reverse from a single value). I'm trying to come up any >reason for wanting the two together in the mutual case and having trouble >coming up with a requirement. Again, when we get to the point of using >LDAPv3 and more complex filtering capabilities, we may get to a point where >we can retrieve single certs from the crossCertificatePair attribute, but if >both forward and reverse are populated in the same attribute value, you'll >get both certs. Views? > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21745 for ietf-pkix-bks; Tue, 8 Sep 1998 06:07:58 -0700 (PDT) Received: from itsfw.CSE-CST.GC.CA (itsfw.cse.dnd.ca [131.136.196.7]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA21741 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 06:07:57 -0700 (PDT) From: tjcasar@its.cse.dnd.ca Received: id JAA05475; Tue, 8 Sep 1998 09:09:56 -0400 Received: by gateway id <NWL91ZFR>; Tue, 8 Sep 1998 09:07:45 -0400 Message-ID: <D151573E3DC6CF11AAAD00A0C90428FD296876@mailserver.cse.dnd.ca> To: ietf-pkix@imc.org Subject: For Option 2 Date: Tue, 8 Sep 1998 09:07:44 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA21325 for ietf-pkix-bks; Tue, 8 Sep 1998 05:17:25 -0700 (PDT) Received: from fin.gc.ca (cis-pec.fin.gc.ca [198.103.32.130]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA21321 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 05:17:23 -0700 (PDT) From: DeRosenroll.Michael@tbs-sct.gc.ca Received: from connfax.fin.gc.ca ([172.17.22.10]) by sonic.fin.gc.ca with ESMTP id <19735>; Tue, 8 Sep 1998 08:20:39 -0400 Received: by CONNFAX with Internet Mail Service (5.5.1960.3) id <SQ2M0LBH>; Tue, 8 Sep 1998 08:22:19 -0400 Message-ID: <B103B7FE19C3D011900200805F19428E013BAA37@server5.tbs-sct.gc.ca> To: ietf-pkix@imc.org Subject: For option 2 Date: Mon, 7 Sep 1998 09:34:21 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA20854 for ietf-pkix-bks; Tue, 8 Sep 1998 04:13:26 -0700 (PDT) Received: from apollo.fedworld.gov (apollo.fedworld.gov [192.239.92.203]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA20850 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 04:13:24 -0700 (PDT) Received: from jdiduro.fedworld.gov ([208.232.200.69] (may be forged)) by apollo.fedworld.gov (8.8.6 (PHNE_14041)/8.8.6) with SMTP id HAA01052 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:17:43 -0400 (EDT) Message-Id: <4.0.2.19980908072326.0443e530@192.239.92.203> X-Sender: jdiduro@192.239.92.203 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2 Date: Tue, 08 Sep 1998 07:23:34 -0400 To: ietf-pkix@imc.org From: "John A. DiDuro" <jdiduro@apollo.fedworld.gov> Subject: for Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA20761 for ietf-pkix-bks; Tue, 8 Sep 1998 04:07:11 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA20755 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 04:07:09 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ537>; Tue, 8 Sep 1998 07:12:08 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E186603@WUHER> From: Jeremy Bingham <jbingham@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 8 Sep 1998 07:12:07 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA08715 for ietf-pkix-bks; Tue, 8 Sep 1998 01:20:27 -0700 (PDT) Received: from smtp03.wxs.nl (smtp03.wxs.nl [195.121.6.37]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA08709 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 01:20:26 -0700 (PDT) Received: from ben ([195.121.86.74]) by smtp03.wxs.nl (Netscape Messaging Server 3.54) with SMTP id AAA16EA for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:25:05 +0200 Message-ID: <35F4EA2C.64AC@wxs.nl> Date: Tue, 08 Sep 1998 10:26:20 +0200 From: Ton van Lieshout <ton.van.lieshout@wxs.nl> Reply-To: ton.van.lieshout@wxs.nl Organization: Point Information Systems B.V. X-Mailer: Mozilla 3.01C-WXS-16 (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: FOR OPTION 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk As an Entrust prtner, we vote for option 2. Ton van Lieshout Technical Director Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id XAA29595 for ietf-pkix-bks; Mon, 7 Sep 1998 23:01:20 -0700 (PDT) Received: from security.no ([193.71.64.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id XAA29591 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 23:01:17 -0700 (PDT) Received: by gateway.security.no id <26882>; Tue, 8 Sep 1998 07:01:48 +0100 Message-Id: <98Sep8.070148gmt+0100.26882@gateway.security.no> From: =?iso-8859-1?Q?Svein_L=F8seth?= <slo@security.no> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 8 Sep 1998 07:05:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id XAA29592 Sender: owner-ietf-pkix@imc.org Precedence: bulk --------------------------------------------------------------------------------------------------------------------------- Svein Løseth Tlf.: +47-22 95 86 83 Network Security AS Fax: +47-22 60 44 27 Gaustadalléen 21 Dir. Line: +47-22 95 85 48 N-0371 OSLO GSM: +47-91 77 09 63 NORWAY http://www.security.no Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA26304 for ietf-pkix-bks; Mon, 7 Sep 1998 17:02:27 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id RAA26299 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 17:02:26 -0700 (PDT) Received: id UAA07858; Mon, 7 Sep 1998 20:04:33 -0400 Received: by gateway id <S2S6XSHF>; Mon, 7 Sep 1998 20:01:31 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9748@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: forward & reverse elements - population Date: Mon, 7 Sep 1998 20:01:30 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Three related issues: 1 - raised by Denis - need to clarify how one way certification of a CA to another CA is represented in the crossCertificationPair attribute (as opposed to bilateral) Denis - would adding some text along the lines of that proposed by David Boyce (that at least one of the forward or reverse elements must be present in a value of the crossCertificatePair attribute) satisfy that? 2 - raised by Santosh - population of the reverse element of the crossCertificatePair attribute not to be mandated. Santosh, I tend to agree with this. I'm curious whether you (and others) think we can mandate, especially in a schema spec, that the forward certificates be published by the subject CA either? Is a schema spec really the place to dictate CA behaviour? Or should the schema spec provide the tools to be used for publishing the certs, should the CA decide to publish them. In the case of option 2, if we mandate neither, the crossCertificatePair attribute would contain all the certificates of the forward and reverse types that this CA has decided to publish. The content of the cACertificate attribute would still be a subset of the content of the crossCertificatePair attribute plus self issued certificates. This would result in a situation where some certificates would be published only in the issuing CAs entry, some only in the subject CAs entry and others in both. But in all cases a relying party would be able to find them in the crossCertificatePair attribute and if the relying party understood the CAs definition of domain they could take advantage of the subset published in that CAs cACertificate attribute. Do you think this reflects the real business needs or do you think we need to mandate that the subject CA publish forward certificates issued for it? I lean toward not mandating either, but can go along with either approach on this one. 3 - One more issue raised by David Boyce's proposed text was population of the crossCertificatePair attribute in the case where certification between two CAs is mutual. The syntax of the crossCertificatePair attribute is such that a single value of the attribute is one of the following: - only a forward element - only a reverse element - both a forward and reverse. I wonder though when one would be interested in retrieving a value that had both forward and reverse present? Does anyone have an example of a requirement for this? When doing path discovery, regardless of the algorithm, wouldn't you be interested in one of the forward or reverse only for a given operation? If that is true then wouldn't it be better not to populate both forward and reverse in a single value but even in the case of mutual certification, spread these certificates over different values of the attribute? The reason I'm wondering about this is that the smallest unit of information that LDAP can return is a whole attribute value (can't pull only a forward or only a reverse from a single value). I'm trying to come up any reason for wanting the two together in the mutual case and having trouble coming up with a requirement. Again, when we get to the point of using LDAPv3 and more complex filtering capabilities, we may get to a point where we can retrieve single certs from the crossCertificatePair attribute, but if both forward and reverse are populated in the same attribute value, you'll get both certs. Views? ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA25807 for ietf-pkix-bks; Mon, 7 Sep 1998 15:26:02 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id PAA25803 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 15:26:01 -0700 (PDT) Message-Id: <199809072226.PAA25803@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Mon, 07 Sep 1998 15:30:57 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: RE: PKIX freeware library coming soon (fwd) In-Reply-To: <199809072249.AAA24035@cs.pub.ro> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 12:49 AM 9/8/98 +0200, Monica Pietrosanu-Ene wrote: >Any recent news related to that freeware library? >I searched the MIT site and I didn't find anything related to that implementation. It should be available by the end of August, isn't it? There is a new mailing list to discuss the library. Please see <http://www.imc.org/imc-pfl/> for more information on the mailing list and the library. I've been told that the folks making the library are almost-almost ready to release the first version (they can't turn the page on their calendars to September until they do...). At that point, the new mailing list for the library should become active. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA16002 for ietf-pkix-bks; Mon, 7 Sep 1998 11:55:40 -0700 (PDT) Received: from mail-ewr-3.pilot.net (mail-ewr-3.pilot.net [206.98.230.17]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA15998 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 11:55:39 -0700 (PDT) From: Lynn.Wheeler@firstdata.com Received: from mailgw.FirstData.com ([204.48.27.166]) by mail-ewr-3.pilot.net (Pilot/8.8.8) with ESMTP id PAA27888; Mon, 7 Sep 1998 15:00:41 -0400 (EDT) Received: from lnsunr02.firstdata.com (lnsunr02.firstdata.com [192.168.247.16]) by mailgw.FirstData.com with SMTP id PAA11891; Mon, 7 Sep 1998 15:00:39 -0400 (EDT) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 85256678.006834C0 ; Mon, 7 Sep 1998 14:58:12 -0400 X-Lotus-FromDomain: FDC To: Mike Smith <mfsmith@zionsbank.com> cc: fod@brd.ie, Alan.Lloyd@OpenDirectory.com.au, dave@chromatix.com, ietf-pkix@imc.org Message-ID: <88256678.0067D844.00@lnsunr02.firstdata.com> Date: Mon, 7 Sep 1998 11:59:43 -0700 Subject: Re: Relational vs Directory Repository Models (was RE: path development complexity s) Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk and with an intelligent repository, along with assumptions about knowing every use to contain risk/liability exposures and provide timely status ... and a nudge in the protocol here & there ... it becomes account authority instead of certification authority client gets even thinner ... and account authority provides enhanced value transaction (most of the certificates are redundant/superfluous). Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA07642 for ietf-pkix-bks; Mon, 7 Sep 1998 10:30:30 -0700 (PDT) Received: from relay2.elvis.ru (ss10.elvis.ru [194.190.192.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA07638 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 10:30:28 -0700 (PDT) Received: by relay2.elvis.ru (8.8.5/1.25) id VAA29408; Mon, 7 Sep 1998 21:35:28 +0400 (MSK DST) Message-ID: <XFMail.980907213528.versed@elvis.ru> X-Mailer: XFMail 1.3 [p0] on Solaris X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 07 Sep 1998 21:35:28 +0400 (MSK DST) From: Pavel Krylov <versed@elvis.ru> To: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: depth Sender: owner-ietf-pkix@imc.org Precedence: bulk My question: What depth of certificate tree is exist now?? Average value? Sharon, Santosh? --------------------------------------- Pavel V.Krylov versed@elvis.ru Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA07055 for ietf-pkix-bks; Mon, 7 Sep 1998 10:23:19 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA07051 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 10:23:18 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Mon, 07 Sep 1998 11:23:47 -0600 Message-Id: <s5f3c243.014@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Sep 1998 11:23:32 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: Alan.Lloyd@OpenDirectory.com.au Cc: ietf-pkix@imc.org Subject: Re: Re relational - and Dirs and all that Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks for the remedial lesson. We also tend towards business objects in design and implmentation. I too, think that these hybrid systems are the direction of the future. michael Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA06891 for ietf-pkix-bks; Mon, 7 Sep 1998 09:57:29 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA06886 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 09:57:20 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFKM>; Tue, 8 Sep 1998 03:01:18 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07380E@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'mfsmith@zionsbank.com'" <mfsmith@zionsbank.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re relational - and Dirs and all that Date: Tue, 8 Sep 1998 03:01:12 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA06888 Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan: Mike the amazing thing is I am in Charlotte US and working remote to Aus. I had to repaste the text as I got an error? in the long distance server? Comments in line marked Alan. Quick response from so far away, I am still amazed at this Internet technology, even though I've been relying on it daily, since the early '80s. :) Alan: I have been relying on since 9.00 AM this morning :-) Mike: With an X500 model, then one would have to create the directory service agents (DSA) to actually process the requests. My limited understanding of how these work makes it complex indeed to process through multiple layers from one DSA to another (using DAP to cahin to other "directories"). Alan: Directories are distributed, object oriented, named based transaction systems. They operate on distributed naming contexts with objects such as people (that have certs) and CAs that have certs. Directories to us are the foundation for new forms distributed information engineering. (However, LDAP servers (non X.500 ones) do not do distribution - so watch out for the scaling issues with those things). Most think LDAP servers are the only forms of directories and because they have distribution issues - it means that all directories have distribution issues - X.500 (which can have LDAP access) does not have these, therefore the information solution space is wider than LDAP server only systems. Mike: Server side logic, whether stored procedures, external routines or objects from an Application Server, seems less complex for development of client server applications with thin clients, since the variety of tools and supporting technology is so available. My "take" on X500 models is that the directory system was designed for thin servers and thin cleints (thinner clients with the original LDAP, fatter clients (almost DAP) with the current LDAP models). Now, the discussion seems to be on how fat (huge) and intelligent (brilliant) to make the clients. Alan: Thin and fat seems can get mixed up these days. There is the stacks - LDAP is about 230kb and DAP which is about 130kb. LDAP on bigger searches becomes less efficient and DAP has features that deal with master/copy entries and controlling chaining ie. DAP has twice (scaleable) the functionality than LDAP. In terms of "processing" above the stack - LDAP clients do more because they have to chase referrals (no chaining in the servers) and with the LDAP servers (non X.500 ones) if one wants to authenticate users one has to replicate everything to everywhere. ie. what LDAP does not do that X.500 does.. Humans have to. Mike: As you have discovered, a relational DBMS can perform all of the functions of the X.500 requirements and a whole lot more. Alan: But X.500 deals correctly with object oriented engineering, distributed name based systems and scaling. There is a difference. DBMSs deal with data management with integrity (as well as many other things)they (RDBs) do not distribute or scale in the same way- X.500 is about protected distributed object oriented engineering. We have put the both together (RDBs and X.500) - in fact we have made commercial RDBMs extremely fast and distributed object oriented system that is conformant to X.500 (with LDAP access and provides LDAP server interconnectivity). Mike: As a business-focused technologist, I also like the easier integration of an RDBMS-engined repository with the RDBMS' that are used to run the business (I know some Directory schemes output data to RDBMS - some may even allow two-way communication). I like the idea of searching multiple RDBMS sources in one query instead of chaining DSA to DSA - I also think the logic can be more comprehensive. By comprehensive, let's say against a rule set that can contain more than one decision matrix, maybe with some knowledge-based intelligence acquired from yet another DBMS. I can envision a central-responder repository model that "handles" simple requests for path building that get as complex as necessary across hierarchical, cross-certified, policy mapped, Web of trust, personal trust, bilaterally agreed relationships AND others yet to be defined. Alan: I am a very business focussed technologist and believe that OO distributed systems are required and that these will integrate with RDBs where appropriate (eg. Legacy systems or where relational requirements extend beyond those as affored with OO/RDB systems (like our directory). We provide a range of tools for RDBs and LDIF interchange and integration. Mike: Relationship management becomes the central repository's concern, not that of the relying party. The relying party needs a business relationship with the central repository, or their CA (issuer) does. Contracts and agreements amongst the players need to exist for a central system to work, but there are business models that can support highly complex relationship structures. Alan: Some - repeat some of this can be designed with directories and OO structures. Mike: I tend to think of how to incorporate a workable PKI into an electronic commerce scenario that may involve business relationships with thousands of companies, hundreds of financial institutions and their millions of customers. Alan: We do - in fact we scale to these requirements. Mike: In all probability, this means working with many PKI systems and models and their varied implementations. I do not see a system accepting "all" certificates coming into it. Having said that, though, in business, its always risk vs. reward and if someone wishes to reward (and indemnify) me enough to honor self-authenticated or other "weak" certificates, maybe I'll need to incorporate that into my model as well. Mike: I do not see basing a business solely on a directory, no matter its integrity or "globalness". I do not even see basing a directory service business solely on an X.500 directory. Alan: Some do now - the trend is to have distributed systems and basing these on scaleable - mutually authenticated OO - X.500 technologies. However, this does not mean that some centralised RDB applications wont exist - they will in our view become "directory enabled" so they can interwork with WEB/RDB/OO(X.500)business information infrastructures that support a range of authenticated role based people and applications. This is the new approach to business information system modelling - and this also includes multi - distributed CA/PKI functions. I do find business uses for directory-structured systems, but find the duplication of data and differing and costly development environment (ASN.1 vs C++, ProC, SQL, Java, or whatever) annoying. I look towards enterprise services for customers and employees that incorporates PKI - not to PKI as something totally separate. Alan: Absolutely So, that's the origin of my comments on relational "vs." directory. I really think that there should be a synthesis, not an opposition. Since both LDAP and X.500 and X.509 (with version 3) are independent of the directory model and technology, Alan: Dont quite agree - X.509 will not go far without X.500. if we think "outside the X.500 box", then we can use the strengths of the X.500 directory model and add on some strenghts in logic processing from the tools in the RDBMS world. Alan: We did and we have and we do - see Integrated Information Infrastructures. I will send a paper off list. That way, one can support LDAP, DAP, Java Applets, integrated client applications, or whatever development technology becomes available across IP to meet constantly changing business requirements. Alan: Agree Alan: Regards alan Michael Snip.. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA06469 for ietf-pkix-bks; Mon, 7 Sep 1998 09:01:23 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA06465 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 09:01:21 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Mon, 07 Sep 1998 10:01:30 -0600 Message-Id: <s5f3aefa.078@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Sep 1998 10:01:25 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: fod@brd.ie, Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com, ietf-pkix@imc.org Subject: Re: RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Quick response from so far away, I am still amazed at this Internet technology, even though I've been relying on it daily, since the early '80s. :) With an X500 model, then one would have to create the directory service agents (DSA) to actually process the requests. My limited understanding of how these work makes it complex indeed to process through multiple layers from one DSA to another (using DAP to cahin to other "directories"). Server side logic, whether stored procedures, external routines or objects from an Application Server, seems less complex for development of client server applications with thin clients, since the variety of tools and supporting technology is so available. My "take" on X500 models is that the directory system was designed for thin servers and thin cleints (thinner clients with the original LDAP, fatter clients (almost DAP) with the current LDAP models). Now, the discussion seems to be on how fat (huge) and intelligent (brilliant) to make the clients. As you have discovered, a relational DBMS can perform all of the functions of the X.500 requirements and a whole lot more. As a business-focused technologist, I also like the easier integration of an RDBMS-engined repository with the RDBMS' that are used to run the business (I know some Directory schemes output data to RDBMS - some may even allow two-way communication). I like the idea of searching multiple RDBMS sources in one query instead of chaining DSA to DSA - I also think the logic can be more comprehensive. By comprehensive, let's say against a rule set that can contain more than one decision matrix, maybe with some knowledge-based intelligence acquired from yet another DBMS. I can envision a central-responder repository model that "handles" simple requests for path building that get as complex as necessary across hierarchical, cross-certified, policy mapped, Web of trust, personal trust, bilaterally agreed relationships AND others yet to be defined. Relationship management becomes the central repository's concern, not that of the relying party. The relying party needs a business relationship with the central repository, or their CA (issuer) does. Contracts and agreements amongst the players need to exist for a central system to work, but there are business models that can support highly complex relationship structures. I tend to think of how to incorporate a workable PKI into an electronic commerce scenario that may involve business relationships with thousands of companies, hundreds of financial institutions and their millions of customers. In all probability, this means working with many PKI systems and models and their varied implementations. I do not see a system accepting "all" certificates coming into it. Having said that, though, in business, its always risk vs. reward and if someone wishes to reward (and indemnify) me enough to honor self-authenticated or other "weak" certificates, maybe I'll need to incorporate that into my model as well. I do not see basing a business solely on a directory, no matter its integrity or "globalness". I do not even see basing a directory service business solely on an X.500 directory. I do find business uses for directory-structured systems, but find the duplication of data and differing and costly development environment (ASN.1 vs C++, ProC, SQL, Java, or whatever) annoying. I look towards enterprise services for customers and employees that incorporates PKI - not to PKI as something totally separate. So, that's the origin of my comments on relational "vs." directory. I really think that there should be a synthesis, not an opposition. Since both LDAP and X.500 and X.509 (with version 3) are independent of the directory model and technology, if we think "outside the X.500 box", then we can use the strengths of the X.500 directory model and add on some strenghts in logic processing from the tools in the RDBMS world. That way, one can support LDAP, DAP, Java Applets, integrated client applications, or whatever development technology becomes available across IP to meet constantly changing business requirements. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 9:15 AM >>> Mike - I am not sure if I understand your response as it mixes technology statements. So comments in line. ---------- From: Mike Smith To: fod@brd.ie; Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com; ietf-pkix@imc.org Sent: 9/8/98 12:27:08 AM Subject: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Some of you have heard this before from me and others, but, maybe it's worth repeating at this time. AL: Its new to me so thanks. Complexity of the problem of path building requires a more robust/intelligent repository. AL: Agree Think out of the directory model and consider a relational database behind the LDAP responder. Per cert request times may be slower, but the ability to work with multiple business (trust) models and supply ALL of the necessary certs (in one query) for the most complex path validation scenario outweighs (and maybe outperforms) a series of client-side processing and LDAP requests. AL: This is an implementation issue - we use a Patented SQL design under our X.500 LDAP product and its fast including distributed (multi server) operations. One always scales the hardware, processing, process and DB and network to do the job anyway. The business logic for multiple trust models would reside on the host. The LDAP request could be parsed, the business (trust) rules selected according to either or both the relying party's and sender's trust requirements. AL: Host - is this a server or a mainframe - this is a sizing issue? Perhaps a view of the system should be: a)A distributed X.500 system with high performance (even though it uses SQL RDBMS ) to give it industry strength and integrity. b) LDAP or DAP (DAP is for the lucky few that want to control the scope of directory chaining to get a cert path and getting Master cert from CA entries:-) ) access by the client software - with the presented cert and the domain in which validation is required information. Note: yet another weakness in LDAP will show up with trust/scope of cert path processing...Somehow LDAP and LDAP servers just dont seem to mix with X.509, certpath processing and CAs... c) A CA that populates its portion of The interconnected DIB with CA certs, CRLs, etc and validation information. d)Trusted CA utilities that run/execute on the CA "server" or "host" to manage the CA's validation "environment". The RDBMS and its server-side business logic can even chain requests to other CA directories if necessary. AL: Yes - there is nothing to stop a directory request to retrieve something with a Search/Matching rule into subordinate objects below the CA entry in question - via alias or cross referencing to other CAs DIBs - but this is a bit messy re Search and Trust management. But very achieveable with a few extensions to Results Correlation processing or CA Utilities. Of course, my perspective is that the business logic and trust requirements come from the CA, not the end-user. If the trust model rule making is placed on the end user, then one would need to design a pretty fat, customer customizable client software piece. AL: Agree and totally agree. The way things were turning out with client cert validation software is like LDAP clients have - more code in them than in a DSA. Simply because they incorporated (lesser) distribution handling functions - eg. referrals, replication management, etc - than X.500 DSAs in fact do. Fat unwieldy clients are symptomatic of what happens if one has no distributed (server) system, information and service based model to work with. regards alan PS - the draft for dir cert stat will be formally circulated next week. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 7:55 AM >>> Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06115 for ietf-pkix-bks; Mon, 7 Sep 1998 08:12:09 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA06109 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 08:12:02 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFKB>; Tue, 8 Sep 1998 01:16:00 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC073803@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'fod@brd.ie '" <fod@brd.ie>, "'Mike Smith '" <mfsmith@zionsbank.com> Cc: "'dave@chromatix.com '" <dave@chromatix.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: Relational vs Directory Repository Models (was RE: pathdevelo pment complexity s) Date: Tue, 8 Sep 1998 01:15:58 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Mike - I am not sure if I understand your response as it mixes technology statements. So comments in line. ---------- From: Mike Smith To: fod@brd.ie; Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com; ietf-pkix@imc.org Sent: 9/8/98 12:27:08 AM Subject: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Some of you have heard this before from me and others, but, maybe it's worth repeating at this time. AL: Its new to me so thanks. Complexity of the problem of path building requires a more robust/intelligent repository. AL: Agree Think out of the directory model and consider a relational database behind the LDAP responder. Per cert request times may be slower, but the ability to work with multiple business (trust) models and supply ALL of the necessary certs (in one query) for the most complex path validation scenario outweighs (and maybe outperforms) a series of client-side processing and LDAP requests. AL: This is an implementation issue - we use a Patented SQL design under our X.500 LDAP product and its fast including distributed (multi server) operations. One always scales the hardware, processing, process and DB and network to do the job anyway. The business logic for multiple trust models would reside on the host. The LDAP request could be parsed, the business (trust) rules selected according to either or both the relying party's and sender's trust requirements. AL: Host - is this a server or a mainframe - this is a sizing issue? Perhaps a view of the system should be: a)A distributed X.500 system with high performance (even though it uses SQL RDBMS ) to give it industry strength and integrity. b) LDAP or DAP (DAP is for the lucky few that want to control the scope of directory chaining to get a cert path and getting Master cert from CA entries:-) ) access by the client software - with the presented cert and the domain in which validation is required information. Note: yet another weakness in LDAP will show up with trust/scope of cert path processing...Somehow LDAP and LDAP servers just dont seem to mix with X.509, certpath processing and CAs... c) A CA that populates its portion of The interconnected DIB with CA certs, CRLs, etc and validation information. d)Trusted CA utilities that run/execute on the CA "server" or "host" to manage the CA's validation "environment". The RDBMS and its server-side business logic can even chain requests to other CA directories if necessary. AL: Yes - there is nothing to stop a directory request to retrieve something with a Search/Matching rule into subordinate objects below the CA entry in question - via alias or cross referencing to other CAs DIBs - but this is a bit messy re Search and Trust management. But very achieveable with a few extensions to Results Correlation processing or CA Utilities. Of course, my perspective is that the business logic and trust requirements come from the CA, not the end-user. If the trust model rule making is placed on the end user, then one would need to design a pretty fat, customer customizable client software piece. AL: Agree and totally agree. The way things were turning out with client cert validation software is like LDAP clients have - more code in them than in a DSA. Simply because they incorporated (lesser) distribution handling functions - eg. referrals, replication management, etc - than X.500 DSAs in fact do. Fat unwieldy clients are symptomatic of what happens if one has no distributed (server) system, information and service based model to work with. regards alan PS - the draft for dir cert stat will be formally circulated next week. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 7:55 AM >>> Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA05809 for ietf-pkix-bks; Mon, 7 Sep 1998 07:27:40 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id HAA05805 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 07:27:39 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Mon, 07 Sep 1998 08:27:27 -0600 Message-Id: <s5f398ef.030@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Sep 1998 08:27:08 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: fod@brd.ie, Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com, ietf-pkix@imc.org Subject: Relational vs Directory Repository Models (was RE: path development complexity s) Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Some of you have heard this before from me and others, but, maybe it's worth repeating at this time. Complexity of the problem of path building requires a more robust/intelligent repository. Think out of the directory model and consider a relational database behind the LDAP responder. Per cert request times may be slower, but the ability to work with multiple business (trust) models and supply ALL of the necessary certs (in one query) for the most complex path validation scenario outweighs (and maybe outperforms) a series of client-side processing and LDAP requests. The business logic for multiple trust models would reside on the host. The LDAP request could be parsed, the business (trust) rules selected according to either or both the relying party's and sender's trust requirements. The RDBMS and its server-side business logic can even chain requests to other CA directories if necessary. Of course, my perspective is that the business logic and trust requirements come from the CA, not the end-user. If the trust model rule making is placed on the end user, then one would need to design a pretty fat, customer customizable client software piece. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 7:55 AM >>> Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05623 for ietf-pkix-bks; Mon, 7 Sep 1998 06:56:10 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05618 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 06:56:06 -0700 (PDT) Received: from d1o65.telia.com (root@d1o65.telia.com [62.20.132.241]) by maild.telia.com (8.8.8/8.8.8) with ESMTP id QAA03923; Mon, 7 Sep 1998 16:01:01 +0200 (CEST) Received: from stefans (t2o65p95.telia.com [62.20.132.215]) by d1o65.telia.com (8.8.8/8.8.5) with SMTP id QAA03606; Mon, 7 Sep 1998 16:00:42 +0200 (CEST) Message-Id: <3.0.32.19980907155744.00a55170@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 07 Sep 1998 15:58:39 +0200 To: "Aram Perez" <aram@apple.com>, bob jueneman <bjueneman@novell.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Digital signature and non-repudiation key usage bits Cc: ietf-pkix@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA05620 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Aram, Some comments follow. At 10:17 AM 9/4/98 -0700, Aram Perez wrote: >Bob and Stefan: > >>At 06:42 PM 9/2/98 -0600, Bob Jueneman wrote: >><snip> >>>>I suggest that we stick to the standardized definitions of the key usage >>>>bits and leave >>>>policy issues out of a common certificate profile. >>> >>>If there were any sense of the community as to what these definitions really >>>mean, or ought to mean, we would probably not be having this discussion. >>>Otherwise I would agree with you. >>>> >>>>non-repudiation is according to standard selected by the NR bit, not NR in >>>>combination with DS bit. Inclusion of the DS bit means that DS mechanisms >>>>other than non-repudiation are allowed for the key. > >Is non-repudiation a mechanism or a service? Sorry for my careless language. Non-repudiation is a service and that service is not defined by the CA. However the CA may indicate that the certificate is aimed to support that service. > >>> >>>I believe that is exactly the issue. Are you suggesting that NR plus DS >>should not >>>be allowed? Why? >> >>No I do not. I do suggest that such decision is up to local policy. But >>there will be some policies where this combination will not be allowed, but >>I think you agree to that. > >My problem with this is that to provide "digital" non-repudiation, you have to >"sign" something with a digital signature. I understand that the key usage field >is very overloaded, so I'll probably have to live with it, but I do not agree or >like it. Yes and no. It is clear that X509 has mixed two levels. The mechanism level and the service level. Looking back in the mirror that might have been a bad mix. What's even worse is that the service bit NR in some cases is used as an alternative to DS. To accomplish this the standard has been forced to define both bits to a combined service/mechanism bit. I.e. NR is selecting use of digital signatures and DS is selecting services other than non-repudiation. This is causing the messy debate and could be used as an argument for a defect report. However considering the standard as it is, can we use it? Yes I think so, even if it's not perfect. > >> >>The important thing is that I suggest that the NR bit and DS bit has >>separate meaning and that they should be set independently to specify DS, >>NR or both. >> >>The vague definition of the NR bit is a problem, I agree to that. > >YES!! > >> >>If I were to define some distinguishing property of the NR bit that would be: >> >> Non repudiation denotes services constructed in such way that: >> 1) The signature provides proof of the integrity and >> origin of data - both in an unforgeable relationship - which can be >> verified by any third party at any time.[X.509 / ISO 9594-8] >> 2) The signature is applied to a message where the signatory is capable >> of, and required to, accept responsibility for the message content >> before signing. > >But NR is set in the certificate (i.e. the public key) and does not tell you >whether the signatory (who is using the private key) actually was capable of >accepting responsibility. Yes you are right, it doesn't. And it shouldn't. Since the CA isn't the provider of that service the certificate will tell nothing about the service in which the certificate is used. The key usage bit is a requirement stated by the CA for staying with it's liabilities, not a promise that the requirements will be met. > >> 3) The signatory's liability for signing the message can be concluded >> from the signed message itself, possibly within a well known and agreed >> context that can be verified by any third party at any time. >> >>This definitions rules out any signed logon ticket or other data >>authentication mechanisms where the signature says "this message wasn't >>changed" instead of "I take full responsibility for the message content". > >You do not need a digital signature to tell you "this message wasn't changed". >CRCs, LRCs, checksums, etc have been used for this longer that I've been alive. >You use digital signature when you want to know "this message wasn't changed" >AND "this message came from the reported sender". > Agreed. I guess my point still stands. >> >>But since this is not defined by the bit (which I regret) the way to go >>will be for the CA to include this in it's published certificate policy. > >I doubt whether a CA is going to take responsibility and liability for something >it has no control over. The CA does not know what applications and crypto APIs >the owner of the private key is using. > The CA will not assume responsibility for services utilizing the certificates. It will only be liable for its issued certificates. Again, the CA is not the provider of the NR service. Still, the CA will in some cases state requirements on supported services. Don't forget the original task for the CA. It is just to provide statements to be used as guidance by certificate users. >> >>I can't see any other way for now when utilizing the existing standard. I >>would not object though to a defect report to get this into the standard. > >And I am willing to help (or lead) in this effort. > >> >>In the new proposed work item, however, regaring a profile for >>non-repudiation certificates supporting legal acceptance of digital >>signatures I will try to get this definition in. >> >>Would you support it? > >I would be glad to help and support it. > >Regard, >Aram Perez >Apple Computer, Inc. > > /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05609 for ietf-pkix-bks; Mon, 7 Sep 1998 06:51:36 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05605 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 06:51:29 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFJX>; Mon, 7 Sep 1998 23:55:10 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC0737F9@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Frank O'Dwyer '" <fod@brd.ie> Cc: "'Dave Horvath '" <dave@chromatix.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: path development complexity (was Re: What the straw poll mean s) Date: Mon, 7 Sep 1998 23:55:08 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA05308 for ietf-pkix-bks; Mon, 7 Sep 1998 05:51:16 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA05304 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 05:50:53 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by maild.telia.com (8.8.8/8.8.8) with ESMTP id OAA00330; Mon, 7 Sep 1998 14:55:39 +0200 (CEST) Received: from stefans (t3o68p29.telia.com [62.20.139.29]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id OAA28463; Mon, 7 Sep 1998 14:55:35 +0200 (CEST) Message-Id: <3.0.32.19980907145238.00a532a0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 07 Sep 1998 14:53:16 +0200 To: Bill Brice <Bill.Brice@idtrust.com>, pkix <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: RE: Defining Non-Repudiation Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA05305 Sender: owner-ietf-pkix@imc.org Precedence: bulk Bill, Thank you for your very clarifying information. This is a very important perspective to have when discussing standardized certificate profiles. As you may have seen I have proposed a new work item for PKIX regarding a specific certificate profile based on PKIX part 1 to be used in the context you describe. The ONLY rationale for this profile is to create a common profile for technical interoperability. Not to achieve a globally harmonized legal framework. The new work item, called profile for Qualified Certificates, addresses some of your issues: <snip> >(2) The certificate is considered trustworthy (i.e., an accurate >binding of a public key to a person's identity) because the certificate >was issued by a certification authority in accordance with standards, >procedures, and other requirements specified by the Secretary of State, >or the trier of fact independently finds that the certificate was issued >in a trustworthy manner by a certification authority that properly >authenticated the subscriber and the subscriber's public key, or >otherwise finds that the material information set forth in the >certificate is true. The qualified certificate will be a certificate which includes a statement by the issuer that it meets all requirements imposed by the governing legal framework, regardless of what that legal framework states, to support "Secure electronic signatures" according to your definition. Further the qualified certificate profile will enhance interoperability in naming and other essential attributes. It would be nice to have your view on this. The work item has primary been raised as an answer to needs arising from the European legal framework development. It is though conducted in a generic approach that should be independent of any legal framework. I hope that I can count on your input to ensure that the profile will be consistent with the American legal approach. /Stefan At 03:22 PM 8/21/98 -0500, Bill Brice wrote: >All, > >There has been considerable discussion and debate on these >lists regarding the proper use of the DS and NR KeyUsage bits >in X.509v3 certificates. > >Lets look at this from a legal perspective for a moment, >since a large part of digital signatures is being able >to place some reliance on the data that is digitally signed. > >In the US, private contract law is governed primarily by the >laws of the various US states. Under the Uniform Commercial Code >(in effect for many years now), as enacted by US state laws, >a signature is defined as "any symbol executed or adopted by >a party with the present intention to authenticate a writing". > >This means that my typed name at the bottom of this message >constitutes a valid "signature" under the law. This is a practice >many people use in their e-mails, and it has a binding effect >today, under present law. Were this e-mail digitally signed, you >"might" be able to consider it a signature, but only if it were >consciously signed by me with the "present intention to authenticate" >this message. > >As a relying party this digital signature carries no more legal >weight that my typed signature below. In a dispute, you as the relier >would have the burden of proof that the signature on this message, >whether typed or digitally signed, was valid. The court and/or jury >would have to decide whether your reliance was "reasonable under >the facts and circumstances" of the matter. It would make no >difference what KeyUsage bit was set. > >In determining "reasonable reliance" there is a broad continuum. >In the case of the typed signature: Do you personally know me? >What other information did you have about me? What other correspondence >have you received from me? Do you know my address and phone >numbers? etc. etc. In the case of the digital signature the same >questions would apply, plus: Do you understand anything about PKI? >Who issued the certificate? What application software did you use to >receive and verify the message? > >In fact, most people outside of this mailing list would quite reasonably >have less comfort with this message were it digitally signed as opposed >to a typed closing signature. > >Woe on the first relying party to litigate a repudiated digital >signature. It will likely cost over US$100,000. > >Fortunately, there is a way out of this messy state of affairs. And >it impacts the DS/NR question. > >The US State of Illinois, after 18 months of study by the Illinois >Commission on Electronic Commerce and Crime, passed a new EC law >(to take effect July 1, 1999) titled the "Electronic Commerce >Security Act". This comprehensive law not only recognizes digital >signatures as being equally valid as a UCC (above) signature, but it >create a new class of signature called a "secure electronic signature" >and a new class of data record called a "secure electronic record". > >To quote from the Commission's report: "Secure electronic records and >secure electronic signatures define categories of records and >signatures that are accorded heightened evidentiary presumptions >because of their enhanced reliability and trustworthiness, >just as notarized documents are accorded heightened evidentiary >presumptions for the same reason. The concept of a secure electronic >record and a secure electronic signature is critical to enabling >electronic commerce. Businesses will be much more willing to enter >into commercial transactions, extend credit, commit resources, >ship goods, or otherwise rely on messages from contracting parties >transmitted over public networks such as the Internet when they can >be assured that such records and signatures will be accorded the >heightened evidentiary presumptions necessary to effectively make >their transactions nonrepudiable." > >The effect of this is that a relying party may presume that a >"secure electronic signature" is valid and in a dispute the burden >of proof shifts to the signer to rebut the presumption. > >This is the quality we would all like in a non-repudiable >digital signature. It will be necessary for other jurisdictions to >follow the Illinois lead in order to give us the PKI world we would >want (at least as far as digisig is concerned). I would urge Petra >to consider this approach in the German legislation. > >In order to achieve this GOLD CARD level of non-repudiation the law >provides as follows: > >----START >Section 10-110. Secure electronic signature. > >(a) If, through the use of a qualified security procedure, >it can be verified that an electronic signature is the signature of a >specific person, then such electronic signature shall be considered to >be a secure electronic signature at the time of verification, if the >relying party establishes that the qualified security procedure was: > > (1) commercially reasonable under the circumstances, > > (2) applied by the relying party in a trustworthy manner, >and > > (3) reasonably and in good faith relied upon by the relying >party. > >(b) A qualified security procedure for purposes of this Section is a > >security procedure for identifying a person that is: > > (1) previously agreed to by the parties, or > > (2) certified by the Secretary of State in accordance with >Section 10-135 as being capable of creating, in a trustworthy manner, >an electronic signature that: > > (A) is unique to the signer within the context in which it >is used; > > (B) can be used to objectively identify the person signing >the >electronic record; > > (C) was reliably created by such identified person, (e.g., >because some aspect of the procedure involves the use of a signature >device or other means or method that is under the sole control of such >person), and that cannot be readily duplicated or compromised, and > > (D) is created, and is linked to the electronic record to >which it relates, in a manner such that if the record or the signature >is intentionally or unintentionally changed after signing the electronic >signature is invalidated. > >----END > >So, what's a qualified security procedure in the case of digital >signatures? >The law provides: > >----START >Section 15-105. Secure electronic signature. A digital signature that >is created using an asymmetric algorithm certified by the Secretary >of State under item (2) of subsection (b) of Section 10-110 shall be >considered to be a qualified security procedure for purposes of >identifying a person under Section 10-110 if: > >(1) The digital signature was created during the operational period >of a valid certificate, was used within the scope of any other >restrictions specified or incorporated by reference in the certificate, >if any, and can be verified by reference to the public key listed in >the certificate; and > >(2) The certificate is considered trustworthy (i.e., an accurate >binding of a public key to a person's identity) because the certificate >was issued by a certification authority in accordance with standards, >procedures, and other requirements specified by the Secretary of State, >or the trier of fact independently finds that the certificate was issued > >in a trustworthy manner by a certification authority that properly >authenticated the subscriber and the subscriber's public key, or >otherwise finds that the material information set forth in the >certificate is true. >----END > >So, what are the implications for the PKIX draft and this debate >about DS/NR keybits? > >I believe the Illinois ECS Act gives us strong guidance on the direction >of the law (at least US law). The key issue for PKIX is expressed in >paragraph 1 of Section 15-105 above. Namely, that the digital signature >"was used within the scope of any other restrictions specified or >incorporated by reference in the certificate, if any...". > >IMHO, this says that it's really up to the CA and what they say in >their CPS and any Certificate Policies adopted by the CA. If a CA >adopts the PKIX profile, which they don't have to, then it would be >up to the CA to further clarify the meaning of the NR bit in their >certificates. To me, the NR bit is a requirement for any CA whose >certificates will be used in an open environment, and whose certs >are intended to establish the kind of non-repudiation contemplated >by the Illinois law. The DS bit is irrelevant in this context. > >Of course it would be great if the application software would pay >any attention at all to the v3 extensions in a certificate. But, >that's another story. > > >Bill Brice, Chief PKI Architect >International DataTrust >PO Box 670789 >Dallas, TX 75367-0789 >+1.214.706.9320 (direct), +1.214.706.9321 (fax) > >P.S. I'm not an attorney. While I participate in the American Bar >Association's Information Security Committee, these opinions are >my own and you should conduct your own investigation and seek >you own legal advice on these matters. :) > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA01907 for ietf-pkix-bks; Mon, 7 Sep 1998 01:23:43 -0700 (PDT) Received: from mailhost.dircon.co.uk (mailhost.dircon.co.uk [194.112.32.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA01902 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 01:23:41 -0700 (PDT) Received: from dircon.co.uk (th-en133-079.pool.dircon.co.uk [194.112.53.79]) by mailhost.dircon.co.uk (8.9.1/8.8.7) with ESMTP id JAA13359 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 09:28:29 +0100 (BST) Message-ID: <35F39AD8.82DEC733@dircon.co.uk> Date: Mon, 07 Sep 1998 09:35:36 +0100 From: Jorgen Moller <jmoller@dircon.co.uk> Reply-To: jmoller@dircon.co.uk X-Mailer: Mozilla 4.02 [en] (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA27936 for ietf-pkix-bks; Sun, 6 Sep 1998 09:51:13 -0700 (PDT) Received: from out5.ibm.net (out5.ibm.net [165.87.194.243]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA27932 for <ietf-pkix@imc.org>; Sun, 6 Sep 1998 09:51:11 -0700 (PDT) Received: from 730xcdt (slip139-92-24-251.por.uk.ibm.net [139.92.24.251]) by out5.ibm.net (8.8.5/8.6.9) with SMTP id QAA26578 for <ietf-pkix@imc.org>; Sun, 6 Sep 1998 16:56:09 GMT From: "CliveBetteridge" <cbetter@ibm.net> To: <ietf-pkix@imc.org> Subject: Internet Directory Consortium call for participation in DirConnect3 Date: Sun, 6 Sep 1998 17:48:12 +0100 Message-ID: <01bdd9b6$22a8b940$LocalHost@730xcdt> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D9_01BDD9BE.846D2140" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-Mimeole: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_00D9_01BDD9BE.846D2140 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear all,=20 The interest in LDAP, especially V3 and extensions remains strong. With = this increase in popularity of the technology come even greater = requirements for interoperability of different suppliers' = implementations. To enable cooperative LDAP testing in an engineers-only = environment the Internet Directory Consortium proposes to hold a = Dirconnect3 Interoperability Testing event.=20 If you are implementing LDAP clients or servers you are urged to = consider this opportunity of meeting your peers in other organizations = for some serious testing. The location will be in the San Jose area.=20 The program will be as below:=20 Day 1 8:30 - 9:30 Set up, get acquainted, muffins, fruit, coffee, sodas 9:30 - 12:00 Testing 12:00 - 1:00 Lunch (buffet, served away from the work room) 1:00 - 5:00 Testing 5:00 - 5:30 Recap and plan for Day 2=20 8:30 - 12:00 Testing (muffins, fruit, coffee, sodas at 8:30) 12:00 - 1:00 Lunch (buffet, served away from the work room) 1:00 - 4:00 Testing 4:00 - 5:00 Review and prepare preliminary report 5:00 - 6:00 Tear down A quick straw-poll suggests most favored dates to be in the week = commencing Monday 26th October. Please can you give me the answers to the following questions: Are you likely to attend?=20 What date(s) would you prefer? What would you like to test? Basic LDAP V2? Basic LDAP V3? LDAP V3 Extensions? (please list) I look forward to hearing from you. Best regards Clive Clive Betteridge, Operations Manager - Internet Directory Consortium The Open Group Apex Plaza, Forbury Road, Reading RG1 1AX, UK Mailto:c.betteridge@opengroup.org Ph: +44 1344 642153 http://www.opengroup.org/idc/ Fx: +44 118 950 0110=20 ------=_NextPart_000_00D9_01BDD9BE.846D2140 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.71.1712.3"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> <DIV><FONT color=3D#000000 face=3DArial> <P>Dear all,</FONT><FONT face=3DArial> </P></FONT><FONT = color=3D#000000=20 face=3DArial> <P>The interest in LDAP, especially V3 and extensions remains strong. = With this=20 increase in popularity of the technology come even greater requirements = for=20 interoperability of different suppliers' implementations. To enable = cooperative=20 LDAP testing in an engineers-only environment the Internet Directory = Consortium=20 proposes to hold a Dirconnect3 Interoperability Testing = event.</FONT><FONT=20 face=3DArial> </P> <P>If you are implementing LDAP clients or servers you are urged to = consider=20 this opportunity of meeting your peers in other organizations for some = serious=20 testing.</P></FONT><FONT color=3D#000000 face=3DArial> <P>The location will be in the San Jose area.</FONT><FONT=20 face=3DArial> </P></FONT><FONT color=3D#000000 face=3DArial> <P>The program will be as below:</FONT><FONT = face=3DArial> </P></FONT><FONT=20 color=3D#000000 face=3DArial> <P>Day 1</P> <P>8:30 - 9:30 Set up, get acquainted, muffins, fruit, coffee, sodas</P> <P>9:30 - 12:00 Testing</P> <P>12:00 - 1:00 Lunch (buffet, served away from the work room)</P> <P>1:00 - 5:00 Testing</P> <P>5:00 - 5:30 Recap and plan for Day 2 </P> <P>8:30 - 12:00 Testing (muffins, fruit, coffee, sodas at 8:30)</P> <P>12:00 - 1:00 Lunch (buffet, served away from the work room)</P> <P>1:00 - 4:00 Testing</P> <P>4:00 - 5:00 Review and prepare preliminary report</P> <P>5:00 - 6:00 Tear down</P> <P></P> <P></P> <P>A quick straw-poll suggests most favored dates to be in the week = commencing=20 Monday 26th October.</P> <P></P> <P>Please can you give me the answers to the following questions:</P> <P>Are you likely to attend? </P> <P>What date(s) would you prefer?</P> <P></P> <P>What would you like to test?</P> <P>Basic LDAP V2?</P> <P>Basic LDAP V3?</P> <P>LDAP V3 Extensions? (please list)</P> <P></P> <P></P> <P>I look forward to hearing from you.</P> <P></P> <P>Best regards</P> <P></P> <P>Clive</P> <P></P> <P>Clive Betteridge, Operations Manager - Internet Directory = Consortium</P> <P>The Open Group</P> <P>Apex Plaza, Forbury Road, Reading RG1 1AX, UK</P></FONT><U><FONT=20 color=3D#0000ff face=3DArial> <P>Mailto:c.betteridge@opengroup.org</U></FONT><FONT color=3D#000000=20 face=3DArial> Ph: +44 1344 642153</P></FONT><U><FONT = color=3D#0000ff=20 face=3DArial> <P>http://www.opengroup.org/idc/</U></FONT><FONT color=3D#000000=20 face=3DArial> Fx: +44 118 950 0110 = </FONT></P></DIV></DIV></BODY></HTML> ------=_NextPart_000_00D9_01BDD9BE.846D2140-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA22327 for ietf-pkix-bks; Sat, 5 Sep 1998 13:17:35 -0700 (PDT) Received: from post.mail.demon.net (post-20.mail.demon.net [194.217.242.27]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA22323 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 13:17:33 -0700 (PDT) Received: from [158.152.104.114] (helo=brd.ie) by post.mail.demon.net with esmtp (Exim 2.02 #1) id 0zFOqt-0007Cf-00 for ietf-pkix@imc.org; Sat, 5 Sep 1998 20:22:31 +0000 Message-ID: <35F19D00.DE9A4F4A@brd.ie> Date: Sat, 05 Sep 1998 21:20:16 +0100 From: "Frank O'Dwyer" <fod@brd.ie> X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: path development complexity References: <001201bdd8d7$6a2f60a0$010ed180@klerer.basit.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Robert Klerer wrote: > As a believer in the thinner client, a (local and possibly trusted) network > based resource can perform this task more efficiently than locating it on > the client. That sounds like it would help a lot (and it would be useful) but I would still be concerned that it wouldn't be enough. For example, people expected a lot of HTTP proxy caches (a similar solution to a similar kind of problem), but I think those turned out not to deliver as much as was expected. You also have the problem of arbitrary/roaming users connecting to ISPs -- there is not much reason to suppose that a responder located at an ISP would do a very good job of caching paths, since the users could be connecting to just about anything. (Caching would still help I guess.) Lastly, you have the problem that certificates themselves run fairly big, and that will doubtless get worse as people stuff more extensions in there (mpegs of cats spring to mind:). So if cross-certificates really take off, one of these responders could potentially wind up like a backbone IP router, holding paths to everywhere, and needing ridiculous quantities of main memory just to avoid thrashing. (The router problem is also a similar problem with similar causes.) Another analogy is an internet search engine - take a look at the spec of machine that altavista runs on. So, if it is possible (and I don't know if it is), it would be much better to design the PKI structure so that path discovery was easy in the first place. > And we can argue whether it is more vulnerable to denial of > service attacks or not. But since the validation of the discovered path > will always remain a client function, we would only be vulnerable to denial > attacks. Well if the responder was out of service the client could always fall back on searching for itself. It could keep a local cache of discovered paths also, and search there first (again like the HTTP/proxy scenario). Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21055 for ietf-pkix-bks; Sat, 5 Sep 1998 07:09:49 -0700 (PDT) Received: from mailsvr.basit.com (mailsvr.basit.com [128.209.2.13]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21051 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 07:09:43 -0700 (PDT) Received: from klerer.basit.com (shiva119 [128.209.144.119]) by mailsvr.basit.com (Guess_again/1.8) with SMTP id KAA28073 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 10:13:15 -0400 (EDT) Message-ID: <001201bdd8d7$6a2f60a0$010ed180@klerer.basit.com> From: "Robert Klerer" <klerer@xhair.com> Cc: <ietf-pkix@imc.org> Subject: Re: path development complexity Date: Sat, 5 Sep 1998 10:13:36 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Frank, You have identified the problem. By design the cross-certification arrangements are driven by the business (and social) rules rather than the design of pkix. We have put in some generic restrictions that can be applied, like name constraints and path length limitations, but I would expect application specific extensions to proliferate. To make the problem of path discovery harder, a cross certification arrangement may be valid for one application but not another. For example, Citibank may decide that their employees can exchange signed and encrypted email with employees of IBM. The cross certification arrangement between their CA's may be constructed to lack the critical extension to be valid for exchanging financial trading information, while the arrangement with BoA does and allows the trust relationship to be used for both email and trading. As a believer in the thinner client, a (local and possibly trusted) network based resource can perform this task more efficiently than locating it on the client. And we can argue whether it is more vulnerable to denial of service attacks or not. But since the validation of the discovered path will always remain a client function, we would only be vulnerable to denial attacks. -----Original Message----- From: Frank O'Dwyer <fod@brd.ie> To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> Cc: Dave Horvath <dave@chromatix.com>; ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Saturday, September 05, 1998 9:12 AM Subject: Re: path development complexity (was Re: What the straw poll mean s) >Alan Lloyd wrote: >> I have a few views in that certs must be supported by mutually >> authenticated distributed X.500 directory systems otherwise 509 based >> systems just wont scale and provide the commercial utilitity as >> demanded by global EC directed organisations. Not having this foundation >> - one just drops into all sorts of operational cost, scaling and >> efficiency holes. > >What I am talking about is not the underlying retrieval efficiency, >but rather the cost of total wrong-turns in the overall search, e.g: > > 10:15 Developing a path to verify certificate for "Joe's Server, >NY" > 10:15 Retrieving cross-certificates for "Keys R Us" > 10:16 Retrieving cross-certificates for "Keys R Us Too" > 10:17 Retrieving cross-certificates for "Barcelona CA" > 10:18 Retrieving cross-certificates for "Spanish Bank" > CARRIER LOST > >Users just love that browser "stop" button, and so any verification >process that can't complete in a second or so is broken (my >opinion). > >Throwing a meatier directory and/or caches (as someone else >suggested) at it doesn't help if finding just one path involves >trawling the world for hundreds of names. That is why I think it >would be better if the certificates themselves contained positive >guidance as to where to go next, or if cross-cert scenarios that >lead to vague searches could be identified and discouraged. For >example, maybe name constraints could be used as clues to guide path >building. As things stand, content like basic constraints just tells >you where *not* to search. That seems to leave building in >heuristics, and hoping that working down from your trusted root(s) >and/or up from the end-entity cert(s), you somehow meet in the >middle and terminate in some reasonable time -- something that is by >no means guaranteed. > >Maybe I have missed something obvious here - but I think this could, >given time, turn out to be a showstopper scalability issue if it is >not addressed early. > >Cheers, >Frank O'Dwyer. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA17401 for ietf-pkix-bks; Sat, 5 Sep 1998 04:41:03 -0700 (PDT) Received: from post.mail.demon.net (post-12.mail.demon.net [194.217.242.41]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA17397 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 04:41:02 -0700 (PDT) Received: from [158.152.104.114] (helo=brd.ie) by post.mail.demon.net with esmtp (Exim 2.02 #1) id 0zFGmh-0007jD-00; Sat, 5 Sep 1998 11:45:40 +0000 Message-ID: <35F12406.8006C3D@brd.ie> Date: Sat, 05 Sep 1998 12:44:06 +0100 From: "Frank O'Dwyer" <fod@brd.ie> X-Mailer: Mozilla 4.06 [en] (Win95; I) MIME-Version: 1.0 To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> CC: Dave Horvath <dave@chromatix.com>, ietf-pkix@imc.org Subject: Re: path development complexity (was Re: What the straw poll mean s) References: <D1A949D4508DD1119C8100400533BEDC05D489@DSG1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA16384 for ietf-pkix-bks; Sat, 5 Sep 1998 04:27:42 -0700 (PDT) Received: from mb05.swip.net (mb05.swip.net [193.12.122.209]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA16371 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 04:27:35 -0700 (PDT) Received: from patrik (dialup185-1-22.swipnet.se [130.244.185.22]) by mb05.swip.net (8.8.8/8.8.8) with SMTP id NAA10743; Sat, 5 Sep 1998 13:32:17 +0200 (MET DST) Message-Id: <199809051132.NAA10743@mb05.swip.net> X-Sender: Patrik Nilsson@mail.henrik.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.44 (Beta) Date: Sat, 05 Sep 1998 13:32:45 +0200 To: WHenry <WHenry@pec.com> From: Patrik Nilsson <patrik@patrik.com> Subject: RE: Heads Up - Historic digital signing ceremony Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> In-Reply-To: <3C7EABA3F6F1D1118FD90008C7F450FD5360A8@exchang-fairfax.pec .com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk The signed communiqué, the certificates, etc, are available at: http://www.baltimore.ie/clintonvisit98/communique.html Seems like there's a mime type problem on the web server though. The certs are typed as ca-certs, leading to strange results when installing them in Communicator. Patrik At 07:48 PM 98-09-04 , WHenry wrote: > I wonder what President Clinton did with the smartcard afterwards... >Can anyone add info on the nature of this PKI? Was there cross >certification, or a single CA? > > Bill Henry >> -----Original Message----- >> From: Kurn, David >> Sent: Friday, September 04, 1998 12:43 PM >> To: ietf-pkix@imc.org >> Subject: RE: Heads Up - Historic digital signing ceremony >> >> I wonder if the President obtained an export license for this technology. >> I >> think crypto devices (such as smart cards) could be subject to ITAR. >> >> David Kurn >> Compaq Computers >> >> > -----Original Message----- >> > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] >> > Sent: Friday, September 04, 1998 9:12 AM >> > To: ietf-pkix@imc.org >> > Subject: Heads Up - Historic digital signing ceremony >> > >> > While the bits are flying on the LDAP debate, I >> > thought the list should know that a historic >> > milestone took place today (Friday 9/4) in the >> > E-commerce/X.509 world. >> > >> > President Clinton and the Irish Prime Minister >> > signed a joint communiqué on E-commerce in Dublin. >> > What was significant was not the communiqué but the >> > fact that both heads of state signed the document >> > digitally using X.509 technology. The private keys >> > were held on smartcards issued to each head of >> > state. This is the first instance of an >> > international agreement being digitally signed. >> > >> > It's nice to see that this work >> > is actually showing up in the real >> > world in a significant way. >> > >> > OK - keep voting! >> > >> > Bill Brice, Chief PKI Architect >> > International DataTrust >> > >> > P.S. Congratulations to Baltimore Technologies for >> > pulling this off. It will move the PKIX world forward. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA11433 for ietf-pkix-bks; Fri, 4 Sep 1998 17:15:01 -0700 (PDT) Received: from nick.arc.nasa.gov (nick.arc.nasa.gov [143.232.48.121]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA11426 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 17:15:00 -0700 (PDT) Received: from [128.102.131.45] (hotdog.arc.nasa.gov [128.102.131.45]) by nick.arc.nasa.gov (8.8.7/8.8.7) with ESMTP id RAA16856 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 17:19:49 -0700 (PDT) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-Id: <v04011726b216213153a7@[128.102.131.45]> Date: Fri, 4 Sep 1998 17:21:49 -0800 To: ietf-pkix@imc.org From: Paul Ma <pma@mail.arc.nasa.gov> Subject: FOR Option2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, I would put my 2 cents in for choosing option 2 in the latest straw poll on certificate attributes used to store CA certificate. Paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA10422 for ietf-pkix-bks; Fri, 4 Sep 1998 14:44:40 -0700 (PDT) Received: from inet16.us.oracle.com (inet16.us.oracle.com [192.86.155.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA10418 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:44:39 -0700 (PDT) Received: from mailtst1 (mailtst1.us.oracle.com [144.25.88.179]) by inet16.us.oracle.com (8.8.5/8.8.5) with SMTP id OAA16968 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:49:32 -0700 (PDT) Received: from inferno by mailtst1 with SMTP (SMI-8.6/37.9) id OAA09210; Fri, 4 Sep 1998 14:47:47 -0700 From: "Surendra Reddy" <skreddy@us.oracle.com> To: <ietf-pkix@imc.org> Subject: For option 2 Date: Fri, 4 Sep 1998 14:49:11 +0100 Message-ID: <001101bdd80a$cb797850$96171990@inferno.us.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA10255 for ietf-pkix-bks; Fri, 4 Sep 1998 14:17:50 -0700 (PDT) Received: from docws007.shl.com (docws007.shl.com [159.249.56.7]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA10251 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:17:49 -0700 (PDT) Received: from dalmsdoc01.shl.com (dalmsdoc01.shl.com [159.249.142.247]) by docws007.shl.com (8.9.1/8.9.1) with SMTP id QAA03170 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 16:28:37 -0500 Received: by dalmsdoc01.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDD820.3C0DEAA0@dalmsdoc01.shl.com>; Fri, 4 Sep 1998 16:22:39 -0500 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980904212233Z-48747@dalmsdoc01.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'WHenry'" <WHenry@pec.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 16:22:33 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id OAA10252 Sender: owner-ietf-pkix@imc.org Precedence: bulk The press release about the event and the system used is at http://www.baltimore.ie/news/press/pr980904.html Jan Pachl >---------- >From: WHenry[SMTP:WHenry@pec.com] >Sent: Friday, September 04, 1998 1:48 PM >To: 'Kurn, David' >Cc: 'ietf-pkix@imc.org' >Subject: RE: Heads Up - Historic digital signing ceremony > > I wonder what President Clinton did with the smartcard afterwards... >Can anyone add info on the nature of this PKI? Was there cross >certification, or a single CA? > > Bill Henry >> -----Original Message----- >> From: Kurn, David >> Sent: Friday, September 04, 1998 12:43 PM >> To: ietf-pkix@imc.org >> Subject: RE: Heads Up - Historic digital signing ceremony >> >> I wonder if the President obtained an export license for this technology. >> I >> think crypto devices (such as smart cards) could be subject to ITAR. >> >> David Kurn >> Compaq Computers >> >> > -----Original Message----- >> > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] >> > Sent: Friday, September 04, 1998 9:12 AM >> > To: ietf-pkix@imc.org >> > Subject: Heads Up - Historic digital signing ceremony >> > >> > While the bits are flying on the LDAP debate, I >> > thought the list should know that a historic >> > milestone took place today (Friday 9/4) in the >> > E-commerce/X.509 world. >> > >> > President Clinton and the Irish Prime Minister >> > signed a joint communiqué on E-commerce in Dublin. >> > What was significant was not the communiqué but the >> > fact that both heads of state signed the document >> > digitally using X.509 technology. The private keys >> > were held on smartcards issued to each head of >> > state. This is the first instance of an >> > international agreement being digitally signed. >> > >> > It's nice to see that this work >> > is actually showing up in the real >> > world in a significant way. >> > >> > OK - keep voting! >> > >> > Bill Brice, Chief PKI Architect >> > International DataTrust >> > >> > P.S. Congratulations to Baltimore Technologies for >> > pulling this off. It will move the PKIX world forward. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA10107 for ietf-pkix-bks; Fri, 4 Sep 1998 13:58:54 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA10103 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 13:58:54 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id OAA23121 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:03:48 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04MGZZ7>; Fri, 4 Sep 1998 14:03:01 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DAC8650@exccup-25006.mis.tandem.com> From: "Salmond, Kent" <kent.salmond@compaq.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 14:02:57 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA10021 for ietf-pkix-bks; Fri, 4 Sep 1998 13:52:28 -0700 (PDT) Received: from portal.visa.com (portal.visa.com [198.80.42.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA10017 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 13:52:26 -0700 (PDT) Received: by portal.visa.com id NAA11445 (InterLock SMTP Gateway 3.0 for ietf-pkix@imc.org); Fri, 4 Sep 1998 13:57:19 -0700 Received: by portal.visa.com (Protected-side Proxy Mail Agent-1); Fri, 4 Sep 1998 13:57:19 -0700 Message-Id: <95288CC7E7F7D111883B0001FAF85C03147267@sw720x014.visa.com> From: "Smith, David" <david@visa.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 13:56:51 -0700 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA08871 for ietf-pkix-bks; Fri, 4 Sep 1998 12:18:09 -0700 (PDT) Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA08867 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 12:18:07 -0700 (PDT) Received: from m5pqp [195.99.53.190] by tungsten.btinternet.com with smtp (Exim 1.70 #1) id 0zF1Ox-0001O7-00; Fri, 4 Sep 1998 20:20:07 +0100 Message-Id: <3.0.32.19980904202338.00bb08a0@mail.btinternet.com> X-Sender: j.o.hughes@mail.btinternet.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 04 Sep 1998 20:24:15 +0100 To: "ietf-pkix@TANDEM.COM" <ietf-pkix@imc.org> From: John Hughes <j.o.hughes@btinternet.com> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------------------------------------------------------- | John Hughes j.o.hughes@btinternet.com | | ENTEGRITY Solutions Home Office Tel: +44(0)1525 380160 | | Home Fax No: +44(0)1525 380161 | | Main Office Tel: +44(0)181 876 8666 | | www.entegrity.com Mobile: +44(0)468 055070 | ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA08796 for ietf-pkix-bks; Fri, 4 Sep 1998 12:10:32 -0700 (PDT) Received: from zeus.planetworld.com (smtp.planetworld.com [38.234.12.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA08791 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 12:10:30 -0700 (PDT) Received: by smtp.planetworld.com with Internet Mail Service (5.5.1960.3) id <RDRTQCTS>; Fri, 4 Sep 1998 14:16:49 -0500 Message-ID: <410E16F6AD02D011A9A6080009F89C760B412A@smtp.planetworld.com> From: Bill Brice <Bill.Brice@idtrust.com> To: "'Kurn, David'" <david.kurn@compaq.com> Cc: ietf-pkix@imc.org Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 14:16:44 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk That's very interesting. Being familiar with the product used, I'd bet the keys were RSA-1024 bit implemented with all non-US strong crypto technology (other than RSA). Hmmm. Interesting precedent! > -----Original Message----- > From: Kurn, David [mailto:david.kurn@compaq.com] > Sent: Friday, September 04, 1998 11:43 AM > To: ietf-pkix@imc.org > Subject: RE: Heads Up - Historic digital signing ceremony > > > I wonder if the President obtained an export license for this > technology. I > think crypto devices (such as smart cards) could be subject to ITAR. > > David Kurn > Compaq Computers Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA08431 for ietf-pkix-bks; Fri, 4 Sep 1998 11:27:08 -0700 (PDT) Received: from labcalserver.labcal.qc.ca (labcal.qc.ca [199.45.69.189]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA08423 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 11:26:57 -0700 (PDT) Received: from jfsauriol (ott-on3-07.netcom.ca [207.181.90.135]) by labcalserver.labcal.qc.ca with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id S1MV02KP; Fri, 4 Sep 1998 14:37:38 -0400 Reply-To: <jfsauriol@labcal.qc.ca> From: "JF Sauriol" <jfsauriol@labcal.qc.ca> To: <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 14:31:02 -0400 Message-ID: <001101bdd832$2bb357a0$0500a8c0@jfsauriol> MIME-Version: 1.0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2232.26 X-MS-TNEF-Correlator: 00000000EE66A839D9EFBB118ED2727702A12BC664302300 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk eJ8+IgISAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAAM4HCQAEAA4AHgAAAAUAEwEB A5AGAAAEAAAmAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADADYAAAAAAB4AcAAB AAAADQAAAEZvciBPcHRpb24gMgAAAAACAXEAAQAAABYAAAABvdgyJWrd9tAMRAAR0qKdAAAAAADe AAACAR0MAQAAABwAAABTTVRQOkpGU0FVUklPTEBMQUJDQUwuUUMuQ0EACwABDgAAAABAAAYOAMQv BjLYvQECAQoOAQAAABgAAAAAAAAA7maoOdnvuxGO0nJ3AqErxsKAAAALAB8OAQAAAAMABhAAAAAA AwAHEAAAAAAeAAgQAQAAAAUAAADYIwR4AAAAAAMAEBAAAgAAAwAREDERAHgLAACACCAGAAAAAADA AAAAAAAARgAAAAADhQAAAAAAAAMAAoAIIAYAAAAAAMAAAAAAAABGAAAAABCFAAAAAAAAAwAFgAgg BgAAAAAAwAAAAAAAAEYAAAAAUoUAAPATAAAeACWACCAGAAAAAADAAAAAAAAARgAAAABUhQAAAQAA AAQAAAA4LjUAAwAmgAggBgAAAAAAwAAAAAAAAEYAAAAAAYUAAAAAAAALAC+ACCAGAAAAAADAAAAA AAAARgAAAAAOhQAAAAAAAAMAMIAIIAYAAAAAAMAAAAAAAABGAAAAABGFAAAAAAAAAwAygAggBgAA AAAAwAAAAAAAAEYAAAAAGIUAAAAAAAAeAEGACCAGAAAAAADAAAAAAAAARgAAAAA2hQAAAQAAAAEA AAAAAAAAHgBCgAggBgAAAAAAwAAAAAAAAEYAAAAAN4UAAAEAAAABAAAAAAAAAB4AQ4AIIAYAAAAA AMAAAAAAAABGAAAAADiFAAABAAAAAQAAAAAAAAALAMaACyAGAAAAAADAAAAAAAAARgAAAAAAiAAA AAAAAAsAyIALIAYAAAAAAMAAAAAAAABGAAAAAAWIAAAAAAAACwDugAggBgAAAAAAwAAAAAAAAEYA AAAABoUAAAAAAAALAPKACCAGAAAAAADAAAAAAAAARgAAAACChQAAAQAAAAIB+A8BAAAAEAAAAO5m qDnZ77sRjtJydwKhK8YCAfoPAQAAABAAAADuZqg52e+7EY7ScncCoSvGAgH7DwEAAABkAAAAAAAA ADihuxAF5RAaobsIACsqVsIAAFBTVFBSWC5ETEwAAAAAAAAAAE5JVEH5v7gBAKoAN9luAAAARDpc V09SS1xPdXRsb29rIEZpbGVzXGpmc2F1cmlvbC1sYWJjYWwucHN0AAMA/g8FAAAAAwANNP03AAAC AX8AAQAAADEAAAAwMDAwMDAwMEVFNjZBODM5RDlFRkJCMTE4RUQyNzI3NzAyQTEyQkM2NjQzMDIz MDAAAAAAXJI= Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA08215 for ietf-pkix-bks; Fri, 4 Sep 1998 10:58:33 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA08211 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:58:32 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZX7Z>; Fri, 4 Sep 1998 14:02:54 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E0D95CF@WUHER> From: Larry Shomo <lshomo@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 14:02:52 -0400 X-Priority: 1 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Lawrence P. Shomo Vice President ******************************** CygnaCom Solutions, Inc. Suite 100 West 7927 Jones Branch Drive McLean, Virginia, 22102-3305 (703) 848-0883, x202 (Phone) (703) 848-0960 (Fax) lshomo@cygnacom.com (Email) ******************************** Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA08085 for ietf-pkix-bks; Fri, 4 Sep 1998 10:41:07 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA08080 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:41:06 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQffkh26911; Fri, 4 Sep 1998 13:45:50 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRBN14>; Fri, 4 Sep 1998 13:48:02 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD5360A8@exchang-fairfax.pec.com> From: WHenry <WHenry@pec.com> To: "'Kurn, David'" <david.kurn@compaq.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 13:48:00 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id KAA08082 Sender: owner-ietf-pkix@imc.org Precedence: bulk I wonder what President Clinton did with the smartcard afterwards... Can anyone add info on the nature of this PKI? Was there cross certification, or a single CA? Bill Henry > -----Original Message----- > From: Kurn, David > Sent: Friday, September 04, 1998 12:43 PM > To: ietf-pkix@imc.org > Subject: RE: Heads Up - Historic digital signing ceremony > > I wonder if the President obtained an export license for this technology. > I > think crypto devices (such as smart cards) could be subject to ITAR. > > David Kurn > Compaq Computers > > > -----Original Message----- > > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] > > Sent: Friday, September 04, 1998 9:12 AM > > To: ietf-pkix@imc.org > > Subject: Heads Up - Historic digital signing ceremony > > > > While the bits are flying on the LDAP debate, I > > thought the list should know that a historic > > milestone took place today (Friday 9/4) in the > > E-commerce/X.509 world. > > > > President Clinton and the Irish Prime Minister > > signed a joint communiqué on E-commerce in Dublin. > > What was significant was not the communiqué but the > > fact that both heads of state signed the document > > digitally using X.509 technology. The private keys > > were held on smartcards issued to each head of > > state. This is the first instance of an > > international agreement being digitally signed. > > > > It's nice to see that this work > > is actually showing up in the real > > world in a significant way. > > > > OK - keep voting! > > > > Bill Brice, Chief PKI Architect > > International DataTrust > > > > P.S. Congratulations to Baltimore Technologies for > > pulling this off. It will move the PKIX world forward. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA07931 for ietf-pkix-bks; Fri, 4 Sep 1998 10:27:06 -0700 (PDT) Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA07927 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:27:05 -0700 (PDT) Received: from mailgate.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out1.apple.com (8.8.5/8.8.5) with ESMTP id KAA19928 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:19:27 -0700 Received: from scv1.apple.com (scv1.apple.com [17.128.100.139]) by mailgate.apple.com (mailgate.apple.com2.0.15) with ESMTP id <B0002095521@mailgate.apple.com>; Fri, 04 Sep 1998 10:17:29 -0700 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv1.apple.com (8.8.5/8.8.5) with ESMTP id KAA43944; Fri, 4 Sep 1998 10:17:28 -0700 Message-Id: <199809041717.KAA43944@scv1.apple.com> X-Mailer: Microsoft Outlook Express for Macintosh - 4.01 (295) Date: Fri, 04 Sep 1998 10:17:26 -0700 Subject: Re: Digital signature and non-repudiation key usage bits From: "Aram Perez" <aram@apple.com> To: Stefan Santesson <stefan@accurata.se>, bob jueneman <bjueneman@novell.com> Cc: ietf-pkix@imc.org MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Bob and Stefan: >At 06:42 PM 9/2/98 -0600, Bob Jueneman wrote: ><snip> >>>I suggest that we stick to the standardized definitions of the key usage >>>bits and leave >>>policy issues out of a common certificate profile. >> >>If there were any sense of the community as to what these definitions really >>mean, or ought to mean, we would probably not be having this discussion. >>Otherwise I would agree with you. >>> >>>non-repudiation is according to standard selected by the NR bit, not NR in >>>combination with DS bit. Inclusion of the DS bit means that DS mechanisms >>>other than non-repudiation are allowed for the key. Is non-repudiation a mechanism or a service? >> >>I believe that is exactly the issue. Are you suggesting that NR plus DS >should not >>be allowed? Why? > >No I do not. I do suggest that such decision is up to local policy. But >there will be some policies where this combination will not be allowed, but >I think you agree to that. My problem with this is that to provide "digital" non-repudiation, you have to "sign" something with a digital signature. I understand that the key usage field is very overloaded, so I'll probably have to live with it, but I do not agree or like it. > >The important thing is that I suggest that the NR bit and DS bit has >separate meaning and that they should be set independently to specify DS, >NR or both. > >The vague definition of the NR bit is a problem, I agree to that. YES!! > >If I were to define some distinguishing property of the NR bit that would be: > > Non repudiation denotes services constructed in such way that: > 1) The signature provides proof of the integrity and > origin of data - both in an unforgeable relationship - which can be > verified by any third party at any time.[X.509 / ISO 9594-8] > 2) The signature is applied to a message where the signatory is capable > of, and required to, accept responsibility for the message content > before signing. But NR is set in the certificate (i.e. the public key) and does not tell you whether the signatory (who is using the private key) actually was capable of accepting responsibility. > 3) The signatory's liability for signing the message can be concluded > from the signed message itself, possibly within a well known and agreed > context that can be verified by any third party at any time. > >This definitions rules out any signed logon ticket or other data >authentication mechanisms where the signature says "this message wasn't >changed" instead of "I take full responsibility for the message content". You do not need a digital signature to tell you "this message wasn't changed". CRCs, LRCs, checksums, etc have been used for this longer that I've been alive. You use digital signature when you want to know "this message wasn't changed" AND "this message came from the reported sender". > >But since this is not defined by the bit (which I regret) the way to go >will be for the CA to include this in it's published certificate policy. I doubt whether a CA is going to take responsibility and liability for something it has no control over. The CA does not know what applications and crypto APIs the owner of the private key is using. > >I can't see any other way for now when utilizing the existing standard. I >would not object though to a defect report to get this into the standard. And I am willing to help (or lead) in this effort. > >In the new proposed work item, however, regaring a profile for >non-repudiation certificates supporting legal acceptance of digital >signatures I will try to get this definition in. > >Would you support it? I would be glad to help and support it. Regard, Aram Perez Apple Computer, Inc. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07483 for ietf-pkix-bks; Fri, 4 Sep 1998 09:39:19 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07479 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:39:17 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id JAA18402 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:44:09 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04MG4T0>; Fri, 4 Sep 1998 09:43:22 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF550@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: ietf-pkix@imc.org Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 09:43:21 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA07480 Sender: owner-ietf-pkix@imc.org Precedence: bulk I wonder if the President obtained an export license for this technology. I think crypto devices (such as smart cards) could be subject to ITAR. David Kurn Compaq Computers > -----Original Message----- > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] > Sent: Friday, September 04, 1998 9:12 AM > To: ietf-pkix@imc.org > Subject: Heads Up - Historic digital signing ceremony > > While the bits are flying on the LDAP debate, I > thought the list should know that a historic > milestone took place today (Friday 9/4) in the > E-commerce/X.509 world. > > President Clinton and the Irish Prime Minister > signed a joint communiqué on E-commerce in Dublin. > What was significant was not the communiqué but the > fact that both heads of state signed the document > digitally using X.509 technology. The private keys > were held on smartcards issued to each head of > state. This is the first instance of an > international agreement being digitally signed. > > It's nice to see that this work > is actually showing up in the real > world in a significant way. > > OK - keep voting! > > Bill Brice, Chief PKI Architect > International DataTrust > > P.S. Congratulations to Baltimore Technologies for > pulling this off. It will move the PKIX world forward. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07475 for ietf-pkix-bks; Fri, 4 Sep 1998 09:38:56 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07471 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:38:55 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id SAA19894; Fri, 4 Sep 1998 18:43:31 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id SAA00279; Fri, 4 Sep 1998 18:43:30 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id SAA12254; Fri, 4 Sep 1998 18:43:29 +0200 Date: Fri, 4 Sep 1998 18:43:29 +0200 Message-Id: <199809041643.SAA12254@emeriau.edelweb.fr> To: william.burr@nist.gov, chokhani@cygnacom.com, sharon.boeyen@entrust.com Subject: RE: What the straw poll means Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk I have some problem to decrpyt the following. Is the following picture a correct description? - A CA1 creates a certificate for another CA2. - To publish this information, CA1 puts something in its publishing service, e.g.; its directory entry. - CA1 can inform by whatever means CA2 that this had happened. - If CA2 is convinced that CA1 is really CA1 or maybe even if not, CA2 then can put something it its publishing service, e.g.; its directory entry. It seems to me that first the requirement of a path resolver vs a publication service should be defined in a neutral way. What does a path resolver need from the publication service of one CA, and in which way can a publication service help a resolver. > Do you mean though that if CA1 issues a certificate to CA2 that rather > than requiring that same certificate to be present in the reverse > element of the crossCertificatePair attribute of CA1's directory as well > as requiring that same certificate to be present in the forward element > of the crossCertificatePair attribute of CA2's directory entry, you want > to require that it be present in the directory entry of CA2, the subject > CA as a forward value of the crossCertificatePair and optionally allow > CA1 to populate its reverse element with the same certificate? > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07312 for ietf-pkix-bks; Fri, 4 Sep 1998 09:17:45 -0700 (PDT) Received: from ewa-canada.com (ewa-canada.com [209.146.131.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07308 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:17:41 -0700 (PDT) Received: by ewa-canada.com from localhost (router,SLMail V2.6); Fri, 04 Sep 1998 12:21:59 -0400 Received: by ewa-canada.com from def23.ewa-canada.com (209.146.131.23::mail daemon,SLMail V2.6); Fri, 04 Sep 1998 12:21:58 -0400 Message-Id: <3.0.5.32.19980904121806.00820950@ewa-canada.com> X-Sender: "Erin Connor" <econnor@ewa-canada.com> X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 04 Sep 1998 12:18:06 -0400 To: ietf-pkix@imc.org From: "Erin Connor" <econnor@ewa-canada.com> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk -------------------------------------------------------------------------- Erin Connor EWA-Canada Ltd. Voice: +1 (613) 230-6067 Ext 234 Suite 1600 - 275 Slater Street Fax: +1 (613) 230-4933 Ottawa, Ontario, Canada K1P 5H9 mailto:econnor@ewa-canada.com http://www.ewa-canada.com ** Visit the CanCERT website at http://cancert.ca *** -------------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07186 for ietf-pkix-bks; Fri, 4 Sep 1998 09:05:35 -0700 (PDT) Received: from zeus.planetworld.com (smtp.planetworld.com [38.234.12.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07182 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:05:33 -0700 (PDT) Received: by smtp.planetworld.com with Internet Mail Service (5.5.1960.3) id <RDRTQCSX>; Fri, 4 Sep 1998 11:11:53 -0500 Message-ID: <410E16F6AD02D011A9A6080009F89C760B4127@smtp.planetworld.com> From: Bill Brice <Bill.Brice@idtrust.com> To: ietf-pkix@imc.org Subject: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 11:11:44 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA07183 Sender: owner-ietf-pkix@imc.org Precedence: bulk While the bits are flying on the LDAP debate, I thought the list should know that a historic milestone took place today (Friday 9/4) in the E-commerce/X.509 world. President Clinton and the Irish Prime Minister signed a joint communiqué on E-commerce in Dublin. What was significant was not the communiqué but the fact that both heads of state signed the document digitally using X.509 technology. The private keys were held on smartcards issued to each head of state. This is the first instance of an international agreement being digitally signed. It's nice to see that this work is actually showing up in the real world in a significant way. OK - keep voting! Bill Brice, Chief PKI Architect International DataTrust P.S. Congratulations to Baltimore Technologies for pulling this off. It will move the PKIX world forward. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA07000 for ietf-pkix-bks; Fri, 4 Sep 1998 08:48:15 -0700 (PDT) Received: from mailsvr.basit.com (mailsvr.basit.com [128.209.2.13]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA06996 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:48:13 -0700 (PDT) Received: from klerer.basit.com (shiva118 [128.209.144.118]) by mailsvr.basit.com (Guess_again/1.8) with SMTP id LAA18007 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 11:51:49 -0400 (EDT) Message-ID: <008c01bdd81b$faa3d740$010ed180@klerer.basit.com> From: "Robert Klerer" <klerer@xhair.com> Cc: <ietf-pkix@imc.org> Subject: Re: path development complexity (was Re: What the straw poll means) Date: Fri, 4 Sep 1998 11:52:02 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk As pkix evolves and is implemented, the task of finding an appropriate trust path must be addressed. As Dave has stated, it is not going to be easy if the trust islands of today start to cross certify for some applications. It is my belief that putting such processing on the client will cause problems from both then network, processor and application development perspective. A (shared) trusted responder that will be a repository and cache of certificates that has the capability to do path discovery would make such a process more efficient and manageable. But the client must always validate any path provided by the responder. The path discovery process as so described in the drafts will require knowledge of application specific extensions. This is the big problem and should be a topic of discussion. -----Original Message----- From: Frank O'Dwyer <fod@brd.ie> To: Dave Horvath <dave@chromatix.com> Cc: ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Thursday, September 03, 1998 11:57 PM Subject: path development complexity (was Re: What the straw poll means) >Dave Horvath wrote: >> We are back the problem we raised earlier. Clients that attempt to >> efficiently develop a path from the end entity to the trusted root must >> explore 'n' paths (worst case scenario) prior to finding the correct >> one with option 2. > >This is not on the topic of the straw poll, but I was wondering if >anyone has really looked into how difficult path development can get in >a full-blown and well-connected global PKI? It seems to me that the real >worst case scenario has you following cross-certificates until you have >downloaded all the cross-certificates in the world. It would not have to >get that bad before it was a serious problem. > >A few things would help prune the search (like the depth you are willing >to search to, constraints within the certificates themselves), but still >in general it has the potential to get truly nasty. Unless I have missed >something, there are no positive hints in the certificates that would >guide path development (perhaps there should be? There is a resemblance >to the "travelling salesman" problem here, and it would certainly be >ironic if building a path turned out to be as hard as factoring.:) > >Anyone looked at this? If it is a problem, then it might be reasonable >to give recommendations on using constraints (or something else) in >order to encourage the creation of cross-certificates that are >"path-development friendly", and in order to discourage scenarios that >lead to directory search explosions. > >Apologies if I am re-hashing something that has already been discussed >here. > >Cheers, >Frank O'Dwyer. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06761 for ietf-pkix-bks; Fri, 4 Sep 1998 08:25:50 -0700 (PDT) Received: from nad.ic.gc.ca (nad.ic.gc.ca [192.197.184.235]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA06757 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:25:47 -0700 (PDT) Message-Id: <199809041525.IAA06757@mail.proper.com> Received: by nad.ic.gc.ca with Internet Mail Service (5.5.1960.3) id <SGCYYQ51>; Fri, 4 Sep 1998 11:26:42 -0400 From: "Power, Michael: LEG" <Power.Michael@ic.gc.ca> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 11:24:33 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06565 for ietf-pkix-bks; Fri, 4 Sep 1998 08:10:35 -0700 (PDT) Received: from gatekeeper.domus.com (gatekeeper.domus.com [198.166.58.193]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA06561 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:10:32 -0700 (PDT) Received: from dns_int.domus.com by gatekeeper1.domus.com (8.6.13/200.19.1.1) id LAA13793; Fri, 4 Sep 1998 11:03:44 -0400 Received: (from smap@localhost) by dns_int.domus.com (8.6.8/8.6.6) id KAA05253 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:31:52 -0400 Received: from wpgate.domus.com(198.166.59.10) by dns_int.domus.com via smap (V1.3) id sma005251; Fri Sep 4 10:31:44 1998 Received: from DOMUS-Message_Server by wpgate.domus.com with Novell_GroupWise; Fri, 04 Sep 1998 11:03:54 -0400 Message-Id: <s5efc91a.074@wpgate.domus.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 04 Sep 1998 11:03:15 -0400 From: Pamela Grannum <PGrannum@domus.com> To: ietf-pkix@imc.org Subject: For Option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06518 for ietf-pkix-bks; Fri, 4 Sep 1998 08:07:16 -0700 (PDT) Received: from itsfw.CSE-CST.GC.CA (itsfw.cse.dnd.ca [131.136.196.7]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA06514 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:07:14 -0700 (PDT) From: Edmond.vanHees@CSE-CST.GC.CA Received: id LAA03483; Fri, 4 Sep 1998 11:08:05 -0400 Received: by gateway id <NWL91YVT>; Fri, 4 Sep 1998 11:05:15 -0400 Message-ID: <C3222395B150D11185B300A0C9045CB90B7851@mailserverb.its.cse.dnd.ca> To: ietf-pkix@imc.org Subject: For Option 2 Date: Fri, 4 Sep 1998 11:13:27 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk My vote is for Option 2 of the LDAP schema companion paper. Edmond P. van Hees GOC PKI Security Engineer telephone: 613-991-7413 Fax: 613-991-7455 E-Mail: Edmond.vanHees@cse-cst.gc.ca Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06435 for ietf-pkix-bks; Fri, 4 Sep 1998 07:55:22 -0700 (PDT) Received: from us.checkpoint.com (oak.us.checkpoint.com [206.86.35.94]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06431 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:55:21 -0700 (PDT) Received: from 101.101.101.103 ([207.245.220.71]) by us.checkpoint.com (8.9.1/8.9.1/CPoak/1.3.3) with SMTP id IAA06119 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:00:05 -0700 (PDT) Message-Id: <Version.32.19980904103735.00dcb920@mailhost.us.checkpoint.com> X-Sender: soneil@mailhost.us.checkpoint.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Fri, 04 Sep 1998 10:37:54 -0700 To: ietf-pkix@imc.org From: "Steve O'Neil" <soneil@us.checkpoint.com> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06318 for ietf-pkix-bks; Fri, 4 Sep 1998 07:32:22 -0700 (PDT) Received: from mail.storm.ca (root@storm.ca [207.245.225.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06314 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:32:20 -0700 (PDT) Received: from treebeard (dial02p48.ottawa.storm.ca [207.245.246.112]) by mail.storm.ca (8.8.8/8.8.8) with SMTP id KAA04568 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:36:18 -0400 (EDT) Message-ID: <00cf01bdd811$0b0a25e0$70f6f5cf@treebeard> Reply-To: "Mark Scherling" <marks@m3p.ca> From: "Mark Scherling" <marks@m3p.ca> To: <ietf-pkix@imc.org> Subject: option 2 Date: Fri, 4 Sep 1998 10:33:53 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06293 for ietf-pkix-bks; Fri, 4 Sep 1998 07:30:01 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06286 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:29:59 -0700 (PDT) Received: by gateway.r3.ch id <6806>; Fri, 4 Sep 1998 16:36:05 +0100 Message-Id: <98Sep4.163605gmt+0100.6806@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Denis.Pinkas@bull.net'" <Denis.Pinkas@bull.net>, Sharon Boeyen <sharon.boeyen@entrust.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 15:30:00 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh re this comment to Denis message: The argument was made very clear in terms of the original X.509 standard requiring the attribute to be populated whereas croosCertificatePair need not be. In addition, a technical argument was made why the current text goes against the original X.509 and a poor technical solution. ------ I hope we don't go far down this road. At best I think X.509 is unclear and ambiguous on this issue. Those present at the January meeting of the X.509 group that discussed the defect report (including at least 4 of us who have participated directly in that standard activity since at least 1988) had a long discussion of exactly this point and agreed that additional text was required to resolve the ambiguity around the use of these attributes. The result of that discussion was the draft resolution of the defect report prepared for ballot (with which the current Internet Draft is aligned), the content which is of course still subject to change as described earlier. There are so many arguments on both sides of this that I believe no one can clearly claim conformance as a differentiator in the options for the straw poll. Yes the crossCertificatePair attribute was optional and still is in the pkiCA object class, but the reason for that is that a CA can exist without ever having certified another CA or being certified by another CA therefore it MUST be an optional attribute, however if present, its contents must be clearly defined. You could use the same argument to say that cACertificate was never intended to hold certs issued from one CA to another - again because a CA can exist legitimately without ever having a relationship with another CA and the cACertificate attribute was mandatory. Also, if you read the 2nd paragraph following the asn.1 for the EXTENSION in clause 8 of X.509, you see use of forward and reverse certificates being discussed in path development and there is no precise definition of what goes where in the directory entries. That text has been there since 1988 as well. and the list of references that can be used for both sides of the argument go on and on and on. The outcome from PKIX discussion will hopefully be available to feed into the 509 process to clarify the standard. > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06081 for ietf-pkix-bks; Fri, 4 Sep 1998 07:03:55 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06075 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:03:52 -0700 (PDT) Received: by gateway.r3.ch id <6813>; Fri, 4 Sep 1998 16:10:03 +0100 Message-Id: <98Sep4.161003gmt+0100.6813@gateway.r3.ch> From: Rene Eberhard <eberhard@r3.ch> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 15:06:27 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Best regards Rene Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06072 for ietf-pkix-bks; Fri, 4 Sep 1998 07:02:43 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06068 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:02:41 -0700 (PDT) Received: by gateway.r3.ch id <6814>; Fri, 4 Sep 1998 16:08:52 +0100 Message-Id: <98Sep4.160852gmt+0100.6814@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Bill Burr'" <william.burr@nist.gov>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 15:02:50 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh, a question for clarification - tied to Denis' message also: I definitely agree that unilateral certification is valid and I don't think any of us have been saying that bilateral certification between a pair of CAs is mandatory. If that needs clarification, we can certainly add text along those lines to option 2 - Stefan had some good proposals. Do you mean though that if CA1 issues a certificate to CA2 that rather than requiring that same certificate to be present in the reverse element of the crossCertificatePair attribute of CA1's directory as well as requiring that same certificate to be present in the forward element of the crossCertificatePair attribute of CA2's directory entry, you want to require that it be present in the directory entry of CA2, the subject CA as a forward value of the crossCertificatePair and optionally allow CA1 to populate its reverse element with the same certificate? If that's what you mean, I can accept that position as well. > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 4, 1998 9:19 AM > To: 'Bill Burr'; Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > I agree that option 2 is compromise. Actually, as you know I had > proposed it. > > I would change one thing in it. I would not mandate the population of > reverse component of the crossCertificatePair. > > > > > Bill Burr > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05948 for ietf-pkix-bks; Fri, 4 Sep 1998 06:41:14 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05944 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:41:12 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZXT1>; Fri, 4 Sep 1998 09:45:37 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D230@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Denis.Pinkas@bull.net'" <Denis.Pinkas@bull.net>, Sharon Boeyen <sharon.boeyen@entrust.com> Cc: ietf-pkix@imc.org, Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 09:45:36 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Comments in line. > -----Original Message----- > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > Sent: Friday, September 04, 1998 1:03 PM > To: Sharon Boeyen > Cc: ietf-pkix@imc.org; 'Santosh Chokhani' > Subject: Re: What the straw poll means > > Sharon, > > > The "two buckets" is exactly what I was trying to avoid in the > > earlier debate on this topic, however I believe that the single > > bucket option was rejected in the Chicago meeting. > > It was a pity that you could not attend the Chicago meeting. > "rejected" may be a strong word. During the straw poll, I did not > raised my hand for any of the three options for the following good > reasons: > > 1) I had three weeks of holidays one week ahead of the meeting, :-) > 2) When I came back, I had 470 E-mails waiting for me, > 3) I completely skipped the thread on the LDAP schema, :-( > > As a result I could not understand from the discussion what the topic > was and so I abstained. I would guess that I was not the single one in > that position. There was some support for it anyway, so I do not > understand why the straw poll is not on the three options but instead > only on two options. > > > The single bucket option is the > > text which is currently in the Internet Draft. With that text, > > all self signed (or self issued certificates) were to be placed > > in the cACertificate attribute and all certificates issued by > > one CA to a different CA were put in the crossCertificatePair > > attribute. > > This was pretty nice and simple ! If I were to open the bunch of > messages, maybe I could understand why this is not acceptable. > The argument was made very clear in terms of the original X.509 standard requiring the attribute to be populated whereas croosCertificatePair need not be. In addition, a technical argument was made why the current text goes against the original X.509 and a poor technical solution. > > Depending on the particular path development algorithm being > > used by a relying party, directory search tools, especially > > when we evolve to LDAPv3 could be used to filter the content > > of the forward and or reverse elements of that SINGLE attribute > > and provide the relying party with the set of certificates of > > interest to that particular relying party. > > Indeed. [] Again the approach is consistent with the text, spirit > and intent of X.509 and never hurts, but may help path development. > > > I still believe that this is the best solution because the relying > > party systems are the ones that know which certs are of interest > > to them, > > I agree with you. > > > not the CA that happened to issue the certs, especially in the > > post PEM world where any CA could legitimately have certs issued > > for it by several CAs. > > > My strong support for Option 2 in the straw poll is because > > the above was rejected by the meeting and I see Option 2 as > > a workable compromise ONLY because there is a complete set of > > certs in a single attribute and relying parties can do what is > > of interest to them without knowing the definition of domain > > which each individual CA happens to use. For self contained > > environments wanting to make use of a CA or set of CAs certs > > issued within some locally defined domain, this is still possible. > > Let me take a look at option 1 and say why it is not acceptable ... > because it imposes a model of trust that is too specific. > > General comment: The notion of "domain" has never been introduced > before and since the understanding of a domain is "purely a matter > of local policy" there is no chance that the requester understands > what it means - unless we are in a close environment. > > I believe that this feature is being introduced to be used in close > environments for some "good" reasons. The text should explain these > "good" reasons otherwise readers of the document will ignore for ever > the rational. > > PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: > OPTION 1: > ---------------- > The cACertificate attribute, held in a particular CA's directory > entry, shall be used to store certificates issued to this CA by CAs > in the same domain as this CA. > > When the notion of domain does not exists, then this will > be empty. > [] Agreed. > In addition, the cACertificate attribute shall be used to > store self-issued certificates. > > This is fine. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. > > I have a problem here. Cross certification does not mean mutual > cross certification. A CA can cross-certify another CA without > any knowledge from the CA being cross certified. Even if the CA > got the knowledge of it, that CA would not like to place that > certificate in that entry. Let us pick an example: a CA from > the Banana Republic of Baracuda is providing a certificate for > the NIST. I do not think that the NIST will necessarilly place > that certificate in his entry. > []Denis: THIS IS NOT AN OPTION 1 ISSUE. THE CURRENT TEXT, OPTION 1 and OPTION 2 ALL HAVE THE SAME DRAWBACK. > Optionally, the reverse element of the crossCertificatePair attribute, > > held in a particular CA's directory entry, may contain certificates > issued by this CA to CAs in other domains. > > I have a problem here with the word "Optionally" : if the > previous element is not there, then I cannot place an element > here. This means that if CA 1 wants to recognize CA 2, > then CA 2 MUST also recognize CA 1. This mandates mutual cross > certification. I do not think that we have ever mandated > *mutual* cross certification in PKIX-1. > ]My interpretation is different. You can always populate the reverse attribute even if the forward is absent. I will be glad to clarify the text. Please also note that this is an issue for current ldapv2 text, Option 1 and for option 2. > Thus OPTION 1 is NOT acceptable and this has nothing to do with > performance or path development. > > In the case of V3 certificates, none of the above CA certificates may > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > OPTION 2: > ------------- > The crossCertificatePair attribute, held in a particular CA's > directory entry, shall be used to store all certificates issued > by this CA to other CAs, as well as certificates issued > for this CA by other CAs. Values held in the forward element are > certificates issued for this CA by other CAs, while values > in the reverse element are certificates issued by this CA for > other CAs. > > I would interpret the text as mandating to store the reverse > element and optionally the forward element. I would instead > allow to store only the forward element, only the reverse > element or both. > > Hence the OPTION 2 is NOT acceptable either and this has > nothing to do with performance or path development. > > The text should be corrected and be something like: > > The crossCertificatePair attribute, held in a particular > CA's > directory entry, may be used to store certificates issued by > this > CA to other CAs, as well as certificates issued for this CA > by > other CAs. Values held in the forward element are > certificates > issued for this CA by other CAs, while values in the reverse > ele- > ment are certificates issued by this CA for other CAs. Either > cer- > tificate, if present, may be used in building certificate > paths > for validation and may be published in the directory entries > of > either CA or both. > [] This is an acceptable compromise to me between option 1 and option 2. It does not mandate, but permits population of the crossCertificatePair attribute components. > ... which is exactly what is in the original text ! > > The cACertificate attribute, held in a particular CA's directory > entry, shall be used to store certificates issued to this CA by CAs > in the same domain as this CA. This set of certificates is a subset > of the values of the forward element of the crossCertificatePair > attribute in the same CA entry. > > In addition, the cACertificate attribute shall beused to store > self-issued certificates. > > When there are no domains, and IF the text was corrected as > indicated hereabove (i.e. back to the text of the original > version) then we would be "compatible" with the previous > text, but this is not the case. Did I understood correctly ? > > I believe that there are "good" resons to introduce the > notion of "domain". Are these "good reasons" technical or > commercial ? If they are technical then they SHALL be > written in the document. But what about if they are > "commercial" ? > > For the time being, I can only vote for OPTION 0 (i.e. the original > text) ! > > Denis > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05674 for ietf-pkix-bks; Fri, 4 Sep 1998 06:18:54 -0700 (PDT) Received: from att.com (kcgw2.att.com [192.128.133.152]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA05670 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:18:53 -0700 (PDT) Received: from kcig2.fw.att.com by kcgw2.att.com (AT&T/IPNS/UPAS-1.0) for imc.org!ietf-pkix sender att.com!jayhawk (att.com!jayhawk); Fri Sep 4 08:02 CDT 1998 Received: from qsun.ho.att.com (qsunn.ho.att.com [135.16.30.2]) by kcig2.fw.att.com (AT&T/IPNS/GW-1.0) with SMTP id IAA12147 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:23:37 -0500 (CDT) Received: from sloop.local.windrose.omaha.ne.us by qsun.ho.att.com (SMI-8.6/EMS-1.2 sol2) id JAA18228; Fri, 4 Sep 1998 09:23:33 -0400 From: "Ryan Moats" <jayhawk@att.com> To: "Carlisle Adams" <carlisle.adams@entrust.com> Cc: <ietf-pkix@imc.org> Subject: RE: Let's try to understand the real issue (was... RE: What the straw poll means) Date: Fri, 4 Sep 1998 08:26:03 -0500 Message-ID: <002201bdd807$903c8d20$c8c8090a@sloop.local.windrose.omaha.ne.us> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 In-Reply-To: <98Sep4.001130gmt+0100.6814@gateway.r3.ch> Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk > > Hi Ryan, > > > | If this CA's definition of domain and my definition of domain do not > > | coincide exactly (and why should they, since in general this CA and > > I > > | have no pre-established relationship?), then this sorting performed > > by > > | the CA is not merely useless to me, it is actually an explicit > > | disadvantage (because the proponents of option 1 are recommending > > that > > | all the intra-domain certificates be examined *before* the > > inter-domain > > | certificates are examined, leading to worst-case path-construction > > times > > | for what may turn out to be a common scenario). > > > > I don't see that falling out of the Option 1 text as I read the > > straw poll message. If such is the case, then I would say that text > > should be present. > > > Dave Horvath's message to Bob Jueneman earlier today said the following: > > "I feel that the definition of domain is a local policy and that CAs > should be free to define it as they wish. Clients that search/read > CAs entries and obtain the values from both the cACertificate and > crossCertificatePair attributes can explore the values in the > cACertficate attribute first. If a path to the trusted root is found, processing > stops. If not, they can explore the crossCertificatePair attribute. Using this > algorithm CAs can define their domain and post each of their CA > certificates to one attribute or the other. The only adverse affect will be > efficiency in path development on the client side if the CA does not carefully > select intra or inter domain." > > This was also mentioned at the meeting in Chicago. Hmm. I was at the meeting in Chicago (both sessions) and I don't remember hearing that. However, I claim that the whole argument is implementation and therefore out of scope for this discussion. > > | Note that there will be special circumstances in which one > > definition of > > | domain will be understood throughout a given environment (e.g., the > > | strict hierarchy of CAs has been cited in previous posts on this > > topic). > > | In such cases there is a clear efficiency advantage to be gained in > > path > > | construction. This is why option 2 is the perfect compromise: for > > such > > | environments relying parties need only retrieve the n1 < n > > certificates > > | that they *know* will be useful to them. Option 2 therefore meets > > the > > | needs of the general case as well as the special case, while > > | simultaneously guaranteeing interoperability of two installed bases > > | which would otherwise have no hope of interoperating today. > > > > Stop. Here's where I really fall off the wagon. How does the relying > > party > > retrieve ONLY the n1 certificates that they know will be useful to > > them for > > a CA? > > > If the relying party knows that its definition of domain matches that of > the CA exactly, then it can simply retrieve all certificates in the > cACertificate attribute (rather than all certificates in the > crossCertificatePair attribute) in option 2. This is n1 rather than n. > > Carlisle. So what your saying then is that Option 2 is better because of the interopability issue (I can apply all the rest of the arguments to both cases since I don't see any difference in the use of cACertificate in both options) Ryan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05652 for ietf-pkix-bks; Fri, 4 Sep 1998 06:15:08 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05648 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:15:06 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZXSN>; Fri, 4 Sep 1998 09:19:30 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D22E@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Bill Burr'" <william.burr@nist.gov>, Santosh Chokhani <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 09:19:29 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA05649 Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree that option 2 is compromise. Actually, as you know I had proposed it. I would change one thing in it. I would not mandate the population of reverse component of the crossCertificatePair. > -----Original Message----- > From: Bill Burr [SMTP:william.burr@nist.gov] > Sent: Friday, September 04, 1998 9:21 AM > To: Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > At 08:11 AM 9/4/98 -0400, you wrote: > > Santosh, > > Are you saying that you agree that option 2 is the "perfect > compromise?" > > >Stefan: > > > >I agree with every thing you say in this mail message, > > > >> -----Original Message----- > >> From: Stefan Santesson [SMTP:stefan@accurata.se] > >> Sent: Friday, September 04, 1998 7:20 AM > >> To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org > >> Cc: Santosh Chokhani > >> Subject: RE: What the straw poll means > > <snip> > > >>And since > >> this > >> guidance by the CA may be useful in many situations, I consider > option > >> 2 as > >> the perfect compromise. > >> > >> /Stefan > >> > >> > >> > >> > >> > >> ------------------------------------------------------------------- > >> Stefan Santesson <stefan@accurata.se> > >> Accurata Systemsäkerhet AB > >> Lotsgatan 27 D Tel. +46-40 152211 > >> 216 42 Malmö Fax. +46-40 150790 > >> Sweden Mobile +46-70 5247799 > >> > >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > >> ------------------------------------------------------------------- > > > > > Regards, > > Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05612 for ietf-pkix-bks; Fri, 4 Sep 1998 06:12:19 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA05608 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:12:17 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id JAA11951; Fri, 4 Sep 1998 09:16:57 -0400 Message-Id: <3.0.5.32.19980904092036.00b9ca80@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 04 Sep 1998 09:20:36 -0400 To: Santosh Chokhani <chokhani@cygnacom.com> From: Bill Burr <william.burr@nist.gov> Subject: RE: What the straw poll means Cc: ietf-pkix@imc.org In-Reply-To: <51BF55C30B4FD1118B4900207812701E16D22D@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA05609 Sender: owner-ietf-pkix@imc.org Precedence: bulk At 08:11 AM 9/4/98 -0400, you wrote: Santosh, Are you saying that you agree that option 2 is the "perfect compromise?" >Stefan: > >I agree with every thing you say in this mail message, > >> -----Original Message----- >> From: Stefan Santesson [SMTP:stefan@accurata.se] >> Sent: Friday, September 04, 1998 7:20 AM >> To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org >> Cc: Santosh Chokhani >> Subject: RE: What the straw poll means <snip> >>And since >> this >> guidance by the CA may be useful in many situations, I consider option >> 2 as >> the perfect compromise. >> >> /Stefan >> >> >> >> >> >> ------------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >> ------------------------------------------------------------------- > > Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA05206 for ietf-pkix-bks; Fri, 4 Sep 1998 05:53:27 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA05201 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 05:53:26 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id IAA12341 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:58:18 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id IAA12333 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:58:17 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id IAA14842 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:57:41 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000260773@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Fri, 04 Sep 1998 08:58:32 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDD7E2.2D8E8EA0@avenger.missi.ncsc.mil>; Fri, 4 Sep 1998 08:58:26 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980904125825Z-31610@avenger.missi.ncsc.mil> From: "Miklos, Sue A." <samiklo@missi.ncsc.mil> To: "'Carlisle Adams'" <carlisle.adams@entrust.com>, "'Ambarish Malpani'" <ambarish@valicert.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Let's try to understand the real issue (was... RE: What the straw poll means) Date: Fri, 4 Sep 1998 08:58:25 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I work in an environment where although the entire 'world' won't need/want/have access to my directory system, I will be required to make information available to a geographical disbursed, multinational, large group of users. Sandi >---------- >From: Ambarish Malpani[SMTP:ambarish@valicert.com] >Sent: Thursday, September 03, 1998 4:41 PM >To: Carlisle Adams >Cc: ietf-pkix@imc.org >Subject: Re: Let's try to understand the real issue (was... RE: What the >straw poll means) > >Hi Carlisle, > Is the expectation that everybody is directly accessing their >CA's LDAP directory? I always thought that each orginazation would >actually maintain its own LDAP directory and, therefore, be able >to specify which CAs are preferred over others. > > Are we really expecting people to share their directories with >everyone in the world? > >Ambarish > > >Carlisle Adams wrote: >> >> Hi all, >> >> I propose that we try (once again) to understand what the real issue is >> here. >> >> > ---------- >> > From: Ryan Moats[SMTP:jayhawk@att.com] >> > Sent: Thursday, September 03, 1998 12:14 PM >> > To: John_Wray@iris.com >> > Cc: ietf-pkix@imc.org >> > Subject: Retrieval efficiency herring? (was... RE: What the straw >> > poll means) >> > >> > As somebody coming to the party late from the LDAP world, I don't see >> > why >> > the certificates need to be retrieved from two places. An LDAP lookup >> > of an >> > object with a fairly simple filter (objectclass="*") will return all >> > of the >> > attributes associated with that object. Therefore a single lookup >> > will return >> > both attributes, so I don't understand how retrieval efficiency is >> > gained. >> > >> O.K., so we see that a single LDAP lookup can retrieve all certificates >> (which, after careful enumeration, was found to be "n") in either option >> 1 or option 2. >> >> The claimed advantage of option 1 is that this retrieval gets me >> certificates that are sorted into "intra-domain" and "inter-domain", >> which can help in efficient path construction. Let's think about this >> for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY >> TRUSTED BY ME (because if it was directly trusted by me, I would >> already have a trusted copy of its public key and would not need >> certificates in which it was the subject). If it is not directly >> trusted by me, then why would I necessarily trust it to do this sorting >> in a way that is beneficial to my path construction needs? How does it >> know what *my* definition of "domain" is? How does it know whether most >> of my certificate validations will be "intra" its definition of domain >> or "inter" its definition of domain? >> >> If this CA's definition of domain and my definition of domain do not >> coincide exactly (and why should they, since in general this CA and I >> have no pre-established relationship?), then this sorting performed by >> the CA is not merely useless to me, it is actually an explicit >> disadvantage (because the proponents of option 1 are recommending that >> all the intra-domain certificates be examined *before* the inter-domain >> certificates are examined, leading to worst-case path-construction times >> for what may turn out to be a common scenario). >> >> Relying parties know what certificates they will be validating most >> often, depending upon what particular activity they are engaged in at >> the moment. THAT defines the relying parties' "intra" and "inter" >> domains. CAs in the middle of a cert. path cannot possibly know this, >> in general, so having THEM define a domain and sort certificates >> according to that definition is really meaningless. >> >> Note that there will be special circumstances in which one definition of >> domain will be understood throughout a given environment (e.g., the >> strict hierarchy of CAs has been cited in previous posts on this topic). >> In such cases there is a clear efficiency advantage to be gained in path >> construction. This is why option 2 is the perfect compromise: for such >> environments relying parties need only retrieve the n1 < n certificates >> that they *know* will be useful to them. Option 2 therefore meets the >> needs of the general case as well as the special case, while >> simultaneously guaranteeing interoperability of two installed bases >> which would otherwise have no hope of interoperating today. >> >> The price of this panacea? A few redundant certificates in the >> Directory. Is it really worth sacrificing the general- (and perhaps >> common-) case scenario, as well as interoperability, in order to save a >> few certificates and satisfy a particular special-case? I haven't yet >> heard any convincing arguments... >> >> Carlisle. > >-- >--------------------------------------------------------------------- >Ambarish Malpani >Architect 650.567.5457 >ValiCert, Inc. ambarish@valicert.com >1215 Terra Bella Ave. http://www.valicert.com >Mountain View, CA 94043-1833 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA04409 for ietf-pkix-bks; Fri, 4 Sep 1998 05:07:00 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA04405 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 05:06:58 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZXQV>; Fri, 4 Sep 1998 08:11:21 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D22D@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Stefan Santesson'" <stefan@accurata.se>, Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Cc: Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 08:11:19 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA04406 Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan: I agree with every thing you say in this mail message, > -----Original Message----- > From: Stefan Santesson [SMTP:stefan@accurata.se] > Sent: Friday, September 04, 1998 7:20 AM > To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org > Cc: Santosh Chokhani > Subject: RE: What the straw poll means > > At 08:48 PM 9/2/98 -0400, Santosh Chokhani wrote: > <snip> > >The way I look at the difference between the two options is that if > >n=n1+n2 certificates are issued to a CA, option 1 says CA puts n1 in > one > >bucket and n2 in another. Option 2 says put n in one bucket and n1 > in > >another. When you retrieve the two buckets (which you must for path > >development efficiency), option 2 gives you n+n1 certificates and > option > >1 gives you exactly all n. > > I tried to point out before that this is not the whole picture. > > The CA is dealing with n CA certificates n=n1+n2+n3+n4 of the form: > n1 = intra domain issued to other CA:s > n2 = intra domain issued by other CA:s to this CA > n3 = inter domain issued to other CA:s > n4 = inter domain issued by other CA:s to this CA > > Option 1 stores only n2+n3+n4 > (n2 in one bucket and n3+n4 in the other.) > > Option 2 stores n1+2(n2)+n3+n4 > (n2 in one bucket and n1+n2+n3+n4) in the other) > > As you see, n1 is left out of option 1 (according to text) > You said then that it is not forbidden to store n1 (in option 1) > in the cross certificate pair. I guess then that option 1 should > changed- > > from: > Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, > may contain certificates issued by this CA to CAs in other domains. > > to: > Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, > may contain certificates issued by this CA to other CAs. > > So if this is correct then what we are fighting about is only whether > we > should duplicate n2 (out of n1,n2,n3 and n4). To me it sounds > reasonable to > have the complete set of n1+n2+n3+n4 in one bucket and the n2 in the > cACertificate attribute as a specific information for those who wants > to > have the CA:s guidance to define the inter domain subgroup. And since > this > guidance by the CA may be useful in many situations, I consider option > 2 as > the perfect compromise. > > /Stefan > > > > > > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systemsäkerhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malmö Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA04107 for ietf-pkix-bks; Fri, 4 Sep 1998 04:21:09 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA04103 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 04:21:07 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Fri, 4 Sep 1998 12:24:48 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Denis.Pinkas@bull.net cc: Sharon Boeyen <sharon.boeyen@entrust.com>, ietf-pkix@imc.org, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: Re: What the straw poll means In-reply-to: Your message of "Fri, 04 Sep 1998 10:03:20 PDT." <35F01D58.786A@bull.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 04 Sep 1998 12:24:47 +0100 Message-ID: <18589.904908287@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis, Your comments are helpful in pointing out flaws in the expression of the two options, although these aren't at the heart of the debate. I have included a suggested text for the relevant part of Option 1 below. It seems to me that similar adjustments would need to be made to the Option 2 text. As for the relative merits of options 1 and 2 from a functional point of view, I am still taking time to listen and consider. I wish there was more information about the installed base requiring option 2. Denis Pinkas writes: >Let me take a look at option 1 and say why it is not acceptable ... >because it imposes a model of trust that is too specific. Would you say that the modified text I suggest below imposes the same constraint? In other words, is your concern simply a matter of the expression of option 1? >PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: >OPTION 1: >---------------- [snip] >The forward element of the crossCertificatePair attribute, held in a >particular CA's directory entry, shall be used to store certificates >issued to this CA by CAs in other domains. > > I have a problem here. Cross certification does not mean mutual > cross certification. A CA can cross-certify another CA without > any knowledge from the CA being cross certified. Even if the CA > got the knowledge of it, that CA would not like to place that > certificate in that entry. Let us pick an example: a CA from > the Banana Republic of Baracuda is providing a certificate for > the NIST. I do not think that the NIST will necessarilly place > that certificate in his entry. >Optionally, the reverse element of the crossCertificatePair attribute, >held in a particular CA's directory entry, may contain certificates >issued by this CA to CAs in other domains. > > I have a problem here with the word "Optionally" : if the > previous element is not there, then I cannot place an element > here. This means that if CA 1 wants to recognize CA 2, > then CA 2 MUST also recognize CA 1. This mandates mutual cross > certification. I do not think that we have ever mandated > *mutual* cross certification in PKIX-1. I think your concern might be better directed towards the absence of the word 'optionally' in the 'forward element' description, rather than its presence here. X.509 allows both the forward and reverse elements of crossCertificatePair to be OPTIONAL, the stipulation being that at least one is present. A suggested text for this part of OPTION 1 might be: "Values of the Attribute type crossCertificatePair, if present in a particular CA's directory entry, shall have at least one of the optional forward and reverse elements present. When the forward element is present, it shall contain a certificate issued to this CA by a different CA in another domain. When the reverse element is present, it shall contain a certificate issued by this CA to a different CA in another domain. When both elements are present in the same value, the value shall represent a mutual cross-certification of the two CAs. [perhaps add further statements about compatibility of cross certification here? (e.g. key usage; should the certificates mutually verify each other (probably shouldn't be required)?)]" The statement about mutual cross-certification is the primary addition here. It is an attempt to clarify the meaning when both elements are present, while leaving room for certificates which, although apparently representing a mutual cross-certification, represent certificates in opposite directions which have different policies, key usages, etc. Does it need to state explicitly that crossCertificatePair is a multi-valued attribute? This text could of course be adapted for OPTION 2. > > Thus OPTION 1 is NOT acceptable and this has nothing to do with > performance or path development. I think this is not a fundamental flaw of OPTION 1, just an imprecision of expression. > >In the case of V3 certificates, none of the above CA certificates may >include a basicConstraints extension with the cA value set to FALSE. > >The definition of domain is purely a matter of local policy. David -- David Boyce Tel: +44 181 332 9091 Richmond, Surrey, ENGLAND I'net: d.boyce@isode.com Isode's WWW: http://www.isode.com/ X.400: I=d;S=boyce;P=isode;A=mailnet;C=fi; Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA04089 for ietf-pkix-bks; Fri, 4 Sep 1998 04:17:27 -0700 (PDT) Received: from maila.telia.com (root@maila.telia.com [194.236.189.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA04085 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 04:17:24 -0700 (PDT) Received: from stefans (t3o68p109.telia.com [62.20.139.109]) by maila.telia.com (8.8.8/8.8.8) with SMTP id NAA11442; Fri, 4 Sep 1998 13:22:05 +0200 (CEST) Message-Id: <3.0.32.19980904131911.0096c830@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 04 Sep 1998 13:19:51 +0200 To: Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org From: Stefan Santesson <stefan@accurata.se> Subject: RE: What the straw poll means Cc: Santosh Chokhani <chokhani@cygnacom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA04086 Sender: owner-ietf-pkix@imc.org Precedence: bulk At 08:48 PM 9/2/98 -0400, Santosh Chokhani wrote: <snip> >The way I look at the difference between the two options is that if >n=n1+n2 certificates are issued to a CA, option 1 says CA puts n1 in one >bucket and n2 in another. Option 2 says put n in one bucket and n1 in >another. When you retrieve the two buckets (which you must for path >development efficiency), option 2 gives you n+n1 certificates and option >1 gives you exactly all n. I tried to point out before that this is not the whole picture. The CA is dealing with n CA certificates n=n1+n2+n3+n4 of the form: n1 = intra domain issued to other CA:s n2 = intra domain issued by other CA:s to this CA n3 = inter domain issued to other CA:s n4 = inter domain issued by other CA:s to this CA Option 1 stores only n2+n3+n4 (n2 in one bucket and n3+n4 in the other.) Option 2 stores n1+2(n2)+n3+n4 (n2 in one bucket and n1+n2+n3+n4) in the other) As you see, n1 is left out of option 1 (according to text) You said then that it is not forbidden to store n1 (in option 1) in the cross certificate pair. I guess then that option 1 should changed- from: Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to CAs in other domains. to: Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to other CAs. So if this is correct then what we are fighting about is only whether we should duplicate n2 (out of n1,n2,n3 and n4). To me it sounds reasonable to have the complete set of n1+n2+n3+n4 in one bucket and the n2 in the cACertificate attribute as a specific information for those who wants to have the CA:s guidance to define the inter domain subgroup. And since this guidance by the CA may be useful in many situations, I consider option 2 as the perfect compromise. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA02805 for ietf-pkix-bks; Fri, 4 Sep 1998 03:18:52 -0700 (PDT) Received: from maila.telia.com (root@maila.telia.com [194.236.189.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA02801 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 03:18:50 -0700 (PDT) Received: from stefans (t4o68p88.telia.com [62.20.139.208]) by maila.telia.com (8.8.8/8.8.8) with SMTP id MAA14602; Fri, 4 Sep 1998 12:22:18 +0200 (CEST) Message-Id: <3.0.32.19980904120824.00a06300@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 04 Sep 1998 12:20:04 +0200 To: "Bob Jueneman" <BJUENEMAN@novell.com>, <aram@apple.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Digital signature and non-repudiation key usage bits Cc: <ietf-pkix@imc.org> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id DAA02802 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Bob, At 06:42 PM 9/2/98 -0600, Bob Jueneman wrote: <snip> >>I suggest that we stick to the standardized definitions of the key usage >>bits and leave >>policy issues out of a common certificate profile. > >If there were any sense of the community as to what these definitions really >mean, or ought to mean, we would probably not be having this discussion. >Otherwise I would agree with you. >> >>non-repudiation is according to standard selected by the NR bit, not NR in >>combination with DS bit. Inclusion of the DS bit means that DS mechanisms >>other than non-repudiation are allowed for the key. > >I believe that is exactly the issue. Are you suggesting that NR plus DS should not >be allowed? Why? No I do not. I do suggest that such decision is up to local policy. But there will be some policies where this combination will not be allowed, but I think you agree to that. The important thing is that I suggest that the NR bit and DS bit has separate meaning and that they should be set independently to specify DS, NR or both. The vague definition of the NR bit is a problem, I agree to that. If I were to define some distinguishing property of the NR bit that would be: Non repudiation denotes services constructed in such way that: 1) The signature provides proof of the integrity and origin of data - both in an unforgeable relationship - which can be verified by any third party at any time.[X.509 / ISO 9594-8] 2) The signature is applied to a message where the signatory is capable of, and required to, accept responsibility for the message content before signing. 3) The signatory's liability for signing the message can be concluded from the signed message itself, possibly within a well known and agreed context that can be verified by any third party at any time. This definitions rules out any signed logon ticket or other data authentication mechanisms where the signature says "this message wasn't changed" instead of "I take full responsibility for the message content". But since this is not defined by the bit (which I regret) the way to go will be for the CA to include this in it's published certificate policy. I can't see any other way for now when utilizing the existing standard. I would not object though to a defect report to get this into the standard. In the new proposed work item, however, regaring a profile for non-repudiation certificates supporting legal acceptance of digital signatures I will try to get this definition in. Would you support it? /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA29009 for ietf-pkix-bks; Fri, 4 Sep 1998 02:49:39 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA29005 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 02:49:37 -0700 (PDT) From: John_Wray@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090405534560:1457 for <ietf-pkix@imc.org> ; Fri, 4 Sep 1998 05:53:45 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090405534560:1457 for <ietf-pkix@imc.org> ; Fri, 4 Sep 1998 05:53:45 -0400 X-Lotus-FromDomain: IRIS Message-ID: <85256675.00368158.00@arista.iris.com> Date: Fri, 4 Sep 1998 05:56:52 -0400 Mime-Version: 1.0 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Content-type: multipart/mixed; Boundary="0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5" Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk --0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Dave Horvath <dave@chromatix.com> writes: >> The difference between the two options is primarily storage efficiency vs. >> retrieval efficiency. Both options divide a CAs certs into two piles. >> Option 1 has pile A containing only intra-domain certs, and pile B >> containing only inter-domain certs; option 2 has pile A containing only >> intra-domain certs and pite B containing all certs. Which option is >> superior depends on two things: >> >>... >> >> Having the target CA divide its certificates between two places within the >> directory is no help to this verifier. All it does it force the verifier >> to make two retrieval operations instead of the one that would be required >> by option 2. The verifier isn't really interested in whether a particular >> certificate comes from another CA from the same "domain" as the target's CA >> - if it cares about "domains" at all, what it would be interested in is if >> any certs come from the same domain as the verifier (or one of its trusted >> roots), not the target (and of course that's verifier-specific). > > John, the verifier does NOT have to invoke two retrieval operations. >The verifier simply reads the CA entry requesting both the cACertificate >attribute and the crossCertificatePair attribute in the same search/read >operation. All certificates are returned. The verifier can then decide >whether to explore inter-domain, intra-domain, both , none, whatever. >The verifier can lump them all together in the client application if >they like! The main advantage to option 1 is we don't store the >certificates twice which is a fundamental goal in all database >applications. IMHO it applies to repositories and public key >infrastructures also. There may not be two protocol actions across the wire, but it's definitely less work for the client to receive a single set of objects all of the same type, compared to the two sets of differently typed objects that option 1 requires it to retrieve. Under option 2, verifiers that don't care about the CAs ideas about domains can simply retrieve all the CAs certificates. Having the CA divide its certificates into two piles only adds complexity to the client's task. The only place where verifiers will care about which domain the CA thinks it's in, is if they think they (or one of their roots) are in the same domain. Only in that case is a verifier likely to decide to look first at the CAs intra-domain certs, and option 2 allows for this choice just as simply as does option 1. The cost of this in option 2 is the duplication of some certificates in the directory (we already have duplication in this area, unless the directory has some intelligence that will enable it to store cross-cert pairs only once and somehow place a reference to the shared object from both CA entries). But this duplication is at the discretion of the CA - if it doesn't think the benefits of storing hints for local verifiers are worthwhile, option 2 allows it to use _only_ the crossCertificate entry for all its certs. > The general algorithm we envision is for clients to first explore the >cACertificate attribute, then explore the crossCertificatePair >attribute. That way nothing will get missed. It's not an all or >nothing choice. It's an attempt to store the certificates once and to >group them to make logical decisions when exploring possibly complex >paths. But you can only make logical decisions when you have some data to work with. A CA has no idea when it's placing its certs in the directory about who is going to come look for them. Without knowing what domain the verifier is in, the CA can't hope to help it out. It can make a special-case optimization under either option for the case where the verifier is in the same domain as the CA (which is really the only time that either option offers any advantage over simply having a single entry into which all certs are placed). In summary, my contention is that very few verifiers will ever want to be bothered with "domains" (or at least, not with some foreign CA's idea of what a domain is). Of the two options under discussion, option 2 allows most verifiers to simply ignore the fact that a CA has chosen to issue unwanted hints, and just retrieve the certs it wants from a single place. The few verifiers that want to do something with a CA's hints can choose to do so under either option, but option 1 would force all client software to increase in complexity to gain that choice. Option 2 burdens only those clients that wish to exploit the hints. John --0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5 Content-type: application/octet-stream; name="$RFC822.eml" Content-Disposition: attachment; filename="$RFC822.eml" Content-transfer-encoding: base64 UmVjZWl2ZWQ6IGZyb20gYXJpc3RhLmlyaXMuY29tIChbOS45NS42NS4xNV0pDQogICAgICAgICAg YnkgZXBpYy5pcmlzLmNvbSAoTG90dXMgRG9taW5vIEJ1aWxkIDE2MSAoQmV0YSkpDQogICAgICAg ICAgd2l0aCBTTVRQIGlkIDE5OTgwOTAzMjIwMDAxNTk6MTQyOCANCiAgICAgICAgICBmb3IgPGRh dmVAY2hyb21hdGl4LmNvbT4gLA0KICAgICAgICAgICAgICA8aWV0Zi1wa2ljQGltYy5vcmc+IDsN CiAgICAgICAgICBUaHUsIDMgU2VwIDE5OTggMjI6MDA6MDEgLTA0MDAgDQpSZWNlaXZlZDogZnJv bSBhcmlzdGEuaXJpcy5jb20gKFs5Ljk1LjY1LjE1XSkNCiAgICAgICAgICBieSBlcGljLmlyaXMu Y29tIChMb3R1cyBEb21pbm8gQnVpbGQgMTYxIChCZXRhKSkNCiAgICAgICAgICB3aXRoIFNNVFAg aWQgMTk5ODA5MDMyMjAwMDE1OToxNDI4IA0KICAgICAgICAgIGZvciA8ZGF2ZUBjaHJvbWF0aXgu Y29tPiAsDQogICAgICAgICAgICAgIDxpZXRmLXBraWNAaW1jLm9yZz4gOw0KICAgICAgICAgIFRo dSwgMyBTZXAgMTk5OCAyMjowMDowMSAtMDQwMCANClgtTG90dXMtRnJvbURvbWFpbjogSVJJUw0K RnJvbTogSm9obl9XcmF5QGlyaXMuY29tDQpUbzogRGF2ZSBIb3J2YXRoIDxkYXZlQGNocm9tYXRp eC5jb20+DQpjYzogaWV0Zi1wa2ljQGltYy5vcmcNCk1lc3NhZ2UtSUQ6IDw4NTI1NjY3NS4wMDBC MjM1Ny4wMEBhcmlzdGEuaXJpcy5jb20+DQpEYXRlOiBUaHUsIDMgU2VwIDE5OTggMTk6NTY6MTQg LTA0MDANClN1YmplY3Q6IFJlOiBXaGF0IHRoZSBzdHJhdyBwb2xsIG1lYW5zDQpNaW1lLVZlcnNp b246IDEuMA0KeC1ub3Rlcy0kMjROb3RlSGFzTmF0aXZlTUlNRTogMQ0KeC1ub3Rlcy1TTVRQT3Jp Z2luYXRvcjogSm9obl9XcmF5QGlyaXMuY29tDQp4LW5vdGVzLSQyNFVwZGF0ZWRCeTogQ049RXBp Yy9PPUlyaXMNCngtbm90ZXMtUm91dGVTZXJ2ZXJzOiBDTj1FcGljL089SXJpcw0KeC1ub3Rlcy1N YWlsU2F2ZWRGb3JtOiBNZW1vDQp4LW5vdGVzLUZvcm06IE5vbkRlbGl2ZXJ5IFJlcG9ydA0KeC1u b3Rlcy1GYWlsdXJlUmVhc29uOiBFcnJvciB0cmFuc2ZlcnJpbmcgdG8gaW1jLm9yZzsgU01UUCBQ cm90b2NvbCBSZXR1cm5lZCBhIFBlcm1hbmVudCBFcnJvciA1NTAgPGlldGYtcGtpY0BpbWMub3Jn Pi4uLiBVc2VyIHVua25vd24NCngtbm90ZXMtSW50ZW5kZWRSZWNpcGllbnQ6IGlldGYtcGtpY0Bp bWMub3JnDQpDb250ZW50LXR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXMtYXNjaWkNCkNvbnRl bnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpEYXZlIEhvcnZhdGggPGRhdmVAY2hyb21hdGl4LmNv bT4gd3JpdGVzOg0KDQoNCj4+IFRoZSBkaWZmZXJlbmNlIGJldHdlZW4gdGhlIHR3byBvcHRpb25z IGlzIHByaW1hcmlseSBzdG9yYWdlIGVmZmljaWVuY3kNCnZzLg0KPj4gcmV0cmlldmFsIGVmZmlj aWVuY3kuICBCb3RoIG9wdGlvbnMgZGl2aWRlIGEgQ0FzIGNlcnRzIGludG8gdHdvIHBpbGVzLg0K Pj4gT3B0aW9uIDEgaGFzIHBpbGUgQSBjb250YWluaW5nIG9ubHkgaW50cmEtZG9tYWluIGNlcnRz LCBhbmQgcGlsZSBCDQo+PiBjb250YWluaW5nIG9ubHkgaW50ZXItZG9tYWluIGNlcnRzOyBvcHRp b24gMiBoYXMgcGlsZSBBIGNvbnRhaW5pbmcgb25seQ0KPj4gaW50cmEtZG9tYWluIGNlcnRzIGFu ZCBwaXRlIEIgY29udGFpbmluZyBhbGwgY2VydHMuICBXaGljaCBvcHRpb24gaXMNCj4+IHN1cGVy aW9yIGRlcGVuZHMgb24gdHdvIHRoaW5nczoNCj4+DQo+Pi4uLg0KPj4NCj4+IEhhdmluZyB0aGUg dGFyZ2V0IENBIGRpdmlkZSBpdHMgY2VydGlmaWNhdGVzIGJldHdlZW4gdHdvIHBsYWNlcyB3aXRo aW4NCnRoZQ0KPj4gZGlyZWN0b3J5IGlzIG5vIGhlbHAgdG8gdGhpcyB2ZXJpZmllci4gIEFsbCBp dCBkb2VzIGl0IGZvcmNlIHRoZQ0KdmVyaWZpZXINCj4+IHRvIG1ha2UgdHdvIHJldHJpZXZhbCBv cGVyYXRpb25zIGluc3RlYWQgb2YgdGhlIG9uZSB0aGF0IHdvdWxkIGJlDQpyZXF1aXJlZA0KPj4g Ynkgb3B0aW9uIDIuICBUaGUgdmVyaWZpZXIgaXNuJ3QgcmVhbGx5IGludGVyZXN0ZWQgaW4gd2hl dGhlciBhDQpwYXJ0aWN1bGFyDQo+PiBjZXJ0aWZpY2F0ZSBjb21lcyBmcm9tIGFub3RoZXIgQ0Eg ZnJvbSB0aGUgc2FtZSAiZG9tYWluIiBhcyB0aGUgdGFyZ2V0J3MNCkNBDQo+PiAtIGlmIGl0IGNh cmVzIGFib3V0ICJkb21haW5zIiBhdCBhbGwsIHdoYXQgaXQgd291bGQgYmUgaW50ZXJlc3RlZCBp biBpcw0KaWYNCj4+IGFueSBjZXJ0cyBjb21lIGZyb20gdGhlIHNhbWUgZG9tYWluIGFzIHRoZSB2 ZXJpZmllciAob3Igb25lIG9mIGl0cw0KdHJ1c3RlZA0KPj4gcm9vdHMpLCBub3QgdGhlIHRhcmdl dCAoYW5kIG9mIGNvdXJzZSB0aGF0J3MgdmVyaWZpZXItc3BlY2lmaWMpLg0KPg0KPiAgICBKb2hu LCAgdGhlIHZlcmlmaWVyIGRvZXMgTk9UIGhhdmUgdG8gaW52b2tlIHR3byByZXRyaWV2YWwgb3Bl cmF0aW9ucy4NCj5UaGUgdmVyaWZpZXIgc2ltcGx5IHJlYWRzIHRoZSBDQSBlbnRyeSByZXF1ZXN0 aW5nIGJvdGggdGhlIGNBQ2VydGlmaWNhdGUNCj5hdHRyaWJ1dGUgYW5kIHRoZSBjcm9zc0NlcnRp ZmljYXRlUGFpciBhdHRyaWJ1dGUgaW4gdGhlIHNhbWUgc2VhcmNoL3JlYWQNCj5vcGVyYXRpb24u ICBBbGwgY2VydGlmaWNhdGVzIGFyZSByZXR1cm5lZC4gIFRoZSB2ZXJpZmllciBjYW4gdGhlbiBk ZWNpZGUNCj53aGV0aGVyIHRvIGV4cGxvcmUgaW50ZXItZG9tYWluLCBpbnRyYS1kb21haW4sIGJv dGggLCBub25lLCB3aGF0ZXZlci4NCj5UaGUgdmVyaWZpZXIgY2FuIGx1bXAgdGhlbSBhbGwgdG9n ZXRoZXIgaW4gdGhlIGNsaWVudCBhcHBsaWNhdGlvbiBpZg0KPnRoZXkgbGlrZSEgIFRoZSBtYWlu IGFkdmFudGFnZSB0byBvcHRpb24gMSBpcyB3ZSBkb24ndCBzdG9yZSB0aGUNCj5jZXJ0aWZpY2F0 ZXMgdHdpY2Ugd2hpY2ggaXMgIGEgZnVuZGFtZW50YWwgZ29hbCBpbiBhbGwgZGF0YWJhc2UNCj5h cHBsaWNhdGlvbnMuICAgSU1ITyBpdCBhcHBsaWVzIHRvIHJlcG9zaXRvcmllcyBhbmQgcHVibGlj IGtleQ0KPmluZnJhc3RydWN0dXJlcyBhbHNvLg0KDQpUaGVyZSBtYXkgbm90IGJlIHR3byBwcm90 b2NvbCBhY3Rpb25zIGFjcm9zcyB0aGUgd2lyZSwgYnV0IGl0J3MgZGVmaW5pdGVseQ0KbGVzcyB3 b3JrIGZvciB0aGUgY2xpZW50IHRvIHJlY2VpdmUgYSBzaW5nbGUgc2V0IG9mIG9iamVjdHMgYWxs IG9mIHRoZSBzYW1lDQp0eXBlLCBjb21wYXJlZCB0byB0aGUgdHdvIHNldHMgb2YgZGlmZmVyZW50 bHkgdHlwZWQgb2JqZWN0cyB0aGF0IG9wdGlvbiAxDQpyZXF1aXJlcyBpdCB0byByZXRyaWV2ZS4g IFVuZGVyIG9wdGlvbiAyLCB2ZXJpZmllcnMgdGhhdCBkb24ndCBjYXJlIGFib3V0DQp0aGUgQ0Fz IGlkZWFzIGFib3V0IGRvbWFpbnMgY2FuIHNpbXBseSByZXRyaWV2ZSBhbGwgdGhlIENBcyBjZXJ0 aWZpY2F0ZXMuDQpIYXZpbmcgdGhlIENBIGRpdmlkZSBpdHMgY2VydGlmaWNhdGVzIGludG8gdHdv IHBpbGVzIG9ubHkgYWRkcyBjb21wbGV4aXR5DQp0byB0aGUgY2xpZW50J3MgdGFzay4NCg0KVGhl IG9ubHkgcGxhY2Ugd2hlcmUgdmVyaWZpZXJzIHdpbGwgY2FyZSBhYm91dCB3aGljaCBkb21haW4g dGhlIENBIHRoaW5rcw0KaXQncyBpbiwgaXMgaWYgdGhleSB0aGluayB0aGV5IChvciBvbmUgb2Yg dGhlaXIgcm9vdHMpIGFyZSBpbiB0aGUgc2FtZQ0KZG9tYWluLiAgT25seSBpbiB0aGF0IGNhc2Ug aXMgYSB2ZXJpZmllciBsaWtlbHkgdG8gZGVjaWRlIHRvIGxvb2sgZmlyc3QgYXQNCnRoZSBDQXMg aW50cmEtZG9tYWluIGNlcnRzLCBhbmQgb3B0aW9uIDIgYWxsb3dzIGZvciB0aGlzIGNob2ljZSBq dXN0IGFzDQpzaW1wbHkgYXMgZG9lcyBvcHRpb24gMS4NCg0KVGhlIGNvc3Qgb2YgdGhpcyBpbiBv cHRpb24gMiBpcyB0aGUgZHVwbGljYXRpb24gb2Ygc29tZSBjZXJ0aWZpY2F0ZXMgaW4gdGhlDQpk aXJlY3RvcnkgKHdlIGFscmVhZHkgaGF2ZSBkdXBsaWNhdGlvbiBpbiB0aGlzIGFyZWEsIHVubGVz cyB0aGUgZGlyZWN0b3J5DQpoYXMgc29tZSBpbnRlbGxpZ2VuY2UgdGhhdCB3aWxsIGVuYWJsZSBp dCB0byBzdG9yZSBjcm9zcy1jZXJ0IHBhaXJzIG9ubHkNCm9uY2UgYW5kIHNvbWVob3cgcGxhY2Ug YSByZWZlcmVuY2UgdG8gdGhlIHNoYXJlZCBvYmplY3QgZnJvbSBib3RoIENBDQplbnRyaWVzKS4g IEJ1dCB0aGlzIGR1cGxpY2F0aW9uIGlzIGF0IHRoZSBkaXNjcmV0aW9uIG9mIHRoZSBDQSAtIGlm IGl0DQpkb2Vzbid0IHRoaW5rIHRoZSBiZW5lZml0cyBvZiBzdG9yaW5nIGhpbnRzIGZvciBsb2Nh bCB2ZXJpZmllcnMgYXJlDQp3b3J0aHdoaWxlLCBvcHRpb24gMiBhbGxvd3MgaXQgdG8gdXNlIF9v bmx5XyB0aGUgY3Jvc3NDZXJ0aWZpY2F0ZSBlbnRyeSBmb3INCmFsbCBpdHMgY2VydHMuDQoNCj4g ICAgVGhlIGdlbmVyYWwgYWxnb3JpdGhtIHdlIGVudmlzaW9uIGlzIGZvciBjbGllbnRzIHRvIGZp cnN0IGV4cGxvcmUgdGhlDQo+Y0FDZXJ0aWZpY2F0ZSBhdHRyaWJ1dGUsIHRoZW4gZXhwbG9yZSB0 aGUgY3Jvc3NDZXJ0aWZpY2F0ZVBhaXINCj5hdHRyaWJ1dGUuICAgVGhhdCB3YXkgbm90aGluZyB3 aWxsIGdldCBtaXNzZWQuICBJdCdzIG5vdCBhbiBhbGwgb3INCj5ub3RoaW5nIGNob2ljZS4gIEl0 J3MgYW4gYXR0ZW1wdCB0byBzdG9yZSB0aGUgY2VydGlmaWNhdGVzIG9uY2UgYW5kIHRvDQo+Z3Jv dXAgdGhlbSB0byBtYWtlIGxvZ2ljYWwgZGVjaXNpb25zIHdoZW4gZXhwbG9yaW5nIHBvc3NpYmx5 IGNvbXBsZXgNCj5wYXRocy4NCg0KQnV0IHlvdSBjYW4gb25seSBtYWtlIGxvZ2ljYWwgZGVjaXNp b25zIHdoZW4geW91IGhhdmUgc29tZSBkYXRhIHRvIHdvcmsNCndpdGguICBBIENBIGhhcyBubyBp ZGVhIHdoZW4gaXQncyBwbGFjaW5nIGl0cyBjZXJ0cyBpbiB0aGUgZGlyZWN0b3J5IGFib3V0DQp3 aG8gaXMgZ29pbmcgdG8gY29tZSBsb29rIGZvciB0aGVtLiAgV2l0aG91dCBrbm93aW5nIHdoYXQg ZG9tYWluIHRoZQ0KdmVyaWZpZXIgaXMgaW4sIHRoZSBDQSBjYW4ndCBob3BlIHRvIGhlbHAgaXQg b3V0LiAgSXQgY2FuIG1ha2UgYQ0Kc3BlY2lhbC1jYXNlIG9wdGltaXphdGlvbiB1bmRlciBlaXRo ZXIgb3B0aW9uIGZvciB0aGUgY2FzZSB3aGVyZSB0aGUNCnZlcmlmaWVyIGlzIGluIHRoZSBzYW1l IGRvbWFpbiBhcyB0aGUgQ0EgICh3aGljaCBpcyByZWFsbHkgdGhlIG9ubHkgdGltZQ0KdGhhdCBl aXRoZXIgb3B0aW9uIG9mZmVycyBhbnkgYWR2YW50YWdlIG92ZXIgc2ltcGx5IGhhdmluZyBhIHNp bmdsZSBlbnRyeQ0KaW50byB3aGljaCBhbGwgY2VydHMgYXJlIHBsYWNlZCkuDQoNCg0KDQpJbiBz dW1tYXJ5LCBteSBjb250ZW50aW9uIGlzIHRoYXQgdmVyeSBmZXcgdmVyaWZpZXJzIHdpbGwgZXZl ciB3YW50IHRvIGJlDQpib3RoZXJlZCB3aXRoICJkb21haW5zIiAob3IgYXQgbGVhc3QsIG5vdCB3 aXRoIHNvbWUgZm9yZWlnbiBDQSdzIGlkZWEgb2YNCndoYXQgYSBkb21haW4gaXMpLiAgT2YgdGhl IHR3byBvcHRpb25zIHVuZGVyIGRpc2N1c3Npb24sIG9wdGlvbiAyIGFsbG93cw0KbW9zdCB2ZXJp ZmllcnMgdG8gc2ltcGx5IGlnbm9yZSB0aGUgZmFjdCB0aGF0IGEgQ0EgaGFzIGNob3NlbiB0byBp c3N1ZQ0KdW53YW50ZWQgaGludHMsIGFuZCBqdXN0IHJldHJpZXZlIHRoZSBjZXJ0cyBpdCB3YW50 cyBmcm9tIGEgc2luZ2xlIHBsYWNlLg0KVGhlIGZldyB2ZXJpZmllcnMgdGhhdCB3YW50IHRvIGRv IHNvbWV0aGluZyB3aXRoIGEgQ0EncyBoaW50cyBjYW4gY2hvb3NlIHRvDQpkbyBzbyB1bmRlciBl aXRoZXIgb3B0aW9uLCBidXQgb3B0aW9uIDEgd291bGQgZm9yY2UgYWxsIGNsaWVudCBzb2Z0d2Fy ZSB0bw0KaW5jcmVhc2UgaW4gY29tcGxleGl0eSB0byBnYWluIHRoYXQgY2hvaWNlLiAgT3B0aW9u IDIgYnVyZGVucyBvbmx5IHRob3NlDQpjbGllbnRzIHRoYXQgd2lzaCB0byBleHBsb2l0IHRoZSBo aW50cy4NCg0KDQpKb2huDQoNCg0KDQo= --0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA23308 for ietf-pkix-bks; Fri, 4 Sep 1998 01:26:28 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA23296 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 01:26:25 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA25196; Fri, 4 Sep 1998 10:32:57 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id KAA16302; Fri, 4 Sep 1998 10:32:58 +0200 (DFT) Message-ID: <35F02427.289B@bull.net> Date: Fri, 04 Sep 1998 10:32:23 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Robert Zuccherato <robertz@entrust.com>, IETF-PXIX <ietf-pkix@imc.org> Subject: TemporalData (Time Stamp Protocol) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Robert, In order to facilitate the implementation (and therefore acceptance) of the Time Stamp Protocol draft, (draft-adams-time-stamp-02.txt) I think we should provide the ASN.1 material in the 1988 syntax [since only a few implementers have access to an updated 1994 ASN.1 compiler]. [Stephen Farrell just made the same request yesterday]. NB: [CCP] provides both 1988 and 1994 syntaxes and states that 1988 syntax takes precedence in case of conflict. Only one adjustment need to be made for that draft : the TemporalData definition should be changed from : TemporalData ::= SEQUENCE { format TEMPORALDATACLASS.&id, --objid rawdata TEMPORALDATACLASS.&Type --open type } TEMPORALDATACLASS ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Type } WITH SYNTAX { &Type IDENTIFIED BY &id } to : TemporalData ::= SEQUENCE { format OBJECT IDENTIFIER, rawdata ANY DEFINED BY format } (Please forgive me if I translated the 1994 ASN.1 syntax in a wrong way since I'm not an ASN.1 fan or expert. :-) Denis -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA22177 for ietf-pkix-bks; Fri, 4 Sep 1998 01:17:11 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA22167 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 01:17:09 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA13628; Fri, 4 Sep 1998 10:23:38 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id KAA05764; Fri, 4 Sep 1998 10:23:39 +0200 (DFT) Message-ID: <35F021F7.1FDE@bull.net> Date: Fri, 04 Sep 1998 10:23:03 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Carlisle Adams <carlisle.adams@entrust.com> CC: ietf-pkix@imc.org Subject: Re: Let's try to understand the real issue (was... RE: What the straw poll means) References: <98Sep3.203112gmt+0100.6799@gateway.r3.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Carlisle, (...) I follow and fully support your argumentation. I came to the same conclusions. IN ADDITION, neither of OPTION 1 or OPTION 2, as written, is acceptable for reasons which have nothing to do with duplication or location of information. These reasons are indicated in a separate E-mail and are related to mandating *mutual* cross certification (OPTION 1) or forbiding the forward element of a certificate pair (i.e. certificates issued for this CA by other CAs), if the reverse element is not present (OPTION 2). This is why the only acceptable choice for the time is OPTION 0, i.e. the original text. I would ask the chairs to : 1) look at the arguments raised about *mutual* cross certification and unilateral cross certification, 2) reconsider the vote and extend it to OPTION 0, i.e. the current text. A straw poll is not a coin toss, otherwise I would have already answered. :-) > The claimed advantage of option 1 is that this retrieval gets me > certificates that are sorted into "intra-domain" and "inter-domain", > which can help in efficient path construction. Let's think about this > for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY > TRUSTED BY ME (because if it was directly trusted by me, I would > already have a trusted copy of its public key and would not need > certificates in which it was the subject). If it is not directly > trusted by me, then why would I necessarily trust it to do this sorting > in a way that is beneficial to my path construction needs? How does it > know what *my* definition of "domain" is? How does it know whether most > of my certificate validations will be "intra" its definition of domain > or "inter" its definition of domain? > If this CA's definition of domain and my definition of domain do not > coincide exactly (and why should they, since in general this CA and I > have no pre-established relationship?), then this sorting performed by > the CA is not merely useless to me, it is actually an explicit > disadvantage (because the proponents of option 1 are recommending that > all the intra-domain certificates be examined *before* the inter-domain > certificates are examined, leading to worst-case path-construction times > for what may turn out to be a common scenario). > Relying parties know what certificates they will be validating most > often, depending upon what particular activity they are engaged in at > the moment. THAT defines the relying parties' "intra" and "inter" > domains. CAs in the middle of a cert. path cannot possibly know this, > in general, so having THEM define a domain and sort certificates > according to that definition is really meaningless. > Note that there will be special circumstances in which one definition of > domain will be understood throughout a given environment (e.g., the > strict hierarchy of CAs has been cited in previous posts on this topic). > In such cases there is a clear efficiency advantage to be gained in path > construction. This is why option 2 is the perfect compromise: for such > environments relying parties need only retrieve the n1 < n certificates > that they *know* will be useful to them. Option 2 therefore meets the > needs of the general case as well as the special case, while > simultaneously guaranteeing interoperability of two installed bases > which would otherwise have no hope of interoperating today. > The price of this panacea? A few redundant certificates in the > Directory. Is it really worth sacrificing the general- (and perhaps > common-) case scenario, as well as interoperability, in order to save a > few certificates and satisfy a particular special-case? I haven't yet > heard any convincing arguments... Neither do I ... Denis > Carlisle. -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA21703 for ietf-pkix-bks; Fri, 4 Sep 1998 01:05:24 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA21551 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 00:59:48 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA12425; Fri, 4 Sep 1998 10:03:56 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id KAA22052; Fri, 4 Sep 1998 10:03:56 +0200 (DFT) Message-ID: <35F01D58.786A@bull.net> Date: Fri, 04 Sep 1998 10:03:20 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Sharon Boeyen <sharon.boeyen@entrust.com> CC: ietf-pkix@imc.org, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: Re: What the straw poll means References: <98Sep3.134059gmt+0100.6803@gateway.r3.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Sharon, > The "two buckets" is exactly what I was trying to avoid in the > earlier debate on this topic, however I believe that the single > bucket option was rejected in the Chicago meeting. It was a pity that you could not attend the Chicago meeting. "rejected" may be a strong word. During the straw poll, I did not raised my hand for any of the three options for the following good reasons: 1) I had three weeks of holidays one week ahead of the meeting, :-) 2) When I came back, I had 470 E-mails waiting for me, 3) I completely skipped the thread on the LDAP schema, :-( As a result I could not understand from the discussion what the topic was and so I abstained. I would guess that I was not the single one in that position. There was some support for it anyway, so I do not understand why the straw poll is not on the three options but instead only on two options. > The single bucket option is the > text which is currently in the Internet Draft. With that text, > all self signed (or self issued certificates) were to be placed > in the cACertificate attribute and all certificates issued by > one CA to a different CA were put in the crossCertificatePair > attribute. This was pretty nice and simple ! If I were to open the bunch of messages, maybe I could understand why this is not acceptable. > Depending on the particular path development algorithm being > used by a relying party, directory search tools, especially > when we evolve to LDAPv3 could be used to filter the content > of the forward and or reverse elements of that SINGLE attribute > and provide the relying party with the set of certificates of > interest to that particular relying party. Indeed. > I still believe that this is the best solution because the relying > party systems are the ones that know which certs are of interest > to them, I agree with you. > not the CA that happened to issue the certs, especially in the > post PEM world where any CA could legitimately have certs issued > for it by several CAs. > My strong support for Option 2 in the straw poll is because > the above was rejected by the meeting and I see Option 2 as > a workable compromise ONLY because there is a complete set of > certs in a single attribute and relying parties can do what is > of interest to them without knowing the definition of domain > which each individual CA happens to use. For self contained > environments wanting to make use of a CA or set of CAs certs > issued within some locally defined domain, this is still possible. Let me take a look at option 1 and say why it is not acceptable ... because it imposes a model of trust that is too specific. General comment: The notion of "domain" has never been introduced before and since the understanding of a domain is "purely a matter of local policy" there is no chance that the requester understands what it means - unless we are in a close environment. I believe that this feature is being introduced to be used in close environments for some "good" reasons. The text should explain these "good" reasons otherwise readers of the document will ignore for ever the rational. PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: OPTION 1: ---------------- The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. When the notion of domain does not exists, then this will be empty. In addition, the cACertificate attribute shall be used to store self-issued certificates. This is fine. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. I have a problem here. Cross certification does not mean mutual cross certification. A CA can cross-certify another CA without any knowledge from the CA being cross certified. Even if the CA got the knowledge of it, that CA would not like to place that certificate in that entry. Let us pick an example: a CA from the Banana Republic of Baracuda is providing a certificate for the NIST. I do not think that the NIST will necessarilly place that certificate in his entry. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to CAs in other domains. I have a problem here with the word "Optionally" : if the previous element is not there, then I cannot place an element here. This means that if CA 1 wants to recognize CA 2, then CA 2 MUST also recognize CA 1. This mandates mutual cross certification. I do not think that we have ever mandated *mutual* cross certification in PKIX-1. Thus OPTION 1 is NOT acceptable and this has nothing to do with performance or path development. In the case of V3 certificates, none of the above CA certificates may include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. OPTION 2: ------------- The crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued by this CA to other CAs, as well as certificates issued for this CA by other CAs. Values held in the forward element are certificates issued for this CA by other CAs, while values in the reverse element are certificates issued by this CA for other CAs. I would interpret the text as mandating to store the reverse element and optionally the forward element. I would instead allow to store only the forward element, only the reverse element or both. Hence the OPTION 2 is NOT acceptable either and this has nothing to do with performance or path development. The text should be corrected and be something like: The crossCertificatePair attribute, held in a particular CA's directory entry, may be used to store certificates issued by this CA to other CAs, as well as certificates issued for this CA by other CAs. Values held in the forward element are certificates issued for this CA by other CAs, while values in the reverse ele- ment are certificates issued by this CA for other CAs. Either cer- tificate, if present, may be used in building certificate paths for validation and may be published in the directory entries of either CA or both. ... which is exactly what is in the original text ! The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. This set of certificates is a subset of the values of the forward element of the crossCertificatePair attribute in the same CA entry. In addition, the cACertificate attribute shall beused to store self-issued certificates. When there are no domains, and IF the text was corrected as indicated hereabove (i.e. back to the text of the original version) then we would be "compatible" with the previous text, but this is not the case. Did I understood correctly ? I believe that there are "good" resons to introduce the notion of "domain". Are these "good reasons" technical or commercial ? If they are technical then they SHALL be written in the document. But what about if they are "commercial" ? For the time being, I can only vote for OPTION 0 (i.e. the original text) ! Denis -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id XAA12924 for ietf-pkix-bks; Thu, 3 Sep 1998 23:12:31 -0700 (PDT) Received: from fw.ssb.it (fw.ssb.it [192.106.128.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id XAA12918 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 23:12:29 -0700 (PDT) Received: from notesmail.ssb.it (domino.ssb.it [192.168.19.5]) by ns.ssb.it (8.8.5/8.7.3) with SMTP id KAA02099 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:14:03 +0200 (CEST) Received: by notesmail.ssb.it(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id C1256675.00231CDF ; Fri, 4 Sep 1998 08:23:31 +0200 X-Lotus-FromDomain: SSB From: "Andrea Sansone" <Sansone@ssb.it> To: ietf-pkix@imc.org Message-ID: <C1256675.0022D4B0.00@notesmail.ssb.it> Date: Fri, 4 Sep 1998 08:21:29 +0200 Subject: for option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA12415 for ietf-pkix-bks; Thu, 3 Sep 1998 21:21:59 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA12411 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 21:21:52 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <R8ZDT79L>; Fri, 4 Sep 1998 14:22:19 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC05D489@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Frank O'Dwyer'" <fod@brd.ie>, Dave Horvath <dave@chromatix.com> Cc: ietf-pkix@imc.org Subject: RE: path development complexity (was Re: What the straw poll mean s) Date: Fri, 4 Sep 1998 14:22:16 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I have a few views in that certs must be supported by mutually authenticated distributed X.500 directory systems otherwise 509 based systems just wont scale and provide the commercial utilitity as demanded by global EC directed organisations. Not having this foundation - one just drops into all sorts of operational cost, scaling and efficiency holes. The draft I put out attempts to put the onus on a CA to gets its directory act in order with a common information architecture (DIB) and not just a set of agreed object classes with multitudes of extensions and options - and that the CAs and their supporting directories provide a "sensible" set of validation services, starting at a very base level - for simple to implement client applications. One aspect of the cross cert issue is for the CA/directory system to know what the originating and verifying domain is so that it can select the necessary path information sets. there is some of this detail in my draft. To me its all in the information management design of a CA and its processing utilities and how that is effectively applied into a mutually authenticated (cert matching ruled) distributed directory system... Hence my previous comments about single server LDAP servers - they just cannot do the job. regards alan > -----Original Message----- > From: Frank O'Dwyer [SMTP:fod@brd.ie] > Sent: Friday, 4 September 1998 12:36 > To: Dave Horvath > Cc: ietf-pkix@imc.org > Subject: path development complexity (was Re: What the straw poll > means) > > Dave Horvath wrote: > > We are back the problem we raised earlier. Clients that > attempt to > > efficiently develop a path from the end entity to the trusted root > must > > explore 'n' paths (worst case scenario) prior to finding the > correct > > one with option 2. > > This is not on the topic of the straw poll, but I was wondering if > anyone has really looked into how difficult path development can get > in > a full-blown and well-connected global PKI? It seems to me that the > real > worst case scenario has you following cross-certificates until you > have > downloaded all the cross-certificates in the world. It would not have > to > get that bad before it was a serious problem. > > A few things would help prune the search (like the depth you are > willing > to search to, constraints within the certificates themselves), but > still > in general it has the potential to get truly nasty. Unless I have > missed > something, there are no positive hints in the certificates that would > guide path development (perhaps there should be? There is a > resemblance > to the "travelling salesman" problem here, and it would certainly be > ironic if building a path turned out to be as hard as factoring.:) > > Anyone looked at this? If it is a problem, then it might be reasonable > to give recommendations on using constraints (or something else) in > order to encourage the creation of cross-certificates that are > "path-development friendly", and in order to discourage scenarios that > lead to directory search explosions. > > Apologies if I am re-hashing something that has already been discussed > here. > > Cheers, > Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA12101 for ietf-pkix-bks; Thu, 3 Sep 1998 20:30:18 -0700 (PDT) Received: from mail1.toronto.istar.net (mail1.toronto.istar.net [209.89.75.17]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA12097 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 20:30:11 -0700 (PDT) Received: from ts55-02.tor.istar.ca ([204.191.148.33] helo=2keys.ca) by mail1.toronto.istar.net with esmtp (Exim 2.02 #1) id 0zEmeE-0007PK-00 for ietf-pkix@imc.org; Thu, 3 Sep 1998 23:34:54 -0400 Message-ID: <35EF5EF5.5806405F@2keys.ca> Date: Thu, 03 Sep 1998 23:31:01 -0400 From: Tony Bates <tbates@2keys.ca> X-Mailer: Mozilla 4.05 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA11572 for ietf-pkix-bks; Thu, 3 Sep 1998 19:33:51 -0700 (PDT) Received: from post.mail.demon.net (post-12.mail.demon.net [194.217.242.41]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA11568 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 19:33:50 -0700 (PDT) Received: from [158.152.104.114] (helo=brd.ie) by post.mail.demon.net with esmtp (Exim 2.02 #1) id 0zEllm-00049c-00; Fri, 4 Sep 1998 02:38:39 +0000 Message-ID: <35EF51F2.C02A4011@brd.ie> Date: Fri, 04 Sep 1998 03:35:30 +0100 From: "Frank O'Dwyer" <fod@brd.ie> X-Mailer: Mozilla 4.06 [en] (Win95; I) MIME-Version: 1.0 To: Dave Horvath <dave@chromatix.com> CC: ietf-pkix@imc.org Subject: path development complexity (was Re: What the straw poll means) References: <3.0.3.32.19980903110239.018aa560@mail.cost.se> <35EE913F.4F724E31@chromatix.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Dave Horvath wrote: > We are back the problem we raised earlier. Clients that attempt to > efficiently develop a path from the end entity to the trusted root must > explore 'n' paths (worst case scenario) prior to finding the correct > one with option 2. This is not on the topic of the straw poll, but I was wondering if anyone has really looked into how difficult path development can get in a full-blown and well-connected global PKI? It seems to me that the real worst case scenario has you following cross-certificates until you have downloaded all the cross-certificates in the world. It would not have to get that bad before it was a serious problem. A few things would help prune the search (like the depth you are willing to search to, constraints within the certificates themselves), but still in general it has the potential to get truly nasty. Unless I have missed something, there are no positive hints in the certificates that would guide path development (perhaps there should be? There is a resemblance to the "travelling salesman" problem here, and it would certainly be ironic if building a path turned out to be as hard as factoring.:) Anyone looked at this? If it is a problem, then it might be reasonable to give recommendations on using constraints (or something else) in order to encourage the creation of cross-certificates that are "path-development friendly", and in order to discourage scenarios that lead to directory search explosions. Apologies if I am re-hashing something that has already been discussed here. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA11432 for ietf-pkix-bks; Thu, 3 Sep 1998 19:01:53 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA11427 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 19:01:45 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <R8ZDT787>; Fri, 4 Sep 1998 12:02:05 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC05D484@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Where to store CA certificates Date: Fri, 4 Sep 1998 12:02:04 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Agree with this - but in particular - if the directory system does not correctly support distributed operations (as per X.500 DSP) and does not implement certificate based matching rules and the client software does not provide under what guise or domain they are validating from, then it (cert path processing and validation) is inefficient, may be fragile and will be difficult to manage and therefore operationllay risky. With no dir matching/filter rules and accessing a CAs entry could bring back CRLs, a bunch of CA cross certs and the client may be none the wiser. As per my other comments - dealing with 509 paths in a distributed way without efficient distributed directories and cert based features seems odd situation to discuss. Views on my draft re dir - cert stat could progress the issue re "complexity" and "efficiency" of validation actions. regards alan > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Friday, 4 September 1998 10:11 > To: 'Ambarish Malpani'; 'ietf-pkix@imc.org' > Subject: RE: Where to store CA certificates > > Ambarish: > > We should explore your point further. But, I am assuming that > features > such as subject public key identifier and authority public key > identifier, name constraints (in conjunction with pathToName matching > rule), key usage are available for proper digital signature > certificate. > The question becomes of these which one will lead to the trust anchor > of > the relying party from the current CA (assuming you are developing a > path from subject to the relying party trust anchor). > > I am afraid that the CA may not help much except say which > certificates > issued to it are from its domain/family/partners/preferred or whatever > and which are from others. > > I also see all of us doing rapid fire on this one without considering > all the ramifications. I am probably the worst culprit. I will be > the > first one to admit that I am the worst offender. > > I do not claim to have the solutions, full knowledge or the final word > on the path development, but to use the PKI technology efficiently, > lot > may have to fall in place. I am not sure directory products and > client > products are stepping up to offering the potential need for > efficiency. > > Let me give you simple example in which option 2 may choke the network > and/or client if there are no matching rules implemented both in the > directory and the client. Let us assume that a CA has issued 30 > certificates to other CAs but has been issued very few certificates > itself. Under option 2, the CA must populate the reverse component of > the crossCertificatePair attribute 30 times, and these will be > returned > on a query, if both the client and the directory do not implement > matching rules. > > I have thought long and hard and find that option 1 gives us the best > hope for path development efficiency. > > > > -----Original Message----- > > From: Ambarish Malpani [SMTP:ambarish@valicert.com] > > Sent: Thursday, September 03, 1998 12:54 PM > > To: 'ietf-pkix@imc.org' > > Subject: Where to store CA certificates > > > > Hi Guys, > > Given the huge amount of passion that the topic of where one > > stores CA certificates has generated, it seems to me that path > > building is both a complicated and important thing ;-) > > > > If the premise above is true, wouldn't one want to prioritize > > path building more precisely than just lumping CA certs into > > one of two categories (intra-domain/inter-domain)? > > > > Would it make sense to have another attribute attached to > > CA certificates - something like a "priority" field, with say > > an integer value, where, during path building you first try to > > build paths with the CA cert with the highest priority? > > > > Or is this a BAD idea, because it doesn't work with any of > > the current implementations? > > > > Comments? Sharon, Santosh? > > > > Regards, > > Ambarish > > > > -- > > > --------------------------------------------------------------------- > > Ambarish Malpani > > Architect 650.567.5457 > > ValiCert, Inc. > > ambarish@valicert.com > > 1215 Terra Bella Ave. > http://www.valicert.com > > Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id SAA10891 for ietf-pkix-bks; Thu, 3 Sep 1998 18:29:34 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id SAA10887 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 18:29:29 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <R8ZDT78T>; Fri, 4 Sep 1998 11:29:45 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC05D483@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Ambarish Malpani'" <ambarish@valicert.com>, Carlisle Adams <carlisle.adams@entrust.com> Cc: ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Fri, 4 Sep 1998 11:29:45 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk comments in line > -----Original Message----- > From: Ambarish Malpani [SMTP:ambarish@valicert.com] > Sent: Friday, 4 September 1998 6:41 > To: Carlisle Adams > Cc: ietf-pkix@imc.org > Subject: Re: Let's try to understand the real issue (was... RE: > What the straw poll means) > > Hi Carlisle, > Is the expectation that everybody is directly accessing their > CA's LDAP directory? I always thought that each orginazation would > actually maintain its own LDAP directory and, therefore, be able > to specify which CAs are preferred over others. > > Are we really expecting people to share their directories with > everyone in the world? [Alan Lloyd] I think so - May be not quite share everything with everyone but I think there will be vertical market sector directory systems such as Defence, Finance, Transport, Health, Police, Postal, Telecomms, etc and that little old me with my directory entry will have certificates in - issued by them, so I can deal with these areas. And I will interconnect my directory system so I can use the services and privileges offered by these sectors. Just like my wallet contents allow me today with a range of plastic card services. The main distraction today is that LDAP servers are pointless devices (no distribution) for wide scale EC or cert path processing. And it seems that most systems being developed for CAs seem to grab an LDAP server (not an LDAP accessed X.500 server) and from that point on simply limit their scope of what a business does. In most cases all the business can do is do business with its self and its own CA. Its only when one realises that one has to connect ones Org directory system to other Orgs and multiple CAs that one hits the distribution issue - and throws the LDAP server in the bin. As for domains - I just see that as "the sphere of influence" or if qualified like Management Domain or Directory Management Domain (see X.501) it relates to the management influence and implied ownership of a directory or directory system. No Protocol or technical boundary is enforced unless for example with directories by Name containment - its usually an operational or business issue ie. with certs its how the certs are applied with a management and business related policy. My usual thoughts regards alan > Ambarish > > > Carlisle Adams wrote: > > > > Hi all, > > > > I propose that we try (once again) to understand what the real issue > is > > here. > > > > > ---------- > > > From: Ryan Moats[SMTP:jayhawk@att.com] > > > Sent: Thursday, September 03, 1998 12:14 PM > > > To: John_Wray@iris.com > > > Cc: ietf-pkix@imc.org > > > Subject: Retrieval efficiency herring? (was... RE: What the > straw > > > poll means) > > > > > > As somebody coming to the party late from the LDAP world, I don't > see > > > why > > > the certificates need to be retrieved from two places. An LDAP > lookup > > > of an > > > object with a fairly simple filter (objectclass="*") will return > all > > > of the > > > attributes associated with that object. Therefore a single lookup > > > will return > > > both attributes, so I don't understand how retrieval efficiency is > > > gained. > > > > > O.K., so we see that a single LDAP lookup can retrieve all > certificates > > (which, after careful enumeration, was found to be "n") in either > option > > 1 or option 2. > > > > The claimed advantage of option 1 is that this retrieval gets me > > certificates that are sorted into "intra-domain" and "inter-domain", > > which can help in efficient path construction. Let's think about > this > > for a moment. The CA doing this sorting is, by definition, NOT > DIRECTLY > > TRUSTED BY ME (because if it was directly trusted by me, I would > > already have a trusted copy of its public key and would not need > > certificates in which it was the subject). If it is not directly > > trusted by me, then why would I necessarily trust it to do this > sorting > > in a way that is beneficial to my path construction needs? How does > it > > know what *my* definition of "domain" is? How does it know whether > most > > of my certificate validations will be "intra" its definition of > domain > > or "inter" its definition of domain? > > > > If this CA's definition of domain and my definition of domain do not > > coincide exactly (and why should they, since in general this CA and > I > > have no pre-established relationship?), then this sorting performed > by > > the CA is not merely useless to me, it is actually an explicit > > disadvantage (because the proponents of option 1 are recommending > that > > all the intra-domain certificates be examined *before* the > inter-domain > > certificates are examined, leading to worst-case path-construction > times > > for what may turn out to be a common scenario). > > > > Relying parties know what certificates they will be validating most > > often, depending upon what particular activity they are engaged in > at > > the moment. THAT defines the relying parties' "intra" and "inter" > > domains. CAs in the middle of a cert. path cannot possibly know > this, > > in general, so having THEM define a domain and sort certificates > > according to that definition is really meaningless. > > > > Note that there will be special circumstances in which one > definition of > > domain will be understood throughout a given environment (e.g., the > > strict hierarchy of CAs has been cited in previous posts on this > topic). > > In such cases there is a clear efficiency advantage to be gained in > path > > construction. This is why option 2 is the perfect compromise: for > such > > environments relying parties need only retrieve the n1 < n > certificates > > that they *know* will be useful to them. Option 2 therefore meets > the > > needs of the general case as well as the special case, while > > simultaneously guaranteeing interoperability of two installed bases > > which would otherwise have no hope of interoperating today. > > > > The price of this panacea? A few redundant certificates in the > > Directory. Is it really worth sacrificing the general- (and perhaps > > common-) case scenario, as well as interoperability, in order to > save a > > few certificates and satisfy a particular special-case? I haven't > yet > > heard any convincing arguments... > > > > Carlisle. > > -- > --------------------------------------------------------------------- > Ambarish Malpani > Architect 650.567.5457 > ValiCert, Inc. > ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA10579 for ietf-pkix-bks; Thu, 3 Sep 1998 17:29:36 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA10575 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:29:35 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZW17>; Thu, 3 Sep 1998 20:33:56 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D22B@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'John_Wray@iris.com'" <John_Wray@iris.com>, Santosh Chokhani <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 20:33:53 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Thursday, September 03, 1998 8:19 PM > To: 'John_Wray@iris.com'; 'Santosh Chokhani' > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 3, 1998 7:50 PM > > To: 'John_Wray@iris.com'; Santosh Chokhani > > Cc: ietf-pkix@imc.org > > Subject: RE: What the straw poll means > > > > John: > > > > As Dave Horvath has replied, retrieval efficiency is the same. > > > > Option 2 also retrieves all multiple certificates and hence > introduces > > communication delays and unnecessary bandwidth usage > This is dependent on the query. > > For relying parties that have the same understanding of 'domain' as > the > CA, they could either > a) send an LDAP search request which retrieves ONLY the values of the > cACertificate attribute and then after exhausting them, send another > request that would retrieve the crossCertificatePair attribute values > or > [] In a), another bind and access to directory may cause delays > b) send a single LDAP search request that would retrieve both > attributes. In b) yes they woud retrieve the multiples. > In a) they would retrieve multiples only if they were unsuccessful > with > the 'domain' certs. In b) they would receive multiples. > > Relying parties that ignore the 'domain' specifics would send a single > LDAP search request that would retrieve only the crossCertificatePair > attribute and would never receive multiples. > > . > > > > Using option 2, if a client only retrieves crossCertificatePair > > attribute only, it loses potential for efficiency. > > > > Your last paragraph is precisely my point. Dividing the > certificates > > in > > two buckets has potential for help and never hurts. > > > > By the way, a class of application may choose to prefer exploring > > inter-domain certificates first, if so deemed. > > > > > -----Original Message----- > > > From: John_Wray@iris.com [SMTP:John_Wray@iris.com] > > > Sent: Thursday, September 03, 1998 8:51 AM > > > To: Santosh Chokhani > > > Cc: ietf-pkix@imc.org > > > Subject: RE: What the straw poll means > > > > > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > > > > > >The basic difference between the two approaches is the under > option > > 1 > > > >you store a certificate only one time under a CA's entry. Which > > > >certifying CA is in its domain is upto a subject CA to decide. > > > > > > > >In all honesty, I do not see a benefit to option 2 except for the > > > >argument that some installed base already does it this way. > > > > > > The difference between the two options is primarily storage > > efficiency > > > vs. > > > retrieval efficiency. Both options divide a CAs certs into two > > piles. > > > Option 1 has pile A containing only intra-domain certs, and pile B > > > containing only inter-domain certs; option 2 has pile A containing > > > only > > > intra-domain certs and pite B containing all certs. Which option > is > > > superior depends on two things: > > > > > > whether you care more about storage efficiency in the directory > > > (option > > > 2 stores intra-domain certificates twice) or retrieval > efficiency > > > for > > > the verifier (option 1 require a verifier that wants all a > target > > > CA's > > > certificates to retrieve them from two places). > > > typical usage scenarios by verifiers - i.e. the percentage of > > > clients > > > that are going to want to locate just inter-domain certs, > > compared > > > to > > > clients that either don't care about the difference or are only > > > interested in intra-domain certs. Retrieval of _just_ > > inter-domain > > > certs is easier under option 1, retrieval of _all_ certs is > > easier > > > under > > > option 2, and retrieval of _just_ intra-domain certs is the > same > > > under > > > both options. > > > > > > > > > Consider a fairly randomly structured PKI, where the verifier has > a > > > set of > > > trusted roots loaded into it (assume they've been loaded under > user > > > control, with no particular order to them), and is trying to > verify > > > the key > > > of some server that it hasn't spoken to before. It has no idea of > > > which > > > "domain" the target's CA thinks it belongs to; it just wants to > pull > > > all > > > the certs that have that CA as a subject, and see if it can > > construct > > > a > > > valid chain starting at one of its trusted roots. > > > > > > Having the target CA divide its certificates between two places > > within > > > the > > > directory is no help to this verifier. All it does it force the > > > verifier > > > to make two retrieval operations instead of the one that would be > > > required > > > by option 2. The verifier isn't really interested in whether a > > > particular > > > certificate comes from another CA from the same "domain" as the > > > target's CA > > > - if it cares about "domains" at all, what it would be interested > in > > > is if > > > any certs come from the same domain as the verifier (or one of its > > > trusted > > > roots), not the target (and of course that's verifier-specific). > > > > > > For the special (and probably quite common) case where the > verifier > > > and > > > target happen to be in the same domain, the distinction probably > is > > > useful. > > > Option 2 supports this case just as well as does option 1, by > > allowing > > > the > > > CA to place intra-domain certs in a separate place so that clients > > in > > > that > > > domain can retrieve them first (or possibly even _instead_of_ > going > > to > > > the > > > all-certs list). > > > > > > John > > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA10535 for ietf-pkix-bks; Thu, 3 Sep 1998 17:19:11 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA10529 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:19:09 -0700 (PDT) Received: by gateway.r3.ch id <6801>; Fri, 4 Sep 1998 02:25:16 +0100 Message-Id: <98Sep4.022516gmt+0100.6801@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'John_Wray@iris.com'" <John_Wray@iris.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 01:19:16 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 3, 1998 7:50 PM > To: 'John_Wray@iris.com'; Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > John: > > As Dave Horvath has replied, retrieval efficiency is the same. > > Option 2 also retrieves all multiple certificates and hence introduces > communication delays and unnecessary bandwidth usage This is dependent on the query. For relying parties that have the same understanding of 'domain' as the CA, they could either a) send an LDAP search request which retrieves ONLY the values of the cACertificate attribute and then after exhausting them, send another request that would retrieve the crossCertificatePair attribute values or b) send a single LDAP search request that would retrieve both attributes. In b) yes they woud retrieve the multiples. In a) they would retrieve multiples only if they were unsuccessful with the 'domain' certs. In b) they would receive multiples. Relying parties that ignore the 'domain' specifics would send a single LDAP search request that would retrieve only the crossCertificatePair attribute and would never receive multiples. > . > > Using option 2, if a client only retrieves crossCertificatePair > attribute only, it loses potential for efficiency. > > Your last paragraph is precisely my point. Dividing the certificates > in > two buckets has potential for help and never hurts. > > By the way, a class of application may choose to prefer exploring > inter-domain certificates first, if so deemed. > > > -----Original Message----- > > From: John_Wray@iris.com [SMTP:John_Wray@iris.com] > > Sent: Thursday, September 03, 1998 8:51 AM > > To: Santosh Chokhani > > Cc: ietf-pkix@imc.org > > Subject: RE: What the straw poll means > > > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > > > >The basic difference between the two approaches is the under option > 1 > > >you store a certificate only one time under a CA's entry. Which > > >certifying CA is in its domain is upto a subject CA to decide. > > > > > >In all honesty, I do not see a benefit to option 2 except for the > > >argument that some installed base already does it this way. > > > > The difference between the two options is primarily storage > efficiency > > vs. > > retrieval efficiency. Both options divide a CAs certs into two > piles. > > Option 1 has pile A containing only intra-domain certs, and pile B > > containing only inter-domain certs; option 2 has pile A containing > > only > > intra-domain certs and pite B containing all certs. Which option is > > superior depends on two things: > > > > whether you care more about storage efficiency in the directory > > (option > > 2 stores intra-domain certificates twice) or retrieval efficiency > > for > > the verifier (option 1 require a verifier that wants all a target > > CA's > > certificates to retrieve them from two places). > > typical usage scenarios by verifiers - i.e. the percentage of > > clients > > that are going to want to locate just inter-domain certs, > compared > > to > > clients that either don't care about the difference or are only > > interested in intra-domain certs. Retrieval of _just_ > inter-domain > > certs is easier under option 1, retrieval of _all_ certs is > easier > > under > > option 2, and retrieval of _just_ intra-domain certs is the same > > under > > both options. > > > > > > Consider a fairly randomly structured PKI, where the verifier has a > > set of > > trusted roots loaded into it (assume they've been loaded under user > > control, with no particular order to them), and is trying to verify > > the key > > of some server that it hasn't spoken to before. It has no idea of > > which > > "domain" the target's CA thinks it belongs to; it just wants to pull > > all > > the certs that have that CA as a subject, and see if it can > construct > > a > > valid chain starting at one of its trusted roots. > > > > Having the target CA divide its certificates between two places > within > > the > > directory is no help to this verifier. All it does it force the > > verifier > > to make two retrieval operations instead of the one that would be > > required > > by option 2. The verifier isn't really interested in whether a > > particular > > certificate comes from another CA from the same "domain" as the > > target's CA > > - if it cares about "domains" at all, what it would be interested in > > is if > > any certs come from the same domain as the verifier (or one of its > > trusted > > roots), not the target (and of course that's verifier-specific). > > > > For the special (and probably quite common) case where the verifier > > and > > target happen to be in the same domain, the distinction probably is > > useful. > > Option 2 supports this case just as well as does option 1, by > allowing > > the > > CA to place intra-domain certs in a separate place so that clients > in > > that > > domain can retrieve them first (or possibly even _instead_of_ going > to > > the > > all-certs list). > > > > John > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA10465 for ietf-pkix-bks; Thu, 3 Sep 1998 17:06:35 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA10461 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:06:34 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZWAW>; Thu, 3 Sep 1998 20:10:55 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D229@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Ambarish Malpani'" <ambarish@valicert.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Where to store CA certificates Date: Thu, 3 Sep 1998 20:10:53 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Ambarish: We should explore your point further. But, I am assuming that features such as subject public key identifier and authority public key identifier, name constraints (in conjunction with pathToName matching rule), key usage are available for proper digital signature certificate. The question becomes of these which one will lead to the trust anchor of the relying party from the current CA (assuming you are developing a path from subject to the relying party trust anchor). I am afraid that the CA may not help much except say which certificates issued to it are from its domain/family/partners/preferred or whatever and which are from others. I also see all of us doing rapid fire on this one without considering all the ramifications. I am probably the worst culprit. I will be the first one to admit that I am the worst offender. I do not claim to have the solutions, full knowledge or the final word on the path development, but to use the PKI technology efficiently, lot may have to fall in place. I am not sure directory products and client products are stepping up to offering the potential need for efficiency. Let me give you simple example in which option 2 may choke the network and/or client if there are no matching rules implemented both in the directory and the client. Let us assume that a CA has issued 30 certificates to other CAs but has been issued very few certificates itself. Under option 2, the CA must populate the reverse component of the crossCertificatePair attribute 30 times, and these will be returned on a query, if both the client and the directory do not implement matching rules. I have thought long and hard and find that option 1 gives us the best hope for path development efficiency. > -----Original Message----- > From: Ambarish Malpani [SMTP:ambarish@valicert.com] > Sent: Thursday, September 03, 1998 12:54 PM > To: 'ietf-pkix@imc.org' > Subject: Where to store CA certificates > > Hi Guys, > Given the huge amount of passion that the topic of where one > stores CA certificates has generated, it seems to me that path > building is both a complicated and important thing ;-) > > If the premise above is true, wouldn't one want to prioritize > path building more precisely than just lumping CA certs into > one of two categories (intra-domain/inter-domain)? > > Would it make sense to have another attribute attached to > CA certificates - something like a "priority" field, with say > an integer value, where, during path building you first try to > build paths with the CA cert with the highest priority? > > Or is this a BAD idea, because it doesn't work with any of > the current implementations? > > Comments? Sharon, Santosh? > > Regards, > Ambarish > > -- > --------------------------------------------------------------------- > Ambarish Malpani > Architect 650.567.5457 > ValiCert, Inc. > ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10394 for ietf-pkix-bks; Thu, 3 Sep 1998 16:59:54 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10390 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:59:52 -0700 (PDT) Received: by gateway.r3.ch id <6804>; Fri, 4 Sep 1998 02:05:54 +0100 Message-Id: <98Sep4.020554gmt+0100.6804@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: chokhani@cygnacom.com, John_Wray@iris.com, "'John Everson'" <John.Everson@mail.sprint.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 00:59:48 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: John Everson[SMTP:John.Everson@mail.sprint.com] > Sent: September 3, 1998 10:52 AM > To: chokhani@cygnacom.com; John_Wray@iris.com > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > > Does this mean there will be a new option (3): > > container/pile of intra-domain certs > container/pile of inter-domain certs > container/pile of all certs > > Or do we throw everything into one container and offer a different > mechanism for distinction? > > The 'one container' option is the solution as per the current text in the internet draft. > -----Original Message----- > From: John.Wray [mailto:John_Wray@iris.com] > Sent: Thursday, September 03, 1998 7:51 AM > To: chokhani > Cc: John.Wray; ietf-pkix > Subject: RE: What the straw poll means > > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency > > vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing > only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory > (option > 2 stores intra-domain certificates twice) or retrieval efficiency > for > the verifier (option 1 require a verifier that wants all a target > CA's > certificates to retrieve them from two places). > typical usage scenarios by verifiers - i.e. the percentage of > clients > that are going to want to locate just inter-domain certs, compared > to > clients that either don't care about the difference or are only > interested in intra-domain certs. Retrieval of _just_ inter-domain > certs is easier under option 1, retrieval of _all_ certs is easier > under > option 2, and retrieval of _just_ intra-domain certs is the same > under > both options. > > > Consider a fairly randomly structured PKI, where the verifier has a > set > of > trusted roots loaded into it (assume they've been loaded under user > control, with no particular order to them), and is trying to verify > the > key > of some server that it hasn't spoken to before. It has no idea of > which > "domain" the target's CA thinks it belongs to; it just wants to pull > all > the certs that have that CA as a subject, and see if it can construct > a > valid chain starting at one of its trusted roots. > > Having the target CA divide its certificates between two places within > > the > directory is no help to this verifier. All it does it force the > verifier > to make two retrieval operations instead of the one that would be > required > by option 2. The verifier isn't really interested in whether a > particular > certificate comes from another CA from the same "domain" as the > target's CA > - if it cares about "domains" at all, what it would be interested in > is > if > any certs come from the same domain as the verifier (or one of its > trusted > roots), not the target (and of course that's verifier-specific). > > For the special (and probably quite common) case where the verifier > and > target happen to be in the same domain, the distinction probably is > useful. > Option 2 supports this case just as well as does option 1, by allowing > > the > CA to place intra-domain certs in a separate place so that clients in > that > domain can retrieve them first (or possibly even _instead_of_ going to > > the > all-certs list). > > John > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10378 for ietf-pkix-bks; Thu, 3 Sep 1998 16:59:19 -0700 (PDT) Received: from portalcp.chevron.com (firewall-user@portalcp.chevron.com [207.24.17.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10374 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:59:18 -0700 (PDT) Received: (from uucp@localhost) by portalcp.chevron.com (8.9.1a/8.9.1) id RAA23158 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:03:51 -0700 (PDT) Received: from orbitcity.sr.chevron.com(146.27.94.253) by portalcp.chevron.com via smap (4.1) id xma023027; Thu, 3 Sep 98 17:03:40 -0700 Received: from chvpk-msxb1.sr.chevron.com (chvpk-msxb1.sr.chevron.com [146.27.94.102]) by orbitcity.chevron.com (8.9.1a/8.9.1) with ESMTP id RAA21084 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:03:35 -0700 (PDT) Received: by chvpk-msxb1.sr.chevron.com with Internet Mail Service (5.5.1960.3) id <SG6CMP1Q>; Thu, 3 Sep 1998 17:03:35 -0700 Message-ID: <F937986CEE1CD211A66100805FFE9870645B@VA1050-MSX1.vn1050.chevron.com> From: "Eaton, James (EATO)" <EATO@chevron.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Thu, 3 Sep 1998 17:01:52 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mail.proper.com id QAA10375 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10349 for ietf-pkix-bks; Thu, 3 Sep 1998 16:53:54 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10345 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:53:51 -0700 (PDT) Received: by gateway.r3.ch id <6806>; Fri, 4 Sep 1998 01:59:55 +0100 Message-Id: <98Sep4.015955gmt+0100.6806@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Bill Burr'" <william.burr@nist.gov>, Dave Horvath <David.Horvath@chromatix.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 00:53:58 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 3, 1998 7:41 PM > To: 'Bill Burr'; Dave Horvath > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > Bill, > > But under option 1 also all certificates are there since LAP gives you > all the attributes. > > All option 1 does is reduce the communication load, Disagree - this is dependent on the query placed by the client system > processing load, Disagree - this is dependent on the certificate and path discovery algorithm and mechanism used by the client system > storage load Agree - in those cases where the local definition of "domain" results in duplication > and provide you a potential for efficiency. Possibly in a closed specific environment to tthe detriment of other clients > With very, > very little software complexity Implementation specific > , you have a potential for gaining a lot > on the computational complexity. Algorithm and process specific > > -----Original Message----- > > From: Bill Burr [SMTP:william.burr@nist.gov] > > Sent: Thursday, September 03, 1998 12:48 PM > > To: Dave Horvath > > Cc: ietf-pkix@imc.org > > Subject: Re: What the straw poll means > > > > But what is a root here? Does it imply that a domain is PKI > > hierarchy? I > > can think of 3 plausible constructions of root, all of which I > believe > > I've > > seen used: > > > > (1) any CA whose key you choose to trust and therefore can start a > > certification path, but which may not imply any other organization > or > > structure; > > > > (2) a CA whose key everybody in the domain (what's a domain?) trusts > > and > > which sits on top of a hierarchical unidirectional certification > tree > > (as > > in MISSI or PEM); > > > > (3) a CA that exists to cross-certify with other CAs, but issues few > > or no > > end entity certificates, and starts few or no certification paths; > it > > simply exists to connect other CAs. Examples would be the ANX > > "supervisory > > CA," the Gov. of Canada "Level 0" CA operated by the Canadian > Central > > Facility, or the proposed Federal PKI "Bridge CA." Such a CA is > often > > depicted at the hub of a mesh, or the top of a hierarchy, and > operated > > in > > conjunction with the overall domain policy management authority. > > > > > > I suppose a "trusted root" can be either 1 or 2 above. > > > > But "root" to me doesn't necessarily say much about path > development, > > or > > PKI certification path structure. > > > > How about domain? What does it mean? I claim that the term makes > most > > sense to mean a part of a PKI that operates under the direction of a > > policy > > management entity. Which wouldn't necessarily mean that domain > > boundaries > > coincide with distinctions that are meaningful for certification > path > > building. > > > > Option 1 is probably useful if you think that a domain is > everything > > subordinate to the same root CA, where a root is any CA that > somebody > > uses > > to start a trust path. So in a cross-certified mesh PKI, every CA > is > > a > > domain onto itself, and all CA certificates wind up only, I think, > in > > the > > crossCertificatePair attribute. But in a hierarchical PKI most > > certificates wind up in the cACertificate Attribute. > > > > I have the feeling that Bob is right at least for option 1, unless > we > > know > > what a domain is we hardly know what we are getting. With option 2, > I > > suppose we are guaranteed that all certificates wind up in > > crossCertificatePair, whatever domain means. > > > > At 11:14 AM 9/3/98 -0400, you wrote: > > >Bob, > > > > > > I feel that the definition of domain is a local policy and that > > CAs > > >should be free to define it as they wish. Clients that > search/read > > CAs > > >entries and obtain the values from both the cACertificate and > > >crossCertificatePair attributes can explore the values in the > > cACertficate > > >attribute first. If a path to the trusted root is found, > processing > > stops. > > >If not, they can explore the crossCertificatePair attribute. Using > > this > > >algorithm CAs can define their domain and post each of their CA > > certificates > > >to one attribute or the other. The only adverse affect will be > > efficiency > > >in path development on the client side if the CA does not > carefully > > select > > >intra or inter domain. WIth option 1, the certificates are not > > duplicated. > > >With option 2, they are. > > > > > >But if we have an installed base that only looks in the > > crossCertificatePair > > >attribute, then we have a problem. In that case option 2 will help > > at the > > >expense of duplicating the data. I suggest we avoid duplication > if > > >possible, but we certainly must evaluate the installed base. > > > > > >Dave Horvath > > > > > > > > > > > > > > >-----Original Message----- > > >From: Bob Jueneman <BJUENEMAN@novell.com> > > >To: chokhani@cygnacom.com <chokhani@cygnacom.com>; > ietf-pkix@imc.org > > ><ietf-pkix@imc.org> > > >Date: Wednesday, September 02, 1998 10:21 PM > > >Subject: RE: What the straw poll means > > > > > > > > >>Santosh doesn't seem to have answered the questions I've raised > > >>regarding the definition of the domain, but he seems to believe > that > > >>option 2 doesn't solve that problem either. > > >> > > >>If so, I am increasingly beginning to lean towards "NONE OF THE > > >>ABOVE". > > >> > > >>Rebuttal, Sharon/Carlisle? > > >> > > >>Bob > > >> > > >>>Yes Bob. I hate to say this, but you have misinterpreted. > > >>> > > >>>The basic difference between the two approaches is the under > option > > 1 > > >>>you store a certificate only one time under a CA's entry. Which > > >>>certifying CA is in its domain is upto a subject CA to decide. > > >>> > > >>>In all honesty, I do not see a benefit to option 2 except for the > > >>>argument that some installed base already does it this way. > > >>> > > >>>Option 1 achieves everything option 2 and with efficiency. > > >>> > > >>>I do not understand how option 2 solves your problems either. We > > need > > >>>to have a discussion on computational complexity of path > > development to > > >>>allay your concerns. > > >>> > > >>>The way I look at the difference between the two options is that > if > > >>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 > in > > one > > >>>bucket and n2 in another. Option 2 says put n in one bucket and > n1 > > in > > >>>another. When you retrieve the two buckets (which you must for > > path > > >>>development efficiency), option 2 gives you n+n1 certificates and > > option > > >>>1 gives you exactly all n. > > >>> > > >>>> -----Original Message----- > > >>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > > >>>> Sent: Wednesday, September 02, 1998 8:33 PM > > >>>> To: ietf-pkix@imc.org > > >>>> Cc: chokhani@cygnacom.com > > >>>> Subject: What the straw poll means > > >>>> > > >>>> This is almost as exciting as watching a horse race! > > >>>> > > >>>> But what are we to make of the situation if the vote is as > > >>>> close as it appears to be at present -- does that truly > indicate > > >>>> a "rough consensus"? > > >>>> > > >>>> As of earlier this morning, Chromatix was ahead, with > > >>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes > > >>>> cast; and MISSI some others are clustered around third place. > > >>>> > > >>>> So far, with the exception of a split between MISSI and NIST > > >>>> as two US Government factions, the voting seems to be > > >>>> strictly by company. > > >>>> > > >>>> Now, the polite fiction within the IETF is that memberships are > > by > > >>>> individual, and that there are no "votes" per se, and certainly > > not > > >>>> on a company by company basis. That's the fiction, at least.. > > >>>> Whether this convention shall long endure now that the IETF has > > >>>> apparently lost some or all of its government funding and has > > >>>> to become more self-sufficient will be interesting to see. > > >>>> > > >>>> But unless one side or the other starts to make some > significant > > >>>> in-roads by the dint of more persuasive technical argument, > then > > I > > >>>> think > > >>>> it's effectively a draw, and we may be counting companies and > > their > > >>>> installed base at least as much, and perhaps more, than > > >>>> balancing the technical alternatives. > > >>>> > > >>>> Now, if we are truly at a technical impasse and the vote has to > > be > > >>>> binary, i.e., only one way or the other, then maybe counting > > installed > > >>>> clients and minimizing the pain is really the way to go, but > > frankly > > >>>> that approach makes me uncomfortable. I want both > > interoperability > > >>>> AND efficiency, and I would hate to see us don't want to be > > >>>> pressured into a less than satisfactory decision, whatever that > > is, > > >>>> just because we are in a rush to get over the next hurdle in > the > > >>>> standards progression. > > >>>> > > >>>> I originally said that I was inclined to go with option 1, > > because > > >>>> it at least appeared to be simpler. However, I also said that > I > > was > > >>>> concerned about the "local" definition of a domain by a CA, > > >>>> and the more I think about it, the more concerned I get. > > >>>> > > >>>> That approach might be viable for an organization such as > MISSI, > > >>>> where everyone presumably knows what community of interest > > >>>> they fall into, but how would it apply to a public CA such as > > >>>> VeriSign? > > >>>> > > >>>> Would they view all of their certificates as falling into one > > domain, > > >>>> including any certificates issued by subordinate CAs, as in the > > case > > >>>> of the old RSA Commercial hierarchy? > > >>>> > > >>>> What about GTE CyberTrust, considering their presumed affinity > > >>>> with their ISP business. Would all of those certificates fall > > into > > >>>> one domain? > > >>>> > > >>>> Now suppose I want to validate a certificate from Erols. Do I > > decide > > >>>> that > > >>>> because Erols is in the top half of the alphabet that they > > probably > > >>>> use GTE, whereas Xerox would probably use VeriSign? Or do we > do > > an > > >>>> East Coast/West Coast split, like radio and TV stations use W > or > > K in > > >>>> their call sign? > > >>>> > > >>>> What if Novell and Microsoft were to become CAs and issue > > certificates > > >>>> > > >>>> to their customers directly, at least their larger accounts. > > Would > > >>>> the relying > > >>>> party have to try to divine whether a subscriber was running > > NetWare > > >>>> or > > >>>> NT in order to decide what domain they would be likely to be > in? > > >>>> > > >>>> Santosh, have I misrepresented the issue here? Feel free to > > correct > > >>>> me, if so. > > >>>> Maybe I just don't understand. > > >>>> > > >>>> Now, if the definition of "domain" were amended somewhat, > perhaps > > some > > >>>> of these difficulties might go away. > > >>>> > > >>>> In particular, it seems to me that "domain" probably ought to > > have a > > >>>> lot to do > > >>>> with name subordination, or at least the possibility of doing > > name > > >>>> subordination, > > >>>> so that it would be deterministic. That might not solve all of > > the > > >>>> concerns that those > > >>>> who are inclined to vote for option 2 might have in mind, but > it > > might > > >>>> help. > > >>>> > > >>>> So if I am a Novell employee, and I receive an S/MIME message > > that > > >>>> contains > > >>>> a certificate that begins with c=US, o=Novell, I can probably > > make an > > >>>> excellent > > >>>> good guess of what CA to go to, assuming that Novell operates a > > CA in > > >>>> its > > >>>> own name. But where do I go for a certificate from Acme > > >>>> Manufacturing? > > >>>> > > >>>> I don't mean to beat up on the option 1 folks exclusively -- > > maybe > > >>>> there are > > >>>> some things that could be done within the options 2 that would > > come > > >>>> closer to a > > >>>> compromise without breaking those existing clients. But I need > > to > > >>>> think about that > > >>>> some more. maybe someone else could volunteer some > suggestions. > > >>>> > > >>>> Bob > > >>>> > > >>>> Robert R. Jueneman > > >>>> Novell, Inc. > > >>>> 122 E. 1700 South > > >>>> Provo, UT 84606 > > >>>> bjueneman@novell.com > > >>>> 1-801-861-7387 > > >> > > >> > > > > > > > > Regards, > > > > Bill Burr > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10339 for ietf-pkix-bks; Thu, 3 Sep 1998 16:52:58 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10335 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:52:57 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV9J>; Thu, 3 Sep 1998 19:57:18 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D227@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Carlisle Adams'" <carlisle.adams@entrust.com>, ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Thu, 3 Sep 1998 19:57:16 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > -----Original Message----- > From: Carlisle Adams [SMTP:carlisle.adams@entrust.com] > Sent: Thursday, September 03, 1998 2:25 PM > To: ietf-pkix@imc.org > Subject: Let's try to understand the real issue (was... RE: What > the straw poll means) > > Hi all, > > I propose that we try (once again) to understand what the real issue > is > here. > > > ---------- > > From: Ryan Moats[SMTP:jayhawk@att.com] > > Sent: Thursday, September 03, 1998 12:14 PM > > To: John_Wray@iris.com > > Cc: ietf-pkix@imc.org > > Subject: Retrieval efficiency herring? (was... RE: What the straw > > poll means) > > > > As somebody coming to the party late from the LDAP world, I don't > see > > why > > the certificates need to be retrieved from two places. An LDAP > lookup > > of an > > object with a fairly simple filter (objectclass="*") will return all > > of the > > attributes associated with that object. Therefore a single lookup > > will return > > both attributes, so I don't understand how retrieval efficiency is > > gained. > > > O.K., so we see that a single LDAP lookup can retrieve all > certificates > (which, after careful enumeration, was found to be "n") in either > option > 1 or option 2. > [] If you only retrieve crossCertificatePair attribute under option 2, you view the certificates of a single type and you lose path development efficiency. > The claimed advantage of option 1 is that this retrieval gets me > certificates that are sorted into "intra-domain" and "inter-domain", > which can help in efficient path construction. Let's think about this > for a moment. The CA doing this sorting is, by definition, NOT > DIRECTLY > TRUSTED BY ME (because if it was directly trusted by me, I would > already have a trusted copy of its public key and would not need > certificates in which it was the subject). If it is not directly > trusted by me, then why would I necessarily trust it to do this > sorting > in a way that is beneficial to my path construction needs? How does > it > know what *my* definition of "domain" is? How does it know whether > most > of my certificate validations will be "intra" its definition of domain > or "inter" its definition of domain? > > If this CA's definition of domain and my definition of domain do not > coincide exactly (and why should they, since in general this CA and I > have no pre-established relationship?), then this sorting performed by > the CA is not merely useless to me, it is actually an explicit > disadvantage (because the proponents of option 1 are recommending that > all the intra-domain certificates be examined *before* the > inter-domain > certificates are examined, leading to worst-case path-construction > times > for what may turn out to be a common scenario). > [] In these situations, you are no worse off than throwing the certificates in one bucket. > Relying parties know what certificates they will be validating most > often, depending upon what particular activity they are engaged in at > the moment. THAT defines the relying parties' "intra" and "inter" > domains. CAs in the middle of a cert. path cannot possibly know this, > in general, so having THEM define a domain and sort certificates > according to that definition is really meaningless. > [] This can be easily achieved using certificate and/or certificate path caching. > Note that there will be special circumstances in which one definition > of > domain will be understood throughout a given environment (e.g., the > strict hierarchy of CAs has been cited in previous posts on this > topic). > In such cases there is a clear efficiency advantage to be gained in > path > construction. This is why option 2 is the perfect compromise: for > such > environments relying parties need only retrieve the n1 < n > certificates > that they *know* will be useful to them. Option 2 therefore meets the > needs of the general case as well as the special case, while > simultaneously guaranteeing interoperability of two installed bases > which would otherwise have no hope of interoperating today. > > The price of this panacea? A few redundant certificates in the > Directory. Is it really worth sacrificing the general- (and perhaps > common-) case scenario, as well as interoperability, in order to save > a > few certificates and satisfy a particular special-case? I haven't yet > heard any convincing arguments... > > Carlisle. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10316 for ietf-pkix-bks; Thu, 3 Sep 1998 16:48:45 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10312 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:48:43 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV8R>; Thu, 3 Sep 1998 19:53:03 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D226@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Nada Kapidzic Cicovic'" <nada@cost.se>, Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Cc: Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 19:53:00 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > -----Original Message----- > From: Nada Kapidzic Cicovic [SMTP:nada@cost.se] > Sent: Thursday, September 03, 1998 5:03 AM > To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org > Cc: Santosh Chokhani > Subject: RE: What the straw poll means > > At 20:48 9/2/98 -0400, Santosh Chokhani wrote: > >Yes Bob. I hate to say this, but you have misinterpreted. > > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > > >Option 1 achieves everything option 2 and with efficiency. > > > >I do not understand how option 2 solves your problems either. We > need > >to have a discussion on computational complexity of path development > to > >allay your concerns. > > > >The way I look at the difference between the two options is that if > >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > one > >bucket and n2 in another. Option 2 says put n in one bucket and n1 > in > >another. When you retrieve the two buckets (which you must for path > >development efficiency), option 2 gives you n+n1 certificates and > option > >1 gives you exactly all n. > > With option 2 you do not have to look at n1 certificates > (cACertificate > attribute) at all. The n ones (from crossCertificatePair) are > sufficient > for your path building. > [] In that case you have potential for inefficiency in path development. > Nada > > > > >> -----Original Message----- > >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >> Sent: Wednesday, September 02, 1998 8:33 PM > >> To: ietf-pkix@imc.org > >> Cc: chokhani@cygnacom.com > >> Subject: What the straw poll means > >> > >> This is almost as exciting as watching a horse race! > >> > >> But what are we to make of the situation if the vote is as > >> close as it appears to be at present -- does that truly indicate > >> a "rough consensus"? > >> > >> As of earlier this morning, Chromatix was ahead, with > >> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >> cast; and MISSI some others are clustered around third place. > >> > >> So far, with the exception of a split between MISSI and NIST > >> as two US Government factions, the voting seems to be > >> strictly by company. > >> > >> Now, the polite fiction within the IETF is that memberships are by > >> individual, and that there are no "votes" per se, and certainly not > > >> on a company by company basis. That's the fiction, at least.. > >> Whether this convention shall long endure now that the IETF has > >> apparently lost some or all of its government funding and has > >> to become more self-sufficient will be interesting to see. > >> > >> But unless one side or the other starts to make some significant > >> in-roads by the dint of more persuasive technical argument, then I > >> think > >> it's effectively a draw, and we may be counting companies and their > > >> installed base at least as much, and perhaps more, than > >> balancing the technical alternatives. > >> > >> Now, if we are truly at a technical impasse and the vote has to be > >> binary, i.e., only one way or the other, then maybe counting > installed > >> clients and minimizing the pain is really the way to go, but > frankly > >> that approach makes me uncomfortable. I want both interoperability > >> AND efficiency, and I would hate to see us don't want to be > >> pressured into a less than satisfactory decision, whatever that is, > >> just because we are in a rush to get over the next hurdle in the > >> standards progression. > >> > >> I originally said that I was inclined to go with option 1, because > >> it at least appeared to be simpler. However, I also said that I > was > >> concerned about the "local" definition of a domain by a CA, > >> and the more I think about it, the more concerned I get. > >> > >> That approach might be viable for an organization such as MISSI, > >> where everyone presumably knows what community of interest > >> they fall into, but how would it apply to a public CA such as > >> VeriSign? > >> > >> Would they view all of their certificates as falling into one > domain, > >> including any certificates issued by subordinate CAs, as in the > case > >> of the old RSA Commercial hierarchy? > >> > >> What about GTE CyberTrust, considering their presumed affinity > >> with their ISP business. Would all of those certificates fall into > >> one domain? > >> > >> Now suppose I want to validate a certificate from Erols. Do I > decide > >> that > >> because Erols is in the top half of the alphabet that they probably > > >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an > > >> East Coast/West Coast split, like radio and TV stations use W or K > in > >> their call sign? > >> > >> What if Novell and Microsoft were to become CAs and issue > certificates > >> > >> to their customers directly, at least their larger accounts. Would > >> the relying > >> party have to try to divine whether a subscriber was running > NetWare > >> or > >> NT in order to decide what domain they would be likely to be in? > >> > >> Santosh, have I misrepresented the issue here? Feel free to > correct > >> me, if so. > >> Maybe I just don't understand. > >> > >> Now, if the definition of "domain" were amended somewhat, perhaps > some > >> of these difficulties might go away. > >> > >> In particular, it seems to me that "domain" probably ought to have > a > >> lot to do > >> with name subordination, or at least the possibility of doing name > >> subordination, > >> so that it would be deterministic. That might not solve all of the > >> concerns that those > >> who are inclined to vote for option 2 might have in mind, but it > might > >> help. > >> > >> So if I am a Novell employee, and I receive an S/MIME message that > >> contains > >> a certificate that begins with c=US, o=Novell, I can probably make > an > >> excellent > >> good guess of what CA to go to, assuming that Novell operates a CA > in > >> its > >> own name. But where do I go for a certificate from Acme > >> Manufacturing? > >> > >> I don't mean to beat up on the option 1 folks exclusively -- maybe > >> there are > >> some things that could be done within the options 2 that would come > >> closer to a > >> compromise without breaking those existing clients. But I need to > >> think about that > >> some more. maybe someone else could volunteer some suggestions. > >> > >> Bob > >> > >> Robert R. Jueneman > >> Novell, Inc. > >> 122 E. 1700 South > >> Provo, UT 84606 > >> bjueneman@novell.com > >> 1-801-861-7387 > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10300 for ietf-pkix-bks; Thu, 3 Sep 1998 16:46:40 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10296 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:46:38 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV8D>; Thu, 3 Sep 1998 19:50:59 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D225@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'John_Wray@iris.com'" <John_Wray@iris.com>, Santosh Chokhani <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 19:50:58 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk John: As Dave Horvath has replied, retrieval efficiency is the same. Option 2 also retrieves all multiple certificates and hence introduces communication delays and unnecessary bandwidth usage. Using option 2, if a client only retrieves crossCertificatePair attribute only, it loses potential for efficiency. Your last paragraph is precisely my point. Dividing the certificates in two buckets has potential for help and never hurts. By the way, a class of application may choose to prefer exploring inter-domain certificates first, if so deemed. > -----Original Message----- > From: John_Wray@iris.com [SMTP:John_Wray@iris.com] > Sent: Thursday, September 03, 1998 8:51 AM > To: Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency > vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing > only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory > (option > 2 stores intra-domain certificates twice) or retrieval efficiency > for > the verifier (option 1 require a verifier that wants all a target > CA's > certificates to retrieve them from two places). > typical usage scenarios by verifiers - i.e. the percentage of > clients > that are going to want to locate just inter-domain certs, compared > to > clients that either don't care about the difference or are only > interested in intra-domain certs. Retrieval of _just_ inter-domain > certs is easier under option 1, retrieval of _all_ certs is easier > under > option 2, and retrieval of _just_ intra-domain certs is the same > under > both options. > > > Consider a fairly randomly structured PKI, where the verifier has a > set of > trusted roots loaded into it (assume they've been loaded under user > control, with no particular order to them), and is trying to verify > the key > of some server that it hasn't spoken to before. It has no idea of > which > "domain" the target's CA thinks it belongs to; it just wants to pull > all > the certs that have that CA as a subject, and see if it can construct > a > valid chain starting at one of its trusted roots. > > Having the target CA divide its certificates between two places within > the > directory is no help to this verifier. All it does it force the > verifier > to make two retrieval operations instead of the one that would be > required > by option 2. The verifier isn't really interested in whether a > particular > certificate comes from another CA from the same "domain" as the > target's CA > - if it cares about "domains" at all, what it would be interested in > is if > any certs come from the same domain as the verifier (or one of its > trusted > roots), not the target (and of course that's verifier-specific). > > For the special (and probably quite common) case where the verifier > and > target happen to be in the same domain, the distinction probably is > useful. > Option 2 supports this case just as well as does option 1, by allowing > the > CA to place intra-domain certs in a separate place so that clients in > that > domain can retrieve them first (or possibly even _instead_of_ going to > the > all-certs list). > > John > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10264 for ietf-pkix-bks; Thu, 3 Sep 1998 16:41:27 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10259 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:41:25 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <117939>; Thu, 3 Sep 1998 09:57:08 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Thu, 3 Sep 1998 09:51:37 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id JAA13959; Thu, 3 Sep 1998 09:52:30 -0500 (CDT) From: John Everson <John.Everson@mail.sprint.com> X-OpenMail-Hops: 1 Date: Thu, 3 Sep 1998 09:52:26 -0500 Message-Id: <H0001a0e0314a456@MHS> Subject: RE: What the straw poll means TO: chokhani@cygnacom.com, John_Wray@iris.com CC: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="openmail-part-0ef743e1-00000001" Sender: owner-ietf-pkix@imc.org Precedence: bulk --openmail-part-0ef743e1-00000001 Content-Type: text/plain; charset=US-ASCII; name="BDY.TXT" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="BDY.TXT" Does this mean there will be a new option (3): container/pile of intra-domain certs container/pile of inter-domain certs container/pile of all certs Or do we throw everything into one container and offer a different mechanism for distinction? -----Original Message----- From: John.Wray [mailto:John_Wray@iris.com] Sent: Thursday, September 03, 1998 7:51 AM To: chokhani Cc: John.Wray; ietf-pkix Subject: RE: What the straw poll means Santosh Chokhani <chockani@cyqnacom.com> writes: >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. The difference between the two options is primarily storage efficiency vs. retrieval efficiency. Both options divide a CAs certs into two piles. Option 1 has pile A containing only intra-domain certs, and pile B containing only inter-domain certs; option 2 has pile A containing only intra-domain certs and pite B containing all certs. Which option is superior depends on two things: whether you care more about storage efficiency in the directory (option 2 stores intra-domain certificates twice) or retrieval efficiency for the verifier (option 1 require a verifier that wants all a target CA's certificates to retrieve them from two places). typical usage scenarios by verifiers - i.e. the percentage of clients that are going to want to locate just inter-domain certs, compared to clients that either don't care about the difference or are only interested in intra-domain certs. Retrieval of _just_ inter-domain certs is easier under option 1, retrieval of _all_ certs is easier under option 2, and retrieval of _just_ intra-domain certs is the same under both options. Consider a fairly randomly structured PKI, where the verifier has a set of trusted roots loaded into it (assume they've been loaded under user control, with no particular order to them), and is trying to verify the key of some server that it hasn't spoken to before. It has no idea of which "domain" the target's CA thinks it belongs to; it just wants to pull all the certs that have that CA as a subject, and see if it can construct a valid chain starting at one of its trusted roots. Having the target CA divide its certificates between two places within the directory is no help to this verifier. All it does it force the verifier to make two retrieval operations instead of the one that would be required by option 2. The verifier isn't really interested in whether a particular certificate comes from another CA from the same "domain" as the target's CA - if it cares about "domains" at all, what it would be interested in is if any certs come from the same domain as the verifier (or one of its trusted roots), not the target (and of course that's verifier-specific). For the special (and probably quite common) case where the verifier and target happen to be in the same domain, the distinction probably is useful. Option 2 supports this case just as well as does option 1, by allowing the CA to place intra-domain certs in a separate place so that clients in that domain can retrieve them first (or possibly even _instead_of_ going to the all-certs list). John --openmail-part-0ef743e1-00000001-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10263 for ietf-pkix-bks; Thu, 3 Sep 1998 16:41:26 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10255 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:41:25 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <116352>; Thu, 3 Sep 1998 11:26:02 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Thu, 3 Sep 1998 11:26:45 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id LAA08023; Thu, 3 Sep 1998 11:27:38 -0500 (CDT) X-OpenMail-Hops: 1 Date: Thu, 3 Sep 1998 11:27:34 -0500 Message-Id: <H00017cc03153bdb@MHS> Subject: Option 2 FROM: GIUBILEO/unix////////RFC-822/GIUBILEO#a#SPRINTSEC#f#COM@kcopmp01.corp.sprint.com TO: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="openmail-part-0ef92b5d-00000001" Sender: owner-ietf-pkix@imc.org Precedence: bulk --openmail-part-0ef92b5d-00000001 Content-Type: text/plain; charset=ISO-8859-1; name="BDY.RTF" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="BDY.RTF" +++++++++++++++++++++++++++++++++++++++++++ John P. Giubileo Director IP Security Services Sprint Corporate Security Phone: 913.624.4796 giubileo@sprintsec.com [PICTURE] --openmail-part-0ef92b5d-00000001-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10254 for ietf-pkix-bks; Thu, 3 Sep 1998 16:41:24 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10250 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:41:23 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <119676>; Thu, 3 Sep 1998 11:21:53 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Thu, 3 Sep 1998 11:19:38 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id LAA06624 for ietf-pkix@imc.org; Thu, 3 Sep 1998 11:20:03 -0500 (CDT) From: John Everson <John.Everson@mail.sprint.com> X-OpenMail-Hops: 1 Date: Thu, 3 Sep 1998 11:20:00 -0500 Message-Id: <H0001a0e03154315@MHS> Subject: Voting Question TO: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="openmail-part-0ef90993-00000001" Sender: owner-ietf-pkix@imc.org Precedence: bulk --openmail-part-0ef90993-00000001 Content-Type: text/plain; charset=US-ASCII; name="BDY.TXT" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="BDY.TXT" Are the votes being compared against the "team member list"? --openmail-part-0ef90993-00000001-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10227 for ietf-pkix-bks; Thu, 3 Sep 1998 16:38:00 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10223 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:37:57 -0700 (PDT) Received: by gateway.r3.ch id <6804>; Fri, 4 Sep 1998 01:44:05 +0100 Message-Id: <98Sep4.014405gmt+0100.6804@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: Bill Burr <william.burr@nist.gov>, "'Dave Horvath'" <David.Horvath@chromatix.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 00:38:06 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I believe we already have the compromise solution on the table. Option 1 in this straw poll is one end of the spectrum and the text currently in the Internet Draft is the other end of the spectrum. Option 2 in this straw poll is the compromise that : a) provides a single place to find all certificates that a CA has issued to other CAs and that have been issued to that CA b) allows the use of a locally defined 'domain' specific set of certificates to be easily retrieved by any relying parties that happen to understand and prefer that set of certificates c) enables existing client systems which implement option 1 as well as those that implement the current Internet Draft to continue without change d) provides interoperability by allowing the directory entries of CAs which use the proposal in option 1 AND entries of CAs which use the interpretation as per the current Internet Draft text to be used by client systems of either type > ---------- > From: Dave Horvath[SMTP:David.Horvath@chromatix.com] > Sent: September 3, 1998 2:14 PM > To: Bill Burr > Cc: ietf-pkix@imc.org > Subject: Re: What the straw poll means > > > > I understand the problems Bill is having with the definitions of > roots > and domains. I think we are all having those problems. It seems > that > roughly half of the people I communicated with are concerned with the > definitions and feel that population of all the cACertificates in one > attribute may help. I personally do not feel this helps, however we > should > all be interested in a compromise to keep things moving and to keep > both > sides happy. > > I must admit that I like the idea of being able to go to one place > in > the directory to find all certificates that a CA has issued (I believe > Stefan pointed this out). It appears that populating all CA > certificates in > the reverse component of the crossCertificatePair attribute solves > this > requirement and does not duplicate certs in a single CAs entry. This > gives > clients that work in a forward direction the ability to determine all > of the > certificates that a CA has issued. This type of population is clearly > mandated by option 2 and only allowed by option 1. Option 1 does not > mandate it. This type of population avoids duplication of > certificates in > a single CA entry (they are duplicated in subordinate, mesh, cross > whatever), but seems to be advantageous from a clients point of view. > > Would populating the reverse component with all issued CA > certificates > provide a compromise that supports a single attribute to retrieve all > certs? > Would this help with the installed base issue? > > Dave Horvath > > > -----Original Message----- > From: Bill Burr <william.burr@nist.gov> > To: Dave Horvath <David.Horvath@chromatix.com> > Cc: ietf-pkix@imc.org <ietf-pkix@imc.org> > Date: Thursday, September 03, 1998 12:44 PM > Subject: Re: What the straw poll means > > > >But what is a root here? Does it imply that a domain is PKI > hierarchy? I > >can think of 3 plausible constructions of root, all of which I > believe I've > >seen used: > > > >(1) any CA whose key you choose to trust and therefore can start a > >certification path, but which may not imply any other organization or > >structure; > > > >(2) a CA whose key everybody in the domain (what's a domain?) trusts > and > >which sits on top of a hierarchical unidirectional certification tree > (as > >in MISSI or PEM); > > > >(3) a CA that exists to cross-certify with other CAs, but issues few > or no > >end entity certificates, and starts few or no certification paths; it > >simply exists to connect other CAs. Examples would be the ANX > "supervisory > >CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central > >Facility, or the proposed Federal PKI "Bridge CA." Such a CA is > often > >depicted at the hub of a mesh, or the top of a hierarchy, and > operated in > >conjunction with the overall domain policy management authority. > > > > > >I suppose a "trusted root" can be either 1 or 2 above. > > > >But "root" to me doesn't necessarily say much about path development, > or > >PKI certification path structure. > > > >How about domain? What does it mean? I claim that the term makes > most > >sense to mean a part of a PKI that operates under the direction of a > policy > >management entity. Which wouldn't necessarily mean that domain > boundaries > >coincide with distinctions that are meaningful for certification path > >building. > > > >Option 1 is probably useful if you think that a domain is everything > >subordinate to the same root CA, where a root is any CA that somebody > uses > >to start a trust path. So in a cross-certified mesh PKI, every CA is > a > >domain onto itself, and all CA certificates wind up only, I think, in > the > >crossCertificatePair attribute. But in a hierarchical PKI most > >certificates wind up in the cACertificate Attribute. > > > >I have the feeling that Bob is right at least for option 1, unless we > know > >what a domain is we hardly know what we are getting. With option 2, > I > >suppose we are guaranteed that all certificates wind up in > >crossCertificatePair, whatever domain means. > > > >At 11:14 AM 9/3/98 -0400, you wrote: > >>Bob, > >> > >> I feel that the definition of domain is a local policy and that > CAs > >>should be free to define it as they wish. Clients that > search/read CAs > >>entries and obtain the values from both the cACertificate and > >>crossCertificatePair attributes can explore the values in the > cACertficate > >>attribute first. If a path to the trusted root is found, processing > stops. > >>If not, they can explore the crossCertificatePair attribute. Using > this > >>algorithm CAs can define their domain and post each of their CA > certificates > >>to one attribute or the other. The only adverse affect will be > efficiency > >>in path development on the client side if the CA does not carefully > select > >>intra or inter domain. WIth option 1, the certificates are not > duplicated. > >>With option 2, they are. > >> > >>But if we have an installed base that only looks in the > crossCertificatePair > >>attribute, then we have a problem. In that case option 2 will help > at the > >>expense of duplicating the data. I suggest we avoid duplication if > >>possible, but we certainly must evaluate the installed base. > >> > >>Dave Horvath > >> > >> > >> > >> > >>-----Original Message----- > >>From: Bob Jueneman <BJUENEMAN@novell.com> > >>To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org > >><ietf-pkix@imc.org> > >>Date: Wednesday, September 02, 1998 10:21 PM > >>Subject: RE: What the straw poll means > >> > >> > >>>Santosh doesn't seem to have answered the questions I've raised > >>>regarding the definition of the domain, but he seems to believe > that > >>>option 2 doesn't solve that problem either. > >>> > >>>If so, I am increasingly beginning to lean towards "NONE OF THE > >>>ABOVE". > >>> > >>>Rebuttal, Sharon/Carlisle? > >>> > >>>Bob > >>> > >>>>Yes Bob. I hate to say this, but you have misinterpreted. > >>>> > >>>>The basic difference between the two approaches is the under > option 1 > >>>>you store a certificate only one time under a CA's entry. Which > >>>>certifying CA is in its domain is upto a subject CA to decide. > >>>> > >>>>In all honesty, I do not see a benefit to option 2 except for the > >>>>argument that some installed base already does it this way. > >>>> > >>>>Option 1 achieves everything option 2 and with efficiency. > >>>> > >>>>I do not understand how option 2 solves your problems either. We > need > >>>>to have a discussion on computational complexity of path > development to > >>>>allay your concerns. > >>>> > >>>>The way I look at the difference between the two options is that > if > >>>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 > in one > >>>>bucket and n2 in another. Option 2 says put n in one bucket and > n1 in > >>>>another. When you retrieve the two buckets (which you must for > path > >>>>development efficiency), option 2 gives you n+n1 certificates and > option > >>>>1 gives you exactly all n. > >>>> > >>>>> -----Original Message----- > >>>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >>>>> Sent: Wednesday, September 02, 1998 8:33 PM > >>>>> To: ietf-pkix@imc.org > >>>>> Cc: chokhani@cygnacom.com > >>>>> Subject: What the straw poll means > >>>>> > >>>>> This is almost as exciting as watching a horse race! > >>>>> > >>>>> But what are we to make of the situation if the vote is as > >>>>> close as it appears to be at present -- does that truly indicate > >>>>> a "rough consensus"? > >>>>> > >>>>> As of earlier this morning, Chromatix was ahead, with > >>>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >>>>> cast; and MISSI some others are clustered around third place. > >>>>> > >>>>> So far, with the exception of a split between MISSI and NIST > >>>>> as two US Government factions, the voting seems to be > >>>>> strictly by company. > >>>>> > >>>>> Now, the polite fiction within the IETF is that memberships are > by > >>>>> individual, and that there are no "votes" per se, and certainly > not > >>>>> on a company by company basis. That's the fiction, at least.. > >>>>> Whether this convention shall long endure now that the IETF has > >>>>> apparently lost some or all of its government funding and has > >>>>> to become more self-sufficient will be interesting to see. > >>>>> > >>>>> But unless one side or the other starts to make some significant > >>>>> in-roads by the dint of more persuasive technical argument, then > I > >>>>> think > >>>>> it's effectively a draw, and we may be counting companies and > their > >>>>> installed base at least as much, and perhaps more, than > >>>>> balancing the technical alternatives. > >>>>> > >>>>> Now, if we are truly at a technical impasse and the vote has to > be > >>>>> binary, i.e., only one way or the other, then maybe counting > installed > >>>>> clients and minimizing the pain is really the way to go, but > frankly > >>>>> that approach makes me uncomfortable. I want both > interoperability > >>>>> AND efficiency, and I would hate to see us don't want to be > >>>>> pressured into a less than satisfactory decision, whatever that > is, > >>>>> just because we are in a rush to get over the next hurdle in > the > >>>>> standards progression. > >>>>> > >>>>> I originally said that I was inclined to go with option 1, > because > >>>>> it at least appeared to be simpler. However, I also said that I > was > >>>>> concerned about the "local" definition of a domain by a CA, > >>>>> and the more I think about it, the more concerned I get. > >>>>> > >>>>> That approach might be viable for an organization such as MISSI, > >>>>> where everyone presumably knows what community of interest > >>>>> they fall into, but how would it apply to a public CA such as > >>>>> VeriSign? > >>>>> > >>>>> Would they view all of their certificates as falling into one > domain, > >>>>> including any certificates issued by subordinate CAs, as in the > case > >>>>> of the old RSA Commercial hierarchy? > >>>>> > >>>>> What about GTE CyberTrust, considering their presumed affinity > >>>>> with their ISP business. Would all of those certificates fall > into > >>>>> one domain? > >>>>> > >>>>> Now suppose I want to validate a certificate from Erols. Do I > decide > >>>>> that > >>>>> because Erols is in the top half of the alphabet that they > probably > >>>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do > an > >>>>> East Coast/West Coast split, like radio and TV stations use W or > K in > >>>>> their call sign? > >>>>> > >>>>> What if Novell and Microsoft were to become CAs and issue > certificates > >>>>> > >>>>> to their customers directly, at least their larger accounts. > Would > >>>>> the relying > >>>>> party have to try to divine whether a subscriber was running > NetWare > >>>>> or > >>>>> NT in order to decide what domain they would be likely to be in? > >>>>> > >>>>> Santosh, have I misrepresented the issue here? Feel free to > correct > >>>>> me, if so. > >>>>> Maybe I just don't understand. > >>>>> > >>>>> Now, if the definition of "domain" were amended somewhat, > perhaps some > >>>>> of these difficulties might go away. > >>>>> > >>>>> In particular, it seems to me that "domain" probably ought to > have a > >>>>> lot to do > >>>>> with name subordination, or at least the possibility of doing > name > >>>>> subordination, > >>>>> so that it would be deterministic. That might not solve all of > the > >>>>> concerns that those > >>>>> who are inclined to vote for option 2 might have in mind, but it > might > >>>>> help. > >>>>> > >>>>> So if I am a Novell employee, and I receive an S/MIME message > that > >>>>> contains > >>>>> a certificate that begins with c=US, o=Novell, I can probably > make an > >>>>> excellent > >>>>> good guess of what CA to go to, assuming that Novell operates a > CA in > >>>>> its > >>>>> own name. But where do I go for a certificate from Acme > >>>>> Manufacturing? > >>>>> > >>>>> I don't mean to beat up on the option 1 folks exclusively -- > maybe > >>>>> there are > >>>>> some things that could be done within the options 2 that would > come > >>>>> closer to a > >>>>> compromise without breaking those existing clients. But I need > to > >>>>> think about that > >>>>> some more. maybe someone else could volunteer some suggestions. > >>>>> > >>>>> Bob > >>>>> > >>>>> Robert R. Jueneman > >>>>> Novell, Inc. > >>>>> 122 E. 1700 South > >>>>> Provo, UT 84606 > >>>>> bjueneman@novell.com > >>>>> 1-801-861-7387 > >>> > >>> > >> > >> > >Regards, > > > >Bill Burr > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10215 for ietf-pkix-bks; Thu, 3 Sep 1998 16:37:21 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10211 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:37:18 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV6T>; Thu, 3 Sep 1998 19:41:38 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D224@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Bill Burr'" <william.burr@nist.gov>, Dave Horvath <David.Horvath@chromatix.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 19:41:37 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Bill, But under option 1 also all certificates are there since LAP gives you all the attributes. All option 1 does is reduce the communication load, processing load, storage load and provide you a potential for efficiency. With very, very little software complexity, you have a potential for gaining a lot on the computational complexity. > -----Original Message----- > From: Bill Burr [SMTP:william.burr@nist.gov] > Sent: Thursday, September 03, 1998 12:48 PM > To: Dave Horvath > Cc: ietf-pkix@imc.org > Subject: Re: What the straw poll means > > But what is a root here? Does it imply that a domain is PKI > hierarchy? I > can think of 3 plausible constructions of root, all of which I believe > I've > seen used: > > (1) any CA whose key you choose to trust and therefore can start a > certification path, but which may not imply any other organization or > structure; > > (2) a CA whose key everybody in the domain (what's a domain?) trusts > and > which sits on top of a hierarchical unidirectional certification tree > (as > in MISSI or PEM); > > (3) a CA that exists to cross-certify with other CAs, but issues few > or no > end entity certificates, and starts few or no certification paths; it > simply exists to connect other CAs. Examples would be the ANX > "supervisory > CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central > Facility, or the proposed Federal PKI "Bridge CA." Such a CA is often > depicted at the hub of a mesh, or the top of a hierarchy, and operated > in > conjunction with the overall domain policy management authority. > > > I suppose a "trusted root" can be either 1 or 2 above. > > But "root" to me doesn't necessarily say much about path development, > or > PKI certification path structure. > > How about domain? What does it mean? I claim that the term makes most > sense to mean a part of a PKI that operates under the direction of a > policy > management entity. Which wouldn't necessarily mean that domain > boundaries > coincide with distinctions that are meaningful for certification path > building. > > Option 1 is probably useful if you think that a domain is everything > subordinate to the same root CA, where a root is any CA that somebody > uses > to start a trust path. So in a cross-certified mesh PKI, every CA is > a > domain onto itself, and all CA certificates wind up only, I think, in > the > crossCertificatePair attribute. But in a hierarchical PKI most > certificates wind up in the cACertificate Attribute. > > I have the feeling that Bob is right at least for option 1, unless we > know > what a domain is we hardly know what we are getting. With option 2, I > suppose we are guaranteed that all certificates wind up in > crossCertificatePair, whatever domain means. > > At 11:14 AM 9/3/98 -0400, you wrote: > >Bob, > > > > I feel that the definition of domain is a local policy and that > CAs > >should be free to define it as they wish. Clients that search/read > CAs > >entries and obtain the values from both the cACertificate and > >crossCertificatePair attributes can explore the values in the > cACertficate > >attribute first. If a path to the trusted root is found, processing > stops. > >If not, they can explore the crossCertificatePair attribute. Using > this > >algorithm CAs can define their domain and post each of their CA > certificates > >to one attribute or the other. The only adverse affect will be > efficiency > >in path development on the client side if the CA does not carefully > select > >intra or inter domain. WIth option 1, the certificates are not > duplicated. > >With option 2, they are. > > > >But if we have an installed base that only looks in the > crossCertificatePair > >attribute, then we have a problem. In that case option 2 will help > at the > >expense of duplicating the data. I suggest we avoid duplication if > >possible, but we certainly must evaluate the installed base. > > > >Dave Horvath > > > > > > > > > >-----Original Message----- > >From: Bob Jueneman <BJUENEMAN@novell.com> > >To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org > ><ietf-pkix@imc.org> > >Date: Wednesday, September 02, 1998 10:21 PM > >Subject: RE: What the straw poll means > > > > > >>Santosh doesn't seem to have answered the questions I've raised > >>regarding the definition of the domain, but he seems to believe that > >>option 2 doesn't solve that problem either. > >> > >>If so, I am increasingly beginning to lean towards "NONE OF THE > >>ABOVE". > >> > >>Rebuttal, Sharon/Carlisle? > >> > >>Bob > >> > >>>Yes Bob. I hate to say this, but you have misinterpreted. > >>> > >>>The basic difference between the two approaches is the under option > 1 > >>>you store a certificate only one time under a CA's entry. Which > >>>certifying CA is in its domain is upto a subject CA to decide. > >>> > >>>In all honesty, I do not see a benefit to option 2 except for the > >>>argument that some installed base already does it this way. > >>> > >>>Option 1 achieves everything option 2 and with efficiency. > >>> > >>>I do not understand how option 2 solves your problems either. We > need > >>>to have a discussion on computational complexity of path > development to > >>>allay your concerns. > >>> > >>>The way I look at the difference between the two options is that if > >>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > one > >>>bucket and n2 in another. Option 2 says put n in one bucket and n1 > in > >>>another. When you retrieve the two buckets (which you must for > path > >>>development efficiency), option 2 gives you n+n1 certificates and > option > >>>1 gives you exactly all n. > >>> > >>>> -----Original Message----- > >>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >>>> Sent: Wednesday, September 02, 1998 8:33 PM > >>>> To: ietf-pkix@imc.org > >>>> Cc: chokhani@cygnacom.com > >>>> Subject: What the straw poll means > >>>> > >>>> This is almost as exciting as watching a horse race! > >>>> > >>>> But what are we to make of the situation if the vote is as > >>>> close as it appears to be at present -- does that truly indicate > >>>> a "rough consensus"? > >>>> > >>>> As of earlier this morning, Chromatix was ahead, with > >>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >>>> cast; and MISSI some others are clustered around third place. > >>>> > >>>> So far, with the exception of a split between MISSI and NIST > >>>> as two US Government factions, the voting seems to be > >>>> strictly by company. > >>>> > >>>> Now, the polite fiction within the IETF is that memberships are > by > >>>> individual, and that there are no "votes" per se, and certainly > not > >>>> on a company by company basis. That's the fiction, at least.. > >>>> Whether this convention shall long endure now that the IETF has > >>>> apparently lost some or all of its government funding and has > >>>> to become more self-sufficient will be interesting to see. > >>>> > >>>> But unless one side or the other starts to make some significant > >>>> in-roads by the dint of more persuasive technical argument, then > I > >>>> think > >>>> it's effectively a draw, and we may be counting companies and > their > >>>> installed base at least as much, and perhaps more, than > >>>> balancing the technical alternatives. > >>>> > >>>> Now, if we are truly at a technical impasse and the vote has to > be > >>>> binary, i.e., only one way or the other, then maybe counting > installed > >>>> clients and minimizing the pain is really the way to go, but > frankly > >>>> that approach makes me uncomfortable. I want both > interoperability > >>>> AND efficiency, and I would hate to see us don't want to be > >>>> pressured into a less than satisfactory decision, whatever that > is, > >>>> just because we are in a rush to get over the next hurdle in the > >>>> standards progression. > >>>> > >>>> I originally said that I was inclined to go with option 1, > because > >>>> it at least appeared to be simpler. However, I also said that I > was > >>>> concerned about the "local" definition of a domain by a CA, > >>>> and the more I think about it, the more concerned I get. > >>>> > >>>> That approach might be viable for an organization such as MISSI, > >>>> where everyone presumably knows what community of interest > >>>> they fall into, but how would it apply to a public CA such as > >>>> VeriSign? > >>>> > >>>> Would they view all of their certificates as falling into one > domain, > >>>> including any certificates issued by subordinate CAs, as in the > case > >>>> of the old RSA Commercial hierarchy? > >>>> > >>>> What about GTE CyberTrust, considering their presumed affinity > >>>> with their ISP business. Would all of those certificates fall > into > >>>> one domain? > >>>> > >>>> Now suppose I want to validate a certificate from Erols. Do I > decide > >>>> that > >>>> because Erols is in the top half of the alphabet that they > probably > >>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do > an > >>>> East Coast/West Coast split, like radio and TV stations use W or > K in > >>>> their call sign? > >>>> > >>>> What if Novell and Microsoft were to become CAs and issue > certificates > >>>> > >>>> to their customers directly, at least their larger accounts. > Would > >>>> the relying > >>>> party have to try to divine whether a subscriber was running > NetWare > >>>> or > >>>> NT in order to decide what domain they would be likely to be in? > >>>> > >>>> Santosh, have I misrepresented the issue here? Feel free to > correct > >>>> me, if so. > >>>> Maybe I just don't understand. > >>>> > >>>> Now, if the definition of "domain" were amended somewhat, perhaps > some > >>>> of these difficulties might go away. > >>>> > >>>> In particular, it seems to me that "domain" probably ought to > have a > >>>> lot to do > >>>> with name subordination, or at least the possibility of doing > name > >>>> subordination, > >>>> so that it would be deterministic. That might not solve all of > the > >>>> concerns that those > >>>> who are inclined to vote for option 2 might have in mind, but it > might > >>>> help. > >>>> > >>>> So if I am a Novell employee, and I receive an S/MIME message > that > >>>> contains > >>>> a certificate that begins with c=US, o=Novell, I can probably > make an > >>>> excellent > >>>> good guess of what CA to go to, assuming that Novell operates a > CA in > >>>> its > >>>> own name. But where do I go for a certificate from Acme > >>>> Manufacturing? > >>>> > >>>> I don't mean to beat up on the option 1 folks exclusively -- > maybe > >>>> there are > >>>> some things that could be done within the options 2 that would > come > >>>> closer to a > >>>> compromise without breaking those existing clients. But I need > to > >>>> think about that > >>>> some more. maybe someone else could volunteer some suggestions. > >>>> > >>>> Bob > >>>> > >>>> Robert R. Jueneman > >>>> Novell, Inc. > >>>> 122 E. 1700 South > >>>> Provo, UT 84606 > >>>> bjueneman@novell.com > >>>> 1-801-861-7387 > >> > >> > > > > > Regards, > > Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10138 for ietf-pkix-bks; Thu, 3 Sep 1998 16:24:42 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10134 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:24:41 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZVZ4>; Thu, 3 Sep 1998 19:29:01 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D222@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'jayhawk@qsun.ho.att.com'" <jayhawk@qsun.ho.att.com>, Carlisle Adams <carlisle.adams@entrust.com>, ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Thu, 3 Sep 1998 19:28:59 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Actually your arguments heavily favor option 1. You state that since the request will retrieve all the certificates, there is no need to retrieve n1+n2+n1 certificates when n1 will do. So, that is the first point of efficiency. Now, the second point of efficiency is that these certificate come as different type (let us call them red and green) in option 1. In option 2, these have to be separated. The third point of efficiency is that an application can select which type of link to pursue red or green. At the risk of being redundant, CA does not preordain that. It is up to the application. For a given relying party, this could vary from application type to application type. > -----Original Message----- > From: jayhawk@qsun.ho.att.com [SMTP:jayhawk@qsun.ho.att.com] > Sent: Thursday, September 03, 1998 5:09 PM > To: Carlisle Adams; ietf-pkix@imc.org > Subject: Re: Let's try to understand the real issue (was... RE: > What the straw poll means) > > Call me slow, but I don't follow the argument the whole way... > > | Hi all, > | > | I propose that we try (once again) to understand what the real issue > is > | here. > | > | > As somebody coming to the party late from the LDAP world, I don't > see > | > why > | > the certificates need to be retrieved from two places. An LDAP > lookup > | > of an > | > object with a fairly simple filter (objectclass="*") will return > all > | > of the > | > attributes associated with that object. Therefore a single lookup > | > will return > | > both attributes, so I don't understand how retrieval efficiency is > | > gained. > | > > | O.K., so we see that a single LDAP lookup can retrieve all > certificates > | (which, after careful enumeration, was found to be "n") in either > option > | 1 or option 2. > | > | The claimed advantage of option 1 is that this retrieval gets me > | certificates that are sorted into "intra-domain" and "inter-domain", > | which can help in efficient path construction. Let's think about > this > | for a moment. The CA doing this sorting is, by definition, NOT > DIRECTLY > | TRUSTED BY ME (because if it was directly trusted by me, I would > | already have a trusted copy of its public key and would not need > | certificates in which it was the subject). If it is not directly > | trusted by me, then why would I necessarily trust it to do this > sorting > | in a way that is beneficial to my path construction needs? How does > it > | know what *my* definition of "domain" is? How does it know whether > most > | of my certificate validations will be "intra" its definition of > domain > | or "inter" its definition of domain? > > I follow this portion of the argument... > > | If this CA's definition of domain and my definition of domain do not > | coincide exactly (and why should they, since in general this CA and > I > | have no pre-established relationship?), then this sorting performed > by > | the CA is not merely useless to me, it is actually an explicit > | disadvantage (because the proponents of option 1 are recommending > that > | all the intra-domain certificates be examined *before* the > inter-domain > | certificates are examined, leading to worst-case path-construction > times > | for what may turn out to be a common scenario). > > I don't see that falling out of the Option 1 text as I read the > straw poll message. If such is the case, then I would say that text > should be present. > > | Relying parties know what certificates they will be validating most > | often, depending upon what particular activity they are engaged in > at > | the moment. THAT defines the relying parties' "intra" and "inter" > | domains. CAs in the middle of a cert. path cannot possibly know > this, > | in general, so having THEM define a domain and sort certificates > | according to that definition is really meaningless. > > Agreed. > > | Note that there will be special circumstances in which one > definition of > | domain will be understood throughout a given environment (e.g., the > | strict hierarchy of CAs has been cited in previous posts on this > topic). > | In such cases there is a clear efficiency advantage to be gained in > path > | construction. This is why option 2 is the perfect compromise: for > such > | environments relying parties need only retrieve the n1 < n > certificates > | that they *know* will be useful to them. Option 2 therefore meets > the > | needs of the general case as well as the special case, while > | simultaneously guaranteeing interoperability of two installed bases > | which would otherwise have no hope of interoperating today. > > Stop. Here's where I really fall off the wagon. How does the relying > party > retrieve ONLY the n1 certificates that they know will be useful to > them for > a CA? I can see retrieving the CA object from the directory (which > unless > you do something real clever will have ALL certificates independent of > which > option is chosen) and then doing your own sorting, but I don't see how > CA > "presorting" is going to make a difference, because ALL certificates > will > be there. > > | The price of this panacea? A few redundant certificates in the > | Directory. Is it really worth sacrificing the general- (and perhaps > | common-) case scenario, as well as interoperability, in order to > save a > | few certificates and satisfy a particular special-case? I haven't > yet > | heard any convincing arguments... > > Well, I'm not convinced of your argument here the other way (other > than > the interoperability consideration), but that's what e-mail is for :-) > > My current reasoning is that given that a single LDAP lookup is going > to > return ALL of the certificates independent of the option chosen, the > client > is going to have to process those certificates to build its path. > Since > this begins to look like a wash in terms of client complexity (yes, > yes, this is where interoperability shows up), why not argue for > the choice that conserves directory space? > > Ryan > > P.S. I'm really beginning to like the original text, given that the > concept of a "domain" is looking more and more useless (causing > confusion > and concern without appreciable positive points) in this discussion. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10018 for ietf-pkix-bks; Thu, 3 Sep 1998 16:08:07 -0700 (PDT) Received: from tac-nt-excom1.russell.com (mailgate1.russell.com [208.152.45.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10014 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:08:06 -0700 (PDT) Received: by tac-nt-excom1.russell.com with Internet Mail Service (5.5.2232.9) id <S17JTY5D>; Thu, 3 Sep 1998 16:10:21 -0700 Message-ID: <0B71FBC08925D11197DB00805F157C720101F930@tac-nt-exch1.russell.com> From: "Tuttle, Kimberly (OSSC)" <KTUTTLE@russell.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2. Date: Thu, 3 Sep 1998 16:10:29 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09871 for ietf-pkix-bks; Thu, 3 Sep 1998 15:50:23 -0700 (PDT) Received: from tac-nt-excom1.russell.com (mailgate1.russell.com [208.152.45.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09867 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 15:50:22 -0700 (PDT) Received: by tac-nt-excom1.russell.com with Internet Mail Service (5.5.2232.9) id <S17JTYV0>; Thu, 3 Sep 1998 15:52:36 -0700 Message-ID: <0B71FBC08925D11197DB00805F157C72C901E3@tac-nt-exch1.russell.com> From: "Evans, Jim (OSSC)" <JEVANS@russell.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Thu, 3 Sep 1998 15:52:45 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jim Evans Frank Russell Company Security is what YOU Practice ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09496 for ietf-pkix-bks; Thu, 3 Sep 1998 15:05:28 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09492 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 15:05:26 -0700 (PDT) Received: by gateway.r3.ch id <6814>; Fri, 4 Sep 1998 00:11:30 +0100 Message-Id: <98Sep4.001130gmt+0100.6814@gateway.r3.ch> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'jayhawk@qsun.ho.att.com'" <jayhawk@qsun.ho.att.com> Cc: ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Thu, 3 Sep 1998 23:05:31 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Ryan, > ---------- > From: jayhawk@qsun.ho.att.com[SMTP:jayhawk@qsun.ho.att.com] > Sent: Thursday, September 03, 1998 5:09 PM > To: Carlisle Adams; ietf-pkix@imc.org > Subject: Re: Let's try to understand the real issue (was... RE: > What the straw poll means) > > Call me slow, but I don't follow the argument the whole way... > > | If this CA's definition of domain and my definition of domain do not > | coincide exactly (and why should they, since in general this CA and > I > | have no pre-established relationship?), then this sorting performed > by > | the CA is not merely useless to me, it is actually an explicit > | disadvantage (because the proponents of option 1 are recommending > that > | all the intra-domain certificates be examined *before* the > inter-domain > | certificates are examined, leading to worst-case path-construction > times > | for what may turn out to be a common scenario). > > I don't see that falling out of the Option 1 text as I read the > straw poll message. If such is the case, then I would say that text > should be present. > Dave Horvath's message to Bob Jueneman earlier today said the following: "I feel that the definition of domain is a local policy and that CAs should be free to define it as they wish. Clients that search/read CAs entries and obtain the values from both the cACertificate and crossCertificatePair attributes can explore the values in the cACertficate attribute first. If a path to the trusted root is found, processing stops. If not, they can explore the crossCertificatePair attribute. Using this algorithm CAs can define their domain and post each of their CA certificates to one attribute or the other. The only adverse affect will be efficiency in path development on the client side if the CA does not carefully select intra or inter domain." This was also mentioned at the meeting in Chicago. > | Note that there will be special circumstances in which one > definition of > | domain will be understood throughout a given environment (e.g., the > | strict hierarchy of CAs has been cited in previous posts on this > topic). > | In such cases there is a clear efficiency advantage to be gained in > path > | construction. This is why option 2 is the perfect compromise: for > such > | environments relying parties need only retrieve the n1 < n > certificates > | that they *know* will be useful to them. Option 2 therefore meets > the > | needs of the general case as well as the special case, while > | simultaneously guaranteeing interoperability of two installed bases > | which would otherwise have no hope of interoperating today. > > Stop. Here's where I really fall off the wagon. How does the relying > party > retrieve ONLY the n1 certificates that they know will be useful to > them for > a CA? > If the relying party knows that its definition of domain matches that of the CA exactly, then it can simply retrieve all certificates in the cACertificate attribute (rather than all certificates in the crossCertificatePair attribute) in option 2. This is n1 rather than n. > Ryan > > P.S. I'm really beginning to like the original text, given that the > concept of a "domain" is looking more and more useless (causing > confusion > and concern without appreciable positive points) in this discussion. > Me too... :-) Carlisle. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09480 for ietf-pkix-bks; Thu, 3 Sep 1998 15:04:31 -0700 (PDT) Received: from fep2.mail.ozemail.net (fep2.mail.ozemail.net [203.2.192.122]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09476 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 15:04:29 -0700 (PDT) Received: from lesm95 (slcan52p02.ozemail.com.au [203.108.176.130]) by fep2.mail.ozemail.net (8.9.0/8.6.12) with SMTP id IAA11167 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:09:16 +1000 (EST) Message-ID: <000b01bdd787$498d5d80$82b06ccb@lesm95> From: "Les Mitchell" <condorlm@ozemail.com.au> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Fri, 4 Sep 1998 08:07:40 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA09198 for ietf-pkix-bks; Thu, 3 Sep 1998 14:30:43 -0700 (PDT) Received: from att.com (cagw2.att.com [192.128.52.90]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA09194 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 14:30:41 -0700 (PDT) Received: from caig1.fw.att.com by cagw2.att.com (AT&T/IPNS/UPAS-1.0) for imc.org!ietf-pkix sender qsun.ho.att.com!jayhawk (qsun.ho.att.com!jayhawk); Thu Sep 3 17:05 EDT 1998 Received: from qsun.ho.att.com (qsunn.ho.att.com [135.16.30.2]) by caig1.fw.att.com (AT&T/IPNS/GW-1.0) with SMTP id RAA02720 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:09:04 -0400 (EDT) Received: by qsun.ho.att.com (SMI-8.6/EMS-1.2 sol2) id RAA27748; Thu, 3 Sep 1998 17:09:01 -0400 Date: Thu, 3 Sep 1998 17:09:01 -0400 Message-Id: <199809032109.RAA27748@qsun.ho.att.com> From: jayhawk@qsun.ho.att.com (Ryan Moats) To: Carlisle Adams <carlisle.adams@entrust.com>, ietf-pkix@imc.org Subject: Re: Let's try to understand the real issue (was... RE: What the straw poll means) Content-Type: text Sender: owner-ietf-pkix@imc.org Precedence: bulk Call me slow, but I don't follow the argument the whole way... | Hi all, | | I propose that we try (once again) to understand what the real issue is | here. | | > As somebody coming to the party late from the LDAP world, I don't see | > why | > the certificates need to be retrieved from two places. An LDAP lookup | > of an | > object with a fairly simple filter (objectclass="*") will return all | > of the | > attributes associated with that object. Therefore a single lookup | > will return | > both attributes, so I don't understand how retrieval efficiency is | > gained. | > | O.K., so we see that a single LDAP lookup can retrieve all certificates | (which, after careful enumeration, was found to be "n") in either option | 1 or option 2. | | The claimed advantage of option 1 is that this retrieval gets me | certificates that are sorted into "intra-domain" and "inter-domain", | which can help in efficient path construction. Let's think about this | for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY | TRUSTED BY ME (because if it was directly trusted by me, I would | already have a trusted copy of its public key and would not need | certificates in which it was the subject). If it is not directly | trusted by me, then why would I necessarily trust it to do this sorting | in a way that is beneficial to my path construction needs? How does it | know what *my* definition of "domain" is? How does it know whether most | of my certificate validations will be "intra" its definition of domain | or "inter" its definition of domain? I follow this portion of the argument... | If this CA's definition of domain and my definition of domain do not | coincide exactly (and why should they, since in general this CA and I | have no pre-established relationship?), then this sorting performed by | the CA is not merely useless to me, it is actually an explicit | disadvantage (because the proponents of option 1 are recommending that | all the intra-domain certificates be examined *before* the inter-domain | certificates are examined, leading to worst-case path-construction times | for what may turn out to be a common scenario). I don't see that falling out of the Option 1 text as I read the straw poll message. If such is the case, then I would say that text should be present. | Relying parties know what certificates they will be validating most | often, depending upon what particular activity they are engaged in at | the moment. THAT defines the relying parties' "intra" and "inter" | domains. CAs in the middle of a cert. path cannot possibly know this, | in general, so having THEM define a domain and sort certificates | according to that definition is really meaningless. Agreed. | Note that there will be special circumstances in which one definition of | domain will be understood throughout a given environment (e.g., the | strict hierarchy of CAs has been cited in previous posts on this topic). | In such cases there is a clear efficiency advantage to be gained in path | construction. This is why option 2 is the perfect compromise: for such | environments relying parties need only retrieve the n1 < n certificates | that they *know* will be useful to them. Option 2 therefore meets the | needs of the general case as well as the special case, while | simultaneously guaranteeing interoperability of two installed bases | which would otherwise have no hope of interoperating today. Stop. Here's where I really fall off the wagon. How does the relying party retrieve ONLY the n1 certificates that they know will be useful to them for a CA? I can see retrieving the CA object from the directory (which unless you do something real clever will have ALL certificates independent of which option is chosen) and then doing your own sorting, but I don't see how CA "presorting" is going to make a difference, because ALL certificates will be there. | The price of this panacea? A few redundant certificates in the | Directory. Is it really worth sacrificing the general- (and perhaps | common-) case scenario, as well as interoperability, in order to save a | few certificates and satisfy a particular special-case? I haven't yet | heard any convincing arguments... Well, I'm not convinced of your argument here the other way (other than the interoperability consideration), but that's what e-mail is for :-) My current reasoning is that given that a single LDAP lookup is going to return ALL of the certificates independent of the option chosen, the client is going to have to process those certificates to build its path. Since this begins to look like a wash in terms of client complexity (yes, yes, this is where interoperability shows up), why not argue for the choice that conserves directory space? Ryan P.S. I'm really beginning to like the original text, given that the concept of a "domain" is looking more and more useless (causing confusion and concern without appreciable positive points) in this discussion. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA08976 for ietf-pkix-bks; Thu, 3 Sep 1998 14:05:48 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA08972 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 14:05:47 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id RAA08361 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:10:25 -0400 Message-Id: <3.0.5.32.19980903171402.00a9aa10@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 03 Sep 1998 17:14:02 -0400 To: ietf-pkix@imc.org From: Bill Burr <william.burr@nist.gov> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08900 for ietf-pkix-bks; Thu, 3 Sep 1998 13:58:53 -0700 (PDT) Received: from dtol.com (root@dtol.dtol.com [206.51.1.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA08895 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:58:52 -0700 (PDT) Received: from dtol.com (cyborg.dilkie.com [206.51.1.171]) by dtol.com (8.6.12/8.6.9) with ESMTP id RAA03433 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:07:44 GMT Message-ID: <35EF03CE.E1AA9F7C@dtol.com> Date: Thu, 03 Sep 1998 17:02:06 -0400 From: Susan Lang <susanl@dtol.com> X-Mailer: Mozilla 4.04 [en] (WinNT; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08759 for ietf-pkix-bks; Thu, 3 Sep 1998 13:48:36 -0700 (PDT) Received: from egate2.citicorp.com (egate2.citicorp.com [192.193.196.194]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA08755 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:48:35 -0700 (PDT) Received: by egate2.citicorp.com id QAA00653 (InterLock SMTP Gateway 3.0 for ietf-pkix@imc.org); Thu, 3 Sep 1998 16:53:15 -0400 Message-Id: <199809032053.QAA00653@egate2.citicorp.com> Received: by egate2.citicorp.com (Protected-side Proxy Mail Agent-1); Thu, 3 Sep 1998 16:53:15 -0400 Date: Thu, 03 Sep 1998 16:52:36 -0400 From: David Solo <david.solo@citicorp.com> Reply-To: david.solo@citicorp.com Organization: Citicorp X-Sender: "David Solo" <dsolo@pop3.citicorp.com> X-Mailer: Mozilla 4.04 [en]C-Citicorp (WinNT; U) Mime-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08394 for ietf-pkix-bks; Thu, 3 Sep 1998 13:36:31 -0700 (PDT) Received: from atlantic.valicert.com (atlantic.valicert.com [209.185.6.135] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA08390 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:36:30 -0700 (PDT) Received: (qmail 27414 invoked from network); 3 Sep 1998 20:41:06 -0000 Received: from amazon.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 3 Sep 1998 20:41:06 -0000 Message-ID: <35EEFEDC.ACD403FB@valicert.com> Date: Thu, 03 Sep 1998 13:41:00 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Carlisle Adams <carlisle.adams@entrust.com> CC: ietf-pkix@imc.org Subject: Re: Let's try to understand the real issue (was... RE: What the straw poll means) References: <98Sep3.203112gmt+0100.6799@gateway.r3.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Carlisle, Is the expectation that everybody is directly accessing their CA's LDAP directory? I always thought that each orginazation would actually maintain its own LDAP directory and, therefore, be able to specify which CAs are preferred over others. Are we really expecting people to share their directories with everyone in the world? Ambarish Carlisle Adams wrote: > > Hi all, > > I propose that we try (once again) to understand what the real issue is > here. > > > ---------- > > From: Ryan Moats[SMTP:jayhawk@att.com] > > Sent: Thursday, September 03, 1998 12:14 PM > > To: John_Wray@iris.com > > Cc: ietf-pkix@imc.org > > Subject: Retrieval efficiency herring? (was... RE: What the straw > > poll means) > > > > As somebody coming to the party late from the LDAP world, I don't see > > why > > the certificates need to be retrieved from two places. An LDAP lookup > > of an > > object with a fairly simple filter (objectclass="*") will return all > > of the > > attributes associated with that object. Therefore a single lookup > > will return > > both attributes, so I don't understand how retrieval efficiency is > > gained. > > > O.K., so we see that a single LDAP lookup can retrieve all certificates > (which, after careful enumeration, was found to be "n") in either option > 1 or option 2. > > The claimed advantage of option 1 is that this retrieval gets me > certificates that are sorted into "intra-domain" and "inter-domain", > which can help in efficient path construction. Let's think about this > for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY > TRUSTED BY ME (because if it was directly trusted by me, I would > already have a trusted copy of its public key and would not need > certificates in which it was the subject). If it is not directly > trusted by me, then why would I necessarily trust it to do this sorting > in a way that is beneficial to my path construction needs? How does it > know what *my* definition of "domain" is? How does it know whether most > of my certificate validations will be "intra" its definition of domain > or "inter" its definition of domain? > > If this CA's definition of domain and my definition of domain do not > coincide exactly (and why should they, since in general this CA and I > have no pre-established relationship?), then this sorting performed by > the CA is not merely useless to me, it is actually an explicit > disadvantage (because the proponents of option 1 are recommending that > all the intra-domain certificates be examined *before* the inter-domain > certificates are examined, leading to worst-case path-construction times > for what may turn out to be a common scenario). > > Relying parties know what certificates they will be validating most > often, depending upon what particular activity they are engaged in at > the moment. THAT defines the relying parties' "intra" and "inter" > domains. CAs in the middle of a cert. path cannot possibly know this, > in general, so having THEM define a domain and sort certificates > according to that definition is really meaningless. > > Note that there will be special circumstances in which one definition of > domain will be understood throughout a given environment (e.g., the > strict hierarchy of CAs has been cited in previous posts on this topic). > In such cases there is a clear efficiency advantage to be gained in path > construction. This is why option 2 is the perfect compromise: for such > environments relying parties need only retrieve the n1 < n certificates > that they *know* will be useful to them. Option 2 therefore meets the > needs of the general case as well as the special case, while > simultaneously guaranteeing interoperability of two installed bases > which would otherwise have no hope of interoperating today. > > The price of this panacea? A few redundant certificates in the > Directory. Is it really worth sacrificing the general- (and perhaps > common-) case scenario, as well as interoperability, in order to save a > few certificates and satisfy a particular special-case? I haven't yet > heard any convincing arguments... > > Carlisle. -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08321 for ietf-pkix-bks; Thu, 3 Sep 1998 13:34:47 -0700 (PDT) Received: from host.ott.igs.net (host.ott.igs.net [206.248.16.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA08313 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:34:42 -0700 (PDT) Received: from igs.net (ttyE0a.ott.igs.net [207.210.11.12]) by host.ott.igs.net (8.8.5/8.6.12) with ESMTP id QAA04133 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:39:22 -0400 (EDT) Message-ID: <35EEFD09.58A89449@igs.net> Date: Thu, 03 Sep 1998 16:33:13 -0400 From: Robert Sabourin <rsabourin@igs.net> Organization: TBS TechWatch X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA06917 for ietf-pkix-bks; Thu, 3 Sep 1998 11:55:53 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA06913 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:55:52 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQffgu13666; Thu, 3 Sep 1998 15:00:39 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRBJKA>; Thu, 3 Sep 1998 15:02:21 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD04E4FC@exchang-fairfax.pec.com> From: GMurphy <GMurphy@pec.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Option 2 Date: Thu, 3 Sep 1998 15:02:18 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA06657 for ietf-pkix-bks; Thu, 3 Sep 1998 11:25:03 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA06653 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:25:01 -0700 (PDT) Received: by gateway.r3.ch id <6799>; Thu, 3 Sep 1998 20:31:12 +0100 Message-Id: <98Sep3.203112gmt+0100.6799@gateway.r3.ch> From: Carlisle Adams <carlisle.adams@entrust.com> To: ietf-pkix@imc.org Subject: Let's try to understand the real issue (was... RE: What the straw poll means) Date: Thu, 3 Sep 1998 19:25:07 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi all, I propose that we try (once again) to understand what the real issue is here. > ---------- > From: Ryan Moats[SMTP:jayhawk@att.com] > Sent: Thursday, September 03, 1998 12:14 PM > To: John_Wray@iris.com > Cc: ietf-pkix@imc.org > Subject: Retrieval efficiency herring? (was... RE: What the straw > poll means) > > As somebody coming to the party late from the LDAP world, I don't see > why > the certificates need to be retrieved from two places. An LDAP lookup > of an > object with a fairly simple filter (objectclass="*") will return all > of the > attributes associated with that object. Therefore a single lookup > will return > both attributes, so I don't understand how retrieval efficiency is > gained. > O.K., so we see that a single LDAP lookup can retrieve all certificates (which, after careful enumeration, was found to be "n") in either option 1 or option 2. The claimed advantage of option 1 is that this retrieval gets me certificates that are sorted into "intra-domain" and "inter-domain", which can help in efficient path construction. Let's think about this for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY TRUSTED BY ME (because if it was directly trusted by me, I would already have a trusted copy of its public key and would not need certificates in which it was the subject). If it is not directly trusted by me, then why would I necessarily trust it to do this sorting in a way that is beneficial to my path construction needs? How does it know what *my* definition of "domain" is? How does it know whether most of my certificate validations will be "intra" its definition of domain or "inter" its definition of domain? If this CA's definition of domain and my definition of domain do not coincide exactly (and why should they, since in general this CA and I have no pre-established relationship?), then this sorting performed by the CA is not merely useless to me, it is actually an explicit disadvantage (because the proponents of option 1 are recommending that all the intra-domain certificates be examined *before* the inter-domain certificates are examined, leading to worst-case path-construction times for what may turn out to be a common scenario). Relying parties know what certificates they will be validating most often, depending upon what particular activity they are engaged in at the moment. THAT defines the relying parties' "intra" and "inter" domains. CAs in the middle of a cert. path cannot possibly know this, in general, so having THEM define a domain and sort certificates according to that definition is really meaningless. Note that there will be special circumstances in which one definition of domain will be understood throughout a given environment (e.g., the strict hierarchy of CAs has been cited in previous posts on this topic). In such cases there is a clear efficiency advantage to be gained in path construction. This is why option 2 is the perfect compromise: for such environments relying parties need only retrieve the n1 < n certificates that they *know* will be useful to them. Option 2 therefore meets the needs of the general case as well as the special case, while simultaneously guaranteeing interoperability of two installed bases which would otherwise have no hope of interoperating today. The price of this panacea? A few redundant certificates in the Directory. Is it really worth sacrificing the general- (and perhaps common-) case scenario, as well as interoperability, in order to save a few certificates and satisfy a particular special-case? I haven't yet heard any convincing arguments... Carlisle. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA06580 for ietf-pkix-bks; Thu, 3 Sep 1998 11:19:46 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA06576 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:19:44 -0700 (PDT) Received: from ash (ash.chromatix.com [207.97.115.9]) by chromatix.com (8.8.8/8.8.8) with SMTP id OAA21961; Thu, 3 Sep 1998 14:23:52 -0400 (EDT) (envelope-from David.Horvath@chromatix.com) Message-ID: <00f701bdd766$a98bcf30$097361cf@ash.chromatix.com> From: "Dave Horvath" <David.Horvath@chromatix.com> To: "Bill Burr" <william.burr@nist.gov> Cc: <ietf-pkix@imc.org> Subject: Re: What the straw poll means Date: Thu, 3 Sep 1998 14:14:16 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk I understand the problems Bill is having with the definitions of roots and domains. I think we are all having those problems. It seems that roughly half of the people I communicated with are concerned with the definitions and feel that population of all the cACertificates in one attribute may help. I personally do not feel this helps, however we should all be interested in a compromise to keep things moving and to keep both sides happy. I must admit that I like the idea of being able to go to one place in the directory to find all certificates that a CA has issued (I believe Stefan pointed this out). It appears that populating all CA certificates in the reverse component of the crossCertificatePair attribute solves this requirement and does not duplicate certs in a single CAs entry. This gives clients that work in a forward direction the ability to determine all of the certificates that a CA has issued. This type of population is clearly mandated by option 2 and only allowed by option 1. Option 1 does not mandate it. This type of population avoids duplication of certificates in a single CA entry (they are duplicated in subordinate, mesh, cross whatever), but seems to be advantageous from a clients point of view. Would populating the reverse component with all issued CA certificates provide a compromise that supports a single attribute to retrieve all certs? Would this help with the installed base issue? Dave Horvath -----Original Message----- From: Bill Burr <william.burr@nist.gov> To: Dave Horvath <David.Horvath@chromatix.com> Cc: ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Thursday, September 03, 1998 12:44 PM Subject: Re: What the straw poll means >But what is a root here? Does it imply that a domain is PKI hierarchy? I >can think of 3 plausible constructions of root, all of which I believe I've >seen used: > >(1) any CA whose key you choose to trust and therefore can start a >certification path, but which may not imply any other organization or >structure; > >(2) a CA whose key everybody in the domain (what's a domain?) trusts and >which sits on top of a hierarchical unidirectional certification tree (as >in MISSI or PEM); > >(3) a CA that exists to cross-certify with other CAs, but issues few or no >end entity certificates, and starts few or no certification paths; it >simply exists to connect other CAs. Examples would be the ANX "supervisory >CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central >Facility, or the proposed Federal PKI "Bridge CA." Such a CA is often >depicted at the hub of a mesh, or the top of a hierarchy, and operated in >conjunction with the overall domain policy management authority. > > >I suppose a "trusted root" can be either 1 or 2 above. > >But "root" to me doesn't necessarily say much about path development, or >PKI certification path structure. > >How about domain? What does it mean? I claim that the term makes most >sense to mean a part of a PKI that operates under the direction of a policy >management entity. Which wouldn't necessarily mean that domain boundaries >coincide with distinctions that are meaningful for certification path >building. > >Option 1 is probably useful if you think that a domain is everything >subordinate to the same root CA, where a root is any CA that somebody uses >to start a trust path. So in a cross-certified mesh PKI, every CA is a >domain onto itself, and all CA certificates wind up only, I think, in the >crossCertificatePair attribute. But in a hierarchical PKI most >certificates wind up in the cACertificate Attribute. > >I have the feeling that Bob is right at least for option 1, unless we know >what a domain is we hardly know what we are getting. With option 2, I >suppose we are guaranteed that all certificates wind up in >crossCertificatePair, whatever domain means. > >At 11:14 AM 9/3/98 -0400, you wrote: >>Bob, >> >> I feel that the definition of domain is a local policy and that CAs >>should be free to define it as they wish. Clients that search/read CAs >>entries and obtain the values from both the cACertificate and >>crossCertificatePair attributes can explore the values in the cACertficate >>attribute first. If a path to the trusted root is found, processing stops. >>If not, they can explore the crossCertificatePair attribute. Using this >>algorithm CAs can define their domain and post each of their CA certificates >>to one attribute or the other. The only adverse affect will be efficiency >>in path development on the client side if the CA does not carefully select >>intra or inter domain. WIth option 1, the certificates are not duplicated. >>With option 2, they are. >> >>But if we have an installed base that only looks in the crossCertificatePair >>attribute, then we have a problem. In that case option 2 will help at the >>expense of duplicating the data. I suggest we avoid duplication if >>possible, but we certainly must evaluate the installed base. >> >>Dave Horvath >> >> >> >> >>-----Original Message----- >>From: Bob Jueneman <BJUENEMAN@novell.com> >>To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org >><ietf-pkix@imc.org> >>Date: Wednesday, September 02, 1998 10:21 PM >>Subject: RE: What the straw poll means >> >> >>>Santosh doesn't seem to have answered the questions I've raised >>>regarding the definition of the domain, but he seems to believe that >>>option 2 doesn't solve that problem either. >>> >>>If so, I am increasingly beginning to lean towards "NONE OF THE >>>ABOVE". >>> >>>Rebuttal, Sharon/Carlisle? >>> >>>Bob >>> >>>>Yes Bob. I hate to say this, but you have misinterpreted. >>>> >>>>The basic difference between the two approaches is the under option 1 >>>>you store a certificate only one time under a CA's entry. Which >>>>certifying CA is in its domain is upto a subject CA to decide. >>>> >>>>In all honesty, I do not see a benefit to option 2 except for the >>>>argument that some installed base already does it this way. >>>> >>>>Option 1 achieves everything option 2 and with efficiency. >>>> >>>>I do not understand how option 2 solves your problems either. We need >>>>to have a discussion on computational complexity of path development to >>>>allay your concerns. >>>> >>>>The way I look at the difference between the two options is that if >>>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >>>>bucket and n2 in another. Option 2 says put n in one bucket and n1 in >>>>another. When you retrieve the two buckets (which you must for path >>>>development efficiency), option 2 gives you n+n1 certificates and option >>>>1 gives you exactly all n. >>>> >>>>> -----Original Message----- >>>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >>>>> Sent: Wednesday, September 02, 1998 8:33 PM >>>>> To: ietf-pkix@imc.org >>>>> Cc: chokhani@cygnacom.com >>>>> Subject: What the straw poll means >>>>> >>>>> This is almost as exciting as watching a horse race! >>>>> >>>>> But what are we to make of the situation if the vote is as >>>>> close as it appears to be at present -- does that truly indicate >>>>> a "rough consensus"? >>>>> >>>>> As of earlier this morning, Chromatix was ahead, with >>>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes >>>>> cast; and MISSI some others are clustered around third place. >>>>> >>>>> So far, with the exception of a split between MISSI and NIST >>>>> as two US Government factions, the voting seems to be >>>>> strictly by company. >>>>> >>>>> Now, the polite fiction within the IETF is that memberships are by >>>>> individual, and that there are no "votes" per se, and certainly not >>>>> on a company by company basis. That's the fiction, at least.. >>>>> Whether this convention shall long endure now that the IETF has >>>>> apparently lost some or all of its government funding and has >>>>> to become more self-sufficient will be interesting to see. >>>>> >>>>> But unless one side or the other starts to make some significant >>>>> in-roads by the dint of more persuasive technical argument, then I >>>>> think >>>>> it's effectively a draw, and we may be counting companies and their >>>>> installed base at least as much, and perhaps more, than >>>>> balancing the technical alternatives. >>>>> >>>>> Now, if we are truly at a technical impasse and the vote has to be >>>>> binary, i.e., only one way or the other, then maybe counting installed >>>>> clients and minimizing the pain is really the way to go, but frankly >>>>> that approach makes me uncomfortable. I want both interoperability >>>>> AND efficiency, and I would hate to see us don't want to be >>>>> pressured into a less than satisfactory decision, whatever that is, >>>>> just because we are in a rush to get over the next hurdle in the >>>>> standards progression. >>>>> >>>>> I originally said that I was inclined to go with option 1, because >>>>> it at least appeared to be simpler. However, I also said that I was >>>>> concerned about the "local" definition of a domain by a CA, >>>>> and the more I think about it, the more concerned I get. >>>>> >>>>> That approach might be viable for an organization such as MISSI, >>>>> where everyone presumably knows what community of interest >>>>> they fall into, but how would it apply to a public CA such as >>>>> VeriSign? >>>>> >>>>> Would they view all of their certificates as falling into one domain, >>>>> including any certificates issued by subordinate CAs, as in the case >>>>> of the old RSA Commercial hierarchy? >>>>> >>>>> What about GTE CyberTrust, considering their presumed affinity >>>>> with their ISP business. Would all of those certificates fall into >>>>> one domain? >>>>> >>>>> Now suppose I want to validate a certificate from Erols. Do I decide >>>>> that >>>>> because Erols is in the top half of the alphabet that they probably >>>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >>>>> East Coast/West Coast split, like radio and TV stations use W or K in >>>>> their call sign? >>>>> >>>>> What if Novell and Microsoft were to become CAs and issue certificates >>>>> >>>>> to their customers directly, at least their larger accounts. Would >>>>> the relying >>>>> party have to try to divine whether a subscriber was running NetWare >>>>> or >>>>> NT in order to decide what domain they would be likely to be in? >>>>> >>>>> Santosh, have I misrepresented the issue here? Feel free to correct >>>>> me, if so. >>>>> Maybe I just don't understand. >>>>> >>>>> Now, if the definition of "domain" were amended somewhat, perhaps some >>>>> of these difficulties might go away. >>>>> >>>>> In particular, it seems to me that "domain" probably ought to have a >>>>> lot to do >>>>> with name subordination, or at least the possibility of doing name >>>>> subordination, >>>>> so that it would be deterministic. That might not solve all of the >>>>> concerns that those >>>>> who are inclined to vote for option 2 might have in mind, but it might >>>>> help. >>>>> >>>>> So if I am a Novell employee, and I receive an S/MIME message that >>>>> contains >>>>> a certificate that begins with c=US, o=Novell, I can probably make an >>>>> excellent >>>>> good guess of what CA to go to, assuming that Novell operates a CA in >>>>> its >>>>> own name. But where do I go for a certificate from Acme >>>>> Manufacturing? >>>>> >>>>> I don't mean to beat up on the option 1 folks exclusively -- maybe >>>>> there are >>>>> some things that could be done within the options 2 that would come >>>>> closer to a >>>>> compromise without breaking those existing clients. But I need to >>>>> think about that >>>>> some more. maybe someone else could volunteer some suggestions. >>>>> >>>>> Bob >>>>> >>>>> Robert R. Jueneman >>>>> Novell, Inc. >>>>> 122 E. 1700 South >>>>> Provo, UT 84606 >>>>> bjueneman@novell.com >>>>> 1-801-861-7387 >>> >>> >> >> >Regards, > >Bill Burr > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA06389 for ietf-pkix-bks; Thu, 3 Sep 1998 10:59:08 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA06385 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 10:59:06 -0700 (PDT) Received: by gateway.r3.ch id <6807>; Thu, 3 Sep 1998 20:05:15 +0100 Message-Id: <98Sep3.200515gmt+0100.6807@gateway.r3.ch> From: Rainer Rueppel <rueppel@r3.ch> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Thu, 3 Sep 1998 19:01:41 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA06098 for ietf-pkix-bks; Thu, 3 Sep 1998 10:26:28 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA06094 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 10:26:25 -0700 (PDT) Received: by gateway.r3.ch id <6804>; Thu, 3 Sep 1998 19:32:13 +0100 Message-Id: <98Sep3.193213gmt+0100.6804@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Ambarish Malpani'" <ambarish@valicert.com> Subject: RE: Where to store CA certificates Date: Thu, 3 Sep 1998 18:26:10 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Ambarish It is the relying party, not the CA, which knows the priority for identifying the most efficient set of certificates for path building for a specific certificate validation. Further, the priority for a single relying party can change from operation to operation depending on the particular environment in which they are operating. For that primary reason, I don't think the CA's domain (whatever they define it to be) is a very useful split, but rather allowing client systems to perform flexible filtering of the contents of the directory with matching rules that allow them to match on particular elements of the certificates is the most generic and flexible approach. While a CA could provide some helpful hints to relying parties (e.g. through the use of cACertificate attribute or other attributes and prioritization tags) this can only help a subset of relying parties who understand that CAs definition of domain and/or prioritization criteria. Other relying parties may have completely opposite priorities and relying parties for which the CA hints are useless should be equally supported. As we migrate to LDAPv3, the extensible match capability of that protocol, combined with the matching rules currently in X.509 (or some evolution of them) should enable ONLY the certificates of interest to a particular relying party and for a particular validation instance to be retrieved. While it is true that an extensible match can be applied to more than one attribute on a single directory protocol exchange, this does require extra processing on the directory side, provides no additional value, and is obviously more work for the directory than to filter on a single attribute rather than always on two. There would be nothing to prevent the use of additional attributes (either locally defined or standardized), or some other technologies (e.g. the use of directory contexts to flag particular values of a single attribute) but at this point I believe those would be more locally contained than standardized so I see them as additional helpful hints potentially. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Ambarish Malpani[SMTP:ambarish@valicert.com] > Sent: September 3, 1998 12:54 PM > To: 'ietf-pkix@imc.org' > Subject: Where to store CA certificates > > Hi Guys, > Given the huge amount of passion that the topic of where one > stores CA certificates has generated, it seems to me that path > building is both a complicated and important thing ;-) > > If the premise above is true, wouldn't one want to prioritize > path building more precisely than just lumping CA certs into > one of two categories (intra-domain/inter-domain)? > > Would it make sense to have another attribute attached to > CA certificates - something like a "priority" field, with say > an integer value, where, during path building you first try to > build paths with the CA cert with the highest priority? > > Or is this a BAD idea, because it doesn't work with any of > the current implementations? > > Comments? Sharon, Santosh? > > Regards, > Ambarish > > -- > --------------------------------------------------------------------- > Ambarish Malpani > Architect 650.567.5457 > ValiCert, Inc. > ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043-1833 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05571 for ietf-pkix-bks; Thu, 3 Sep 1998 09:49:59 -0700 (PDT) Received: from atlantic.valicert.com (atlantic.valicert.com [209.185.6.135] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA05566 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:49:58 -0700 (PDT) Received: (qmail 24860 invoked from network); 3 Sep 1998 16:54:25 -0000 Received: from amazon.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 3 Sep 1998 16:54:25 -0000 Message-ID: <35EEC9BB.3F7B9C44@valicert.com> Date: Thu, 03 Sep 1998 09:54:19 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Where to store CA certificates References: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Guys, Given the huge amount of passion that the topic of where one stores CA certificates has generated, it seems to me that path building is both a complicated and important thing ;-) If the premise above is true, wouldn't one want to prioritize path building more precisely than just lumping CA certs into one of two categories (intra-domain/inter-domain)? Would it make sense to have another attribute attached to CA certificates - something like a "priority" field, with say an integer value, where, during path building you first try to build paths with the CA cert with the highest priority? Or is this a BAD idea, because it doesn't work with any of the current implementations? Comments? Sharon, Santosh? Regards, Ambarish -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05522 for ietf-pkix-bks; Thu, 3 Sep 1998 09:46:08 -0700 (PDT) Received: from chopin.digsigtrust.com (chopin.digsigtrust.com [208.30.64.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA05518 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:46:07 -0700 (PDT) Received: from digsigtrust.com (rfwdesktop.digsigtrust.com [208.30.64.114]) by chopin.digsigtrust.com (8.9.1/8.9.1) with ESMTP id KAA12051 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 10:50:13 -0600 (MDT) Message-ID: <35EECE85.85DD213F@digsigtrust.com> Date: Thu, 03 Sep 1998 11:14:45 -0600 From: "Russel F. Weiser" <rweiser@digsigtrust.com> X-Mailer: Mozilla 4.05 [en] (WinNT; U) MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: What the straw poll means References: <98Sep3.134059gmt+0100.6803@gateway.r3.ch> Content-Type: multipart/mixed; boundary="------------4DB9C958A073A47F89771625" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------4DB9C958A073A47F89771625 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'm a new to the PKIX in general and am more familiar with LDAP v3 then the CA environment. I did understand the orignal draft and would have voted for it. That is if I would have been able to attend the wg meeting, but alas; I was in the LDAPEXT wg instead. I have voted for option 1, because it sounds like it minimizes storage as well as providing consistent knowledge of what goes in which attribute without duplicating storage. Now I would like to know the reason the orignal text was voted down since I couldn't be there. I know Bob keeps bringing up the DOMAIN issue and I do think that this is an issue since no one has of yet given it a definition. . Sharon Boeyen wrote: > The "two buckets" is exactly what I was trying to avoid in the earlier > debate on this topic, however I believe that the single bucket option > was rejected in the Chicago meeting. The single bucket option is the > text which is currently in the Internet Draft. With that text, all self > signed (or self issued certificates) were to be placed in the > cACertificate attribute and all certificates issued by one CA to a > different CA were put in the crossCertificatePair attribute. Depending > on the particular path development algorithm being used by a relying > party, directory search tools, especially when we evolve to LDAPv3 could > be used to filter the content of the forward and or reverse elements of > that SINGLE attribute and provide the relying party with the set of > certificates of interest to that particular relying party. > > I still believe that this is the best solution because the relying party > systems are the ones that know which certs are of interest to them, not > the CA that happened to issue the certs, especially in the post PEM > world where any CA could legitimately have certs issued for it by > several CAs. > > My strong support for Option 2 in the straw poll is because the above > was rejected by the meeting and I see Option 2 as a workable compromise > ONLY because there is a complete set of certs in a single attribute and > relying parties can do what is of interest to them without knowing the > definition of domain which each individual CA happens to use. For self > contained environments wanting to make use of a CA or set of CAs certs > issued within some locally defined domain, this is still possible. > > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 2, 1998 8:48 PM > > To: 'Bob Jueneman'; ietf-pkix@imc.org > > Cc: Santosh Chokhani > > Subject: RE: What the straw poll means > > > > Yes Bob. I hate to say this, but you have misinterpreted. > > > > The basic difference between the two approaches is the under option 1 > > you store a certificate only one time under a CA's entry. Which > > certifying CA is in its domain is upto a subject CA to decide. > > > > In all honesty, I do not see a benefit to option 2 except for the > > argument that some installed base already does it this way. > > > > Option 1 achieves everything option 2 and with efficiency. > > > > I do not understand how option 2 solves your problems either. We need > > to have a discussion on computational complexity of path development > > to > > allay your concerns. > > > > The way I look at the difference between the two options is that if > > n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > > one > > bucket and n2 in another. Option 2 says put n in one bucket and n1 in > > another. When you retrieve the two buckets (which you must for path > > development efficiency), option 2 gives you n+n1 certificates and > > option > > 1 gives you exactly all n. > > > > > -----Original Message----- > > > From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > > > Sent: Wednesday, September 02, 1998 8:33 PM > > > To: ietf-pkix@imc.org > > > Cc: chokhani@cygnacom.com > > > Subject: What the straw poll means > > > > > > This is almost as exciting as watching a horse race! > > > > > > But what are we to make of the situation if the vote is as > > > close as it appears to be at present -- does that truly indicate > > > a "rough consensus"? > > > > > > As of earlier this morning, Chromatix was ahead, with > > > 8 votes cast; Entrust was tied with Microsoft with 4 votes > > > cast; and MISSI some others are clustered around third place. > > > > > > So far, with the exception of a split between MISSI and NIST > > > as two US Government factions, the voting seems to be > > > strictly by company. > > > > > > Now, the polite fiction within the IETF is that memberships are by > > > individual, and that there are no "votes" per se, and certainly not > > > on a company by company basis. That's the fiction, at least.. > > > Whether this convention shall long endure now that the IETF has > > > apparently lost some or all of its government funding and has > > > to become more self-sufficient will be interesting to see. > > > > > > But unless one side or the other starts to make some significant > > > in-roads by the dint of more persuasive technical argument, then I > > > think > > > it's effectively a draw, and we may be counting companies and their > > > installed base at least as much, and perhaps more, than > > > balancing the technical alternatives. > > > > > > Now, if we are truly at a technical impasse and the vote has to be > > > binary, i.e., only one way or the other, then maybe counting > > installed > > > clients and minimizing the pain is really the way to go, but frankly > > > > > that approach makes me uncomfortable. I want both interoperability > > > AND efficiency, and I would hate to see us don't want to be > > > pressured into a less than satisfactory decision, whatever that is, > > > just because we are in a rush to get over the next hurdle in the > > > standards progression. > > > > > > I originally said that I was inclined to go with option 1, because > > > it at least appeared to be simpler. However, I also said that I was > > > > > concerned about the "local" definition of a domain by a CA, > > > and the more I think about it, the more concerned I get. > > > > > > That approach might be viable for an organization such as MISSI, > > > where everyone presumably knows what community of interest > > > they fall into, but how would it apply to a public CA such as > > > VeriSign? > > > > > > Would they view all of their certificates as falling into one > > domain, > > > including any certificates issued by subordinate CAs, as in the case > > > of the old RSA Commercial hierarchy? > > > > > > What about GTE CyberTrust, considering their presumed affinity > > > with their ISP business. Would all of those certificates fall into > > > one domain? > > > > > > Now suppose I want to validate a certificate from Erols. Do I > > decide > > > that > > > because Erols is in the top half of the alphabet that they probably > > > use GTE, whereas Xerox would probably use VeriSign? Or do we do an > > > East Coast/West Coast split, like radio and TV stations use W or K > > in > > > their call sign? > > > > > > What if Novell and Microsoft were to become CAs and issue > > certificates > > > > > > to their customers directly, at least their larger accounts. Would > > > the relying > > > party have to try to divine whether a subscriber was running NetWare > > > or > > > NT in order to decide what domain they would be likely to be in? > > > > > > Santosh, have I misrepresented the issue here? Feel free to correct > > > me, if so. > > > Maybe I just don't understand. > > > > > > Now, if the definition of "domain" were amended somewhat, perhaps > > some > > > of these difficulties might go away. > > > > > > In particular, it seems to me that "domain" probably ought to have a > > > lot to do > > > with name subordination, or at least the possibility of doing name > > > subordination, > > > so that it would be deterministic. That might not solve all of the > > > concerns that those > > > who are inclined to vote for option 2 might have in mind, but it > > might > > > help. > > > > > > So if I am a Novell employee, and I receive an S/MIME message that > > > contains > > > a certificate that begins with c=US, o=Novell, I can probably make > > an > > > excellent > > > good guess of what CA to go to, assuming that Novell operates a CA > > in > > > its > > > own name. But where do I go for a certificate from Acme > > > Manufacturing? > > > > > > I don't mean to beat up on the option 1 folks exclusively -- maybe > > > there are > > > some things that could be done within the options 2 that would come > > > closer to a > > > compromise without breaking those existing clients. But I need to > > > think about that > > > some more. maybe someone else could volunteer some suggestions. > > > > > > Bob > > > > > > Robert R. Jueneman > > > Novell, Inc. > > > 122 E. 1700 South > > > Provo, UT 84606 > > > bjueneman@novell.com > > > 1-801-861-7387 > > --------------4DB9C958A073A47F89771625 Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Russel Weiser Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Russel Weiser n: Weiser;Russel org: DST email;internet: rweiser@DigSigTrust.COm x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------4DB9C958A073A47F89771625-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05452 for ietf-pkix-bks; Thu, 3 Sep 1998 09:40:08 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA05448 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:40:07 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id MAA05240; Thu, 3 Sep 1998 12:44:14 -0400 Message-Id: <3.0.5.32.19980903124753.0085d5f0@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 03 Sep 1998 12:47:53 -0400 To: "Dave Horvath" <David.Horvath@chromatix.com> From: Bill Burr <william.burr@nist.gov> Subject: Re: What the straw poll means Cc: ietf-pkix@imc.org In-Reply-To: <008001bdd74d$95b14bc0$097361cf@ash.chromatix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk But what is a root here? Does it imply that a domain is PKI hierarchy? I can think of 3 plausible constructions of root, all of which I believe I've seen used: (1) any CA whose key you choose to trust and therefore can start a certification path, but which may not imply any other organization or structure; (2) a CA whose key everybody in the domain (what's a domain?) trusts and which sits on top of a hierarchical unidirectional certification tree (as in MISSI or PEM); (3) a CA that exists to cross-certify with other CAs, but issues few or no end entity certificates, and starts few or no certification paths; it simply exists to connect other CAs. Examples would be the ANX "supervisory CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central Facility, or the proposed Federal PKI "Bridge CA." Such a CA is often depicted at the hub of a mesh, or the top of a hierarchy, and operated in conjunction with the overall domain policy management authority. I suppose a "trusted root" can be either 1 or 2 above. But "root" to me doesn't necessarily say much about path development, or PKI certification path structure. How about domain? What does it mean? I claim that the term makes most sense to mean a part of a PKI that operates under the direction of a policy management entity. Which wouldn't necessarily mean that domain boundaries coincide with distinctions that are meaningful for certification path building. Option 1 is probably useful if you think that a domain is everything subordinate to the same root CA, where a root is any CA that somebody uses to start a trust path. So in a cross-certified mesh PKI, every CA is a domain onto itself, and all CA certificates wind up only, I think, in the crossCertificatePair attribute. But in a hierarchical PKI most certificates wind up in the cACertificate Attribute. I have the feeling that Bob is right at least for option 1, unless we know what a domain is we hardly know what we are getting. With option 2, I suppose we are guaranteed that all certificates wind up in crossCertificatePair, whatever domain means. At 11:14 AM 9/3/98 -0400, you wrote: >Bob, > > I feel that the definition of domain is a local policy and that CAs >should be free to define it as they wish. Clients that search/read CAs >entries and obtain the values from both the cACertificate and >crossCertificatePair attributes can explore the values in the cACertficate >attribute first. If a path to the trusted root is found, processing stops. >If not, they can explore the crossCertificatePair attribute. Using this >algorithm CAs can define their domain and post each of their CA certificates >to one attribute or the other. The only adverse affect will be efficiency >in path development on the client side if the CA does not carefully select >intra or inter domain. WIth option 1, the certificates are not duplicated. >With option 2, they are. > >But if we have an installed base that only looks in the crossCertificatePair >attribute, then we have a problem. In that case option 2 will help at the >expense of duplicating the data. I suggest we avoid duplication if >possible, but we certainly must evaluate the installed base. > >Dave Horvath > > > > >-----Original Message----- >From: Bob Jueneman <BJUENEMAN@novell.com> >To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org ><ietf-pkix@imc.org> >Date: Wednesday, September 02, 1998 10:21 PM >Subject: RE: What the straw poll means > > >>Santosh doesn't seem to have answered the questions I've raised >>regarding the definition of the domain, but he seems to believe that >>option 2 doesn't solve that problem either. >> >>If so, I am increasingly beginning to lean towards "NONE OF THE >>ABOVE". >> >>Rebuttal, Sharon/Carlisle? >> >>Bob >> >>>Yes Bob. I hate to say this, but you have misinterpreted. >>> >>>The basic difference between the two approaches is the under option 1 >>>you store a certificate only one time under a CA's entry. Which >>>certifying CA is in its domain is upto a subject CA to decide. >>> >>>In all honesty, I do not see a benefit to option 2 except for the >>>argument that some installed base already does it this way. >>> >>>Option 1 achieves everything option 2 and with efficiency. >>> >>>I do not understand how option 2 solves your problems either. We need >>>to have a discussion on computational complexity of path development to >>>allay your concerns. >>> >>>The way I look at the difference between the two options is that if >>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >>>bucket and n2 in another. Option 2 says put n in one bucket and n1 in >>>another. When you retrieve the two buckets (which you must for path >>>development efficiency), option 2 gives you n+n1 certificates and option >>>1 gives you exactly all n. >>> >>>> -----Original Message----- >>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >>>> Sent: Wednesday, September 02, 1998 8:33 PM >>>> To: ietf-pkix@imc.org >>>> Cc: chokhani@cygnacom.com >>>> Subject: What the straw poll means >>>> >>>> This is almost as exciting as watching a horse race! >>>> >>>> But what are we to make of the situation if the vote is as >>>> close as it appears to be at present -- does that truly indicate >>>> a "rough consensus"? >>>> >>>> As of earlier this morning, Chromatix was ahead, with >>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes >>>> cast; and MISSI some others are clustered around third place. >>>> >>>> So far, with the exception of a split between MISSI and NIST >>>> as two US Government factions, the voting seems to be >>>> strictly by company. >>>> >>>> Now, the polite fiction within the IETF is that memberships are by >>>> individual, and that there are no "votes" per se, and certainly not >>>> on a company by company basis. That's the fiction, at least.. >>>> Whether this convention shall long endure now that the IETF has >>>> apparently lost some or all of its government funding and has >>>> to become more self-sufficient will be interesting to see. >>>> >>>> But unless one side or the other starts to make some significant >>>> in-roads by the dint of more persuasive technical argument, then I >>>> think >>>> it's effectively a draw, and we may be counting companies and their >>>> installed base at least as much, and perhaps more, than >>>> balancing the technical alternatives. >>>> >>>> Now, if we are truly at a technical impasse and the vote has to be >>>> binary, i.e., only one way or the other, then maybe counting installed >>>> clients and minimizing the pain is really the way to go, but frankly >>>> that approach makes me uncomfortable. I want both interoperability >>>> AND efficiency, and I would hate to see us don't want to be >>>> pressured into a less than satisfactory decision, whatever that is, >>>> just because we are in a rush to get over the next hurdle in the >>>> standards progression. >>>> >>>> I originally said that I was inclined to go with option 1, because >>>> it at least appeared to be simpler. However, I also said that I was >>>> concerned about the "local" definition of a domain by a CA, >>>> and the more I think about it, the more concerned I get. >>>> >>>> That approach might be viable for an organization such as MISSI, >>>> where everyone presumably knows what community of interest >>>> they fall into, but how would it apply to a public CA such as >>>> VeriSign? >>>> >>>> Would they view all of their certificates as falling into one domain, >>>> including any certificates issued by subordinate CAs, as in the case >>>> of the old RSA Commercial hierarchy? >>>> >>>> What about GTE CyberTrust, considering their presumed affinity >>>> with their ISP business. Would all of those certificates fall into >>>> one domain? >>>> >>>> Now suppose I want to validate a certificate from Erols. Do I decide >>>> that >>>> because Erols is in the top half of the alphabet that they probably >>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >>>> East Coast/West Coast split, like radio and TV stations use W or K in >>>> their call sign? >>>> >>>> What if Novell and Microsoft were to become CAs and issue certificates >>>> >>>> to their customers directly, at least their larger accounts. Would >>>> the relying >>>> party have to try to divine whether a subscriber was running NetWare >>>> or >>>> NT in order to decide what domain they would be likely to be in? >>>> >>>> Santosh, have I misrepresented the issue here? Feel free to correct >>>> me, if so. >>>> Maybe I just don't understand. >>>> >>>> Now, if the definition of "domain" were amended somewhat, perhaps some >>>> of these difficulties might go away. >>>> >>>> In particular, it seems to me that "domain" probably ought to have a >>>> lot to do >>>> with name subordination, or at least the possibility of doing name >>>> subordination, >>>> so that it would be deterministic. That might not solve all of the >>>> concerns that those >>>> who are inclined to vote for option 2 might have in mind, but it might >>>> help. >>>> >>>> So if I am a Novell employee, and I receive an S/MIME message that >>>> contains >>>> a certificate that begins with c=US, o=Novell, I can probably make an >>>> excellent >>>> good guess of what CA to go to, assuming that Novell operates a CA in >>>> its >>>> own name. But where do I go for a certificate from Acme >>>> Manufacturing? >>>> >>>> I don't mean to beat up on the option 1 folks exclusively -- maybe >>>> there are >>>> some things that could be done within the options 2 that would come >>>> closer to a >>>> compromise without breaking those existing clients. But I need to >>>> think about that >>>> some more. maybe someone else could volunteer some suggestions. >>>> >>>> Bob >>>> >>>> Robert R. Jueneman >>>> Novell, Inc. >>>> 122 E. 1700 South >>>> Provo, UT 84606 >>>> bjueneman@novell.com >>>> 1-801-861-7387 >> >> > > Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05420 for ietf-pkix-bks; Thu, 3 Sep 1998 09:37:57 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA05416 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:37:56 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Thu, 03 Sep 1998 10:42:00 -0600 Message-Id: <s5ee7278.091@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Thu, 03 Sep 1998 10:41:47 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <william.burr@nist.gov> Cc: <ietf-pkix@imc.org> Subject: Re: What the straw poll means Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA05417 Sender: owner-ietf-pkix@imc.org Precedence: bulk Bill, I was only gently tweaking the USG -- anyone who has ever dealt with NIST, NSA, or the FBI on issues like export controls knows that each agency has its one separate agenda and priorities. I for one would hate to have to be the President or Vice President who has to knock heads and try to get the Administration to speak with one voice. But your comments on the pioneers are very apropos. As a major player in the directory space, Novell certainly has an interest in this area. We would hate to see a solution adopted that unnecessarily wastes directory space. On the other hand, memory is getting cheaper and cheaper, but Internet congestion is getting worse, and it isn't clear that caching or other approaches would be likely to apply here. so I'm not sure that I completely buy Tim's argument that interoperability is more important than efficiency. To further complicate the problem, Novell has a relationship with Entrust, and we certainly have no desire to see their interests harmed. But likewise, we consider the US Government a very important customer, and we would hate to see a solution adopted that would fly in the face of MISSI's and DMS's needs. Knowing both Sharon and Santosh reasonably well, I can certainly say that they are both bright, and have an excellent understanding of the technology. The fact that they and others come out on opposite sides of the issue probably means that their views of the underlying problem space and their priorities, are probably different, rather than being due to some flaw in their logic. If all else fails and we have to make a choice, I also would favor not shafting the early developer who has helped the market grow. The trouble is, I'm not exactly sure whose ox would be gored, and how much effort it would take to fix it. Entrust obviously has an investment in their current client, but what the cost of changing it would be I don't know. Likewise, I'm not sure who many other players in this space have already developed clients that might also be impacted. What is pretty obvious by now is that there isn't a clear consensus, at least not yet, and that cogent arguments can be made on both sides depending on what your assumptions are regarding the behavior of the clients, which may require a crystal ball. So maybe we should go back to the drawing board and see if we have exhausted all of the possible alternatives. For example, Sharon mentioned that she thought that the "single bucket" approach was ruled out in Chicago. I wasn't there and so I don't know the pros and cons, but it would seem that reexamining that possibility might be worthwhile. At least on the surface it seems to solve both problems. Others have commented that with appropriate LDAP filters it is possible to retrieve certificates from both piles simultaneously. Maybe there is a pony in there somewhere that could be explored more fully, especially for those of us who are not LDAP gurus. I WANT my cake and eat it, too! Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05400 for ietf-pkix-bks; Thu, 3 Sep 1998 09:36:11 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA05396 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:36:10 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQffgk13897; Thu, 3 Sep 1998 12:40:21 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRB215>; Thu, 3 Sep 1998 12:42:33 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD53608D@exchang-fairfax.pec.com> From: WHenry <WHenry@pec.com> To: ietf-pkix@imc.org Subject: For Option #2 Date: Thu, 3 Sep 1998 12:42:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA04949 for ietf-pkix-bks; Thu, 3 Sep 1998 09:27:37 -0700 (PDT) Received: from mw.3com.com (intergate.usr.com [149.112.20.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA04942 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:27:35 -0700 (PDT) Received: from mwgate02.mw.3com.com by mw.3com.com (8.8.5/3.1.090690-US Robotics) id LAA09323; Thu, 3 Sep 1998 11:36:23 -0500 (CDT) Received: by mwgate02.mw.3com.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 86256674.005B319B ; Thu, 3 Sep 1998 11:36:04 -0500 X-Lotus-FromDomain: 3COM@3COM-MWGATE From: "Boby Joseph" <Boby_Joseph@mw.3com.com> To: ietf-pkix@imc.org Message-ID: <86256674.005B2F2F.00@mwgate02.mw.3com.com> Date: Thu, 3 Sep 1998 11:36:24 -0500 Subject: For option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA04631 for ietf-pkix-bks; Thu, 3 Sep 1998 09:25:19 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA04623 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:25:18 -0700 (PDT) Received: from [128.89.0.110] (COSMEC.BBN.COM [128.89.0.110]) by po1.bbn.com (8.8.6/8.8.6) with ESMTP id MAA23905 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 12:30:05 -0400 (EDT) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: kent@po1.bbn.com Message-Id: <v04011704b214746ad0fe@[128.89.0.110]> In-Reply-To: <s5ed8f62.071@prv-mail25.provo.novelll.com> Date: Thu, 3 Sep 1998 12:32:04 -0400 To: <ietf-pkix@imc.org> From: Stephen Kent <kent@bbn.com> Subject: Re: What the straw poll means Sender: owner-ietf-pkix@imc.org Precedence: bulk Folks, A straw poll is not a vote, since we don't vote in the IETF or in WGs. The WG chair(s) retain discretion to interpret the outcome of s straw poll, e.g., to discount any apparent ballot box stuffing by a given organization. I asked Sharon to extend the polling period because this is clearly a contentious issue and because we usually allow about a week for such activities, although we have gone through shorter polling intervals on occasion. have a nice Labor Day weekend, Steve Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA03056 for ietf-pkix-bks; Thu, 3 Sep 1998 09:09:07 -0700 (PDT) Received: from att.com (kcgw1.att.com [192.128.133.151]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA03051 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:09:05 -0700 (PDT) Received: from kcig1.fw.att.com by kcgw1.att.com (AT&T/IPNS/UPAS-1.0) for imc.org!ietf-pkix sender att.com!jayhawk (att.com!jayhawk); Thu Sep 3 11:12 CDT 1998 Received: from qsun.ho.att.com (qsunn.ho.att.com [135.16.30.2]) by kcig1.fw.att.com (AT&T/IPNS/GW-1.0) with SMTP id LAA02486 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:12:13 -0500 (CDT) Received: from sloop.local.windrose.omaha.ne.us by qsun.ho.att.com (SMI-8.6/EMS-1.2 sol2) id MAA15045; Thu, 3 Sep 1998 12:12:00 -0400 From: "Ryan Moats" <jayhawk@att.com> To: <John_Wray@iris.com> Cc: <ietf-pkix@imc.org> Subject: Retrieval efficiency herring? (was... RE: What the straw poll means) Date: Thu, 3 Sep 1998 11:14:31 -0500 Message-ID: <000101bdd755$ef033a00$c8c8090a@sloop.local.windrose.omaha.ne.us> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal In-Reply-To: <85256674.00465F65.00@arista.iris.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk John_Wray@iris.com writes: > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory (option > 2 stores intra-domain certificates twice) or retrieval efficiency for > the verifier (option 1 require a verifier that wants all a target CA's > certificates to retrieve them from two places). As somebody coming to the party late from the LDAP world, I don't see why the certificates need to be retrieved from two places. An LDAP lookup of an object with a fairly simple filter (objectclass="*") will return all of the attributes associated with that object. Therefore a single lookup will return both attributes, so I don't understand how retrieval efficiency is gained. Ryan Moats Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA02866 for ietf-pkix-bks; Thu, 3 Sep 1998 08:46:32 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA02862 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 08:46:31 -0700 (PDT) From: Mary_Ellen_Zurko@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090311504488:1045 for <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 11:50:44 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090311504488:1045 for <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 11:50:44 -0400 X-Lotus-FromDomain: IRIS To: ietf-pkix@imc.org Message-ID: <85256674.0057297C.00@arista.iris.com> Date: Thu, 3 Sep 1998 11:53:53 -0400 Subject: For Option 2 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA02506 for ietf-pkix-bks; Thu, 3 Sep 1998 08:20:25 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA02502 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 08:20:24 -0700 (PDT) Received: from ash (ash.chromatix.com [207.97.115.9]) by chromatix.com (8.8.8/8.8.8) with SMTP id LAA21436; Thu, 3 Sep 1998 11:24:22 -0400 (EDT) (envelope-from David.Horvath@chromatix.com) Message-ID: <008001bdd74d$95b14bc0$097361cf@ash.chromatix.com> From: "Dave Horvath" <David.Horvath@chromatix.com> To: "Bob Jueneman" <BJUENEMAN@novell.com>, <chokhani@cygnacom.com>, <ietf-pkix@imc.org> Subject: Re: What the straw poll means Date: Thu, 3 Sep 1998 11:14:45 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Bob, I feel that the definition of domain is a local policy and that CAs should be free to define it as they wish. Clients that search/read CAs entries and obtain the values from both the cACertificate and crossCertificatePair attributes can explore the values in the cACertficate attribute first. If a path to the trusted root is found, processing stops. If not, they can explore the crossCertificatePair attribute. Using this algorithm CAs can define their domain and post each of their CA certificates to one attribute or the other. The only adverse affect will be efficiency in path development on the client side if the CA does not carefully select intra or inter domain. WIth option 1, the certificates are not duplicated. With option 2, they are. But if we have an installed base that only looks in the crossCertificatePair attribute, then we have a problem. In that case option 2 will help at the expense of duplicating the data. I suggest we avoid duplication if possible, but we certainly must evaluate the installed base. Dave Horvath -----Original Message----- From: Bob Jueneman <BJUENEMAN@novell.com> To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Wednesday, September 02, 1998 10:21 PM Subject: RE: What the straw poll means >Santosh doesn't seem to have answered the questions I've raised >regarding the definition of the domain, but he seems to believe that >option 2 doesn't solve that problem either. > >If so, I am increasingly beginning to lean towards "NONE OF THE >ABOVE". > >Rebuttal, Sharon/Carlisle? > >Bob > >>Yes Bob. I hate to say this, but you have misinterpreted. >> >>The basic difference between the two approaches is the under option 1 >>you store a certificate only one time under a CA's entry. Which >>certifying CA is in its domain is upto a subject CA to decide. >> >>In all honesty, I do not see a benefit to option 2 except for the >>argument that some installed base already does it this way. >> >>Option 1 achieves everything option 2 and with efficiency. >> >>I do not understand how option 2 solves your problems either. We need >>to have a discussion on computational complexity of path development to >>allay your concerns. >> >>The way I look at the difference between the two options is that if >>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >>bucket and n2 in another. Option 2 says put n in one bucket and n1 in >>another. When you retrieve the two buckets (which you must for path >>development efficiency), option 2 gives you n+n1 certificates and option >>1 gives you exactly all n. >> >>> -----Original Message----- >>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >>> Sent: Wednesday, September 02, 1998 8:33 PM >>> To: ietf-pkix@imc.org >>> Cc: chokhani@cygnacom.com >>> Subject: What the straw poll means >>> >>> This is almost as exciting as watching a horse race! >>> >>> But what are we to make of the situation if the vote is as >>> close as it appears to be at present -- does that truly indicate >>> a "rough consensus"? >>> >>> As of earlier this morning, Chromatix was ahead, with >>> 8 votes cast; Entrust was tied with Microsoft with 4 votes >>> cast; and MISSI some others are clustered around third place. >>> >>> So far, with the exception of a split between MISSI and NIST >>> as two US Government factions, the voting seems to be >>> strictly by company. >>> >>> Now, the polite fiction within the IETF is that memberships are by >>> individual, and that there are no "votes" per se, and certainly not >>> on a company by company basis. That's the fiction, at least.. >>> Whether this convention shall long endure now that the IETF has >>> apparently lost some or all of its government funding and has >>> to become more self-sufficient will be interesting to see. >>> >>> But unless one side or the other starts to make some significant >>> in-roads by the dint of more persuasive technical argument, then I >>> think >>> it's effectively a draw, and we may be counting companies and their >>> installed base at least as much, and perhaps more, than >>> balancing the technical alternatives. >>> >>> Now, if we are truly at a technical impasse and the vote has to be >>> binary, i.e., only one way or the other, then maybe counting installed >>> clients and minimizing the pain is really the way to go, but frankly >>> that approach makes me uncomfortable. I want both interoperability >>> AND efficiency, and I would hate to see us don't want to be >>> pressured into a less than satisfactory decision, whatever that is, >>> just because we are in a rush to get over the next hurdle in the >>> standards progression. >>> >>> I originally said that I was inclined to go with option 1, because >>> it at least appeared to be simpler. However, I also said that I was >>> concerned about the "local" definition of a domain by a CA, >>> and the more I think about it, the more concerned I get. >>> >>> That approach might be viable for an organization such as MISSI, >>> where everyone presumably knows what community of interest >>> they fall into, but how would it apply to a public CA such as >>> VeriSign? >>> >>> Would they view all of their certificates as falling into one domain, >>> including any certificates issued by subordinate CAs, as in the case >>> of the old RSA Commercial hierarchy? >>> >>> What about GTE CyberTrust, considering their presumed affinity >>> with their ISP business. Would all of those certificates fall into >>> one domain? >>> >>> Now suppose I want to validate a certificate from Erols. Do I decide >>> that >>> because Erols is in the top half of the alphabet that they probably >>> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >>> East Coast/West Coast split, like radio and TV stations use W or K in >>> their call sign? >>> >>> What if Novell and Microsoft were to become CAs and issue certificates >>> >>> to their customers directly, at least their larger accounts. Would >>> the relying >>> party have to try to divine whether a subscriber was running NetWare >>> or >>> NT in order to decide what domain they would be likely to be in? >>> >>> Santosh, have I misrepresented the issue here? Feel free to correct >>> me, if so. >>> Maybe I just don't understand. >>> >>> Now, if the definition of "domain" were amended somewhat, perhaps some >>> of these difficulties might go away. >>> >>> In particular, it seems to me that "domain" probably ought to have a >>> lot to do >>> with name subordination, or at least the possibility of doing name >>> subordination, >>> so that it would be deterministic. That might not solve all of the >>> concerns that those >>> who are inclined to vote for option 2 might have in mind, but it might >>> help. >>> >>> So if I am a Novell employee, and I receive an S/MIME message that >>> contains >>> a certificate that begins with c=US, o=Novell, I can probably make an >>> excellent >>> good guess of what CA to go to, assuming that Novell operates a CA in >>> its >>> own name. But where do I go for a certificate from Acme >>> Manufacturing? >>> >>> I don't mean to beat up on the option 1 folks exclusively -- maybe >>> there are >>> some things that could be done within the options 2 that would come >>> closer to a >>> compromise without breaking those existing clients. But I need to >>> think about that >>> some more. maybe someone else could volunteer some suggestions. >>> >>> Bob >>> >>> Robert R. Jueneman >>> Novell, Inc. >>> 122 E. 1700 South >>> Provo, UT 84606 >>> bjueneman@novell.com >>> 1-801-861-7387 > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA02269 for ietf-pkix-bks; Thu, 3 Sep 1998 08:04:30 -0700 (PDT) Received: from war.wyeth.com (ramail1.labs.wyeth.com [155.94.101.101] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA02265 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 08:04:22 -0700 (PDT) Received: from USRA08-Message_Server by war.wyeth.com with Novell_GroupWise; Thu, 03 Sep 1998 11:08:48 -0400 Message-Id: <s5ee78c0.058@war.wyeth.com> X-Mailer: Novell GroupWise 4.1 Date: Thu, 03 Sep 1998 11:08:28 -0400 From: Peter Lindstrom <LindstP@war.wyeth.com> To: ietf-pkix@imc.org Subject: For Option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA01888 for ietf-pkix-bks; Thu, 3 Sep 1998 07:29:48 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA01883 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 07:29:46 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id KAA21240; Thu, 3 Sep 1998 10:33:54 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EEA8D6.A06464BB@chromatix.com> Date: Thu, 03 Sep 1998 10:33:58 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: John_Wray@iris.com CC: Santosh Chokhani <chokhani@cygnacom.com>, ietf-pkix@imc.org Subject: Re: What the straw poll means References: <85256674.00465F65.00@arista.iris.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk See comment below. John_Wray@iris.com wrote: > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory (option > 2 stores intra-domain certificates twice) or retrieval efficiency for > the verifier (option 1 require a verifier that wants all a target CA's > certificates to retrieve them from two places). > typical usage scenarios by verifiers - i.e. the percentage of clients > that are going to want to locate just inter-domain certs, compared to > clients that either don't care about the difference or are only > interested in intra-domain certs. Retrieval of _just_ inter-domain > certs is easier under option 1, retrieval of _all_ certs is easier under > option 2, and retrieval of _just_ intra-domain certs is the same under > both options. > > Consider a fairly randomly structured PKI, where the verifier has a set of > trusted roots loaded into it (assume they've been loaded under user > control, with no particular order to them), and is trying to verify the key > of some server that it hasn't spoken to before. It has no idea of which > "domain" the target's CA thinks it belongs to; it just wants to pull all > the certs that have that CA as a subject, and see if it can construct a > valid chain starting at one of its trusted roots. > > Having the target CA divide its certificates between two places within the > directory is no help to this verifier. All it does it force the verifier > to make two retrieval operations instead of the one that would be required > by option 2. The verifier isn't really interested in whether a particular > certificate comes from another CA from the same "domain" as the target's CA > - if it cares about "domains" at all, what it would be interested in is if > any certs come from the same domain as the verifier (or one of its trusted > roots), not the target (and of course that's verifier-specific). John, the verifier does NOT have to invoke two retrieval operations. The verifier simply reads the CA entry requesting both the cACertificate attribute and the crossCertificatePair attribute in the same search/read operation. All certificates are returned. The verifier can then decide whether to explore inter-domain, intra-domain, both , none, whatever. The verifier can lump them all together in the client application if they like! The main advantage to option 1 is we don't store the certificates twice which is a fundamental goal in all database applications. IMHO it applies to repositories and public key infrastructures also. In summary option 1 never ever hurts the client. It only helps to organize the two types of certs based on the CAs definition of domain. The general algorithm we envision is for clients to first explore the cACertificate attribute, then explore the crossCertificatePair attribute. That way nothing will get missed. It's not an all or nothing choice. It's an attempt to store the certificates once and to group them to make logical decisions when exploring possibly complex paths. > > For the special (and probably quite common) case where the verifier and > target happen to be in the same domain, the distinction probably is useful. > Option 2 supports this case just as well as does option 1, by allowing the > CA to place intra-domain certs in a separate place so that clients in that > domain can retrieve them first (or possibly even _instead_of_ going to the > all-certs list). But it duplicates the data, for which there is no technically sound reason. Dave Horvath > > John -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA01852 for ietf-pkix-bks; Thu, 3 Sep 1998 07:26:05 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id HAA01848 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 07:26:04 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id KAA03719; Thu, 3 Sep 1998 10:30:39 -0400 Message-Id: <3.0.5.32.19980903103419.03b3bcd0@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 03 Sep 1998 10:34:19 -0400 To: "Bob Jueneman" <BJUENEMAN@novell.com> From: Bill Burr <william.burr@nist.gov> Subject: Re: What the straw poll means Cc: ietf-pkix@imc.org In-Reply-To: <s5ed8f62.071@prv-mail25.provo.novelll.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Bob, At 06:33 PM 9/2/98 -0600, you wrote: >This is almost as exciting as watching a horse race! > >But what are we to make of the situation if the vote is as >close as it appears to be at present -- does that truly indicate >a "rough consensus"? > >As of earlier this morning, Chromatix was ahead, with >8 votes cast; Entrust was tied with Microsoft with 4 votes >cast; and MISSI some others are clustered around third place. > >So far, with the exception of a split between MISSI and NIST >as two US Government factions, the voting seems to be >strictly by company. I hope you don't think that the government is particularly monolithic about such things. Tim Polk at times has lived in dread of the possibility that I might vote for something on one of the PKIX 1 straw polls, that would have caused him a lot of grief as editor. That's entirely within NIST. > >Now, the polite fiction within the IETF is that memberships are by >individual, and that there are no "votes" per se, and certainly not >on a company by company basis. That's the fiction, at least.. >Whether this convention shall long endure now that the IETF has >apparently lost some or all of its government funding and has >to become more self-sufficient will be interesting to see. > >But unless one side or the other starts to make some significant >in-roads by the dint of more persuasive technical argument, then I think >it's effectively a draw, and we may be counting companies and their >installed base at least as much, and perhaps more, than >balancing the technical alternatives. As a Government guy, who has been doing computer standards work for a couple of decades, I have a rough philosophy about this, which gives a lot of deference to the investments of early implementors. In most cases, for new technologies at least, we the government, haven't made much up front development investment in implementing technology alternatives. Of course MISSI and DMS are the exception to this rule here, but, on the civil side of the government, we don't have big money to put into development. We don't usually have a big investment already on the table. So it's easy to advocate an "ignore the developer's investment" viewpoint. But we don't ever have a competitive reason to want to shaft a competitor who'se ahead of us in the marketplace, either. I think that it's destructive of standards development in general to unnecessarily shaft early implementors. I want to encourage companies to take the plunge and go ahead and build something, not wait for a standard to get finished first. There are a lot of risks in this for the implementors, and I don't want to add to them. So I tend to give a lot of deference to the investments of early implementors, because I think that it makes the process of creating standards work better. Now there are some minor Government installed base issues. Many, perhaps most, of the PKI applications and pilots in the civil part of the government that use what I would call a "full function" PKI, are based on one commercial product at this point. But we're not talking a lot of big operational systems here. What is important to me is that the vendor of that product has been effective in pioneering commercial PKI products that actually build nontrivial certification paths and do nice things like revocation. I frankly like Option 1 better, in the abstract, but I think that the technical effect of either choice is not profound as far as I can see, and I'm quite uncomfortable voting for something that apparently shafts the pioneer commercial implementor a bit. Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA01521 for ietf-pkix-bks; Thu, 3 Sep 1998 06:54:16 -0700 (PDT) Received: from COLUMBIA.BBN.COM (COLUMBIA.BBN.COM [192.1.17.53]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA01517 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 06:54:15 -0700 (PDT) Received: from GRIMM.BBN.COM by COLUMBIA.BBN.COM id aa11646; 3 Sep 98 9:55 EDT Message-ID: <35EEA01F.CA4D1487@bbn.com> Date: Thu, 03 Sep 1998 09:56:48 -0400 From: Susan Joseph <sjoseph@bbn.com> Reply-To: sjoseph@bbn.com Organization: BBN X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- Susan Joseph GTE Internetworking 9810 Patuxent Woods Drive Columbia, MD 21046 Tel: (410) 309-8324 Fax: (410) 309-8315 E-Mail: sjoseph@bbn.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA01462 for ietf-pkix-bks; Thu, 3 Sep 1998 06:48:47 -0700 (PDT) Received: from callisto.eci-esyst.com ([205.129.215.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA01458 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 06:48:45 -0700 (PDT) Date: 3 Sep 1998 08:52:29 -0400 Subject: For Option 1 To: "PKIX Mail List" <ietf-pkix@imc.org> X-Mailer: Mail*Link SMTP-QM 4.1.0 Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1"; Name="Message Body" From: "Chris Francis" <csfa@eci-esyst.com> Message-Id: <n1307305744.17943@qmgate.eci-esyst.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA01459 Sender: owner-ietf-pkix@imc.org Precedence: bulk Inter-Office Memo For Option 1 Chris Francis Raytheon Systems Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA00872 for ietf-pkix-bks; Thu, 3 Sep 1998 05:49:16 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA00868 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 05:49:15 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id IAA20701; Thu, 3 Sep 1998 08:53:15 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EE913F.4F724E31@chromatix.com> Date: Thu, 03 Sep 1998 08:53:19 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Nada Kapidzic Cicovic <nada@cost.se> CC: Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Subject: Re: What the straw poll means References: <3.0.3.32.19980903110239.018aa560@mail.cost.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Nada Kapidzic Cicovic wrote: > > At 20:48 9/2/98 -0400, Santosh Chokhani wrote: > >Yes Bob. I hate to say this, but you have misinterpreted. > > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > > >Option 1 achieves everything option 2 and with efficiency. > > > >I do not understand how option 2 solves your problems either. We need > >to have a discussion on computational complexity of path development to > >allay your concerns. > > > >The way I look at the difference between the two options is that if > >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one > >bucket and n2 in another. Option 2 says put n in one bucket and n1 in > >another. When you retrieve the two buckets (which you must for path > >development efficiency), option 2 gives you n+n1 certificates and option > >1 gives you exactly all n. > > With option 2 you do not have to look at n1 certificates (cACertificate > attribute) at all. The n ones (from crossCertificatePair) are sufficient > for your path building. We are back the problem we raised earlier. Clients that attempt to efficiently develop a path from the end entity to the trusted root must explore 'n' paths (worst case scenario) prior to finding the correct one with option 2. Option 1 helps in this area, but this gets back to the definition of domain since paths in our domain will probably be the most efficient. Is it really a problem if all CAs do NOT standardize on a definition for domain? I don't think so. An algorithm for efficient path development (end entity to root) should always explore paths using the cACertifcate first, then fall back to the crossCertificatePair attribute. That way the last resort is to explore cross certifications. With option 1 this is accomplished without duplication of data. Using this algorithm a CA may interpret the domain as it wishes, with only performance impacts to path development on the client side. Building a path from the root to the end entity is not a problem either. If the CA chooses, it may store all certificates that it issues in the reverse component of the crossCertificatePair attribute. That way a client can explore all possibilities. Option 1 satisfies requirements for building path in either direction without duplicating data and adds increased efficiency at the CAs discretion. Dave Horvath > > Nada > > > > >> -----Original Message----- > >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >> Sent: Wednesday, September 02, 1998 8:33 PM > >> To: ietf-pkix@imc.org > >> Cc: chokhani@cygnacom.com > >> Subject: What the straw poll means > >> > >> This is almost as exciting as watching a horse race! > >> > >> But what are we to make of the situation if the vote is as > >> close as it appears to be at present -- does that truly indicate > >> a "rough consensus"? > >> > >> As of earlier this morning, Chromatix was ahead, with > >> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >> cast; and MISSI some others are clustered around third place. > >> > >> So far, with the exception of a split between MISSI and NIST > >> as two US Government factions, the voting seems to be > >> strictly by company. > >> > >> Now, the polite fiction within the IETF is that memberships are by > >> individual, and that there are no "votes" per se, and certainly not > >> on a company by company basis. That's the fiction, at least.. > >> Whether this convention shall long endure now that the IETF has > >> apparently lost some or all of its government funding and has > >> to become more self-sufficient will be interesting to see. > >> > >> But unless one side or the other starts to make some significant > >> in-roads by the dint of more persuasive technical argument, then I > >> think > >> it's effectively a draw, and we may be counting companies and their > >> installed base at least as much, and perhaps more, than > >> balancing the technical alternatives. > >> > >> Now, if we are truly at a technical impasse and the vote has to be > >> binary, i.e., only one way or the other, then maybe counting installed > >> clients and minimizing the pain is really the way to go, but frankly > >> that approach makes me uncomfortable. I want both interoperability > >> AND efficiency, and I would hate to see us don't want to be > >> pressured into a less than satisfactory decision, whatever that is, > >> just because we are in a rush to get over the next hurdle in the > >> standards progression. > >> > >> I originally said that I was inclined to go with option 1, because > >> it at least appeared to be simpler. However, I also said that I was > >> concerned about the "local" definition of a domain by a CA, > >> and the more I think about it, the more concerned I get. > >> > >> That approach might be viable for an organization such as MISSI, > >> where everyone presumably knows what community of interest > >> they fall into, but how would it apply to a public CA such as > >> VeriSign? > >> > >> Would they view all of their certificates as falling into one domain, > >> including any certificates issued by subordinate CAs, as in the case > >> of the old RSA Commercial hierarchy? > >> > >> What about GTE CyberTrust, considering their presumed affinity > >> with their ISP business. Would all of those certificates fall into > >> one domain? > >> > >> Now suppose I want to validate a certificate from Erols. Do I decide > >> that > >> because Erols is in the top half of the alphabet that they probably > >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an > >> East Coast/West Coast split, like radio and TV stations use W or K in > >> their call sign? > >> > >> What if Novell and Microsoft were to become CAs and issue certificates > >> > >> to their customers directly, at least their larger accounts. Would > >> the relying > >> party have to try to divine whether a subscriber was running NetWare > >> or > >> NT in order to decide what domain they would be likely to be in? > >> > >> Santosh, have I misrepresented the issue here? Feel free to correct > >> me, if so. > >> Maybe I just don't understand. > >> > >> Now, if the definition of "domain" were amended somewhat, perhaps some > >> of these difficulties might go away. > >> > >> In particular, it seems to me that "domain" probably ought to have a > >> lot to do > >> with name subordination, or at least the possibility of doing name > >> subordination, > >> so that it would be deterministic. That might not solve all of the > >> concerns that those > >> who are inclined to vote for option 2 might have in mind, but it might > >> help. > >> > >> So if I am a Novell employee, and I receive an S/MIME message that > >> contains > >> a certificate that begins with c=US, o=Novell, I can probably make an > >> excellent > >> good guess of what CA to go to, assuming that Novell operates a CA in > >> its > >> own name. But where do I go for a certificate from Acme > >> Manufacturing? > >> > >> I don't mean to beat up on the option 1 folks exclusively -- maybe > >> there are > >> some things that could be done within the options 2 that would come > >> closer to a > >> compromise without breaking those existing clients. But I need to > >> think about that > >> some more. maybe someone else could volunteer some suggestions. > >> > >> Bob > >> > >> Robert R. Jueneman > >> Novell, Inc. > >> 122 E. 1700 South > >> Provo, UT 84606 > >> bjueneman@novell.com > >> 1-801-861-7387 > > -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA00808 for ietf-pkix-bks; Thu, 3 Sep 1998 05:43:05 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA00804 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 05:43:04 -0700 (PDT) From: John_Wray@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090308471794:820 for <chokhani@cygnacom.com> , <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 08:47:17 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090308471794:820 for <chokhani@cygnacom.com> , <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 08:47:17 -0400 X-Lotus-FromDomain: IRIS To: Santosh Chokhani <chokhani@cygnacom.com> cc: ietf-pkix@imc.org Message-ID: <85256674.00465F65.00@arista.iris.com> Date: Thu, 3 Sep 1998 08:50:38 -0400 Subject: RE: What the straw poll means Mime-Version: 1.0 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Chokhani <chockani@cyqnacom.com> writes: >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. The difference between the two options is primarily storage efficiency vs. retrieval efficiency. Both options divide a CAs certs into two piles. Option 1 has pile A containing only intra-domain certs, and pile B containing only inter-domain certs; option 2 has pile A containing only intra-domain certs and pite B containing all certs. Which option is superior depends on two things: whether you care more about storage efficiency in the directory (option 2 stores intra-domain certificates twice) or retrieval efficiency for the verifier (option 1 require a verifier that wants all a target CA's certificates to retrieve them from two places). typical usage scenarios by verifiers - i.e. the percentage of clients that are going to want to locate just inter-domain certs, compared to clients that either don't care about the difference or are only interested in intra-domain certs. Retrieval of _just_ inter-domain certs is easier under option 1, retrieval of _all_ certs is easier under option 2, and retrieval of _just_ intra-domain certs is the same under both options. Consider a fairly randomly structured PKI, where the verifier has a set of trusted roots loaded into it (assume they've been loaded under user control, with no particular order to them), and is trying to verify the key of some server that it hasn't spoken to before. It has no idea of which "domain" the target's CA thinks it belongs to; it just wants to pull all the certs that have that CA as a subject, and see if it can construct a valid chain starting at one of its trusted roots. Having the target CA divide its certificates between two places within the directory is no help to this verifier. All it does it force the verifier to make two retrieval operations instead of the one that would be required by option 2. The verifier isn't really interested in whether a particular certificate comes from another CA from the same "domain" as the target's CA - if it cares about "domains" at all, what it would be interested in is if any certs come from the same domain as the verifier (or one of its trusted roots), not the target (and of course that's verifier-specific). For the special (and probably quite common) case where the verifier and target happen to be in the same domain, the distinction probably is useful. Option 2 supports this case just as well as does option 1, by allowing the CA to place intra-domain certs in a separate place so that clients in that domain can retrieve them first (or possibly even _instead_of_ going to the all-certs list). John Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA00646 for ietf-pkix-bks; Thu, 3 Sep 1998 05:23:58 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA00642 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 05:23:57 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id IAA20594; Thu, 3 Sep 1998 08:27:46 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EE8B46.9C50DEF1@chromatix.com> Date: Thu, 03 Sep 1998 08:27:50 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Sean Mullan <mullan@East.Sun.COM> CC: Sharon Boeyen <sharon.boeyen@entrust.com>, ietf-pkix@imc.org Subject: Re: Straw Poll cACertificate & crossCertificatePairattributes- PKIX LDAPv2 schema I-D References: <D789F71F24B4D111955D00A0C99B4F50AC96DF@sothmxs01.entrust.com> <35EDAB43.3CE45198@east.sun.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Sean Mullan wrote: > > I agree that the forward & reverse elements of the crossCertificatePair > are useful. It would be nice if the cACertificate attribute contained > forward and reverse elements too. > > One issue I have with the crossCertificatePair and the forward & > reverse elements is that I believe they are a single-valued pair (meaning > you can't have more than one forward/reverse element per pair). > What do you do if CA1 issues more than 1 cross certificate to CA2 > (or vice versa)? Sean, The attribute is multi-valued, therefore, you would construct multiple "single valued" pairs, and place them in the attribute. The clients could then determine the appropriate CA relationship (crossCertificatePair) for the particular application. Dave H > > --Sean > > Sharon Boeyen wrote: > > > > Hi Bob, > > > > I don't think we'll every get to a point where people stop populating the > > crossCertificatePair attribute, regardless of the result of the straw poll. > > The forward/reverse elements in the syntax of this attribute are very useful > > since not all path discovery algorithms are identical. Path discovery can be > > done many ways including beginning from the subject and moving toward a > > trust anchor, beginning from a trust anchor and moving toward a subject, > > beginning at both ends etc etc. Being able to retrieve both forward and > > reverse certificates from a single entry rather than checking the directory > > entries of two CAs is a useful feature for some algorithms. > > ------------------ > > Sharon Boeyen > > Entrust Technologies > > > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > > http://www.entrust.com Fax: (613) 247-3690 > > > > > > > ---------- > > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > > Sent: September 1, 1998 7:20 PM > > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > > Subject: Re: Straw Poll cACertificate & > > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > > > I'm still on the fence, and trying to decide between the two options. > > > > > > But why is a binary decision necessary? > > > > > > If I understand Tim's points, option 2 is a superset of option 1, > > > and a significant number of clients only support option 2. > > > > > > Option 1, however, is at least arguably superior from a network and > > > directory performance standpoint, although I am still very confused > > > about exactly who defines a "domain" and how the relying party is > > > supposed to intuit what "local choice" some CA made. > > > > > > Would a viable compromise position be to support option 2 as the initial > > > direction, and to transition to option 1 at some later point in time, say > > > 36 months from now, assuming further work clearly establishes that > > > option 1 is completely workable? > > > > > > My directory guys assure me that the directory is effectively neutral in > > > this, > > > except for the possible performance issues. So all that has to happen > > > is for CAs to stop populating the crossCertificate pair. Is that correct? > > > > > > On the other hand, does this give rise to a worst of both worlds case > > > from the perspective of the client software complexity? > > > > > > Bob > > > -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA00488 for ietf-pkix-bks; Thu, 3 Sep 1998 04:53:43 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA00484 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 04:53:42 -0700 (PDT) Received: from chromatix.com (palm.chromatix.com [207.97.115.21]) by chromatix.com (8.8.8/8.8.8) with ESMTP id HAA20517 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 07:57:51 -0400 (EDT) (envelope-from rich.pimental@chromatix.com) Message-ID: <35EE84D1.517E1819@chromatix.com> Date: Thu, 03 Sep 1998 08:00:17 -0400 From: Richard Pimental <rich.pimental@chromatix.com> Organization: Chromatix, Inc. X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: multipart/mixed; boundary="------------BBC97F524D955BDFBA611C8B" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------BBC97F524D955BDFBA611C8B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------BBC97F524D955BDFBA611C8B Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Richard Pimental Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Richard Pimental n: Pimental;Richard org: Chromatix, Inc. adr: Chromatix, Inc.;;10451 Twin Rivers Road, Suite 265;Columbia;MD;21044;US email;internet: rich.pimental@chromatix.com title: Software Engineer tel;work: (301) 596-8466 x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------BBC97F524D955BDFBA611C8B-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA00358 for ietf-pkix-bks; Thu, 3 Sep 1998 04:34:51 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA00354 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 04:34:49 -0700 (PDT) Received: by gateway.r3.ch id <6803>; Thu, 3 Sep 1998 13:40:59 +0100 Message-Id: <98Sep3.134059gmt+0100.6803@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 12:35:00 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk The "two buckets" is exactly what I was trying to avoid in the earlier debate on this topic, however I believe that the single bucket option was rejected in the Chicago meeting. The single bucket option is the text which is currently in the Internet Draft. With that text, all self signed (or self issued certificates) were to be placed in the cACertificate attribute and all certificates issued by one CA to a different CA were put in the crossCertificatePair attribute. Depending on the particular path development algorithm being used by a relying party, directory search tools, especially when we evolve to LDAPv3 could be used to filter the content of the forward and or reverse elements of that SINGLE attribute and provide the relying party with the set of certificates of interest to that particular relying party. I still believe that this is the best solution because the relying party systems are the ones that know which certs are of interest to them, not the CA that happened to issue the certs, especially in the post PEM world where any CA could legitimately have certs issued for it by several CAs. My strong support for Option 2 in the straw poll is because the above was rejected by the meeting and I see Option 2 as a workable compromise ONLY because there is a complete set of certs in a single attribute and relying parties can do what is of interest to them without knowing the definition of domain which each individual CA happens to use. For self contained environments wanting to make use of a CA or set of CAs certs issued within some locally defined domain, this is still possible. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 2, 1998 8:48 PM > To: 'Bob Jueneman'; ietf-pkix@imc.org > Cc: Santosh Chokhani > Subject: RE: What the straw poll means > > Yes Bob. I hate to say this, but you have misinterpreted. > > The basic difference between the two approaches is the under option 1 > you store a certificate only one time under a CA's entry. Which > certifying CA is in its domain is upto a subject CA to decide. > > In all honesty, I do not see a benefit to option 2 except for the > argument that some installed base already does it this way. > > Option 1 achieves everything option 2 and with efficiency. > > I do not understand how option 2 solves your problems either. We need > to have a discussion on computational complexity of path development > to > allay your concerns. > > The way I look at the difference between the two options is that if > n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > one > bucket and n2 in another. Option 2 says put n in one bucket and n1 in > another. When you retrieve the two buckets (which you must for path > development efficiency), option 2 gives you n+n1 certificates and > option > 1 gives you exactly all n. > > > -----Original Message----- > > From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > > Sent: Wednesday, September 02, 1998 8:33 PM > > To: ietf-pkix@imc.org > > Cc: chokhani@cygnacom.com > > Subject: What the straw poll means > > > > This is almost as exciting as watching a horse race! > > > > But what are we to make of the situation if the vote is as > > close as it appears to be at present -- does that truly indicate > > a "rough consensus"? > > > > As of earlier this morning, Chromatix was ahead, with > > 8 votes cast; Entrust was tied with Microsoft with 4 votes > > cast; and MISSI some others are clustered around third place. > > > > So far, with the exception of a split between MISSI and NIST > > as two US Government factions, the voting seems to be > > strictly by company. > > > > Now, the polite fiction within the IETF is that memberships are by > > individual, and that there are no "votes" per se, and certainly not > > on a company by company basis. That's the fiction, at least.. > > Whether this convention shall long endure now that the IETF has > > apparently lost some or all of its government funding and has > > to become more self-sufficient will be interesting to see. > > > > But unless one side or the other starts to make some significant > > in-roads by the dint of more persuasive technical argument, then I > > think > > it's effectively a draw, and we may be counting companies and their > > installed base at least as much, and perhaps more, than > > balancing the technical alternatives. > > > > Now, if we are truly at a technical impasse and the vote has to be > > binary, i.e., only one way or the other, then maybe counting > installed > > clients and minimizing the pain is really the way to go, but frankly > > > that approach makes me uncomfortable. I want both interoperability > > AND efficiency, and I would hate to see us don't want to be > > pressured into a less than satisfactory decision, whatever that is, > > just because we are in a rush to get over the next hurdle in the > > standards progression. > > > > I originally said that I was inclined to go with option 1, because > > it at least appeared to be simpler. However, I also said that I was > > > concerned about the "local" definition of a domain by a CA, > > and the more I think about it, the more concerned I get. > > > > That approach might be viable for an organization such as MISSI, > > where everyone presumably knows what community of interest > > they fall into, but how would it apply to a public CA such as > > VeriSign? > > > > Would they view all of their certificates as falling into one > domain, > > including any certificates issued by subordinate CAs, as in the case > > of the old RSA Commercial hierarchy? > > > > What about GTE CyberTrust, considering their presumed affinity > > with their ISP business. Would all of those certificates fall into > > one domain? > > > > Now suppose I want to validate a certificate from Erols. Do I > decide > > that > > because Erols is in the top half of the alphabet that they probably > > use GTE, whereas Xerox would probably use VeriSign? Or do we do an > > East Coast/West Coast split, like radio and TV stations use W or K > in > > their call sign? > > > > What if Novell and Microsoft were to become CAs and issue > certificates > > > > to their customers directly, at least their larger accounts. Would > > the relying > > party have to try to divine whether a subscriber was running NetWare > > or > > NT in order to decide what domain they would be likely to be in? > > > > Santosh, have I misrepresented the issue here? Feel free to correct > > me, if so. > > Maybe I just don't understand. > > > > Now, if the definition of "domain" were amended somewhat, perhaps > some > > of these difficulties might go away. > > > > In particular, it seems to me that "domain" probably ought to have a > > lot to do > > with name subordination, or at least the possibility of doing name > > subordination, > > so that it would be deterministic. That might not solve all of the > > concerns that those > > who are inclined to vote for option 2 might have in mind, but it > might > > help. > > > > So if I am a Novell employee, and I receive an S/MIME message that > > contains > > a certificate that begins with c=US, o=Novell, I can probably make > an > > excellent > > good guess of what CA to go to, assuming that Novell operates a CA > in > > its > > own name. But where do I go for a certificate from Acme > > Manufacturing? > > > > I don't mean to beat up on the option 1 folks exclusively -- maybe > > there are > > some things that could be done within the options 2 that would come > > closer to a > > compromise without breaking those existing clients. But I need to > > think about that > > some more. maybe someone else could volunteer some suggestions. > > > > Bob > > > > Robert R. Jueneman > > Novell, Inc. > > 122 E. 1700 South > > Provo, UT 84606 > > bjueneman@novell.com > > 1-801-861-7387 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA00104 for ietf-pkix-bks; Thu, 3 Sep 1998 04:04:33 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA00100 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 04:04:30 -0700 (PDT) Received: by gateway.r3.ch id <6803>; Thu, 3 Sep 1998 13:10:35 +0100 Message-Id: <98Sep3.131035gmt+0100.6803@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: Sharon Boeyen <sharon.boeyen@entrust.com>, "'Sean Mullan'" <mullan@East.Sun.COM> Cc: ietf-pkix@imc.org Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Thu, 3 Sep 1998 11:57:20 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Sean, re your question on crossCertificatePair - This is a multi-valued attribute and there can be any number of instances of CrossCertificatePair. So if CA1 issued more than one certificate to CA2, these can all be present in the same attribute, just in a different instance of CertificatePair. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Sean Mullan[SMTP:mullan@East.Sun.COM] > Sent: September 2, 1998 4:32 PM > To: Sharon Boeyen > Cc: ietf-pkix@imc.org > Subject: Re: Straw Poll cACertificate & > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > I agree that the forward & reverse elements of the > crossCertificatePair > are useful. It would be nice if the cACertificate attribute contained > forward and reverse elements too. > > One issue I have with the crossCertificatePair and the forward & > reverse elements is that I believe they are a single-valued pair > (meaning > you can't have more than one forward/reverse element per pair). > What do you do if CA1 issues more than 1 cross certificate to CA2 > (or vice versa)? > > --Sean > > Sharon Boeyen wrote: > > > > Hi Bob, > > > > I don't think we'll every get to a point where people stop > populating the > > crossCertificatePair attribute, regardless of the result of the > straw poll. > > The forward/reverse elements in the syntax of this attribute are > very useful > > since not all path discovery algorithms are identical. Path > discovery can be > > done many ways including beginning from the subject and moving > toward a > > trust anchor, beginning from a trust anchor and moving toward a > subject, > > beginning at both ends etc etc. Being able to retrieve both > forward and > > reverse certificates from a single entry rather than checking the > directory > > entries of two CAs is a useful feature for some algorithms. > > ------------------ > > Sharon Boeyen > > Entrust Technologies > > > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > > http://www.entrust.com Fax: (613) 247-3690 > > > > > > > ---------- > > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > > Sent: September 1, 1998 7:20 PM > > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > > Subject: Re: Straw Poll cACertificate & > > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > > > I'm still on the fence, and trying to decide between the two > options. > > > > > > But why is a binary decision necessary? > > > > > > If I understand Tim's points, option 2 is a superset of option 1, > > > and a significant number of clients only support option 2. > > > > > > Option 1, however, is at least arguably superior from a network > and > > > directory performance standpoint, although I am still very > confused > > > about exactly who defines a "domain" and how the relying party is > > > supposed to intuit what "local choice" some CA made. > > > > > > Would a viable compromise position be to support option 2 as the > initial > > > direction, and to transition to option 1 at some later point in > time, say > > > 36 months from now, assuming further work clearly establishes that > > > option 1 is completely workable? > > > > > > My directory guys assure me that the directory is effectively > neutral in > > > this, > > > except for the possible performance issues. So all that has to > happen > > > is for CAs to stop populating the crossCertificate pair. Is that > correct? > > > > > > On the other hand, does this give rise to a worst of both worlds > case > > > from the perspective of the client software complexity? > > > > > > Bob > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA27382 for ietf-pkix-bks; Thu, 3 Sep 1998 02:02:08 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA27378 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 02:02:06 -0700 (PDT) Received: from jimmie ([10.0.0.22]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id LAA10604; Thu, 3 Sep 1998 11:02:05 +0200 (MET DST) Message-Id: <3.0.3.32.19980903110239.018aa560@mail.cost.se> X-Sender: nada@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 03 Sep 1998 11:02:39 +0200 To: Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org From: Nada Kapidzic Cicovic <nada@cost.se> Subject: RE: What the straw poll means Cc: Santosh Chokhani <chokhani@cygnacom.com> In-Reply-To: <51BF55C30B4FD1118B4900207812701E16D21E@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 20:48 9/2/98 -0400, Santosh Chokhani wrote: >Yes Bob. I hate to say this, but you have misinterpreted. > >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. > >Option 1 achieves everything option 2 and with efficiency. > >I do not understand how option 2 solves your problems either. We need >to have a discussion on computational complexity of path development to >allay your concerns. > >The way I look at the difference between the two options is that if >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >bucket and n2 in another. Option 2 says put n in one bucket and n1 in >another. When you retrieve the two buckets (which you must for path >development efficiency), option 2 gives you n+n1 certificates and option >1 gives you exactly all n. With option 2 you do not have to look at n1 certificates (cACertificate attribute) at all. The n ones (from crossCertificatePair) are sufficient for your path building. Nada > >> -----Original Message----- >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >> Sent: Wednesday, September 02, 1998 8:33 PM >> To: ietf-pkix@imc.org >> Cc: chokhani@cygnacom.com >> Subject: What the straw poll means >> >> This is almost as exciting as watching a horse race! >> >> But what are we to make of the situation if the vote is as >> close as it appears to be at present -- does that truly indicate >> a "rough consensus"? >> >> As of earlier this morning, Chromatix was ahead, with >> 8 votes cast; Entrust was tied with Microsoft with 4 votes >> cast; and MISSI some others are clustered around third place. >> >> So far, with the exception of a split between MISSI and NIST >> as two US Government factions, the voting seems to be >> strictly by company. >> >> Now, the polite fiction within the IETF is that memberships are by >> individual, and that there are no "votes" per se, and certainly not >> on a company by company basis. That's the fiction, at least.. >> Whether this convention shall long endure now that the IETF has >> apparently lost some or all of its government funding and has >> to become more self-sufficient will be interesting to see. >> >> But unless one side or the other starts to make some significant >> in-roads by the dint of more persuasive technical argument, then I >> think >> it's effectively a draw, and we may be counting companies and their >> installed base at least as much, and perhaps more, than >> balancing the technical alternatives. >> >> Now, if we are truly at a technical impasse and the vote has to be >> binary, i.e., only one way or the other, then maybe counting installed >> clients and minimizing the pain is really the way to go, but frankly >> that approach makes me uncomfortable. I want both interoperability >> AND efficiency, and I would hate to see us don't want to be >> pressured into a less than satisfactory decision, whatever that is, >> just because we are in a rush to get over the next hurdle in the >> standards progression. >> >> I originally said that I was inclined to go with option 1, because >> it at least appeared to be simpler. However, I also said that I was >> concerned about the "local" definition of a domain by a CA, >> and the more I think about it, the more concerned I get. >> >> That approach might be viable for an organization such as MISSI, >> where everyone presumably knows what community of interest >> they fall into, but how would it apply to a public CA such as >> VeriSign? >> >> Would they view all of their certificates as falling into one domain, >> including any certificates issued by subordinate CAs, as in the case >> of the old RSA Commercial hierarchy? >> >> What about GTE CyberTrust, considering their presumed affinity >> with their ISP business. Would all of those certificates fall into >> one domain? >> >> Now suppose I want to validate a certificate from Erols. Do I decide >> that >> because Erols is in the top half of the alphabet that they probably >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >> East Coast/West Coast split, like radio and TV stations use W or K in >> their call sign? >> >> What if Novell and Microsoft were to become CAs and issue certificates >> >> to their customers directly, at least their larger accounts. Would >> the relying >> party have to try to divine whether a subscriber was running NetWare >> or >> NT in order to decide what domain they would be likely to be in? >> >> Santosh, have I misrepresented the issue here? Feel free to correct >> me, if so. >> Maybe I just don't understand. >> >> Now, if the definition of "domain" were amended somewhat, perhaps some >> of these difficulties might go away. >> >> In particular, it seems to me that "domain" probably ought to have a >> lot to do >> with name subordination, or at least the possibility of doing name >> subordination, >> so that it would be deterministic. That might not solve all of the >> concerns that those >> who are inclined to vote for option 2 might have in mind, but it might >> help. >> >> So if I am a Novell employee, and I receive an S/MIME message that >> contains >> a certificate that begins with c=US, o=Novell, I can probably make an >> excellent >> good guess of what CA to go to, assuming that Novell operates a CA in >> its >> own name. But where do I go for a certificate from Acme >> Manufacturing? >> >> I don't mean to beat up on the option 1 folks exclusively -- maybe >> there are >> some things that could be done within the options 2 that would come >> closer to a >> compromise without breaking those existing clients. But I need to >> think about that >> some more. maybe someone else could volunteer some suggestions. >> >> Bob >> >> Robert R. Jueneman >> Novell, Inc. >> 122 E. 1700 South >> Provo, UT 84606 >> bjueneman@novell.com >> 1-801-861-7387 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id SAA01178 for ietf-pkix-bks; Wed, 2 Sep 1998 18:05:36 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id SAA01174 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 18:05:34 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Wed, 02 Sep 1998 19:09:51 -0600 Message-Id: <s5ed97ff.098@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Wed, 02 Sep 1998 19:09:16 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <chokhani@cygnacom.com>, <ietf-pkix@imc.org> Subject: RE: What the straw poll means Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id SAA01175 Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh doesn't seem to have answered the questions I've raised regarding the definition of the domain, but he seems to believe that option 2 doesn't solve that problem either. If so, I am increasingly beginning to lean towards "NONE OF THE ABOVE". Rebuttal, Sharon/Carlisle? Bob >Yes Bob. I hate to say this, but you have misinterpreted. > >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. > >Option 1 achieves everything option 2 and with efficiency. > >I do not understand how option 2 solves your problems either. We need >to have a discussion on computational complexity of path development to >allay your concerns. > >The way I look at the difference between the two options is that if >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >bucket and n2 in another. Option 2 says put n in one bucket and n1 in >another. When you retrieve the two buckets (which you must for path >development efficiency), option 2 gives you n+n1 certificates and option >1 gives you exactly all n. > >> -----Original Message----- >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >> Sent: Wednesday, September 02, 1998 8:33 PM >> To: ietf-pkix@imc.org >> Cc: chokhani@cygnacom.com >> Subject: What the straw poll means >> >> This is almost as exciting as watching a horse race! >> >> But what are we to make of the situation if the vote is as >> close as it appears to be at present -- does that truly indicate >> a "rough consensus"? >> >> As of earlier this morning, Chromatix was ahead, with >> 8 votes cast; Entrust was tied with Microsoft with 4 votes >> cast; and MISSI some others are clustered around third place. >> >> So far, with the exception of a split between MISSI and NIST >> as two US Government factions, the voting seems to be >> strictly by company. >> >> Now, the polite fiction within the IETF is that memberships are by >> individual, and that there are no "votes" per se, and certainly not >> on a company by company basis. That's the fiction, at least.. >> Whether this convention shall long endure now that the IETF has >> apparently lost some or all of its government funding and has >> to become more self-sufficient will be interesting to see. >> >> But unless one side or the other starts to make some significant >> in-roads by the dint of more persuasive technical argument, then I >> think >> it's effectively a draw, and we may be counting companies and their >> installed base at least as much, and perhaps more, than >> balancing the technical alternatives. >> >> Now, if we are truly at a technical impasse and the vote has to be >> binary, i.e., only one way or the other, then maybe counting installed >> clients and minimizing the pain is really the way to go, but frankly >> that approach makes me uncomfortable. I want both interoperability >> AND efficiency, and I would hate to see us don't want to be >> pressured into a less than satisfactory decision, whatever that is, >> just because we are in a rush to get over the next hurdle in the >> standards progression. >> >> I originally said that I was inclined to go with option 1, because >> it at least appeared to be simpler. However, I also said that I was >> concerned about the "local" definition of a domain by a CA, >> and the more I think about it, the more concerned I get. >> >> That approach might be viable for an organization such as MISSI, >> where everyone presumably knows what community of interest >> they fall into, but how would it apply to a public CA such as >> VeriSign? >> >> Would they view all of their certificates as falling into one domain, >> including any certificates issued by subordinate CAs, as in the case >> of the old RSA Commercial hierarchy? >> >> What about GTE CyberTrust, considering their presumed affinity >> with their ISP business. Would all of those certificates fall into >> one domain? >> >> Now suppose I want to validate a certificate from Erols. Do I decide >> that >> because Erols is in the top half of the alphabet that they probably >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >> East Coast/West Coast split, like radio and TV stations use W or K in >> their call sign? >> >> What if Novell and Microsoft were to become CAs and issue certificates >> >> to their customers directly, at least their larger accounts. Would >> the relying >> party have to try to divine whether a subscriber was running NetWare >> or >> NT in order to decide what domain they would be likely to be in? >> >> Santosh, have I misrepresented the issue here? Feel free to correct >> me, if so. >> Maybe I just don't understand. >> >> Now, if the definition of "domain" were amended somewhat, perhaps some >> of these difficulties might go away. >> >> In particular, it seems to me that "domain" probably ought to have a >> lot to do >> with name subordination, or at least the possibility of doing name >> subordination, >> so that it would be deterministic. That might not solve all of the >> concerns that those >> who are inclined to vote for option 2 might have in mind, but it might >> help. >> >> So if I am a Novell employee, and I receive an S/MIME message that >> contains >> a certificate that begins with c=US, o=Novell, I can probably make an >> excellent >> good guess of what CA to go to, assuming that Novell operates a CA in >> its >> own name. But where do I go for a certificate from Acme >> Manufacturing? >> >> I don't mean to beat up on the option 1 folks exclusively -- maybe >> there are >> some things that could be done within the options 2 that would come >> closer to a >> compromise without breaking those existing clients. But I need to >> think about that >> some more. maybe someone else could volunteer some suggestions. >> >> Bob >> >> Robert R. Jueneman >> Novell, Inc. >> 122 E. 1700 South >> Provo, UT 84606 >> bjueneman@novell.com >> 1-801-861-7387 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA00961 for ietf-pkix-bks; Wed, 2 Sep 1998 17:43:57 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA00957 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:43:55 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1TZ3RTW>; Wed, 2 Sep 1998 20:48:07 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D21E@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Cc: Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Wed, 2 Sep 1998 20:48:05 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Yes Bob. I hate to say this, but you have misinterpreted. The basic difference between the two approaches is the under option 1 you store a certificate only one time under a CA's entry. Which certifying CA is in its domain is upto a subject CA to decide. In all honesty, I do not see a benefit to option 2 except for the argument that some installed base already does it this way. Option 1 achieves everything option 2 and with efficiency. I do not understand how option 2 solves your problems either. We need to have a discussion on computational complexity of path development to allay your concerns. The way I look at the difference between the two options is that if n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one bucket and n2 in another. Option 2 says put n in one bucket and n1 in another. When you retrieve the two buckets (which you must for path development efficiency), option 2 gives you n+n1 certificates and option 1 gives you exactly all n. > -----Original Message----- > From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > Sent: Wednesday, September 02, 1998 8:33 PM > To: ietf-pkix@imc.org > Cc: chokhani@cygnacom.com > Subject: What the straw poll means > > This is almost as exciting as watching a horse race! > > But what are we to make of the situation if the vote is as > close as it appears to be at present -- does that truly indicate > a "rough consensus"? > > As of earlier this morning, Chromatix was ahead, with > 8 votes cast; Entrust was tied with Microsoft with 4 votes > cast; and MISSI some others are clustered around third place. > > So far, with the exception of a split between MISSI and NIST > as two US Government factions, the voting seems to be > strictly by company. > > Now, the polite fiction within the IETF is that memberships are by > individual, and that there are no "votes" per se, and certainly not > on a company by company basis. That's the fiction, at least.. > Whether this convention shall long endure now that the IETF has > apparently lost some or all of its government funding and has > to become more self-sufficient will be interesting to see. > > But unless one side or the other starts to make some significant > in-roads by the dint of more persuasive technical argument, then I > think > it's effectively a draw, and we may be counting companies and their > installed base at least as much, and perhaps more, than > balancing the technical alternatives. > > Now, if we are truly at a technical impasse and the vote has to be > binary, i.e., only one way or the other, then maybe counting installed > clients and minimizing the pain is really the way to go, but frankly > that approach makes me uncomfortable. I want both interoperability > AND efficiency, and I would hate to see us don't want to be > pressured into a less than satisfactory decision, whatever that is, > just because we are in a rush to get over the next hurdle in the > standards progression. > > I originally said that I was inclined to go with option 1, because > it at least appeared to be simpler. However, I also said that I was > concerned about the "local" definition of a domain by a CA, > and the more I think about it, the more concerned I get. > > That approach might be viable for an organization such as MISSI, > where everyone presumably knows what community of interest > they fall into, but how would it apply to a public CA such as > VeriSign? > > Would they view all of their certificates as falling into one domain, > including any certificates issued by subordinate CAs, as in the case > of the old RSA Commercial hierarchy? > > What about GTE CyberTrust, considering their presumed affinity > with their ISP business. Would all of those certificates fall into > one domain? > > Now suppose I want to validate a certificate from Erols. Do I decide > that > because Erols is in the top half of the alphabet that they probably > use GTE, whereas Xerox would probably use VeriSign? Or do we do an > East Coast/West Coast split, like radio and TV stations use W or K in > their call sign? > > What if Novell and Microsoft were to become CAs and issue certificates > > to their customers directly, at least their larger accounts. Would > the relying > party have to try to divine whether a subscriber was running NetWare > or > NT in order to decide what domain they would be likely to be in? > > Santosh, have I misrepresented the issue here? Feel free to correct > me, if so. > Maybe I just don't understand. > > Now, if the definition of "domain" were amended somewhat, perhaps some > of these difficulties might go away. > > In particular, it seems to me that "domain" probably ought to have a > lot to do > with name subordination, or at least the possibility of doing name > subordination, > so that it would be deterministic. That might not solve all of the > concerns that those > who are inclined to vote for option 2 might have in mind, but it might > help. > > So if I am a Novell employee, and I receive an S/MIME message that > contains > a certificate that begins with c=US, o=Novell, I can probably make an > excellent > good guess of what CA to go to, assuming that Novell operates a CA in > its > own name. But where do I go for a certificate from Acme > Manufacturing? > > I don't mean to beat up on the option 1 folks exclusively -- maybe > there are > some things that could be done within the options 2 that would come > closer to a > compromise without breaking those existing clients. But I need to > think about that > some more. maybe someone else could volunteer some suggestions. > > Bob > > Robert R. Jueneman > Novell, Inc. > 122 E. 1700 South > Provo, UT 84606 > bjueneman@novell.com > 1-801-861-7387 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA00925 for ietf-pkix-bks; Wed, 2 Sep 1998 17:39:04 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id RAA00921 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:39:03 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Wed, 02 Sep 1998 18:43:13 -0600 Message-Id: <s5ed91c1.071@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Wed, 02 Sep 1998 18:42:40 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <stefan@accurata.se>, <aram@apple.com> Cc: <ietf-pkix@imc.org> Subject: Re: Digital signature and non-repudiation key usage bits Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id RAA00922 Sender: owner-ietf-pkix@imc.org Precedence: bulk ><snip> >>I'll grant that by suggesting that NR might apply to encryption, I am >stretching the >>popular concept a bit, and effectively redefining the key usage to mean >"exclusive >>control of the private key by the names user". But isn't that effectively >what we have >>been saying? >> > >I suggest that we stick to the standardized definitions of the key usage >bits and leave >policy issues out of a common certificate profile. If there were any sense of the community as to what these definitions really mean, or ought to mean, we would probably not be having this discussion. Otherwise I would agree with you. > >non-repudiation is according to standard selected by the NR bit, not NR in >combination with DS bit. Inclusion of the DS bit means that DS mechanisms >other than non-repudiation are allowed for the key. I believe that is exactly the issue. Are you suggesting that NR plus DS should not be allowed? Why? > >Restrictions regarding combinations of key usages are policy issues. >Whether a particular key usage combination is good or bad has to be decided >through the perspective of a community with common security requirements. > >Non-repudiation is defined to be (according to X.509): > non-repudiation - This service provides proof of the integrity and > origin of data - both in an unforgeable relationship - which can be > verified by any third party at any time. That particular definition is both circular and could also apply to any kind of digital signature, and so is conspicuously unhelpful, regardless of its origins. It's broken, and must be fixed, whether we provide an overlay within PKIX that further refines it, or we start the process to drive through a defect report. > >Key escrow is not defined by non-repudiation so I would not use the NR bit >as a "no-recovery" declaration. I guess I could agree with you, as I don't like to overload bits. So there is yet another reason to submit a defect report, to add a key escrow/key recovery/GAK notification bit. > >/Stefan Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA00862 for ietf-pkix-bks; Wed, 2 Sep 1998 17:29:02 -0700 (PDT) Received: from prv-mail25.provo.novelll.com (prv-mail25.Provo.Novell.COM [137.65.40.3]) by mail.proper.com (8.8.8/8.8.5) with SMTP id RAA00858 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:29:01 -0700 (PDT) Received: from INET-PRV1-Message_Server by prv-mail25.provo.novelll.com with Novell_GroupWise; Wed, 02 Sep 1998 18:33:06 -0600 Message-Id: <s5ed8f62.071@prv-mail25.provo.novelll.com> X-Mailer: Novell GroupWise 5.5 Date: Wed, 02 Sep 1998 18:33:01 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <ietf-pkix@imc.org> Cc: <chokhani@cygnacom.com> Subject: What the straw poll means Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id RAA00859 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is almost as exciting as watching a horse race! But what are we to make of the situation if the vote is as close as it appears to be at present -- does that truly indicate a "rough consensus"? As of earlier this morning, Chromatix was ahead, with 8 votes cast; Entrust was tied with Microsoft with 4 votes cast; and MISSI some others are clustered around third place. So far, with the exception of a split between MISSI and NIST as two US Government factions, the voting seems to be strictly by company. Now, the polite fiction within the IETF is that memberships are by individual, and that there are no "votes" per se, and certainly not on a company by company basis. That's the fiction, at least.. Whether this convention shall long endure now that the IETF has apparently lost some or all of its government funding and has to become more self-sufficient will be interesting to see. But unless one side or the other starts to make some significant in-roads by the dint of more persuasive technical argument, then I think it's effectively a draw, and we may be counting companies and their installed base at least as much, and perhaps more, than balancing the technical alternatives. Now, if we are truly at a technical impasse and the vote has to be binary, i.e., only one way or the other, then maybe counting installed clients and minimizing the pain is really the way to go, but frankly that approach makes me uncomfortable. I want both interoperability AND efficiency, and I would hate to see us don't want to be pressured into a less than satisfactory decision, whatever that is, just because we are in a rush to get over the next hurdle in the standards progression. I originally said that I was inclined to go with option 1, because it at least appeared to be simpler. However, I also said that I was concerned about the "local" definition of a domain by a CA, and the more I think about it, the more concerned I get. That approach might be viable for an organization such as MISSI, where everyone presumably knows what community of interest they fall into, but how would it apply to a public CA such as VeriSign? Would they view all of their certificates as falling into one domain, including any certificates issued by subordinate CAs, as in the case of the old RSA Commercial hierarchy? What about GTE CyberTrust, considering their presumed affinity with their ISP business. Would all of those certificates fall into one domain? Now suppose I want to validate a certificate from Erols. Do I decide that because Erols is in the top half of the alphabet that they probably use GTE, whereas Xerox would probably use VeriSign? Or do we do an East Coast/West Coast split, like radio and TV stations use W or K in their call sign? What if Novell and Microsoft were to become CAs and issue certificates to their customers directly, at least their larger accounts. Would the relying party have to try to divine whether a subscriber was running NetWare or NT in order to decide what domain they would be likely to be in? Santosh, have I misrepresented the issue here? Feel free to correct me, if so. Maybe I just don't understand. Now, if the definition of "domain" were amended somewhat, perhaps some of these difficulties might go away. In particular, it seems to me that "domain" probably ought to have a lot to do with name subordination, or at least the possibility of doing name subordination, so that it would be deterministic. That might not solve all of the concerns that those who are inclined to vote for option 2 might have in mind, but it might help. So if I am a Novell employee, and I receive an S/MIME message that contains a certificate that begins with c=US, o=Novell, I can probably make an excellent good guess of what CA to go to, assuming that Novell operates a CA in its own name. But where do I go for a certificate from Acme Manufacturing? I don't mean to beat up on the option 1 folks exclusively -- maybe there are some things that could be done within the options 2 that would come closer to a compromise without breaking those existing clients. But I need to think about that some more. maybe someone else could volunteer some suggestions. Bob Robert R. Jueneman Novell, Inc. 122 E. 1700 South Provo, UT 84606 bjueneman@novell.com 1-801-861-7387 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA00484 for ietf-pkix-bks; Wed, 2 Sep 1998 16:33:42 -0700 (PDT) Received: from dc.jones.com ([206.156.0.9]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA00480 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 16:33:40 -0700 (PDT) Received: from dc.jones.com (cm0714h.jones.com [208.159.209.173]) by dc.jones.com (8.8.8/8.8.8) with ESMTP id TAA11700 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 19:35:35 -0400 (EDT) Message-ID: <35EDD64B.3235FB07@dc.jones.com> Date: Wed, 02 Sep 1998 19:35:39 -0400 From: bgmiller <bgmiller@dc.jones.com> Reply-To: bgmiller@dc.jones.com Organization: Jones Internet Channel X-Mailer: Mozilla 4.05 [en]C-JIC-DC (Win95; I) MIME-Version: 1.0 To: ietf-pkix <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA29792 for ietf-pkix-bks; Wed, 2 Sep 1998 15:56:02 -0700 (PDT) Received: from smtp3.erols.com (smtp3.erols.com [207.172.3.236]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA29788 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:56:00 -0700 (PDT) Received: from cwallace (jazzhive.erols.com [207.96.124.71]) by smtp3.erols.com (8.8.8/8.8.5) with SMTP id TAA11116 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 19:00:06 -0400 (EDT) From: "Carl Wallace" <cwallace@erols.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 19:19:11 -0400 Message-ID: <01bdd6c8$17c917e0$477c60cf@cwallace.erols.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000A_01BDD6A6.90B777E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-Mimeole: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_000A_01BDD6A6.90B777E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_000A_01BDD6A6.90B777E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.71.1712.3"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_000A_01BDD6A6.90B777E0-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA29757 for ietf-pkix-bks; Wed, 2 Sep 1998 15:53:24 -0700 (PDT) Received: from mail-oak-1.pilot.net (mail-oak-1.pilot.net [198.232.147.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA29753 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:53:23 -0700 (PDT) Received: from sfns01.hewm.com ([206.189.8.8]) by mail-oak-1.pilot.net with ESMTP id PAA23446 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:58:07 -0700 (PDT) Received: by SFNS01 with Internet Mail Service (5.5.1960.3) id <RH9AD63X>; Wed, 2 Sep 1998 15:58:07 -0700 Message-ID: <422B07DB41D7D111B9AF00805F19B04C2BB524@SFNS01> From: "Maloney, Teresa A." <TMaloney@HEWM.COM> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 15:58:03 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA29732 for ietf-pkix-bks; Wed, 2 Sep 1998 15:47:08 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA29728 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:47:07 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <114634>; Wed, 2 Sep 1998 17:50:51 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Wed, 2 Sep 1998 17:51:42 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id RAA20639 for ietf-pkix@imc.org; Wed, 2 Sep 1998 17:52:36 -0500 (CDT) From: John Everson <John.Everson@mail.sprint.com> X-OpenMail-Hops: 1 Date: Wed, 2 Sep 1998 17:52:31 -0500 Message-Id: <H0001a0e0313ef37@MHS> Subject: For Option 2 TO: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA29140 for ietf-pkix-bks; Wed, 2 Sep 1998 14:18:33 -0700 (PDT) Received: from docws001.shl.com (docws001.shl.com [159.249.56.252]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA29136 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 14:18:32 -0700 (PDT) Received: from dalmsdoc01.shl.com (dalmsdoc01.shl.com [159.249.142.247]) by docws001.shl.com (8.7.3/8.7.3) with SMTP id QAA34790 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 16:07:53 -0500 Received: by dalmsdoc01.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDD68D.F7DA3ED0@dalmsdoc01.shl.com>; Wed, 2 Sep 1998 16:23:07 -0500 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980902212219Z-38771@dalmsdoc01.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 16:22:19 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA29086 for ietf-pkix-bks; Wed, 2 Sep 1998 14:13:32 -0700 (PDT) Received: from mail.spyrus.com.au (fwuser@[203.37.128.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA29081 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 14:13:26 -0700 (PDT) Message-ID: <A1019E9C2D34D211A501006008C204506FAC@MAIL> From: Charles Moore <cmoore@spyrus.com.au> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: for Option 1 Date: Thu, 3 Sep 1998 07:03:54 +1000 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA29024 for ietf-pkix-bks; Wed, 2 Sep 1998 14:09:13 -0700 (PDT) Received: from smtp4.ny.us.ibm.COM (smtp4.ny.us.ibm.com [198.133.22.43]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA29020 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 14:09:12 -0700 (PDT) Received: from relay3.server.ibm.com (relay3.server.ibm.com [9.14.2.100]) by smtp4.ny.us.ibm.COM (8.8.7/8.8.7) with ESMTP id RAA56410 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:03:09 -0400 Received: from US.IBM.COM (d04lms03.raleigh.ibm.com [9.37.164.195]) by relay3.server.ibm.com (8.8.7/8.8.7) with SMTP id RAA36166 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:12:53 -0400 Received: by US.IBM.COM (Soft-Switch LMS 2.0) with snapi via D04AU014 id 5040300019930751; Wed, 2 Sep 1998 17:09:46 -0400 From: MA Crane <cranem@us.ibm.com> To: <ietf-pkix@imc.org> Subject: For Option 2 Message-ID: <5040300019930751000002L012*@MHS> Date: Wed, 2 Sep 1998 17:09:46 -0400 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA28896 for ietf-pkix-bks; Wed, 2 Sep 1998 13:55:12 -0700 (PDT) Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA28892 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 13:55:11 -0700 (PDT) Received: by INET-IMC-01 with Internet Mail Service (5.5.2232.9) id <RWPXR37C>; Wed, 2 Sep 1998 13:59:24 -0700 Message-ID: <D70342829C12D2119D0700805FBECA2FC79AF0@RED-MSG-55> From: Rick Johnson <rickj@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 13:59:20 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA28703 for ietf-pkix-bks; Wed, 2 Sep 1998 13:28:05 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA28698 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 13:28:04 -0700 (PDT) Received: from East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id NAA03697; Wed, 2 Sep 1998 13:32:16 -0700 Received: from suneast.East.Sun.COM by East.Sun.COM (SMI-8.6/SMI-5.3) id QAA05825; Wed, 2 Sep 1998 16:32:04 -0400 Received: from bcn.East.Sun.COM by suneast.East.Sun.COM (SMI-8.6/SMI-SVR4) id QAA22112; Wed, 2 Sep 1998 16:32:04 -0400 Received: from east.sun.com by bcn.East.Sun.COM (SMI-8.6/SMI-SVR4) id QAA21764; Wed, 2 Sep 1998 16:32:02 -0400 Message-ID: <35EDAB43.3CE45198@east.sun.com> Date: Wed, 02 Sep 1998 16:32:03 -0400 From: Sean Mullan <mullan@East.Sun.COM> Organization: Sun Microsystems X-Mailer: Mozilla 4.5b1 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Sharon Boeyen <sharon.boeyen@entrust.com> CC: ietf-pkix@imc.org Subject: Re: Straw Poll cACertificate & crossCertificatePairattributes- PKIX LDAPv2 schema I-D References: <D789F71F24B4D111955D00A0C99B4F50AC96DF@sothmxs01.entrust.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree that the forward & reverse elements of the crossCertificatePair are useful. It would be nice if the cACertificate attribute contained forward and reverse elements too. One issue I have with the crossCertificatePair and the forward & reverse elements is that I believe they are a single-valued pair (meaning you can't have more than one forward/reverse element per pair). What do you do if CA1 issues more than 1 cross certificate to CA2 (or vice versa)? --Sean Sharon Boeyen wrote: > > Hi Bob, > > I don't think we'll every get to a point where people stop populating the > crossCertificatePair attribute, regardless of the result of the straw poll. > The forward/reverse elements in the syntax of this attribute are very useful > since not all path discovery algorithms are identical. Path discovery can be > done many ways including beginning from the subject and moving toward a > trust anchor, beginning from a trust anchor and moving toward a subject, > beginning at both ends etc etc. Being able to retrieve both forward and > reverse certificates from a single entry rather than checking the directory > entries of two CAs is a useful feature for some algorithms. > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > > > > ---------- > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > Sent: September 1, 1998 7:20 PM > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > Subject: Re: Straw Poll cACertificate & > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > I'm still on the fence, and trying to decide between the two options. > > > > But why is a binary decision necessary? > > > > If I understand Tim's points, option 2 is a superset of option 1, > > and a significant number of clients only support option 2. > > > > Option 1, however, is at least arguably superior from a network and > > directory performance standpoint, although I am still very confused > > about exactly who defines a "domain" and how the relying party is > > supposed to intuit what "local choice" some CA made. > > > > Would a viable compromise position be to support option 2 as the initial > > direction, and to transition to option 1 at some later point in time, say > > 36 months from now, assuming further work clearly establishes that > > option 1 is completely workable? > > > > My directory guys assure me that the directory is effectively neutral in > > this, > > except for the possible performance issues. So all that has to happen > > is for CAs to stop populating the crossCertificate pair. Is that correct? > > > > On the other hand, does this give rise to a worst of both worlds case > > from the perspective of the client software complexity? > > > > Bob > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27945 for ietf-pkix-bks; Wed, 2 Sep 1998 11:50:59 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27941 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:50:58 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1BY50L2>; Wed, 2 Sep 1998 14:55:09 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E0EC4A7@WUHER> From: Kenneth Eggers <eggers@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 14:55:08 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Kenneth W. Eggers <eggers@cygnacom.com> http://www.cygnacom.com CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA 22102 (703) 848-0883x228 fax: (703) 848-0960 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27858 for ietf-pkix-bks; Wed, 2 Sep 1998 11:40:48 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27854 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:40:46 -0700 (PDT) Received: by gateway.r3.ch id <6802>; Wed, 2 Sep 1998 20:46:47 +0100 Message-Id: <98Sep2.204647gmt+0100.6802@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, ietf-pkix@imc.org, wpolk@nist.gov, "'Bob Jueneman'" <BJUENEMAN@novell.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Wed, 2 Sep 1998 19:40:43 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 2, 1998 2:17 PM > To: 'Sharon Boeyen'; ietf-pkix@imc.org; wpolk@nist.gov; 'Bob > Jueneman' > Cc: 'Stefan Santesson' > Subject: RE: Straw Poll cACertificate & > crossCertificatePairattributes- PK IX LDAPv2 schema I-D > > Hi Sharon and Stefan: > > While option 1 does not mandate it, it does not prohibit a CA from > populating all the certificates it has issued to other CAs (inter as > well as intra domain) in the reverse attribute of the cross > certificate > pair. Agreed > The fundamental difference between the two options is that under > option > 1 certificates are not duplicated in a CA's entry. There are other fundamental differences as well such as requiring CAs to split the certs to populate 2 attributes in Option 1 and requiring clients to know the meaning of domain ahead of time in order to be able to take any advantage of the split storage, else to require retrieval from 2 attributes. > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Wednesday, September 02, 1998 8:46 AM > > To: ietf-pkix@imc.org; wpolk@nist.gov; 'Bob Jueneman' > > Subject: RE: Straw Poll cACertificate & > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > Hi Bob, > > > > I don't think we'll every get to a point where people stop > populating > > the > > crossCertificatePair attribute, regardless of the result of the > straw > > poll. > > The forward/reverse elements in the syntax of this attribute are > very > > useful > > since not all path discovery algorithms are identical. Path > discovery > > can be > > done many ways including beginning from the subject and moving > toward > > a > > trust anchor, beginning from a trust anchor and moving toward a > > subject, > > beginning at both ends etc etc. Being able to retrieve both > forward > > and > > reverse certificates from a single entry rather than checking the > > directory > > entries of two CAs is a useful feature for some algorithms. > > ------------------ > > Sharon Boeyen > > Entrust Technologies > > > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > > http://www.entrust.com Fax: (613) 247-3690 > > > > > > > > > ---------- > > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > > Sent: September 1, 1998 7:20 PM > > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > > Subject: Re: Straw Poll cACertificate & > > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > > > I'm still on the fence, and trying to decide between the two > > options. > > > > > > But why is a binary decision necessary? > > > > > > If I understand Tim's points, option 2 is a superset of option 1, > > > and a significant number of clients only support option 2. > > > > > > Option 1, however, is at least arguably superior from a network > and > > > directory performance standpoint, although I am still very > confused > > > about exactly who defines a "domain" and how the relying party is > > > supposed to intuit what "local choice" some CA made. > > > > > > Would a viable compromise position be to support option 2 as the > > initial > > > direction, and to transition to option 1 at some later point in > > time, say > > > 36 months from now, assuming further work clearly establishes that > > > > option 1 is completely workable? > > > > > > My directory guys assure me that the directory is effectively > > neutral in > > > this, > > > except for the possible performance issues. So all that has to > > happen > > > is for CAs to stop populating the crossCertificate pair. Is that > > correct? > > > > > > On the other hand, does this give rise to a worst of both worlds > > case > > > from the perspective of the client software complexity? > > > > > > Bob > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27837 for ietf-pkix-bks; Wed, 2 Sep 1998 11:37:20 -0700 (PDT) Received: from krusty.rosenquist.com (cr462639-a.flfrd1.on.wave.home.com [24.112.89.61]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27833 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:37:19 -0700 (PDT) Received: by krusty.rosenquist.com with Internet Mail Service (5.5.1960.3) id <RTZXP18A>; Wed, 2 Sep 1998 14:42:03 -0400 Message-ID: <91E1AFA3AC39D11181930080C83879E3055EF8@krusty.rosenquist.com> From: Eric Rosenquist <eric@rosenquist.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 14:42:00 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: multipart/alternative; boundary="---- =_NextPart_001_01BDD6A1.5ED91770" Sender: owner-ietf-pkix@imc.org Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------ =_NextPart_001_01BDD6A1.5ED91770 Content-Type: text/plain ------ =_NextPart_001_01BDD6A1.5ED91770 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.1960.3"> <TITLE>For Option 2</TITLE> </HEAD> <BODY> <BR> </BODY> </HTML> ------ =_NextPart_001_01BDD6A1.5ED91770-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27631 for ietf-pkix-bks; Wed, 2 Sep 1998 11:13:11 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27627 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:13:09 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1BY50GJ>; Wed, 2 Sep 1998 14:17:20 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D219@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, ietf-pkix@imc.org, wpolk@nist.gov, "'Bob Jueneman'" <BJUENEMAN@novell.com> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Wed, 2 Sep 1998 14:17:18 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Sharon and Stefan: While option 1 does not mandate it, it does not prohibit a CA from populating all the certificates it has issued to other CAs (inter as well as intra domain) in the reverse attribute of the cross certificate pair. The fundamental difference between the two options is that under option 1 certificates are not duplicated in a CA's entry. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Wednesday, September 02, 1998 8:46 AM > To: ietf-pkix@imc.org; wpolk@nist.gov; 'Bob Jueneman' > Subject: RE: Straw Poll cACertificate & > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > Hi Bob, > > I don't think we'll every get to a point where people stop populating > the > crossCertificatePair attribute, regardless of the result of the straw > poll. > The forward/reverse elements in the syntax of this attribute are very > useful > since not all path discovery algorithms are identical. Path discovery > can be > done many ways including beginning from the subject and moving toward > a > trust anchor, beginning from a trust anchor and moving toward a > subject, > beginning at both ends etc etc. Being able to retrieve both forward > and > reverse certificates from a single entry rather than checking the > directory > entries of two CAs is a useful feature for some algorithms. > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > > > > > ---------- > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > Sent: September 1, 1998 7:20 PM > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > Subject: Re: Straw Poll cACertificate & > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > I'm still on the fence, and trying to decide between the two > options. > > > > But why is a binary decision necessary? > > > > If I understand Tim's points, option 2 is a superset of option 1, > > and a significant number of clients only support option 2. > > > > Option 1, however, is at least arguably superior from a network and > > directory performance standpoint, although I am still very confused > > about exactly who defines a "domain" and how the relying party is > > supposed to intuit what "local choice" some CA made. > > > > Would a viable compromise position be to support option 2 as the > initial > > direction, and to transition to option 1 at some later point in > time, say > > 36 months from now, assuming further work clearly establishes that > > option 1 is completely workable? > > > > My directory guys assure me that the directory is effectively > neutral in > > this, > > except for the possible performance issues. So all that has to > happen > > is for CAs to stop populating the crossCertificate pair. Is that > correct? > > > > On the other hand, does this give rise to a worst of both worlds > case > > from the perspective of the client software complexity? > > > > Bob > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA27427 for ietf-pkix-bks; Wed, 2 Sep 1998 10:57:12 -0700 (PDT) Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA27423 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:57:11 -0700 (PDT) Received: by mail3.microsoft.com with Internet Mail Service (5.5.2232.9) id <RWP6JHY3>; Wed, 2 Sep 1998 11:01:25 -0700 Message-ID: <61AC5C9A4B9CD11181A200805F57CD5403F46D21@RED-MSG-44> From: Peter Brundrett <petebr@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 11:01:16 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA27149 for ietf-pkix-bks; Wed, 2 Sep 1998 10:31:11 -0700 (PDT) Received: from dell_srv.bankers.org (l131.wespay.org [204.188.21.131]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA27145 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:31:10 -0700 (PDT) Received: by l130.wespay.org with Internet Mail Service (5.5.1960.3) id <RYVJG1T6>; Wed, 2 Sep 1998 10:35:02 -0700 Message-ID: <2F05D61D07F4D111A96900A0C90CD46801AEE2@l130.wespay.org> From: Peter Yeatrakas <pyeatrakas@wespay.org> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 10:34:55 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26986 for ietf-pkix-bks; Wed, 2 Sep 1998 10:17:47 -0700 (PDT) Received: from shadow.munge.com (1005@cc586254-a.hwrd1.md.home.com [24.3.19.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA26982 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:17:45 -0700 (PDT) Received: from localhost (kaos@localhost) by shadow.munge.com (8.8.7/8.8.7) with SMTP id NAA11361; Wed, 2 Sep 1998 13:20:43 -0400 (EDT) (envelope-from kaos@shadow.munge.com) Date: Wed, 2 Sep 1998 13:20:42 -0400 (EDT) From: Karen Oostendorp <kaos@shadow.munge.com> To: ietf-pkix@imc.org cc: Chris Vance <cvance@shadow.munge.com> Subject: For Option 1 Message-ID: <Pine.BSF.3.96.980902131948.10441D-100000@shadow.munge.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26827 for ietf-pkix-bks; Wed, 2 Sep 1998 10:07:57 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA26823 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:07:56 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1BY501N>; Wed, 2 Sep 1998 13:12:02 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E12B0DF@WUHER> From: Peter Hesse <pmhesse@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 13:11:54 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ---------------------------------------------------------------- Peter M. Hesse pmhesse@cygnacom.com CygnaCom Solutions, Inc. (703)848-0883(voice) (703)848-0960(fax) Visit the CygnaCom Solutions Web Site: http://www.cygnacom.com Page me instantly! http://wwp.mirabilis.com/1942828#pager Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26794 for ietf-pkix-bks; Wed, 2 Sep 1998 10:04:13 -0700 (PDT) Received: from hq.freegate.com ([208.226.86.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA26790 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:04:12 -0700 (PDT) Received: (qmail+freegate 12097 invoked by alias); 2 Sep 1998 17:08:41 -0000 Received: from ws37-n0.hq.freegate.com (HELO tardo2.hq.freegate.com) (208.226.86.165) by hq.freegate.com with SMTP; 2 Sep 1998 17:08:41 -0000 Message-Id: <2.2.32.19980902170825.00ada5e0@mailhost.hq.freegate.com> X-Sender: jtardo@mailhost.hq.freegate.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 02 Sep 1998 10:08:25 -0700 To: ietf-pkix@imc.org From: Joe Tardo <jtardo@freegate.com> Subject: For Option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26755 for ietf-pkix-bks; Wed, 2 Sep 1998 10:00:11 -0700 (PDT) Received: from eagle.rsa.com (eagle.rsa.com [192.80.211.35]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA26751 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:00:10 -0700 (PDT) Received: from [10.81.217.217] by eagle.rsa.com via smtpd (for imc.org [206.184.129.134]) with SMTP; 2 Sep 1998 17:17:36 UT Received: by LOBESTER with Internet Mail Service (5.0.1460.8) id <P3J70J5X>; Wed, 2 Sep 1998 10:07:06 -0700 Message-ID: <6236E58EC451D1119E80006097040ED98D3C04@LOBESTER> From: Bruce Greenblatt <Bgreenblatt@rsa.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 10:07:04 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Note new phone number below | v ---------------------------------------------------- Bruce Greenblatt bgreenblatt@rsa.com Personal: bruceg@innetix.com (650) 295-7569 http://www.innetix.com/~bruceg ---------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA26612 for ietf-pkix-bks; Wed, 2 Sep 1998 09:48:47 -0700 (PDT) Received: from imo28.mx.aol.com (imo28.mx.aol.com [198.81.17.72]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA26608 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:48:45 -0700 (PDT) From: SLucch3390@aol.com Received: from SLucch3390@aol.com by imo28.mx.aol.com (IMOv16.1) id 7WUCa24183 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:52:48 -0400 (EDT) Message-ID: <e0f53fb5.35ed77e0@aol.com> Date: Wed, 2 Sep 1998 12:52:48 EDT To: ietf-pkix@imc.org Mime-Version: 1.0 Subject: For Option 1 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Mailer: AOL 3.0 for Windows 95 sub 18 Sender: owner-ietf-pkix@imc.org Precedence: bulk I vote for Option 1. EAL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA25443 for ietf-pkix-bks; Wed, 2 Sep 1998 09:03:45 -0700 (PDT) Received: from dkeynt1.DATAKEY.COM (dkeynt1.datakey.com [205.218.59.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA25439 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:03:44 -0700 (PDT) Received: from datakey.com ([205.218.59.20]) by dkeynt1.DATAKEY.COM (Netscape Messaging Server 3.5) with ESMTP id 382 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:09:26 -0500 Message-ID: <35ED6DEB.7D5299FE@datakey.com> Date: Wed, 02 Sep 1998 11:10:19 -0500 From: "Dale Gustafson" <daleg@datakey.com> Organization: Datakey, Inc. X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: PKIX Working Group <ietf-pkix@imc.org> Subject: For Option 2 References: <5040300019913452000002L022*@MHS> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA25345 for ietf-pkix-bks; Wed, 2 Sep 1998 08:54:18 -0700 (PDT) Received: from smtp2.erols.com (smtp2.erols.com [207.172.3.235]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA25341 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:54:17 -0700 (PDT) Received: from erols.com (207-172-132-91.s91.tnt5.col.erols.com [207.172.132.91]) by smtp2.erols.com (8.8.8/8.8.5) with ESMTP id MAA06506 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:00:44 -0400 (EDT) Message-ID: <35ED26CA.53B6A936@erols.com> Date: Wed, 02 Sep 1998 11:06:52 +0000 From: susanmaloney <susanmaloney@erols.com> Reply-To: susanmaloney@erols.com X-Mailer: Mozilla 4.04 (Macintosh; I; PPC) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA25191 for ietf-pkix-bks; Wed, 2 Sep 1998 08:40:02 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA25187 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:40:01 -0700 (PDT) Received: by gateway.r3.ch id <6803>; Wed, 2 Sep 1998 17:46:05 +0100 Message-Id: <98Sep2.174605gmt+0100.6803@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Extension of straw poll Date: Wed, 2 Sep 1998 16:40:06 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I've just been speaking with one of the PKIX co-chairs and as a result of that conversation, we're extending the deadline on the straw poll regarding the use of cACertificate and crossCertificatePair attributes to be more in line with the length of time usually afforded straw polls in IETF. My reason for pushing a short timeframe was in anticipation of a PKIX resolution which could then be submitted to the X.509 group next week for consideration in their discussion of the related defect report. If the straw poll ends on Wednesday, and if a PKIX resolution is finalized quickly, we can probably still meet that timeframe. Votes can now be submitted up until COB on Wednesday September 9th. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA25160 for ietf-pkix-bks; Wed, 2 Sep 1998 08:36:10 -0700 (PDT) Received: from smtp3.ny.us.ibm.com (smtp3.ny.us.ibm.com [198.133.22.42]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA25156 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:36:09 -0700 (PDT) Received: from relay3.server.ibm.com (relay3.server.ibm.com [9.14.2.100]) by smtp3.ny.us.ibm.com (8.8.7/8.8.7) with ESMTP id LAA62454 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:25:17 -0400 Received: from US.IBM.COM (d04lms03.raleigh.ibm.com [9.37.164.195]) by relay3.server.ibm.com (8.8.7/8.8.7) with SMTP id LAA37654 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:39:46 -0400 Received: by US.IBM.COM (Soft-Switch LMS 2.0) with snapi via D04AU053 id 5040300019913452; Wed, 2 Sep 1998 11:36:41 -0400 From: Ivan Milman <milman@us.ibm.com> To: <ietf-pkix@imc.org> Subject: For Option 2 Message-ID: <5040300019913452000002L022*@MHS> Date: Wed, 2 Sep 1998 11:36:41 -0400 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks, Ivan Ivan M. Milman IBM/Austin Distributed System Services Email: milman@austin.ibm.com Phone: 1-512-838-8152 Fax: 1-512-838-8597 T/L: 678-8152 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA24801 for ietf-pkix-bks; Wed, 2 Sep 1998 08:01:01 -0700 (PDT) Received: from thunder.smartlink.navy.mil (thunder.smartlink.navy.mil [204.36.16.143]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA24790 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:01:00 -0700 (PDT) Received: (from smap@localhost) by thunder.smartlink.navy.mil (8.7.3/8.7.3) id LAA01758 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:03:13 -0400 (EDT) X-Authentication-Warning: thunder.smartlink.navy.mil: smap set sender to <thorvath@chromatix.com> using -f Received: from localhost(127.0.0.1) by thunder via smap (V2.0) id xma001756; Wed, 2 Sep 98 11:02:48 -0400 Message-ID: <35ED5E18.BC183F7E@chromatix.com> Date: Wed, 02 Sep 1998 11:02:48 -0400 From: Tom Horvath <thorvath@chromatix.com> Organization: Smart Link Office X-Mailer: Mozilla 4.04 [en] (X11; I; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24771 for ietf-pkix-bks; Wed, 2 Sep 1998 07:59:29 -0700 (PDT) Received: from stingray.missi.ncsc.mil ([144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24767 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:59:28 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id LAA29628 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:03:31 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id LAA29624 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:03:31 -0400 (EDT) Received: from [144.51.53.159] (impala.missi.ncsc.mil [144.51.53.159]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id LAA01159 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:02:54 -0400 (EDT) X-Sender: dadalko@storm.missi.ncsc.mil Message-Id: <v03110700b2130f1ae193@[144.51.53.159]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 2 Sep 1998 11:05:12 -0400 To: ietf-pkix@imc.org From: David Dalkowski <dadalko@missi.ncsc.mil> Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24736 for ietf-pkix-bks; Wed, 2 Sep 1998 07:55:24 -0700 (PDT) Received: from mclean2-mail.usae.bah.com (mclean2-mail.usae.bah.com [156.80.5.110]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24732 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:55:23 -0700 (PDT) Received: from bah.com ([156.80.128.200]) by mclean2-mail.usae.bah.com (Netscape Messaging Server 3.01) with ESMTP id AAA27454 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:54:26 -0400 Message-ID: <35ED5DA0.3645A842@bah.com> Date: Wed, 02 Sep 1998 11:00:48 -0400 From: "Hirsch Matthew" <hirsch_matthew@bah.com> Organization: BAH X-Mailer: Mozilla 4.03 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24667 for ietf-pkix-bks; Wed, 2 Sep 1998 07:48:37 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24663 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:48:35 -0700 (PDT) Received: from juniper (juniper.chromatix.com [207.97.115.33]) by chromatix.com (8.8.8/8.8.8) with SMTP id KAA09830 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:52:43 -0400 (EDT) (envelope-from bill@chromatix.com) Message-ID: <008401bdd680$fb7af820$217361cf@juniper.chromatix.com> From: "Bill Lenz" <bill@chromatix.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 10:50:09 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0081_01BDD65F.74558200" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0081_01BDD65F.74558200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_0081_01BDD65F.74558200 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_0081_01BDD65F.74558200-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24607 for ietf-pkix-bks; Wed, 2 Sep 1998 07:44:25 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24603 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:44:25 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id HAA02474 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:49:07 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04MF3N5>; Wed, 2 Sep 1998 07:48:19 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFDF674@exccup-25006.mis.tandem.com> From: "Pawluk, Jean" <jean.pawluk@compaq.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 07:48:14 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24547 for ietf-pkix-bks; Wed, 2 Sep 1998 07:38:43 -0700 (PDT) Received: from marlowe.APSINC.COM (marlowe.apsinc.com [198.160.146.80]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24543 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:38:42 -0700 (PDT) Received: by MARLOWE with Internet Mail Service (5.5.2232.9) id <R4PAPTDT>; Wed, 2 Sep 1998 07:41:32 -0700 Message-ID: <70EAEA308C1FD211BF9B00805FBEF6B4158921@MARLOWE> From: Bruce Bell <BBELL@apsinc.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: for option 1 Date: Wed, 2 Sep 1998 07:41:24 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Bruce S. Bell Compliance Officer phone 510-568-0276 ext.361 fax 510-568-0195 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA24010 for ietf-pkix-bks; Wed, 2 Sep 1998 06:46:56 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA24006 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:46:55 -0700 (PDT) Received: from bonsai.chromatix.com (bonsai.chromatix.com [207.97.115.32]) by chromatix.com (8.8.8/8.8.8) with SMTP id JAA09586 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:51:03 -0400 (EDT) (envelope-from Nora.Kraemer@chromatix.com) Message-ID: <00c101bdd678$680639e0$207361cf@bonsai.chromatix.com> From: "Nora Kraemer" <Nora.Kraemer@chromatix.com> To: <ietf-pkix@imc.org> Subject: Option 1 Date: Wed, 2 Sep 1998 09:48:46 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00BE_01BDD656.E0E3D100" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_00BE_01BDD656.E0E3D100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Nora Kraemer=20 Chromatix 10451 Twin Rivers Road, #265 Columbia, MD 21044 Phone: 301-596-8466 Fax: 410-997-4306 Nora.Kraemer@chromatix.com http://www.chromatix.com ------=_NextPart_000_00BE_01BDD656.E0E3D100 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.2106.6"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV> <DIV><FONT color=3D#000000 size=3D2>Nora Kraemer </FONT></DIV> <DIV><FONT color=3D#000000 size=3D2>Chromatix<BR>10451 Twin Rivers Road, = #265<BR>Columbia, MD 21044<BR>Phone: =20 301-596-8466<BR>Fax: = 410-997-4306<BR><A=20 href=3D"mailto:Nora.Kraemer@chromatix.com">Nora.Kraemer@chromatix.com</A>= <BR><A=20 href=3D"http://www.chromatix.com">http://www.chromatix.com</A></FONT></DI= V></BODY></HTML> ------=_NextPart_000_00BE_01BDD656.E0E3D100-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA23960 for ietf-pkix-bks; Wed, 2 Sep 1998 06:42:29 -0700 (PDT) Received: from post.queensu.ca (post.QueensU.CA [130.15.126.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA23956 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:42:23 -0700 (PDT) Received: from eleceng.ee.queensu.ca (eleceng.ee.queensu.ca [130.15.16.1]) by post.queensu.ca (8.9.0/8.9.0) with SMTP id JAA29695 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:47:06 -0400 (EDT) Received: from apollo.ee.queensu.ca by eleceng.ee.queensu.ca (4.1/SMI-4.1) id AA22895; Wed, 2 Sep 98 09:47:05 EDT Received: from localhost by apollo.ee.queensu.ca (SMI-8.6/SMI-SVR4) id JAA14757; Wed, 2 Sep 1998 09:47:04 -0400 Date: Wed, 2 Sep 1998 09:47:04 -0400 (EDT) From: Serge Mister <misters@eleceng.ee.queensu.ca> X-Sender: misters@apollo Reply-To: Serge Mister <misters@eleceng.ee.queensu.ca> To: ietf-pkix@imc.org Subject: For Option 2 Message-Id: <Pine.GSO.3.96.980902094403.14741B-100000@apollo> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA23926 for ietf-pkix-bks; Wed, 2 Sep 1998 06:39:03 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA23921 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:39:02 -0700 (PDT) Received: from chromatix.com (maple.chromatix.com [207.97.115.23]) by chromatix.com (8.8.8/8.8.8) with ESMTP id JAA09547; Wed, 2 Sep 1998 09:43:10 -0400 (EDT) (envelope-from daveb@chromatix.com) Message-ID: <35ED4A4E.3F0519C9@chromatix.com> Date: Wed, 02 Sep 1998 09:38:22 -0400 From: David Berstein <daveb@chromatix.com> Organization: Chromatix X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- _/_/_/ David M. Berstein _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | daveb@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA23868 for ietf-pkix-bks; Wed, 2 Sep 1998 06:33:01 -0700 (PDT) Received: from ha1.rdc1.md.home.com (siteadm@ha1.rdc1.md.home.com [24.2.2.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA23863 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:33:00 -0700 (PDT) Received: from shadow.munge.com ([24.3.19.3]) by ha1.rdc1.md.home.com (Netscape Mail Server v2.02) with SMTP id AAA28598 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:37:42 -0700 Date: Wed, 2 Sep 1998 09:36:05 -0400 (EDT) From: Chris Vance <cvance@shadow.munge.com> To: ietf-pkix@imc.org Subject: For Option 1 Message-ID: <Pine.BSF.3.96.980902093518.10329B-100000@shadow.munge.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23392 for ietf-pkix-bks; Wed, 2 Sep 1998 05:47:21 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA23388 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:47:20 -0700 (PDT) Received: id IAA23613; Wed, 2 Sep 1998 08:49:31 -0400 Received: by gateway id <RNJC07PP>; Wed, 2 Sep 1998 08:46:38 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC96E0@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 08:46:34 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23383 for ietf-pkix-bks; Wed, 2 Sep 1998 05:47:04 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA23378 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:47:03 -0700 (PDT) Received: id IAA23379; Wed, 2 Sep 1998 08:48:31 -0400 Received: by gateway id <RNJC07PN>; Wed, 2 Sep 1998 08:45:38 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC96DF@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: ietf-pkix@imc.org, wpolk@nist.gov, "'Bob Jueneman'" <BJUENEMAN@novell.com> Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Wed, 2 Sep 1998 08:45:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Bob, I don't think we'll every get to a point where people stop populating the crossCertificatePair attribute, regardless of the result of the straw poll. The forward/reverse elements in the syntax of this attribute are very useful since not all path discovery algorithms are identical. Path discovery can be done many ways including beginning from the subject and moving toward a trust anchor, beginning from a trust anchor and moving toward a subject, beginning at both ends etc etc. Being able to retrieve both forward and reverse certificates from a single entry rather than checking the directory entries of two CAs is a useful feature for some algorithms. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > Sent: September 1, 1998 7:20 PM > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > Subject: Re: Straw Poll cACertificate & > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > I'm still on the fence, and trying to decide between the two options. > > But why is a binary decision necessary? > > If I understand Tim's points, option 2 is a superset of option 1, > and a significant number of clients only support option 2. > > Option 1, however, is at least arguably superior from a network and > directory performance standpoint, although I am still very confused > about exactly who defines a "domain" and how the relying party is > supposed to intuit what "local choice" some CA made. > > Would a viable compromise position be to support option 2 as the initial > direction, and to transition to option 1 at some later point in time, say > 36 months from now, assuming further work clearly establishes that > option 1 is completely workable? > > My directory guys assure me that the directory is effectively neutral in > this, > except for the possible performance issues. So all that has to happen > is for CAs to stop populating the crossCertificate pair. Is that correct? > > On the other hand, does this give rise to a worst of both worlds case > from the perspective of the client software complexity? > > Bob > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23301 for ietf-pkix-bks; Wed, 2 Sep 1998 05:40:29 -0700 (PDT) Received: from mbunix.mitre.org (mbunix.mitre.org [129.83.20.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA23297 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:40:26 -0700 (PDT) Received: from FUZZY (fuzzy.mitre.org [129.83.20.83]) by mbunix.mitre.org (8.8.8/8.8.8/mitre.0) with ESMTP id IAA14963 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:45:08 -0400 (EDT) Received: from mm60206-lptp.mitre.org (128.29.105.60) by fuzzy.mitre.org with SMTP id 389257; Wed, 02 Sep 1998 08:45:07 EST Message-Id: <3.0.3.32.19980902083749.00747eb0@mail90.mitre.org> X-Sender: egardner@mail90.mitre.org X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 02 Sep 1998 08:37:49 -0400 To: ietf-pkix@imc.org From: egardner@mitre.org (Ella P. Gardner) Subject: For Option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Ella P. Gardner phone: +1 703 883 5826 The MITRE Corporation fax +1 703 883 7142 1820 Dolley Madison Boulevard email: egardner@mitre.org McLean, VA 22102-3481 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23208 for ietf-pkix-bks; Wed, 2 Sep 1998 05:26:25 -0700 (PDT) Received: from Sonnet.GSC.GTE.Com (Sonnet.GSC.GTE.Com [131.131.251.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA23204 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:26:24 -0700 (PDT) Received: from gscex01.ndhm.gtegsc.com ("port 3641"@gscex01.ndhm.gtegsc.com) by Sonnet.GSC.GTE.Com (PMDF V5.0-8 #17886) id <01J1BP3GOR5W0017HI@Sonnet.GSC.GTE.Com> for ietf-pkix@imc.org; Wed, 02 Sep 1998 08:30:46 -0400 (EDT) Received: by gscex01.ndhm.gtegsc.com with Internet Mail Service (5.0.1460.8) id <Q16F2A6D>; Wed, 02 Sep 1998 08:28:31 -0400 Date: Wed, 02 Sep 1998 08:34:05 -0400 From: "Saylor, John" <John.Saylor@gsc.gte.com> Subject: For Option 2 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Message-id: <ED3CB0BEB22CD211A4580008C756184441476F@NDHMEX01> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-type: text/plain Content-transfer-encoding: 7BIT Sender: owner-ietf-pkix@imc.org Precedence: bulk \js Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22985 for ietf-pkix-bks; Wed, 2 Sep 1998 04:53:31 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22981 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:53:29 -0700 (PDT) Received: from chromatix.com (redoak.chromatix.com [207.97.115.4]) by chromatix.com (8.8.8/8.8.8) with ESMTP id HAA09208 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:57:37 -0400 (EDT) (envelope-from john@chromatix.com) Message-ID: <35ED33B6.9F70645@chromatix.com> Date: Wed, 02 Sep 1998 08:01:58 -0400 From: John Garner <john@chromatix.com> X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: "IETF X.509 PKI" <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: multipart/alternative; boundary="------------06CB147F224BAAC5EA029C20" Sender: owner-ietf-pkix@imc.org Precedence: bulk --------------06CB147F224BAAC5EA029C20 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit -- ====================================================================== //_/_/ John R. Garner _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | john@chromatix.com --------------06CB147F224BAAC5EA029C20 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <HTML> <PRE>-- ====================================================================== //_/_/ John R. Garner _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | <A HREF="http://www.chromatix.com">http://www.chromatix.com</A> _/_/_/ _/ _/ Fax: (410) 997-4306 | john@chromatix.com</PRE> </HTML> --------------06CB147F224BAAC5EA029C20-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22811 for ietf-pkix-bks; Wed, 2 Sep 1998 04:32:01 -0700 (PDT) Received: from mbunix.mitre.org (mbunix.mitre.org [129.83.20.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22807 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:31:59 -0700 (PDT) Received: from mail92.mitre.org (mail92.mitre.org [129.83.20.76]) by mbunix.mitre.org (8.8.8/8.8.8/mitre.0) with SMTP id HAA03515 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:36:35 -0400 (EDT) Received: from mwppp12.mitre.org by mail92.mitre.org; (5.65v3.2/1.1.8.2/22Jun94-0628PM) id AA26210; Wed, 2 Sep 1998 07:36:34 -0400 Message-Id: <Version.32.19980902073600.00dec600@mail92.mitre.org> X-Sender: ginsburg@mail92.mitre.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Wed, 02 Sep 1998 07:36:15 -0400 To: ietf-pkix@imc.org From: Elliott N Ginsburg <ginsburg@mitre.org> Subject: for option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22784 for ietf-pkix-bks; Wed, 2 Sep 1998 04:28:38 -0700 (PDT) Received: from smtp4.ny.us.ibm.COM (smtp4.ny.us.ibm.com [198.133.22.43]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22780 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:28:36 -0700 (PDT) Received: from relay3.server.ibm.com (relay3.server.ibm.com [9.14.2.100]) by smtp4.ny.us.ibm.COM (8.8.7/8.8.7) with ESMTP id HAA24382 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:22:32 -0400 Received: from US.IBM.COM (d04lms03.raleigh.ibm.com [9.37.164.195]) by relay3.server.ibm.com (8.8.7/8.8.7) with SMTP id HAA24986 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:32:18 -0400 Received: by US.IBM.COM (Soft-Switch LMS 2.0) with snapi via D04AU014 id 5040300019901937; Wed, 2 Sep 1998 07:29:13 -0400 From: Mark C Davis <davismc@us.ibm.com> To: <ietf-pkix@imc.org> Subject: For Option 2 Message-ID: <5040300019901937000002L072*@MHS> Date: Wed, 2 Sep 1998 07:29:13 -0400 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ______________________________________________________________ Mark C Davis/Raleigh/IBM, DSS Network Security, davismc@us.ibm.com (919)254-7876, pager 1(800)946-4646 PIN 6066244, FAX (919)254-5710 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22620 for ietf-pkix-bks; Wed, 2 Sep 1998 04:08:00 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22616 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:07:59 -0700 (PDT) Received: from stefans (t2o68p26.telia.com [62.20.138.146]) by mailc.telia.com (8.8.8/8.8.8) with SMTP id NAA05183; Wed, 2 Sep 1998 13:12:31 +0200 (MET DST) Message-Id: <3.0.32.19980902130942.00a42bd0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 02 Sep 1998 13:10:19 +0200 To: "Bob Jueneman" <BJUENEMAN@novell.com>, <aram@apple.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Digital signature and non-repudiation key usage bits Cc: <ietf-pkix@imc.org> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA22617 Sender: owner-ietf-pkix@imc.org Precedence: bulk At 11:35 AM 9/1/98 -0600, Bob Jueneman wrote: <snip> >>>Equally clearly, the use of both the DS and the NR bit _is_ allowed. >> >>YES!! If I could, I would require the DS bit to be set anytime the NR was set. > >I'm not strongly opposed to that, and in fact that was my position prior to realizing >that NR plus encryption could be used to indicate that no escrow was taking place. >If the DS bit would always be set, as opposed to using NR by itself, it would be >a few nanoseconds faster. <snip> >I'll grant that by suggesting that NR might apply to encryption, I am stretching the >popular concept a bit, and effectively redefining the key usage to mean "exclusive >control of the private key by the names user". But isn't that effectively what we have >been saying? > I suggest that we stick to the standardized definitions of the key usage bits and leave policy issues out of a common certificate profile. non-repudiation is according to standard selected by the NR bit, not NR in combination with DS bit. Inclusion of the DS bit means that DS mechanisms other than non-repudiation are allowed for the key. Restrictions regarding combinations of key usages are policy issues. Whether a particular key usage combination is good or bad has to be decided through the perspective of a community with common security requirements. Non-repudiation is defined to be (according to X.509): non-repudiation - This service provides proof of the integrity and origin of data - both in an unforgeable relationship - which can be verified by any third party at any time. Key escrow is not defined by non-repudiation so I would not use the NR bit as a "no-recovery" declaration. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA22485 for ietf-pkix-bks; Wed, 2 Sep 1998 03:54:07 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA22480 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:54:06 -0700 (PDT) From: John_Wray@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090206582906:162 for <ietf-pkix@imc.org> ; Wed, 2 Sep 1998 06:58:29 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090206582906:162 for <ietf-pkix@imc.org> ; Wed, 2 Sep 1998 06:58:29 -0400 X-Lotus-FromDomain: IRIS To: ietf-pkix@imc.org Message-ID: <85256673.003C644F.00@arista.iris.com> Date: Wed, 2 Sep 1998 07:01:37 -0400 Subject: For Option 2 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA22420 for ietf-pkix-bks; Wed, 2 Sep 1998 03:47:26 -0700 (PDT) Received: from alpha.shiva.com (eagle-ext.shiva.com [192.80.57.28]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA22416 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:47:25 -0700 (PDT) Received: from wigeon.shiva.com (wigeon.shiva.com [140.248.194.223]) by alpha.shiva.com (8.8.8/8.8.8) with SMTP id GAA07839 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:49:05 -0400 (EDT) Received: from shiva.com by wigeon.shiva.com (SMI-8.6/SMI-SVR4) id GAA05853; Wed, 2 Sep 1998 06:51:37 -0400 Message-ID: <35ED2338.7258C255@shiva.com> Date: Wed, 02 Sep 1998 06:51:36 -0400 From: Jesse Walker <jwalker@shiva.com> Organization: Shiva Corporation X-Mailer: Mozilla 4.04 [en] (X11; U; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA21021 for ietf-pkix-bks; Wed, 2 Sep 1998 03:06:50 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA21017 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:06:48 -0700 (PDT) Received: from stefans (t2o68p44.telia.com [62.20.138.164]) by mailc.telia.com (8.8.8/8.8.8) with SMTP id MAA12855; Wed, 2 Sep 1998 12:10:23 +0200 (MET DST) Message-Id: <3.0.32.19980902120500.00a417c0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 02 Sep 1998 12:08:11 +0200 To: Santosh Chokhani <chokhani@cygnacom.com>, Sharon Boeyen <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: RE: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Cc: "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id DAA21018 Sender: owner-ietf-pkix@imc.org Precedence: bulk I just feel uncomfortable with a situation where the CA is NOT allowed to store some of it's issued CA certificates in its directory (OPTION 1). If nothing less, storage of these certificates may be used for cashing to enhance path construction (less directory look ups in new paths). Since OPTION2 closes less doors and obviously supports a wider range of local path algorithms, OPTION 2 seems to be the natural choice. I agree with Carlislie and Tim that since OPTION 1 only is a subset of OPTION 2 and OPTION 2 offer full interoperability, that OPTION 2 should be selected even if only a minority declare a need for it. /Stefan At 05:56 PM 9/1/98 -0400, Santosh Chokhani wrote: >They are stored in caCertificate attribute of directory entry >representing the subject (subscriber) CA. > >> -----Original Message----- >> From: Stefan Santesson [SMTP:stefan@accurata.se] >> Sent: Tuesday, September 01, 1998 3:54 PM >> To: Sharon Boeyen; 'ietf-pkix@imc.org' >> Cc: 'Santosh Chokhani' >> Subject: Re: Straw Poll cACertificate & crossCertificatePair >> attributes - PKIX LDAPv2 schema I-D >> >> I don't get this. >> >> In OPTION 1, where do I store certificates issued by this CA to CA:s >> in the same domain???? >> >> It seems to be missing. >> >> /Stefan >> >> ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA21010 for ietf-pkix-bks; Wed, 2 Sep 1998 03:05:49 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA21006 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:05:46 -0700 (PDT) Received: from stefans (t2o68p44.telia.com [62.20.138.164]) by mailc.telia.com (8.8.8/8.8.8) with SMTP id MAA12859 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:10:24 +0200 (MET DST) Message-Id: <3.0.32.19980902120734.00a33df0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 02 Sep 1998 12:08:12 +0200 To: ietf-pkix@imc.org From: Stefan Santesson <stefan@accurata.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id DAA21007 Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19711 for ietf-pkix-bks; Wed, 2 Sep 1998 01:35:50 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19707 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:35:49 -0700 (PDT) Received: from roger ([10.0.0.21]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id KAA05769 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:37:32 +0200 (MET DST) Message-Id: <3.0.5.32.19980902103952.00a45d00@mail.cost.se> X-Sender: martin@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 02 Sep 1998 10:39:52 +0200 To: ietf-pkix@imc.org From: Martin =?iso-8859-1?Q?Lindström?= <martin@cost.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id BAA19708 Sender: owner-ietf-pkix@imc.org Precedence: bulk ______________________________________ |________ Entegrity Solutions _________| | | | Martin Lindström, Systems Engineer | | | | Finlandsgatan 60 | | S-164 74 Kista, Sweden | | Direct: +46-(0)8-477-7735 | | Fax: +46-(0)8-477-7731 | | Cell: +46-(0)70-483-0024 | |______________________________________| Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19623 for ietf-pkix-bks; Wed, 2 Sep 1998 01:18:14 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19619 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:18:13 -0700 (PDT) Received: from esmarelda ([10.0.0.11]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id KAA05687 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:20:01 +0200 (MET DST) Message-Id: <4.1.0.44.19980902101824.00b0e860@mail.cost.se> X-Sender: tca@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.44 (Beta) Date: Wed, 02 Sep 1998 10:19:46 +0200 To: ietf-pkix@imc.org From: Thomas Caldenius <tca@cost.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19614 for ietf-pkix-bks; Wed, 2 Sep 1998 01:17:50 -0700 (PDT) Received: from ccas.ru (ext1.ccas.ru [193.233.208.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19610 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:17:47 -0700 (PDT) Received: from sauron ([193.232.81.34]) by ccas.ru (8.7.5/8.7.3) with SMTP id MAA18012 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:19:50 +0300 (EET DST) Message-ID: <005501bdd64a$e2293fc0$2251e8c1@sauron.ccas.ru> From: "Andrey Lopatenko" <andreyl@ccas.ru> To: <ietf-pkix@imc.org> Subject: Option 2 Date: Wed, 2 Sep 1998 12:22:54 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0052_01BDD66C.68EE6D70" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0052_01BDD66C.68EE6D70 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_0052_01BDD66C.68EE6D70 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Dkoi8-r http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_0052_01BDD66C.68EE6D70-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19576 for ietf-pkix-bks; Wed, 2 Sep 1998 01:12:11 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19572 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:12:09 -0700 (PDT) Received: from jimmie ([10.0.0.22]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id KAA05667 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:13:54 +0200 (MET DST) Message-Id: <3.0.3.32.19980902101429.0187f160@mail.cost.se> X-Sender: nada@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 02 Sep 1998 10:14:29 +0200 To: ietf-pkix@imc.org From: Nada Kapidzic Cicovic <nada@cost.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id WAA08102 for ietf-pkix-bks; Tue, 1 Sep 1998 22:34:25 -0700 (PDT) Received: from relay2.elvis.ru (ss10.elvis.ru [194.190.192.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id WAA08098 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 22:34:22 -0700 (PDT) Received: by relay2.elvis.ru (8.8.5/1.24) id JAA19889; Wed, 2 Sep 1998 09:38:55 +0400 (MSK DST) Message-ID: <XFMail.980902093855.versed@elvis.ru> X-Mailer: XFMail 1.3 [p0] on Solaris X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Wed, 02 Sep 1998 09:38:55 +0400 (MSK DST) From: Pavel Krylov <versed@elvis.ru> To: ietf-pkix@imc.org Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA25421 for ietf-pkix-bks; Tue, 1 Sep 1998 21:15:31 -0700 (PDT) Received: from mailer.Symantec.Com (mailer.symantec.com [198.6.49.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA25417 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 21:15:30 -0700 (PDT) From: DGrawrock@symantec.com Received: from smtp-ima.symantec.com (host39-sub74.symantec.com [155.64.74.39]) by mailer.Symantec.Com (8.8.8/8.8.8) with ESMTP id VAA24786 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 21:18:25 -0700 (PDT) Received: from ccMail by smtp-ima.symantec.com (IMA Internet Exchange 3.1) id 00201118; Tue, 1 Sep 1998 21:17:59 -0700 Mime-Version: 1.0 Date: Tue, 1 Sep 1998 21:14:44 -0700 Message-ID: <00201118.C21288@symantec.com> To: ietf-pkix@imc.org Subject: option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA24963 for ietf-pkix-bks; Tue, 1 Sep 1998 19:38:21 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA24959 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 19:38:19 -0700 (PDT) Received: from yuriy_nb.spyrus.com ([209.66.65.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id TAA26697 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 19:42:28 -0700 (PDT) From: "Yuriy Dzambasow" <ydzambasow@spyrus.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 22:44:42 -0400 Message-ID: <001e01bdd61b$a2db8b40$066c42d1@yuriy_nb.spyrus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA22960 for ietf-pkix-bks; Tue, 1 Sep 1998 16:20:11 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id QAA22956 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 16:20:10 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Tue, 01 Sep 1998 17:20:24 -0600 Message-Id: <s5ec2cd8.091@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Tue, 01 Sep 1998 17:20:10 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <ietf-pkix@imc.org>, <wpolk@nist.gov>, <BJUENEMAN@novell.com> Subject: Re: Straw Poll cACertificate & crossCertificatePairattributes- PKIX LDAPv2 schema I-D Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id QAA22957 Sender: owner-ietf-pkix@imc.org Precedence: bulk I'm still on the fence, and trying to decide between the two options. But why is a binary decision necessary? If I understand Tim's points, option 2 is a superset of option 1, and a significant number of clients only support option 2. Option 1, however, is at least arguably superior from a network and directory performance standpoint, although I am still very confused about exactly who defines a "domain" and how the relying party is supposed to intuit what "local choice" some CA made. Would a viable compromise position be to support option 2 as the initial direction, and to transition to option 1 at some later point in time, say 36 months from now, assuming further work clearly establishes that option 1 is completely workable? My directory guys assure me that the directory is effectively neutral in this, except for the possible performance issues. So all that has to happen is for CAs to stop populating the crossCertificate pair. Is that correct? On the other hand, does this give rise to a worst of both worlds case from the perspective of the client software complexity? Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA22879 for ietf-pkix-bks; Tue, 1 Sep 1998 16:12:52 -0700 (PDT) Received: from aum.proper.com (ts011d20.cup-ca.concentric.net [209.31.12.32]) by mail.proper.com (8.8.8/8.8.5) with SMTP id QAA22874 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 16:12:49 -0700 (PDT) Message-Id: <199809012312.QAA22874@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 01 Sep 1998 09:01:49 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: For Option 2 In-Reply-To: <3.0.2.32.19980901133954.00a76a30@csmes.ncsl.nist.gov> References: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22266 for ietf-pkix-bks; Tue, 1 Sep 1998 14:58:03 -0700 (PDT) Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22262 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:58:03 -0700 (PDT) Received: by mail4.microsoft.com with Internet Mail Service (5.5.2232.9) id <RWP6XMJM>; Tue, 1 Sep 1998 15:02:12 -0700 Message-ID: <2F2DC5CE035DD1118C8E00805FFE354C0509BA3E@RED-MSG-56> From: Trevor Freeman <trevorf@microsoft.com> To: "Pkix List (E-mail)" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 15:02:05 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22248 for ietf-pkix-bks; Tue, 1 Sep 1998 14:56:13 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22244 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:56:12 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SAKHKX5N>; Tue, 1 Sep 1998 18:00:16 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D210@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 18:00:13 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk For option 1 Santosh Chokhani CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA. 22102 (703) 848-0883 (voice) (703) 848-0960 (fax) chokhani@cygancom.com http://www.cygnacom.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22241 for ietf-pkix-bks; Tue, 1 Sep 1998 14:56:00 -0700 (PDT) Received: from louie.scs.carleton.ca (louie.scs.carleton.ca [134.117.5.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22237 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:55:58 -0700 (PDT) Received: from turing (turing [134.117.5.10]) by louie.scs.carleton.ca (96/30.01.97) with SMTP id SAA04115 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 18:00:00 -0400 (EDT) Received: from floyd by turing (5.x/SMI-SVR4) id AA03913; Tue, 1 Sep 1998 17:59:55 -0400 From: just@turing.scs.carleton.ca (Mike Just) Received: by floyd (5.x/Scs-1.0-client) id AA17259; Tue, 1 Sep 1998 17:59:54 -0400 Date: Tue, 1 Sep 1998 17:59:54 -0400 Message-Id: <9809012159.AA17259@floyd> To: ietf-pkix@imc.org Subject: For Option 2 X-Sun-Charset: US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22199 for ietf-pkix-bks; Tue, 1 Sep 1998 14:52:28 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22195 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:52:26 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SAKHKXZ0>; Tue, 1 Sep 1998 17:56:29 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D20F@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Stefan Santesson'" <stefan@accurata.se>, Sharon Boeyen <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Subject: RE: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Date: Tue, 1 Sep 1998 17:56:27 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk They are stored in caCertificate attribute of directory entry representing the subject (subscriber) CA. > -----Original Message----- > From: Stefan Santesson [SMTP:stefan@accurata.se] > Sent: Tuesday, September 01, 1998 3:54 PM > To: Sharon Boeyen; 'ietf-pkix@imc.org' > Cc: 'Santosh Chokhani' > Subject: Re: Straw Poll cACertificate & crossCertificatePair > attributes - PKIX LDAPv2 schema I-D > > I don't get this. > > In OPTION 1, where do I store certificates issued by this CA to CA:s > in the same domain???? > > It seems to be missing. > > /Stefan > > > At 11:10 AM 9/1/98 -0400, Sharon Boeyen wrote: > > > >Folks > > > >This is a straw poll on the use of the cACertificate and > >crossCertificatePair attributes in the PKIX LDAP schema draft. There > are 2 > >options, each of which received sufficient support during the Chicago > >meeting to require this straw poll to resolve the issue. Below is the > >specific text proposed for each option, followed by a summary of the > >rationale behind each of the proposals. The specific text for the > proposals > >and rationale summaries have been cooperatively drafted by Santosh > Chokhani, > >Dave Horvath and myself. > > > >Votes must be in by COB on Thursday Sept 3. This is the only > outstanding > >issue on this I-D following the 2 week last call so we should be able > to > >progress both the PKIX LDAPv2 protocol profile and PKIX LDAPv2 schema > >following this poll. > >. > >To vote, send an email to ietf-pkix@imc.org with one of the following > >subject lines: > > > >To vote for option 1put "For Option 1" in the subject line. > >To vote for option 2 put "For Option 2" in the subject line. > > > >As with the earlier polls conducted by Tim Polk on Part 1, don't > bother with > >a message body, I am just going to count the messages. Discussion of > the > >content of this message should reply to this message. > > > > > >PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: > >OPTION 1: > >---------------- > >The cACertificate attribute, held in a particular CA's directory > entry, > >shall be used to store certificates issued to this CA by CAs in the > same > >domain as this CA. In addition, the cACertificate attribute shall be > used to > >store self-issued certificates. > > > >The forward element of the crossCertificatePair attribute, held in a > >particular CA's directory entry, shall be used to store certificates > issued > >to this CA by CAs in other domains. Optionally, the reverse element > of the > >crossCertificatePair attribute, held in a particular CA's directory > entry, > >may contain certificates issued by this CA to CAs in other domains. > > > >In the case of V3 certificates, none of the above CA certificates may > >include a basicConstraints extension with the cA value set to FALSE. > > > >The definition of domain is purely a matter of local policy. > > > >OPTION 2: > >------------- > >The crossCertificatePair attribute, held in a particular CA's > directory > >entry, shall be used to store all certificates issued by this CA to > other > >CAs, as well as certificates issued for this CA by other CAs. Values > held in > >the forward element are certificates issued for this CA by other CAs, > while > >values in the reverse element are certificates issued by this CA for > other > >CAs. > > > >The cACertificate attribute, held in a particular CA's directory > entry, > >shall be used to store certificates issued to this CA by CAs in the > same > >domain as this CA. This set of certificates is a subset of the values > of the > >forward element of the crossCertificatePair attribute in the same CA > entry. > >In addition, the cACertificate attribute shall beused to store > self-issued > >certificates. > > > >The definition of domain is purely a matter of local policy. > > > >In the case of version 3 certificates, none of the above CA > certificates may > >include a basicConstraints extension with the cA value set to FALSE. > > > >SUMMARY OF RATIONALE FOR EACH OF THE OPTIONS: > >-------------------------------------------------------------------- > > > >RATIONALE FOR PROPOSING OPTION 1: > >-------------------------------------------------- > >The major advantage of this approach is that it minimizes the amount > of data > >retrieved from the directory. The approach improves the relying > party > >response time and minimizes network utilization. > > > >Another advantage of this approach over the alternative is that it > does not > >require the relying parties to separate the certificates stored in > >caCertificate attribute from those stored in the crossCertificatePair > >attribute. The clients may need to do this during path construction. > > > >Storing all the certificates in the crossCertificatePair attribute > and also > >storing some of the certificates in the caCertificate attribute, as > >described in the alternative, unnecessarily increases the number of > >certificates retrieved. The alternative will result in poorer > relying party > >response time and use network bandwidth unnecessarily. The > alternative will > >be particularly inefficient when a relying party is located remotely > from > >the repository/directory. > > > >A minor disadvantage of the alternative is that it requires the same > >information object (certificate) to be stored twice in a repository, > once in > >the caCertificate attribute and once in the crossCertificatePair > attribute. > >This increases he storage requirement on the directory. > > > > > >RATIONALE FOR PROPOSING OPTION 2: > >------------------------------------------------------------ > > > >Path development is a relying party process and the criteria for > selection > >of a 'preferred' set of certificates to enable efficiencies in that > process > >can vary according to the path discovery algorithm as well as from > one > >relying party to another, from one application to another, and on > other > >criteria as well. While a CA should optionally be able to provide > helpful > >hints to relying parties regarding the set of certificates the CA > expects to > >provide efficiencies, these may or may not match the requirements of > a > >relying party path discovery process. Relying parties will access CA > >directory entries frequently to retrieve certificates as input to a > >certification path development process and they should not be forced > to know > >whether or not a CA has published a set of its 'preferred' > certificates, > >nor should relying parties be required to take on the extra burden of > having > >to request filtering of multiple directory attributes to retrieve the > set of > >certificates which is preferred in their particular environment, > especially > >given that relying parties will often need this information from CAs > outside > >their own local Intranet. > > > >CAs should be given the option to publish a set of 'preferred' > certificates > >but should not be required to do so. Should a CA elect to publish > such a > >set, the criteria used by that CA to determine the bases of the > preference > >should be left to the discretion of each CA or each security domain. > The > >preference should not be necessarily tied to a predetermined > universal > >criterion such as a single PKI or 'internal domain', especially given > that a > >CA may be issued a certificate by any number of other CAs and may > therefore > >subscribe to many PKIs. > > > > > >------------------ > >Sharon Boeyen > >Entrust Technologies > > > >mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > >http://www.entrust.com Fax: (613) 247-3690 > > > > > > > > > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systemsäkerhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malmö Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22157 for ietf-pkix-bks; Tue, 1 Sep 1998 14:46:11 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22153 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:46:10 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id OAA04459; Tue, 1 Sep 1998 14:48:30 -0700 (PDT) Received: from mmyers-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id OAA09078; Tue, 1 Sep 1998 14:50:15 -0700 (PDT) Message-Id: <3.0.32.19980901145013.00683c4c@mail.verisign.com> X-Sender: mmyers@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 01 Sep 1998 14:50:18 -0700 To: ietf-pkix@imc.org From: Michael Myers <mmyers@verisign.com> Subject: For Option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22067 for ietf-pkix-bks; Tue, 1 Sep 1998 14:37:38 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA22063 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:37:37 -0700 (PDT) Received: from East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id OAA08469 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:41:46 -0700 Received: from suneast.East.Sun.COM by East.Sun.COM (SMI-8.6/SMI-5.3) id RAA28723; Tue, 1 Sep 1998 17:41:41 -0400 Received: from bcn.East.Sun.COM by suneast.East.Sun.COM (SMI-8.6/SMI-SVR4) id RAA01584; Tue, 1 Sep 1998 17:41:43 -0400 Received: from east.sun.com by bcn.East.Sun.COM (SMI-8.6/SMI-SVR4) id RAA17370; Tue, 1 Sep 1998 17:41:40 -0400 Message-ID: <35EC6A15.F94799D9@east.sun.com> Date: Tue, 01 Sep 1998 17:41:41 -0400 From: Sean Mullan <mullan@East.Sun.COM> Organization: Sun Microsystems X-Mailer: Mozilla 4.5b1 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA21256 for ietf-pkix-bks; Tue, 1 Sep 1998 14:28:24 -0700 (PDT) Received: from spacenet.com.br (saturno.spacenet.com.br [200.255.100.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA21252 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:28:20 -0700 (PDT) Received: from spacenet.com.br (lagoa.spacenet.com.br [200.255.243.65]) by spacenet.com.br (8.8.4/SMI-SVR4) id SAA00630; Tue, 1 Sep 1998 18:18:41 -0300 (EST) X-Sender: lagoa.spacenet.com.br [200.255.243.65] Message-ID: <35EC6800.784BFAE3@spacenet.com.br> Date: Tue, 01 Sep 1998 18:32:48 -0300 From: Eduardo Rosemberg de Moura <eduardor@spacenet.com.br> Reply-To: eduardor@iname.com X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- Eduardo Rosemberg de Moura mailto:eduardor@iname.com (eduardor@spacenet.com.br) Phone: +55 21 521-0120 (voice) +55 21 523-4499 (fax) Mobile:+55 21 9985-7934 ICQ: 6365858 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA21166 for ietf-pkix-bks; Tue, 1 Sep 1998 14:17:29 -0700 (PDT) Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA21162 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:17:28 -0700 (PDT) Received: by mail4.microsoft.com with Internet Mail Service (5.5.2232.9) id <RWP6XHA8>; Tue, 1 Sep 1998 14:21:33 -0700 Message-ID: <39ADCF833E74D111A2D700805F1951EF056B9D4A@RED-MSG-06> From: Brian LaMacchia <bal@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 14:21:30 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20962 for ietf-pkix-bks; Tue, 1 Sep 1998 13:51:24 -0700 (PDT) Received: from mtahqs2.ncr.disa.mil (mtahqs2.ncr.disa.mil [164.117.144.158]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20957 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:51:23 -0700 (PDT) Received: by mtahqs2.ncr.disa.mil with Internet Mail Service (5.0.1460.8) id <R503HD5B>; Tue, 1 Sep 1998 20:55:56 -0000 Message-ID: <5E15A94A31EED011BF9F0060970BACBC123E27@mtapkr1.ncr.disa.mil> From: "Adkins, Sherrill" <AdkinsS@ncr.disa.mil> To: ietf-pkix@imc.org Subject: For Option 1 Date: Tue, 1 Sep 1998 20:55:47 -0000 Importance: low X-Priority: 5 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20951 for ietf-pkix-bks; Tue, 1 Sep 1998 13:50:49 -0700 (PDT) Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20947 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:50:48 -0700 (PDT) Received: by INET-IMC-01 with Internet Mail Service (5.5.2232.9) id <RWPXN6PY>; Tue, 1 Sep 1998 13:54:57 -0700 Message-ID: <4FD6422BE942D111908D00805F3158DF055136F3@RED-MSG-52> From: Barb Fox <bfox@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: for Option 1 Date: Tue, 1 Sep 1998 13:54:51 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20939 for ietf-pkix-bks; Tue, 1 Sep 1998 13:49:06 -0700 (PDT) Received: from ultraman.ilan.net (ultraman.ilan.net [207.211.122.35]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20935 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:49:03 -0700 (PDT) Received: from secantnet.com ([207.211.125.5]) by ultraman.ilan.net (Post.Office MTA v3.1.2 release (PO203-101c) ID# 610-52672U600L100S0V35) with SMTP id AAA5949 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 16:45:31 -0400 Received: from secantnet.com by secantnet.com (SMI-8.6/SMI-SVR4) id QAA06759; Tue, 1 Sep 1998 16:53:36 -0400 Message-ID: <35EC5ED4.B40E1161@secantnet.com> Date: Tue, 01 Sep 1998 16:53:40 -0400 From: Greg Byrd <gbyrd@cow.secantnet.com> Organization: SECANT Network Technologies X-Mailer: Mozilla 4.03 [en] (X11; U; SunOS 5.6 sun4u) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: for option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- Greg Byrd gbyrd@secantnet.com SECANT Network Technologies, Inc. 919-462-1900 x229 P.O. Box 14285 919-462-1933 (fax) Research Triangle Park, NC 27709 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20554 for ietf-pkix-bks; Tue, 1 Sep 1998 13:02:41 -0700 (PDT) Received: from chopin.digsigtrust.com (chopin.digsigtrust.com [208.30.64.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20550 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:02:40 -0700 (PDT) Received: from digsigtrust.com (rfwdesktop.digsigtrust.com [208.30.64.114]) by chopin.digsigtrust.com (8.9.1/8.9.1) with ESMTP id OAA01554 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:06:48 -0600 (MDT) Message-ID: <35EC5997.85FEC582@digsigtrust.com> Date: Tue, 01 Sep 1998 14:31:19 -0600 From: "Russel F. Weiser" <rweiser@digsigtrust.com> X-Mailer: Mozilla 4.05 [en] (WinNT; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: multipart/mixed; boundary="------------C201775B051242826227D678" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------C201775B051242826227D678 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------C201775B051242826227D678 Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Russel Weiser Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Russel Weiser n: Weiser;Russel org: DST email;internet: rweiser@DigSigTrust.COm x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------C201775B051242826227D678-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20474 for ietf-pkix-bks; Tue, 1 Sep 1998 12:51:51 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA20470 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:51:47 -0700 (PDT) Received: from stefans (t2o68p112.telia.com [62.20.138.232]) by maild.telia.com (8.8.8/8.8.8) with SMTP id VAA14836; Tue, 1 Sep 1998 21:55:47 +0200 (CEST) Message-Id: <3.0.32.19980901215234.009dd940@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 01 Sep 1998 21:53:35 +0200 To: Sharon Boeyen <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Cc: "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id MAA20471 Sender: owner-ietf-pkix@imc.org Precedence: bulk I don't get this. In OPTION 1, where do I store certificates issued by this CA to CA:s in the same domain???? It seems to be missing. /Stefan At 11:10 AM 9/1/98 -0400, Sharon Boeyen wrote: > >Folks > >This is a straw poll on the use of the cACertificate and >crossCertificatePair attributes in the PKIX LDAP schema draft. There are 2 >options, each of which received sufficient support during the Chicago >meeting to require this straw poll to resolve the issue. Below is the >specific text proposed for each option, followed by a summary of the >rationale behind each of the proposals. The specific text for the proposals >and rationale summaries have been cooperatively drafted by Santosh Chokhani, >Dave Horvath and myself. > >Votes must be in by COB on Thursday Sept 3. This is the only outstanding >issue on this I-D following the 2 week last call so we should be able to >progress both the PKIX LDAPv2 protocol profile and PKIX LDAPv2 schema >following this poll. >. >To vote, send an email to ietf-pkix@imc.org with one of the following >subject lines: > >To vote for option 1put "For Option 1" in the subject line. >To vote for option 2 put "For Option 2" in the subject line. > >As with the earlier polls conducted by Tim Polk on Part 1, don't bother with >a message body, I am just going to count the messages. Discussion of the >content of this message should reply to this message. > > >PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: >OPTION 1: >---------------- >The cACertificate attribute, held in a particular CA's directory entry, >shall be used to store certificates issued to this CA by CAs in the same >domain as this CA. In addition, the cACertificate attribute shall be used to >store self-issued certificates. > >The forward element of the crossCertificatePair attribute, held in a >particular CA's directory entry, shall be used to store certificates issued >to this CA by CAs in other domains. Optionally, the reverse element of the >crossCertificatePair attribute, held in a particular CA's directory entry, >may contain certificates issued by this CA to CAs in other domains. > >In the case of V3 certificates, none of the above CA certificates may >include a basicConstraints extension with the cA value set to FALSE. > >The definition of domain is purely a matter of local policy. > >OPTION 2: >------------- >The crossCertificatePair attribute, held in a particular CA's directory >entry, shall be used to store all certificates issued by this CA to other >CAs, as well as certificates issued for this CA by other CAs. Values held in >the forward element are certificates issued for this CA by other CAs, while >values in the reverse element are certificates issued by this CA for other >CAs. > >The cACertificate attribute, held in a particular CA's directory entry, >shall be used to store certificates issued to this CA by CAs in the same >domain as this CA. This set of certificates is a subset of the values of the >forward element of the crossCertificatePair attribute in the same CA entry. >In addition, the cACertificate attribute shall beused to store self-issued >certificates. > >The definition of domain is purely a matter of local policy. > >In the case of version 3 certificates, none of the above CA certificates may >include a basicConstraints extension with the cA value set to FALSE. > >SUMMARY OF RATIONALE FOR EACH OF THE OPTIONS: >-------------------------------------------------------------------- > >RATIONALE FOR PROPOSING OPTION 1: >-------------------------------------------------- >The major advantage of this approach is that it minimizes the amount of data >retrieved from the directory. The approach improves the relying party >response time and minimizes network utilization. > >Another advantage of this approach over the alternative is that it does not >require the relying parties to separate the certificates stored in >caCertificate attribute from those stored in the crossCertificatePair >attribute. The clients may need to do this during path construction. > >Storing all the certificates in the crossCertificatePair attribute and also >storing some of the certificates in the caCertificate attribute, as >described in the alternative, unnecessarily increases the number of >certificates retrieved. The alternative will result in poorer relying party >response time and use network bandwidth unnecessarily. The alternative will >be particularly inefficient when a relying party is located remotely from >the repository/directory. > >A minor disadvantage of the alternative is that it requires the same >information object (certificate) to be stored twice in a repository, once in >the caCertificate attribute and once in the crossCertificatePair attribute. >This increases he storage requirement on the directory. > > >RATIONALE FOR PROPOSING OPTION 2: >------------------------------------------------------------ > >Path development is a relying party process and the criteria for selection >of a 'preferred' set of certificates to enable efficiencies in that process >can vary according to the path discovery algorithm as well as from one >relying party to another, from one application to another, and on other >criteria as well. While a CA should optionally be able to provide helpful >hints to relying parties regarding the set of certificates the CA expects to >provide efficiencies, these may or may not match the requirements of a >relying party path discovery process. Relying parties will access CA >directory entries frequently to retrieve certificates as input to a >certification path development process and they should not be forced to know >whether or not a CA has published a set of its 'preferred' certificates, >nor should relying parties be required to take on the extra burden of having >to request filtering of multiple directory attributes to retrieve the set of >certificates which is preferred in their particular environment, especially >given that relying parties will often need this information from CAs outside >their own local Intranet. > >CAs should be given the option to publish a set of 'preferred' certificates >but should not be required to do so. Should a CA elect to publish such a >set, the criteria used by that CA to determine the bases of the preference >should be left to the discretion of each CA or each security domain. The >preference should not be necessarily tied to a predetermined universal >criterion such as a single PKI or 'internal domain', especially given that a >CA may be issued a certificate by any number of other CAs and may therefore >subscribe to many PKIs. > > >------------------ >Sharon Boeyen >Entrust Technologies > >mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 >http://www.entrust.com Fax: (613) 247-3690 > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20428 for ietf-pkix-bks; Tue, 1 Sep 1998 12:44:44 -0700 (PDT) Received: from fw.ssb.it (fw.ssb.it [192.106.128.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20424 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:44:40 -0700 (PDT) Received: from notesmail.ssb.it (domino.ssb.it [192.168.19.5]) by ns.ssb.it (8.8.5/8.7.3) with SMTP id XAA26047 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 23:45:55 +0200 (CEST) Received: by notesmail.ssb.it(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id C1256672.006D747B ; Tue, 1 Sep 1998 21:55:32 +0200 X-Lotus-FromDomain: SSB From: "Fabio Omenigrandi" <Omenigrandi@ssb.it> To: ietf-pkix@imc.org Message-ID: <C1256672.006B44A7.00@notesmail.ssb.it> Date: Tue, 1 Sep 1998 21:32:35 +0200 Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20329 for ietf-pkix-bks; Tue, 1 Sep 1998 12:37:15 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20325 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:37:13 -0700 (PDT) Received: id PAA27010; Tue, 1 Sep 1998 15:38:44 -0400 Received: by gateway id <RNJC0ZXX>; Tue, 1 Sep 1998 15:35:52 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50C515D3@sothmxs01.entrust.com> From: Ron Chittaro <ron.chittaro@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 1 Sep 1998 15:35:44 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20095 for ietf-pkix-bks; Tue, 1 Sep 1998 12:08:59 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20091 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:08:56 -0700 (PDT) Received: id PAA23359; Tue, 1 Sep 1998 15:09:38 -0400 Received: by gateway id <RNJC0ZSP>; Tue, 1 Sep 1998 15:06:46 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50017890AC@sothmxs01.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Tim Polk'" <wpolk@nist.gov>, "'BJUENEMAN@novell.com'" <BJUENEMAN@novell.com> Subject: RE: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Date: Tue, 1 Sep 1998 15:06:36 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, Here's my two cents (which, at the current exchange rate, is worth considerably less than Tim's two cents...). > ---------- > From: Tim Polk[SMTP:wpolk@nist.gov] > Sent: Tuesday, September 01, 1998 1:39 PM > To: 'ietf-pkix@imc.org' > Subject: Re: Straw Poll cACertificate & crossCertificatePair > attributes - PKIX LDAPv2 schema I-D > > In case anyone is interested, here's my two cents worth... > ... > I prefer option #2, but for rather pragmatic reasons. There are two large > pools of PKI clients. These two groups were designed independently, and > the implementers made different assumptions. If we choose option #1, we > break one group of clients. HOWEVER, if we choose option #2, both sets of > clients will work - and will be interoperable! > > Since a technically viable solution exists that doesn't break any existing > clients and actually makes them interoperable, that is my preference. > This sort of reasoning (*especially* within the IETF community) seems sufficiently strong that I wonder why in the world we need a straw poll at all. It meets every conceivable definition of "rough consensus and running code" and "interoperability above non-interoperability", which are the two golden rules of this community. Within an *IETF* Working Group, is there any defensible basis for choosing another option that does not have these properties? Carlisle. P.S., Bob, I share your concern for the definition of a domain being left up to "local policy". What exactly is the definition of "local"? Does this mean local to the CA whose entry we're considering? If so, then if I am certified by another CA, how do I know whether or not I'm in that first CA's "domain" (i.e., how do I know what it "locally" defined its domain to be)? Therefore, how do I know whether or not to look in the caCertificate attribute? Again, it seems to me that option 2 nicely (and completely) solves this problem: if I somehow (magically) know that I'm in that CA's domain, then I can retrieve certificates from the caCertificate attribute; otherwise, I can retrieve certificates from the crossCertificatePair attribute. Both methods are guaranteed to work. Option 1, on the other hand, works on the underlying assumption that everybody knows (a priori) what domain they're in. Given that there is no universal definition for "domain" (i.e., that it is only defined "locally"), it is not at all obvious how to ensure this. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20090 for ietf-pkix-bks; Tue, 1 Sep 1998 12:08:55 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20086 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:08:54 -0700 (PDT) Received: id PAA23418; Tue, 1 Sep 1998 15:10:18 -0400 Received: by gateway id <RNJC0ZST>; Tue, 1 Sep 1998 15:07:26 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50017890AD@sothmxs01.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: ietf-pkix@imc.org Subject: For Option 2 Date: Tue, 1 Sep 1998 15:07:25 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20051 for ietf-pkix-bks; Tue, 1 Sep 1998 12:03:04 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA20047 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:03:03 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id PAA06735 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:07:10 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EC45DB.C33A3300@chromatix.com> Date: Tue, 01 Sep 1998 15:07:07 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19990 for ietf-pkix-bks; Tue, 1 Sep 1998 11:59:18 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19986 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:59:17 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQfezk12448; Tue, 1 Sep 1998 15:03:22 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRA0CT>; Tue, 1 Sep 1998 15:05:27 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD5EAD3D@exchang-fairfax.pec.com> From: MHenry <MHenry@pec.com> To: ietf-pkix@imc.org Subject: for option 2 Date: Tue, 1 Sep 1998 15:05:25 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19970 for ietf-pkix-bks; Tue, 1 Sep 1998 11:56:58 -0700 (PDT) Received: from stingray.missi.ncsc.mil ([144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19966 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:56:57 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id PAA22769 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:00:56 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id PAA22763 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:00:55 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id PAA14818 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:00:19 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000256056@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Tue, 01 Sep 1998 15:01:51 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDD5B9.733EE650@avenger.missi.ncsc.mil>; Tue, 1 Sep 1998 15:01:51 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980901190150Z-30002@avenger.missi.ncsc.mil> From: "Fillingham, David W." <dwfilli@missi.ncsc.mil> To: "'IETF/PKIX'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 15:01:50 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19925 for ietf-pkix-bks; Tue, 1 Sep 1998 11:47:27 -0700 (PDT) Received: from mail0.sse.ie (mail0.sse.ie [193.120.32.47]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA19921 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:47:25 -0700 (PDT) Received: from mail2.sse.ie by mail0.sse.ie; Tue, 1 Sep 1998 19:51:30 +0100 Received: from mail0.sse.ie (unverified [193.120.32.47]) by mail2.sse.ie (Integralis SMTPRS 2.04) with ESMTP id <B0000323104@mail2.sse.ie>; Tue, 01 Sep 1998 19:51:21 +0100 Received: from baboo.sse.ie (farrell@baboo.sse.ie [193.120.32.109]) by mail0.sse.ie (8.9.1a/8.9.1) with ESMTP id TAA07273 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 19:51:19 +0100 (BST) Message-Id: <199809011851.TAA07273@mail0.sse.ie> X-Mailer: exmh version 1.6.9 8/22/96 Reply-To: Stephen.Farrell@sse.ie To: ietf-pkix@imc.org Subject: For Option 2 From: Stephen Farrell <stephen.farrell@sse.ie> MIME-Version: 1.0 Date: Tue, 01 Sep 1998 19:52:09 +0100 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19878 for ietf-pkix-bks; Tue, 1 Sep 1998 11:38:52 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19874 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:38:51 -0700 (PDT) Received: from chromatix.com (poplar.chromatix.com [207.97.115.14]) by chromatix.com (8.8.8/8.8.8) with ESMTP id OAA06632 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:42:57 -0400 (EDT) (envelope-from mike@chromatix.com) Message-ID: <35EC4050.7C99987F@chromatix.com> Date: Tue, 01 Sep 1998 14:43:28 -0400 From: Michael Maloney <mike@chromatix.com> X-Mailer: Mozilla 4.05 [en] (WinNT; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: multipart/mixed; boundary="------------10B5479D1700C8A1FFAC998E" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------10B5479D1700C8A1FFAC998E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------10B5479D1700C8A1FFAC998E Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Mike Maloney Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Mike Maloney n: Maloney;Mike org: Chromatix, Inc adr: 10451 Twin Rivers Road;;Suite 265;Columbia;MD;21044;USA email;internet: mike@chromatix.com title: Senior Engineer tel;work: 301 596-8466 tel;fax: 410 997-4306 x-mozilla-cpt: ;0 x-mozilla-html: TRUE version: 2.1 end: vcard --------------10B5479D1700C8A1FFAC998E-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19820 for ietf-pkix-bks; Tue, 1 Sep 1998 11:35:01 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA19816 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:35:00 -0700 (PDT) Received: id OAA19092; Tue, 1 Sep 1998 14:36:01 -0400 Received: by gateway id <RNJC0ZNA>; Tue, 1 Sep 1998 14:33:07 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500139AFC3@sothmxs01.entrust.com> From: Robert Zuccherato <robert.zuccherato@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 1 Sep 1998 14:33:05 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19706 for ietf-pkix-bks; Tue, 1 Sep 1998 11:23:55 -0700 (PDT) Received: from inetgw.fs.lmco.com (inetgw.fs.lmco.com [204.177.125.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19702 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:23:53 -0700 (PDT) Received: (from mail@localhost) by inetgw.fs.lmco.com (AIX4.2/UCB 8.7/8.7) id OAA33110 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:28:26 -0400 (EDT) Received: from dmsman.man.fs.lmco.com(158.187.195.16) by inetgw.fs.lmco.com via smap (V2.0) id xma075892; Tue, 1 Sep 98 14:27:58 -0400 Received: by dmsman.man.fs.lmco.com with Internet Mail Service (5.5.2232.9) id <RQDKB2NB>; Tue, 1 Sep 1998 14:26:58 -0400 Message-ID: <E1F508DF1910D1118BCB000083B11B7F46B2C1@dmsman.man.fs.lmco.com> From: "Rogers III, Edward B." <ed.rogers@lmco.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 14:26:56 -0400 Importance: low X-Priority: 5 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk R/ Ed Technical Lead, DMS Security Evolution Lockheed Martin Federal Systems Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19574 for ietf-pkix-bks; Tue, 1 Sep 1998 11:06:39 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19570 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:06:38 -0700 (PDT) Received: from cedar.chromatix.com (cedar.chromatix.com [207.97.115.12]) by chromatix.com (8.8.8/8.8.8) with SMTP id OAA06514; Tue, 1 Sep 1998 14:10:42 -0400 (EDT) (envelope-from Steven.Peterson@Chromatix.com) Message-ID: <018201bdd5d4$10ca0520$0c7361cf@cedar.chromatix.com> From: "Steven (Pete) Peterson" <Steven.Peterson@chromatix.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 14:12:22 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_017F_01BDD5B2.89B86520" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_017F_01BDD5B2.89B86520 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_017F_01BDD5B2.89B86520 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_017F_01BDD5B2.89B86520-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19563 for ietf-pkix-bks; Tue, 1 Sep 1998 11:05:08 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19559 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:05:04 -0700 (PDT) Received: from chromatix.com (kapok.chromatix.com [207.97.115.37]) by chromatix.com (8.8.8/8.8.8) with ESMTP id OAA06501 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:09:07 -0400 (EDT) (envelope-from tom@chromatix.com) Message-ID: <35EC3928.1172461C@chromatix.com> Date: Tue, 01 Sep 1998 14:12:56 -0400 From: Thomas Llanso <tom@chromatix.com> X-Mailer: Mozilla 4.06 [en] (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- _/_/_/ Thomas H. Llanso _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | tom_llanso@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19529 for ietf-pkix-bks; Tue, 1 Sep 1998 11:03:15 -0700 (PDT) Received: from hq.vni.net (hq.vni.net [205.252.27.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19524 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:03:12 -0700 (PDT) Received: from ieca.com (nova-aaa-061.vni.net [205.177.115.61]) by hq.vni.net (8.8.8/8.8.5) with ESMTP id OAA10687 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:07:49 -0400 (EDT) Message-ID: <35EC37AE.B0138842@ieca.com> Date: Tue, 01 Sep 1998 14:06:38 -0400 From: Sean Turner <turners@ieca.com> Organization: IECA, Inc. X-Mailer: Mozilla 4.06 [en] (Win98; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 References: <199809011751.NAA17303@ajsn101.jgvandyke.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19400 for ietf-pkix-bks; Tue, 1 Sep 1998 10:53:33 -0700 (PDT) Received: from hq.ljl.COM (hq.ljl.com [206.151.234.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19394 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:53:28 -0700 (PDT) Received: from larry.ljl.com by hq.ljl.COM. with smtp id aa23343; Tue, 1 Sep 1998 12:58:23 -0500 Received: by localhost with Microsoft MAPI; Tue, 1 Sep 1998 12:58:07 -0500 Message-ID: <01BDD5A8.29E77AA0.larry@ljl.com> From: Larry Layten <larry@ljl.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 12:58:05 -0500 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19364 for ietf-pkix-bks; Tue, 1 Sep 1998 10:50:49 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19360 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:50:48 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Tue, 01 Sep 1998 11:51:07 -0600 Message-Id: <s5ebdfab.090@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Tue, 01 Sep 1998 11:51:01 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <ietf-pkix@imc.org>, <wpolk@nist.gov> Subject: Re: Straw Poll cACertificate & crossCertificatePair attributes- PKIX LDAPv2 schema I-D Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id KAA19361 Sender: owner-ietf-pkix@imc.org Precedence: bulk I am inclined to support option 1, because it seems simpler.. However, I am concerned that the definition of the domain is left up to local policy. If "domain " referred to the chain of certificates that could be validated by climbing the subject to issuer chain within the certificates, I think it would be much cleaner. As it stands, I'm not quite sure that I understand how to construct a path search algorithm in either of the two proposals, so I guess I need to stare at it harder. I understand Tim's pragmatic argument, but I'm not convinced that the number of applications actually using LDAP to retrieve certificates is so large that this is an overwhelming reason to go one way or the other. In absolute numbers, what are we talking about? Bob >>> Tim Polk <wpolk@nist.gov> 09/01 11:39 AM >>> In case anyone is interested, here's my two cents worth... The LDAP straw poll message concentrates on the technical rationale behind each of the two options. In fact, each is a technically sound proposal. Option #1 is more elegant since there is no redundant data. Option #2 is a little more flexible, but clients may incur a performance hit when building infrequently used paths. IMHO, it's a wash. I prefer option #2, but for rather pragmatic reasons. There are two large pools of PKI clients. These two groups were designed independently, and the implementers made different assumptions. If we choose option #1, we break one group of clients. HOWEVER, if we choose option #2, both sets of clients will work - and will be interoperable! Since a technically viable solution exists that doesn't break any existing clients and actually makes them interoperable, that is my preference. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19335 for ietf-pkix-bks; Tue, 1 Sep 1998 10:44:44 -0700 (PDT) Received: from apollo.jgvandyke.com (apollo.jgvandyke.com [158.189.10.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA19330 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:44:43 -0700 (PDT) Received: from ajsn101.jgvandyke.com (ajsn101.jgvandyke.com [158.189.2.101]) by apollo.jgvandyke.com (8.8.8/8.8.8) with SMTP id NAA09240 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:52:46 -0400 (EDT) Received: from ajpc81 by ajsn101.jgvandyke.com (SMI-8.6/SMI-SVR4) id NAA17303; Tue, 1 Sep 1998 13:51:23 -0400 Date: Tue, 1 Sep 1998 13:51:23 -0400 Message-Id: <199809011751.NAA17303@ajsn101.jgvandyke.com> X-Sender: jsp@ajsn101 X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: ietf-pkix@imc.org From: jsp@jgvandyke.com (John Pawling) Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19270 for ietf-pkix-bks; Tue, 1 Sep 1998 10:35:35 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19266 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:35:34 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Tue, 01 Sep 1998 11:35:47 -0600 Message-Id: <s5ebdc13.048@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Tue, 01 Sep 1998 11:35:15 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <stefan@accurata.se>, <aram@apple.com> Cc: <ietf-pkix@imc.org> Subject: Re: Digital signature and non-repudiation key usage bits Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id KAA19267 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, Aram, I'll try to respond to some of your points to clarify what I meant, although in some cases I suspect we may agree to disagree. >>I believe that we can agree on at least two things: Maybe not! >> >>1. The Digital Signature key usage is an important indicator in those >>environments where key strength may be limited and/or key escrow >>required, _except_ for keys whose usage can be proven to be restricted >>to benign applications, e.g., digital signatures. (Actually proving that >>to the satisfaction of the export/import/use authorities isn't all that easy, >>especially in a general-purpose API environment, but the PKIX group >>doesn't need to concern themselves with those kinds of details.) > >I do not think that key usage should be tied to any key strength and/or key >escrow requirements. There are many valid *security* reasons to limit how a key >is used. I certainly agree with your second sentence, and am not trying to tie key usage to key strength and/or key escrow requirements. But for those of us who are delivering software to international markets, notably including France, Russia, Singapore, and some other countries, key escrow is a fact of life that is quite independent of what you or I, or for that matter what the US Government thinks of it. It's true that the originator is primarily concerned with the _private_ key, not the public key or the certificate. But I disagree with whoever suggested that the application would have to parse the certificate to understand the key usage restriction. It is much more likely that the key pair is typed once and for all at the time of its creation, and that the application or operating system therefore knows the kinds of operation that the key can be used for from the type that is bound to it, and has to enforce those limitations on the key usage. Including the key usage in the certificate is therefore merely reflecting the already existing restrictions on the private key, so that someone won't try to use the public key in the certificate for encryption, since the recipient wouldn't be able to read it. (Note that by saying this I don't mean to imply that there are other perfectly valid reasons why the owner of the DS key doesn't want it used for encryption as well. So I'm not limiting the use of the DS bit to this purpose exclusively.) > >> >>2. There is a strong desire to have the Non-Repudiation bit serve as >>an indication of a conscious, volitional act that may have significant >>legal consequences. > >Does this mean that unless there is *always* "a conscious, volitional act" >Non-Repudiation can never occur? Well, from a legal standpoint as I understand it, non-repudiation is an oxymoron, since a contract or other apparent agreement can always be repudiated by showing that compulsion or force was used, that the signer was not mentally and legally competent (of sufficient age, etc.) I'm not an attorney, and I'm not going to try to summarize a year's worth of contract law in a sentence or two, but it is my understanding that the essential elements of a contract are a true meeting of the minds of the two (or more) parties, plus "consideration," normally an exchange of money for goods. I believe that there is some concern in legal circles that someone who was not necessarily skilled in the software arts might not recognize when a digital signature was being applied, and hence could claims that they were uninformed or worse yet, duped or tricked into signing away Grandma's house. So I'm not going to say "always," especially with a double negative like "non-repudiation can never occur". A conscious, volitional act might still be overturned for some other reason, and the absence of a conscious, volitional act might still be upheld as legal binding, especially if it can be shown that the alleged signer knew, or ought to have known, the likely consequences of their actions. You or I, in other words, are probably going to have a more difficult time trying to wriggle out of a contract than Grandma might. (Since I'm married to a "Grandma," I guess I ought to make it clear that I am using that term in an affectionate, rather than pejorative sense! :-) Now it's true that there might be other implications associated with the NR usage. Some have suggested that when it is asserted, the CA is assuming an obligation to maintain all of the records necessary to confirm the absence of any revocation, more or less in perpetuity. I doubt that makes much business sense -- in perpetuity is a very long time, and I suspect that the amount charged for the certificate isn't enough to pay for maintaining those records forever, but if some CA wants to commit to that for its NR certificates I won't object. Personally, I would like to see the NR bit used to inform the relying party that this certificate is rather special, and that any document that is signed and verified with it is likely to be important, and hence the relying party would probably be well advised to collect all of the certificates, perhaps have them notarized or timestamped, and archive them along with the document. That's what I would do for any important document that I received that was associated with a NR usage, but I'm not going to lobby too hard for that interpretation either. Again, just to make it clear, I am addressing the key usage which is primarily associated with the private key, and is _reflected_ in the public key usage. > >> >>(Although there might be some benefit to having defining an "authentication >>service" that would be distinct from the nonrepudiation service, there wasn't >>much support for that, especially if it would mean trying to push a defect >>report through X.509. So I've given up on that thrust.) > >I'd be glad to support pushing a defect report. They never should have >overloaded the key usage extension. They have overloaded the extension with 1) >usage of the key, 2) services the key may provide, and 3) limiting what the key >may signed. In the immortal words of Walt Kelley, the originator of the finest comic strip ever created ("Pogo"), "We have met the enemy, and they is us." I'm afraid we are all somewhat guilty in this particular area -- it looked reasonable at the time. I'm not sure how feasible it is to try to overturn the apple cart at this late date, but maybe better late than later still. You lead, and I'll follow. > >> >>So let's think about what the implications of the NR bit ought to be. >> >>For one thing, as some people on the legal side of the house have argued, >>in order to forestall the "Grandma hits the wrong button and loses her house" >>argument against PKI and digital signatures in general, we need to require >>a "gravity charge" be provided in the software in this case. It should say something >>like: "Warning. You are about to sign something using a Non-Repudiation >>key, which may give rise to legal consequences for which you may be >>held personally and uniquely liable or responsible. Do you want to continue?" > >As someone else already pointed out, this assumes that the application can parse >the certificate. Also, it assumes the the underlying crypto API takes the >certificate to do the sign operation and not the private key. No, as I said earlier, I am assuming that the key is strongly typed at the time of its creation. If the usage by the originator depended only on the certificate, then the issue of having two certificates for the same key could arise. > >> >>In addition to the gravity charge, it would certainly be desirable to have >>an additional level of password or even biometric controls that are applied in >>order to unlock the NR key. This not only underscores the serious, ceremonial >>aspect of a legally binding signature, it helps to assure that that user and that user >>only has access to that key. >> >>(I'm using the term "NR key" to avoid the awkward phrase, "the private >>key that is logically associated with the public key which is included in a >>certificate which has a Non Repudiation keyUsage parameter specified." >>Besides, although some applications and/or APIs may not associate >>the corresponding public key attributes with the private key, I >>believe that most applications will in fact do so.) >> >>Since the absolute quintessence of non-repudiation in the technical sense is that >>only the authorized holder of the corresponding private key could have possibly >>signed the document which is validated by the NR certificate, it is essential that >>access to that key be uniquely restricted to that user. >> >>At the risk of being obvious, that means that: >> >>1. It must be computationally infeasible in the strictest sense for any other person >>than the authorized user to computer or re-derive the private key. that includes the >>software vendor, the user's MIS department, the various export/import authorities, >>etc. >> >>2. Likewise, it means that all possible precautions must be taken against >>the possibility >>that even the authorized user could, accidentally or deliberately, disclose >>or give away >>knowledge of or access to so much as a single bit of the private key, or of >>the entropy >>from which it was derived. >> >>3. And again, it must not be possible for even the user's supervisor or MIS department >>to replace the user's private key with another private key that matches a certificate >>containing the user's identity information or rights access. (The CA may >>be able to issue >>a certificate corresponding to a bogus private key, but the network >>administrator, directory >>administrator, etc., must not be able to do so, or to cause it to happen.) > >Don't these 3 items apply to digital signatures when used for authentication? >While digital signatures provide integrity, you usually want more than integrity >(otherwise why use digital signatures?). Thus, if my supervisor can replace my >private key, then he can impersonate me. You of course have a point. However, in most of the authentication examples I am familiar with, the user is authenticating his access to resources that are controlled by the company he works for (e.g., printer, a server, or a database), and those access rights are typically controlled by the much the same people that issue e-mail accounts, grant directory access, etc. I'm willing to think about this some more, but I view the use of digital signatures to control access to information and/or other resources as being primarily a usage issue, and secondarily a privacy issue. For example, take an on-line personnel database. The company might very well require the use of a digital signature, e.g., SSL client authentication, to control access to who can read my 401K earnings. I would certainly be upset if my supervisor could access that information, but it wouldn't be the end of the world, since he already knows and controls how much I make, etc. What I do want to make very sure, however, is that he can't go into my file and for example cash me out, or change the beneficiary of my insurance policies -- such actions have significant legal consequences that go far beyond privacy, and ought to require non-repudiation. So I don't think there would be any disagreement with point 1 -- digital signature keys should never be escrowed. Even the feds don't want that for it would make it too easy for someone to claim that they were set up. Point 2 is particularly difficult to implement, but is intended to prevent the situation where someone allows their spouse to have access to their private key (password) for home banking, but without that person' knowledge, or even after death, uses that key to forge a codicil to their will, etc. So I'd live to come right out and require the use of biometrics for all non-repudiation, but as yet is isn't quite feasible. Point 3 address the case we were talking about earlier, in particular where the user's key may be stored in the directory or other central location where the system administrator could conceivably change the user's password and access the key somehow. Although I can imagine that a number of people who would say that this is just flat out a terrible idea and should never be done, the benefits of being able to access a single sign-on key from whatever terminal or workstation you are using are considerable. Schools, for example, can usually not afford to dedicate a particular terminal to a single student, and the same is true for operational control centers that operate on a 7x24 hour basis. Storing keys in smart cards, is one approach, but if you forget or lose your card you may be locked out. Password encrypted floppy disks are another possibility, but still awkward. So I'm not willing to rule out these kinds of systems in general. I just want to make sure that they don't compromise the NR aspects that apply to a particular individual. >>In a sense, the NR bit goes further than my definition of the DS bit, in >>that the DS bit >>implies that the private key is not subject to governmental escrow as a >>condition of its >>export, import, or use, while the NR bit implies that the private key is >>not subject to >>ANY form of externally imposed escrow, key recovery, or key sharing. > >I strongly disagree! Don't confuse the issue by bringing in key escrow, key >strength, key recovery, etc. into the picture. If I can coin a new phrase (and >I'm not trying to insult you, I highly respect your opinions): KISS - Keep It >Secure Stupid! Well, thanks, but unfortunately as a US citizen I don't get to vote in the French elections. so whether we like it or not, these issues have to be dealt with. All I'm suggesting is that the prohibitions against key sharing, access to keys by people within the company, etc., etc., are not quite as rigid in the case of DS as they are in the NR case. In either case, DS or NR, government access to keys (GAK!) would be prohibited by the key typing, or vice versa, and so indicated. > >> >>So what does this imply about various combinations of key usage bits? >> >>Clearly, the use of the DS bit and either key exchange or data encryption is not >>valid, as they are diametrically opposed concepts. > >YES!! > >> >>Equally clearly, the use of both the DS and the NR bit _is_ allowed. > >YES!! If I could, I would require the DS bit to be set anytime the NR was set. I'm not strongly opposed to that, and in fact that was my position prior to realizing that NR plus encryption could be used to indicate that no escrow was taking place. If the DS bit would always be set, as opposed to using NR by itself, it would be a few nanoseconds faster. > >> >>But surprisingly, as I just realized while driving in to work this morning, the use >>of the NR bit in combination with key encryption or data encryption is NOT prohibited, >>and in fact can be used as a form of back-handed specification of a key that can be >>used for encryption and is not subject to escrow or sharing! > >NO!! Do not mix key usage. To provide Non-Repudiation, you have to sign >something and hence that key should not be used for encryption. Well, not so fast. Even if NR _always_ equates to a signature operation, that shouldn't necessarily _prohibit_ its use for encryption, should it? You and I might prefer to use two different keys, but does that have to be imposed as a mandatory standard? For example, is it possible to conceive of an SSL v3 session which uses client authentication, and claims nonrepudiation for the _session_, as opposed to signing a particular document? Seems to me that some home banking and similar applications might conceivably want to make use of such a concept. I'll grant that by suggesting that NR might apply to encryption, I am stretching the popular concept a bit, and effectively redefining the key usage to mean "exclusive control of the private key by the names user". But isn't that effectively what we have been saying? I won't go to war if the consensus is that we should restrict NR to signature operations, but even then I wonder about such constructs as hashed MAC operations, etc. > >>That is the assumed or default case, where none of the key usage bits are specified. >> >>Using a key that is marked for both NR and key or data encryption does NOT mean that >>it is being used for digital signature, however -- at least with the above >>definition. But it >>does mean that that key is uniquely and exclusively associated with that user, which >>in many cases is a very desirable condition. I unfortunately muddied the water by a typo repeated several times. >>So KR by itself or KR plus data encryption is OK. Let's take them one at a time: NR by itself is OK. I suppose you agree, but would prefer that NR always means signature, and hence should never be used alone, whereas I am willing to allow (but would discourage) a single key labeled NR being used for both signature and encryption purposes. NR in combination with key encryption or data encryption is OK. (This makes it explicit. In particular, it means that the key is NOT subject to key escrow or other forms of sharing, whether or not it is used for signature purposes. So I would think you would like this??) >> >>KR plus DS is OK. >I would prefer NOT OK. I meant NR plus DS is OK, and I think you meant to agree, except for the confusion, especially if you interpreted "KR" to mean key recovery. Sorry about that. > >> >>DS by itself is OK. >> >>DS plus data encryption is forbidden. > >YES!! In this case (DS by itself), I am assuming the use of a signature for integrity purposes, but perhaps with a lesser standard of exclusivity of the key control (no key escrow, however), and also the lack of the gravity charge and the conscious, volitional usage? Whereas the absence of both DS and KR would imply that the key might possible have been escrowed, and/or that the signature might be generated by an automaton that is not under the specific control and case by case review of the user? > >> >>Does this make sense? > >In general yes, but where does this leave a question I previously posted: "What >happens when there is more than one certificate for a key?" Who ensures that >there are no conflicting key usage in the different certificates? Typing the key, as opposed to relying on the contents of the certificate, solves this problem. The key usage in the certificate is primarily of an advisory nature to the recipient. > >Regards, >Aram Perez >Apple Computer, Inc. This stuff is hard, and we have to get it right. I appreciate the detailed comments and the dialog. Regards, Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19246 for ietf-pkix-bks; Tue, 1 Sep 1998 10:32:52 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19242 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:32:51 -0700 (PDT) Received: from st12.ncsl.nist.gov (st12.ncsl.nist.gov [129.6.54.66]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id NAA17339 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:37:18 -0400 Message-Id: <3.0.2.32.19980901133954.00a76a30@csmes.ncsl.nist.gov> X-Sender: polk@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.2 (32) Date: Tue, 01 Sep 1998 13:39:54 -0400 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Tim Polk <wpolk@nist.gov> Subject: For Option 2 In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19241 for ietf-pkix-bks; Tue, 1 Sep 1998 10:32:51 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19237 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:32:49 -0700 (PDT) Received: from st12.ncsl.nist.gov (st12.ncsl.nist.gov [129.6.54.66]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id NAA17327 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:37:11 -0400 Message-Id: <3.0.2.32.19980901133947.00a7e6f8@csmes.ncsl.nist.gov> X-Sender: polk@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.2 (32) Date: Tue, 01 Sep 1998 13:39:47 -0400 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Tim Polk <wpolk@nist.gov> Subject: Re: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk In case anyone is interested, here's my two cents worth... The LDAP straw poll message concentrates on the technical rationale behind each of the two options. In fact, each is a technically sound proposal. Option #1 is more elegant since there is no redundant data. Option #2 is a little more flexible, but clients may incur a performance hit when building infrequently used paths. IMHO, it's a wash. I prefer option #2, but for rather pragmatic reasons. There are two large pools of PKI clients. These two groups were designed independently, and the implementers made different assumptions. If we choose option #1, we break one group of clients. HOWEVER, if we choose option #2, both sets of clients will work - and will be interoperable! Since a technically viable solution exists that doesn't break any existing clients and actually makes them interoperable, that is my preference. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA18845 for ietf-pkix-bks; Tue, 1 Sep 1998 09:34:40 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA18836 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 09:34:39 -0700 (PDT) Received: from East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id JAA06062 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 09:38:47 -0700 Received: from suneast.East.Sun.COM by East.Sun.COM (SMI-8.6/SMI-5.3) id MAA08888; Tue, 1 Sep 1998 12:38:43 -0400 Received: from saguaro.East.Sun.COM by suneast.East.Sun.COM (SMI-8.6/SMI-SVR4) id MAA22275; Tue, 1 Sep 1998 12:38:45 -0400 Received: by saguaro.East.Sun.COM (SMI-8.6/SMI-SVR4) id MAA16476; Tue, 1 Sep 1998 12:38:44 -0400 From: Anne Anderson - Sun Microsystems <aha@East.Sun.COM> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 1 Sep 1998 12:38:44 -0400 (EDT) To: ietf-pkix@imc.org Subject: For Option 1 X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <13804.8941.806700.92413@saguaro> Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA18167 for ietf-pkix-bks; Tue, 1 Sep 1998 08:12:58 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA18162 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 08:12:56 -0700 (PDT) Received: id LAA21117; Tue, 1 Sep 1998 11:13:29 -0400 Received: by gateway id <RNJC0YLQ>; Tue, 1 Sep 1998 11:10:37 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Steve Kent'" <kent@bbn.com>, "'Warwick Ford'" <wford@verisign.com>, "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com>, "'Dave@chromatix.com'" <Dave@chromatix.com> Subject: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Date: Tue, 1 Sep 1998 11:10:28 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Folks This is a straw poll on the use of the cACertificate and crossCertificatePair attributes in the PKIX LDAP schema draft. There are 2 options, each of which received sufficient support during the Chicago meeting to require this straw poll to resolve the issue. Below is the specific text proposed for each option, followed by a summary of the rationale behind each of the proposals. The specific text for the proposals and rationale summaries have been cooperatively drafted by Santosh Chokhani, Dave Horvath and myself. Votes must be in by COB on Thursday Sept 3. This is the only outstanding issue on this I-D following the 2 week last call so we should be able to progress both the PKIX LDAPv2 protocol profile and PKIX LDAPv2 schema following this poll. . To vote, send an email to ietf-pkix@imc.org with one of the following subject lines: To vote for option 1put "For Option 1" in the subject line. To vote for option 2 put "For Option 2" in the subject line. As with the earlier polls conducted by Tim Polk on Part 1, don't bother with a message body, I am just going to count the messages. Discussion of the content of this message should reply to this message. PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: OPTION 1: ---------------- The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. In addition, the cACertificate attribute shall be used to store self-issued certificates. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to CAs in other domains. In the case of V3 certificates, none of the above CA certificates may include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. OPTION 2: ------------- The crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued by this CA to other CAs, as well as certificates issued for this CA by other CAs. Values held in the forward element are certificates issued for this CA by other CAs, while values in the reverse element are certificates issued by this CA for other CAs. The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. This set of certificates is a subset of the values of the forward element of the crossCertificatePair attribute in the same CA entry. In addition, the cACertificate attribute shall beused to store self-issued certificates. The definition of domain is purely a matter of local policy. In the case of version 3 certificates, none of the above CA certificates may include a basicConstraints extension with the cA value set to FALSE. SUMMARY OF RATIONALE FOR EACH OF THE OPTIONS: -------------------------------------------------------------------- RATIONALE FOR PROPOSING OPTION 1: -------------------------------------------------- The major advantage of this approach is that it minimizes the amount of data retrieved from the directory. The approach improves the relying party response time and minimizes network utilization. Another advantage of this approach over the alternative is that it does not require the relying parties to separate the certificates stored in caCertificate attribute from those stored in the crossCertificatePair attribute. The clients may need to do this during path construction. Storing all the certificates in the crossCertificatePair attribute and also storing some of the certificates in the caCertificate attribute, as described in the alternative, unnecessarily increases the number of certificates retrieved. The alternative will result in poorer relying party response time and use network bandwidth unnecessarily. The alternative will be particularly inefficient when a relying party is located remotely from the repository/directory. A minor disadvantage of the alternative is that it requires the same information object (certificate) to be stored twice in a repository, once in the caCertificate attribute and once in the crossCertificatePair attribute. This increases he storage requirement on the directory. RATIONALE FOR PROPOSING OPTION 2: ------------------------------------------------------------ Path development is a relying party process and the criteria for selection of a 'preferred' set of certificates to enable efficiencies in that process can vary according to the path discovery algorithm as well as from one relying party to another, from one application to another, and on other criteria as well. While a CA should optionally be able to provide helpful hints to relying parties regarding the set of certificates the CA expects to provide efficiencies, these may or may not match the requirements of a relying party path discovery process. Relying parties will access CA directory entries frequently to retrieve certificates as input to a certification path development process and they should not be forced to know whether or not a CA has published a set of its 'preferred' certificates, nor should relying parties be required to take on the extra burden of having to request filtering of multiple directory attributes to retrieve the set of certificates which is preferred in their particular environment, especially given that relying parties will often need this information from CAs outside their own local Intranet. CAs should be given the option to publish a set of 'preferred' certificates but should not be required to do so. Should a CA elect to publish such a set, the criteria used by that CA to determine the bases of the preference should be left to the discretion of each CA or each security domain. The preference should not be necessarily tied to a predetermined universal criterion such as a single PKI or 'internal domain', especially given that a CA may be issued a certificate by any number of other CAs and may therefore subscribe to many PKIs. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA18070 for ietf-pkix-bks; Tue, 1 Sep 1998 08:03:07 -0700 (PDT) Received: from hrdcgate.nhq.hrdc-drhc.gc.ca (hrdcgate.nhq.hrdc-drhc.gc.ca [198.103.152.3]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA18066 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 08:03:05 -0700 (PDT) Received: from svmailsw1.hq-ac.prv by hrdcgate.nhq.hrdc-drhc.gc.ca via smtpd (for imc.org [206.184.129.134]) with SMTP; 1 Sep 1998 15:07:43 UT Received: from gwsmtpim1.hq-ac.prv (10.54.254.16) by svmailsw1.hq-ac.prv (NPlex 1.3.152) for ietf-pkix@imc.org; 1 Sep 1998 11:10:02 -0400 Received: by gwsmtpim1.hq-ac.prv with VINES-ISMTP; Tue, 1 Sep 98 11:10:04 -0400 Date: Tue, 1 Sep 98 11:09:56 -0400 Message-ID: <vines.4px7+0t+vpA@gwsmtpim1.hq-ac.prv> X-Priority: 3 (Normal) To: <ietf-pkix@imc.org> From: "Fred Gloade Hrdc-drhc" <fred.gloade@hrdc-drhc.gc.ca> Reply-To: <fred.gloade@hrdc-drhc.gc.ca> Subject: fwd: Re: ...no subject... X-Incognito-SN: 1396 X-Incognito-Version: 4.11.23 MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id IAA18067 Sender: owner-ietf-pkix@imc.org Precedence: bulk Fred Gloade Senior Auditor/Vérificateur principal Information Technology and Systems Technologies et systèmes informatiques (819) 953-0842 Fred.gloade@hrdc-drhc.gc.ca ------------- Original Text From: "Steve Coya" <scoya@ietf.org>, on 9/1/98 8:37 AM: To: GLOADE.F@FAS.IAB@NHQ Cc: INET[<ietf-web@ietf.org>] Fred, Your question should be sent to the PKIX Working Group: ietf-pkix@imc.org On Mon, 24 Aug 1998, Fred Gloade Hrdc-drhc wrote: >>OK help me out here. >>With PKI do we need to rewrite code to incorporate the encryption routines? >>There will be a server maintained somewhere with the public keys? >>Will there be a hardware component or just a PIN? >>Do you have a simple diagram that shows the flow of information in a very >>simple way? >>Anything else you can send to help me would be greatly appreciated. >> >> >>Fred Gloade >>Senior Auditor/VÚrificateur principal >>Information Technology and Systems >>Technologies et systþmes informatiques >>(819) 953-0842 >>Fred.gloade@hrdc-drhc.gc.ca >> >> >> o Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA06142 for ietf-pkix-bks; Wed, 30 Sep 1998 20:42:21 -0700 (PDT) Received: from laser.cps.softex.br (laser.cps.softex.br [143.106.29.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA06133 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 20:42:19 -0700 (PDT) Received: from laser (laser [143.106.29.34]) by laser.cps.softex.br (8.8.7/8.8.7) with SMTP id AAA28197; Thu, 1 Oct 1998 00:48:37 -0300 Date: Thu, 1 Oct 1998 00:48:37 -0300 (EST) From: Ed Gerck <egerck@laser.cps.softex.br> To: Stefan Santesson <stefan@accurata.se> cc: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? In-Reply-To: <3.0.32.19981001003423.00a2d2b0@m1.403.telia.com> Message-ID: <Pine.LNX.4.02.9810010015150.25643-100000@laser.cps.softex.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk On Thu, 1 Oct 1998, Stefan Santesson wrote: >Ed, > >Thank you for very interesting input. If I may try a very compressed sum of >your discussion it would be: > >1) In SSL the server may select preferred client certificate by Issuer DN, >and "certificate type" Stefan: pls add in your 1) "if the server is non-anonymous" pls add also a 0) "a self-signed common CA cert for the server and user certs can make your life and the customer's life a lot more pleasant" >2) You suggest hashed SSN (social security numbers) using "salt" if you must add SSN-based info in a public cert, IMO yes! > >Regarding "certificate type" I can't find this as an active selection >mechanism. It is however mentioned as prerequisite that the certificate >type have to match the selected key exchange algorithm. > I fail to see why you "can't find this as an active selection mechanism" together with the issuer DN, even if you want to keep the same type for your repudiable and non-repudiable cases (which I possibly would not, but that is another story). As I wrote: >> (for higher security) with a different CA cert for each type. and, again, later in the same msg: >> Or, for higher security, the Bank can use different CA certs for >> each type and send their DNs accordingly, in each case. >> so, all you need is to have different "types" (ie, DNs) of CA certs, where both "types" should be signed by the same root CA cert of course and the public-key root CA cert should be included in the distribution. Can you pls explain what causes selection difficulties for you in the above scenario? >Regardless of this I fail to see how this can be used to pick the right >"non-repudiation" certificate in the Java script application. Please read above, I hope it is clearer now. > I also fail >to understand if you suggest that the current SSL/TLS functions solves all >my problems or just a part of them. > ;-) If "all your problems" is what you stated, sure, all at one stop. >Do you suggest that a more general matching mechanism is not needed? > If the problem is what you defined, yes. >/Stefan > >P.s >Regarding hashed SSN with salt, I don't get how the "salt" solves this. If >the salt is unknown then the SSN can't be checked and if the salt is known >the dictionary attack is still possible. 1. The salt is only known to those entities that should know the SSN -- not to the evildoer that is trying to get SSNs from a list of cached client certs, in a common access area or in memory. 2. the salt is treated as client's private information -- and kept separate from the cert, in a protected area together with other private information from the client. BTW, this is similar to "dividing" a SSN "signature" into two parts, one public (in the cert) and another private (the salt). > I would say that your "salt" is >equal to suggest that the SSN should be encrypted with a secret key (where >the "salt" is being that secret key). > Yes, certainly -- but it is more appropriately called a keyed-MAC. BTW, I am glad that you now repudiate your phrase after your P.s above ;-) >You and I can argue for centuries if certificates handled in browsers >should, or should not, be allowed to contain SSN. No, I don't argue. As I wrote two msgs ago, some think they have valid reasons for it and I do not disagree with the need to preserve freedom. In that, I follow the C maxim -- even though I think that security work is perhaps not the best place to leave enough rope so that you may hang yourself with it if you so want or don't think it is dangerous... Cheers, Ed Gerck ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br http://novaware.cps.softex.br Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA03186 for ietf-pkix-bks; Wed, 30 Sep 1998 16:21:27 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA03180 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 16:21:04 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX35284S>; Thu, 1 Oct 1998 09:25:21 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B9C9@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Dave Horvath '" <dave@chromatix.com>, "'Stefan Santesson '" <stefan@accurata.se> Cc: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "''ietf-pkix@imc.org ' '" <ietf-pkix@imc.org>, "''list@seis.nc-forum.com ' '" <list@seis.nc-forum.com>, "''pgut001@cs.auckland.ac.nz ' '" <pgut001@cs.auckland.ac.nz> Subject: RE: NEW Data type for certificate selection ? Date: Thu, 1 Oct 1998 09:25:18 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Sob story introduction - still on the road in the UK now - and flat chat with the upswing in big X.500 systems and PKIs from every point on the compass. So the details below may have been skipped... anyway. I always thought that the matching rules for certs and crls as defined in X.509 were like other matching rules in that objects/attrs of particular types can be searched for and managed whilst in the directory system. The issues is that the PKI /CA design has been designed as a set of "sort of related objects, but operationally there are multipaths and multi domains.. so we have an information relationship and managment issue (in an originators domain).. and in some form, knowledge of this "environment" must be propagated to the recipient of signed message with a cert - so that efficient validation can occur. The matching rule system is a mechanism for finding what one wants and it can be configured with the desired values - ie knowledge (not knowledge as per DSA access point knowledge) english meaning. It strikes me that this knowledge (and the certficate)of the originating domain should be transferred to the recipient domain and this knowledge supplimented by the recipient - where appropriate - and this applied through the matching rule mechanism into the directory system to achieve validation. the draft I submitted - draft-lloyd-dir-cert-stat starts the validation/matching rule direction off. And in fact permits orgainised knowledge of validity - which is maintained by a CA.. Any way please read. Its an information management and knowledge issue associated with CA/directory systems we are dealing with - it wont be fixed by more attributes on certficates and more protocols like OCSP. thoughts are welcome regards alan ---------- From: Stefan Santesson To: Dave Horvath Cc: Alan Lloyd; 'ietf-pkix@imc.org '; 'list@seis.nc-forum.com '; 'pgut001@cs.auckland.ac.nz ' Sent: 10/1/98 8:53:52 AM Subject: Re: NEW Data type for certificate selection ? Dave, (Sorry for misspelling your name before) I really do agree with you, sticking with the X.500 matching rules makes it possible to link a certificate select from a local application to a suitable directory. Say that the client certificates is stored in a directory and not in the client application (or any mix). When receiving the match rule from the server it would then be very easy to use the same match data to perform an extended lookup in the directory. The question is now, Should this be worked on in IETF ? Is there enough interest in getting this done and implemented? Steve and Warwick, what do you say? Is this something for PKIX? Unfortunately I just represent some of those service providers who need this to be done, I will not be implementing this myself. Personally I can just predict better business for all if we solve this. /Stefan At 01:20 PM 9/30/98 -0400, Dave Horvath wrote: >Stefan, > >Agreed, particularly on the point of not creating any new extensions. > >I would add that I firmly believe the matching rule mechanisms should be >compatible with the work being done in X.500 and LDAP. I would also like to >see X.500 and LDAP join forces and be compatible in the area of matching rules, >I am not sure where LDAP stands at this time. > > >Dave Horvath > >Stefan Santesson wrote: >> >> David, >> >> Thank's for putting this issue in the right focus. >> >> Alan, I don't suggest any new certificate extensions >> Ed, I don't want to define any universal criteria for how certificate >> selection SHALL be done or any who decides what for whom, regulations. >> >> All I want to do is to define some mechanisms that CAN be used, if >> required, by local PKI-related services in order to make it POSSIBLE for >> them to build working services with STANDARD components. >> >> Let me highlight this again and describe a realistic problem relevant to me. >> >> Bank A offer web-based banking applications. This requires the end user to >> get a specific certificate issued by Bank A. The certificate and the >> corresponding private key is processed through the standard web browser of >> the client. >> >> Two certificates and private keys are used in the normal process. >> 1) Certificate for SSL (TLS) security >> 2) Certificate for non-repudiation protection of Bank transactions. >> >> In addition to these certificates, a specific end-user may be populated >> with several other certificates, un-known to the Bank. >> >> The question is. How can this Bank create a web based application without >> distributing a customized client plug-in for the purpose. Well the Bank can >> get far using Java Scripts but it will fail due to the problem that the >> end-user may have to select a certificate. >> Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. >> >> I realize that today there is no way to do this without distributing >> customized plug-in components to end-users, but I strongly would like to se >> options developed that helps getting around this. The current matching >> mechanism in SSL and TLS is just not good enough to solve the problem. >> >> So If we instead had a standardized matching rule that could be invoked >> into protocols and Java Scripts etc, then the situation would be much more >> hopeful for the Bank in my case. >> >> They would then construct a match rule that with high probability would >> point out the right end-user certificate and invoke that matching rule both >> in the TLS protocol and in the Java Script, forming their secure >> transaction application. >> >> It wouldn't have to be perfect, just good enough to handle some 95%+ of the >> cases as long as the Bank could detect cases where it didn't work. Then the >> non-working cases could be fixed by personal customer service. >> >> I see even more use for this matching rule. It could be used in S/MIME so >> specify a preferred encryption certificate for replies to a mail. Of course >> this matching rule could be used for X.500 directories as well (that's what >> it was built for). MY concern here is however not _where_ the certificates >> are stored but, how to select 1 of several known certificates regardless of >> where they reside. >> >> Comments? >> How do wee proceed ? >> Could we have any comments from Microsoft and Netscape ? >> >> /Stefan >> >> At 11:15 AM 9/30/98 -0400, David Horvath wrote: >> >--- Message on the SEIS mailing list (list@seis.nc-forum.com) >> > >> >Alan, >> > >> >While I personally agree that X.500 provides a mature and feature rich >> >core to implement certificate repositories, I am having trouble >> >understanding some of your assertions as to why X.500 is the answer to >> >so many problems. >> > >> >It seems to me that the first step for locating certificates in a >> >repository is to define the fields in the certificate object that are a >> >prerequisite to perform the match. Matching rules are a good start and >> >foster the thought process required to provide a well designed solution. >> >Once the matching rules are defined, a protocol such as DAP or LDAP V3 >> >with extensions may be used to exploit the matching rules. In some >> >cases, clients may choose not to use the matching rules and retrieve all >> >certificates. Perhaps matching rules are not supported by the protocol >> >(LDAP V2 or HTTP), therefore the client will collect all the >> >certificates and perform the match locally. This may be even more >> >efficient than submitting multiple searches with different variations of >> >matching rules. It could easily be more efficient to submit one search >> >and retrieve 10 certificates, then to submit 3 searches with different >> >matching rules each time until the required certificate is found. This >> >should be defined by local policies based on performance analysis. >> > >> >Once the rules for matching certificates are defined ( and I think X.500 >> >matching rules are an excellent start ) the distribution model can be >> >analyzed. This is another case where X.500 may be superior to LDAP, but >> >unless you have a well planned global infrastructure neither X.500 or >> >LDAP can help with the distribution model. >> > >> >Dave Horvath >> > >> >Alan Lloyd wrote: >> >> >> >> >> >> Snip >> >> >> >> ---------- >> >> From: pgut001@cs.auckland.ac.nz >> >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >> >> list@seis.nc-forum.com >> >> Sent: 9/29/98 1:01:30 PM >> >> Subject: Re: NEW Data type for certificate selection ? >> >> >> >> Peter - you went through great lenghts to define the problem with >> >> relationships between and searching directory based objects and a >> >> distributed information issue and then you say: >> >> " >> >> If anyone has any useful solutions for this (apart from "We should >> >> force >> >> everyone to use an X.500 directory, that would solve everything" :-) I'd >> >> be interested in hearing them. >> >> >> >> " >> >> Oh well - that counts me out. I cannot do solutions - without the >> >> solution :-))) >> >> regards alan >> >> >> >> Peter. >> >> >> > >> > >> >----------------- SEIS mailing list (list@seis.nc-forum.com) >> >Info about this list: http://www.nc-forum.com/seis >> >SEIS Contact: info@seis.se >> > >> > >> > >> ------------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >> ------------------------------------------------------------------- > >-- > ================================================ > > _/_/_/ David J. Horvath > _/ _/ > _/ _/ Chromatix, Inc. > _/ _/ _/ 10451 Twin Rivers Road, Suite 265 >_/ _/_/ Columbia, MD 21044 > _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com > _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA03019 for ietf-pkix-bks; Wed, 30 Sep 1998 15:50:00 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA03010 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 15:49:51 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id AAA07763; Thu, 1 Oct 1998 00:56:48 +0200 (CEST) Received: from stefans (t1o68p120.telia.com [62.20.138.120]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id AAA28412; Thu, 1 Oct 1998 00:56:46 +0200 (CEST) Message-Id: <3.0.32.19981001005315.009f7d30@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 01 Oct 1998 00:53:52 +0200 To: Dave Horvath <dave@chromatix.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: NEW Data type for certificate selection ? Cc: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id PAA03011 Sender: owner-ietf-pkix@imc.org Precedence: bulk Dave, (Sorry for misspelling your name before) I really do agree with you, sticking with the X.500 matching rules makes it possible to link a certificate select from a local application to a suitable directory. Say that the client certificates is stored in a directory and not in the client application (or any mix). When receiving the match rule from the server it would then be very easy to use the same match data to perform an extended lookup in the directory. The question is now, Should this be worked on in IETF ? Is there enough interest in getting this done and implemented? Steve and Warwick, what do you say? Is this something for PKIX? Unfortunately I just represent some of those service providers who need this to be done, I will not be implementing this myself. Personally I can just predict better business for all if we solve this. /Stefan At 01:20 PM 9/30/98 -0400, Dave Horvath wrote: >Stefan, > >Agreed, particularly on the point of not creating any new extensions. > >I would add that I firmly believe the matching rule mechanisms should be >compatible with the work being done in X.500 and LDAP. I would also like to >see X.500 and LDAP join forces and be compatible in the area of matching rules, >I am not sure where LDAP stands at this time. > > >Dave Horvath > >Stefan Santesson wrote: >> >> David, >> >> Thank's for putting this issue in the right focus. >> >> Alan, I don't suggest any new certificate extensions >> Ed, I don't want to define any universal criteria for how certificate >> selection SHALL be done or any who decides what for whom, regulations. >> >> All I want to do is to define some mechanisms that CAN be used, if >> required, by local PKI-related services in order to make it POSSIBLE for >> them to build working services with STANDARD components. >> >> Let me highlight this again and describe a realistic problem relevant to me. >> >> Bank A offer web-based banking applications. This requires the end user to >> get a specific certificate issued by Bank A. The certificate and the >> corresponding private key is processed through the standard web browser of >> the client. >> >> Two certificates and private keys are used in the normal process. >> 1) Certificate for SSL (TLS) security >> 2) Certificate for non-repudiation protection of Bank transactions. >> >> In addition to these certificates, a specific end-user may be populated >> with several other certificates, un-known to the Bank. >> >> The question is. How can this Bank create a web based application without >> distributing a customized client plug-in for the purpose. Well the Bank can >> get far using Java Scripts but it will fail due to the problem that the >> end-user may have to select a certificate. >> Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. >> >> I realize that today there is no way to do this without distributing >> customized plug-in components to end-users, but I strongly would like to se >> options developed that helps getting around this. The current matching >> mechanism in SSL and TLS is just not good enough to solve the problem. >> >> So If we instead had a standardized matching rule that could be invoked >> into protocols and Java Scripts etc, then the situation would be much more >> hopeful for the Bank in my case. >> >> They would then construct a match rule that with high probability would >> point out the right end-user certificate and invoke that matching rule both >> in the TLS protocol and in the Java Script, forming their secure >> transaction application. >> >> It wouldn't have to be perfect, just good enough to handle some 95%+ of the >> cases as long as the Bank could detect cases where it didn't work. Then the >> non-working cases could be fixed by personal customer service. >> >> I see even more use for this matching rule. It could be used in S/MIME so >> specify a preferred encryption certificate for replies to a mail. Of course >> this matching rule could be used for X.500 directories as well (that's what >> it was built for). MY concern here is however not _where_ the certificates >> are stored but, how to select 1 of several known certificates regardless of >> where they reside. >> >> Comments? >> How do wee proceed ? >> Could we have any comments from Microsoft and Netscape ? >> >> /Stefan >> >> At 11:15 AM 9/30/98 -0400, David Horvath wrote: >> >--- Message on the SEIS mailing list (list@seis.nc-forum.com) >> > >> >Alan, >> > >> >While I personally agree that X.500 provides a mature and feature rich >> >core to implement certificate repositories, I am having trouble >> >understanding some of your assertions as to why X.500 is the answer to >> >so many problems. >> > >> >It seems to me that the first step for locating certificates in a >> >repository is to define the fields in the certificate object that are a >> >prerequisite to perform the match. Matching rules are a good start and >> >foster the thought process required to provide a well designed solution. >> >Once the matching rules are defined, a protocol such as DAP or LDAP V3 >> >with extensions may be used to exploit the matching rules. In some >> >cases, clients may choose not to use the matching rules and retrieve all >> >certificates. Perhaps matching rules are not supported by the protocol >> >(LDAP V2 or HTTP), therefore the client will collect all the >> >certificates and perform the match locally. This may be even more >> >efficient than submitting multiple searches with different variations of >> >matching rules. It could easily be more efficient to submit one search >> >and retrieve 10 certificates, then to submit 3 searches with different >> >matching rules each time until the required certificate is found. This >> >should be defined by local policies based on performance analysis. >> > >> >Once the rules for matching certificates are defined ( and I think X.500 >> >matching rules are an excellent start ) the distribution model can be >> >analyzed. This is another case where X.500 may be superior to LDAP, but >> >unless you have a well planned global infrastructure neither X.500 or >> >LDAP can help with the distribution model. >> > >> >Dave Horvath >> > >> >Alan Lloyd wrote: >> >> >> >> >> >> Snip >> >> >> >> ---------- >> >> From: pgut001@cs.auckland.ac.nz >> >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >> >> list@seis.nc-forum.com >> >> Sent: 9/29/98 1:01:30 PM >> >> Subject: Re: NEW Data type for certificate selection ? >> >> >> >> Peter - you went through great lenghts to define the problem with >> >> relationships between and searching directory based objects and a >> >> distributed information issue and then you say: >> >> " >> >> If anyone has any useful solutions for this (apart from "We should >> >> force >> >> everyone to use an X.500 directory, that would solve everything" :-) I'd >> >> be interested in hearing them. >> >> >> >> " >> >> Oh well - that counts me out. I cannot do solutions - without the >> >> solution :-))) >> >> regards alan >> >> >> >> Peter. >> >> >> > >> > >> >----------------- SEIS mailing list (list@seis.nc-forum.com) >> >Info about this list: http://www.nc-forum.com/seis >> >SEIS Contact: info@seis.se >> > >> > >> > >> ------------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >> ------------------------------------------------------------------- > >-- > ================================================ > > _/_/_/ David J. Horvath > _/ _/ > _/ _/ Chromatix, Inc. > _/ _/ _/ 10451 Twin Rivers Road, Suite 265 >_/ _/_/ Columbia, MD 21044 > _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com > _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA02842 for ietf-pkix-bks; Wed, 30 Sep 1998 15:31:06 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA02838 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 15:31:04 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id AAA18769; Thu, 1 Oct 1998 00:37:58 +0200 (CEST) Received: from stefans (t1o68p120.telia.com [62.20.138.120]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id AAA23766; Thu, 1 Oct 1998 00:37:55 +0200 (CEST) Message-Id: <3.0.32.19981001003423.00a2d2b0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 01 Oct 1998 00:35:02 +0200 To: Ed Gerck <egerck@laser.cps.softex.br> From: Stefan Santesson <stefan@accurata.se> Subject: Re: NEW Data type for certificate selection ? Cc: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id PAA02839 Sender: owner-ietf-pkix@imc.org Precedence: bulk Ed, Thank you for very interesting input. If I may try a very compressed sum of your discussion it would be: 1) In SSL the server may select preferred client certificate by Issuer DN, and "certificate type" 2) You suggest hashed SSN (social security numbers) using "salt" Regarding "certificate type" I can't find this as an active selection mechanism. It is however mentioned as prerequisite that the certificate type have to match the selected key exchange algorithm. Regardless of this I fail to see how this can be used to pick the right "non-repudiation" certificate in the Java script application. I also fail to understand if you suggest that the current SSL/TLS functions solves all my problems or just a part of them. Do you suggest that a more general matching mechanism is not needed? /Stefan P.s Regarding hashed SSN with salt, I don't get how the "salt" solves this. If the salt is unknown then the SSN can't be checked and if the salt is known the dictionary attack is still possible. I would say that your "salt" is equal to suggest that the SSN should be encrypted with a secret key (where the "salt" is being that secret key). You and I can argue for centuries if certificates handled in browsers should, or should not, be allowed to contain SSN. The fact is that many organizations require this and they will create those certificates regardless of whether you and I like it or not. All we can do is to try to help building architectural principles that to the greatest extent is as forgiving as possible for those examples of bad engineering that by provable fact will show up out there. D.s. At 03:08 PM 9/30/98 -0300, Ed Gerck wrote: >On Wed, 30 Sep 1998, Stefan Santesson wrote: > >> >>Alan, I don't suggest any new certificate extensions >>Ed, I don't want to define any universal criteria for how certificate >>selection SHALL be done or any who decides what for whom, regulations. > >Stefan: > >Thank you for changing the focus and not requiring (as in your >previous examples) that Alice would have her SSN in a public cert :-) > >Your question below fits now the first part of my previous reply, >with a direct solution in SSL, as I present below. > >> >>All I want to do is to define some mechanisms that CAN be used, if >>required, by local PKI-related services in order to make it POSSIBLE for >>them to build working services with STANDARD components. >> >>Let me highlight this again and describe a realistic problem relevant to me. >> >>Bank A offer web-based banking applications. This requires the end user to >>get a specific certificate issued by Bank A. The certificate and the >>corresponding private key is processed through the standard web browser of >>the client. >> >>Two certificates and private keys are used in the normal process. >>1) Certificate for SSL (TLS) security >>2) Certificate for non-repudiation protection of Bank transactions. >> >>In addition to these certificates, a specific end-user may be populated >>with several other certificates, un-known to the Bank. >> >>The question is. How can this Bank create a web based application without >>distributing a customized client plug-in for the purpose. > > >Suppose the Bank signs its own CA certificate and uses that >self-signed CA cert to sign all Bank customer's certs of a certain >class (to make your problem still more realistic), for types (1) and >(2) above for each customer or, (for higher security) with a >different CA cert for each type. > >Of course, that CA cert can be easily registered in a costumer's >browser -- just using the standard menu options. This is justifiable >regarding trust acceptance by a Bank's customer, because the Bank >already exibits trusted functionality to the Bank's customer and the >Bank's CA cert is used in the realm of said trusted functionality in >regard to the customer's browser in cases (1) and (2) of your >example. In other words, it requires no new assumptions, for neither >party. > >Now, you have two phases: > >1. The customer's browser must automatically authenticate the Bank's >server, using the pre-acquired and trusted public-key Bank CA cert. > > If the Bank's server sends its server cert to the browser in SSL, > right after the "server hello" message and self-signed by their own > CA, the browser will be able to automatically verify and accept the > Bank's server cert -- since it can be checked by the public-key > contained in the Bank's own self-signed CA cert stored at the > costumer's browser. > >2. The Bank's server must authenticate the required customer's cert, >which is appropriately requested by the Bank's server and is >automatically presented by the customer's browser according to cert >class and cert type, from a larger collection. > > Since the Bank's server is non-anonymous, it can automatically > request the intended cert from the browser by sending only the DN of > their own appropriate (ie, for that customer's class) CA cert in the > "certificate request" message sent from server to browser in SSL -- > which Bank CA cert is exactly the one that signed the required > customer's cert. Since the Bank certainly did not use their own CA > cert to sign any other types of certs for the customer, the Bank > (and the customer) can trust the browser/SSL combination to block > other customer certs that could have been selected from the > customer's certificate pool and sent back in response. The server > can also specify in the "certificate request" message the customer's > "certificate type" it is requesting, as needed by the Bank -- for > example in your cases (1) and (2) above. Or, for higher security, > the Bank can use different CA certs for each type and send their DNs > accordingly, in each case. > > >It is important to note that *if* the customer's browser fails to >authenticate the Bank's server, then this will generate a fatal >handshake-failure alert in SSL if the non-authenticated Bank still >tries to go into phase 2 above -- so, the second phase is privacy >protected by the first. Perhaps, this also answers some of your >previous concerns and could allow more sensitive information (from >the customer) to be included in the customer's cert sent to the >server -- but, by all means, not in plain (eg, the SSN itself) if >privacy is really a concern since public client certificates are >stored in general access areas at the server. > > >Regarding possible problems of using hashes to protect US's SSN >numbers in public certs (as I suggested in my previous reply), I >include below one comentary I received and my reply -- since it may >be also useful in your context: > >=============================== >>This does not help. American SSN is only 9 digits long and only >>includes digits. It will be trivial to do a dictionary attack in >>this case. This may be true for other pieces of sensitive info as >>well. > >The solution is to add "salt" -- like it is done in UNIX passwords. >For example, you can add 50 chars of salt or as many as you want -- a >passphrase. The point here is that since you know the SSN and the >salt, no one else can guess the SSN from a dictionary attack on only >9 digits. Better still, you can change the hash in a new cert and >keep the SSN constant, by changing the salt, so no one can verify >your SSN in a new cert without your cooperation. > >Part of this technique is used in the MC-DN token in the >Meta-Certificate Standard being developed by the MCG. See >http://www.mcg.org.br/mcfaq.htm > >=============================== > > >Cheers, > >Ed Gerck >______________________________________________________________________ >Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br >http://novaware.cps.softex.br > > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA00464 for ietf-pkix-bks; Wed, 30 Sep 1998 11:04:46 -0700 (PDT) Received: from laser.cps.softex.br (laser.cps.softex.br [143.106.29.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA00443 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 11:02:19 -0700 (PDT) Received: from laser (laser [143.106.29.34]) by laser.cps.softex.br (8.8.7/8.8.7) with SMTP id PAA27526; Wed, 30 Sep 1998 15:08:28 -0300 Date: Wed, 30 Sep 1998 15:08:26 -0300 (EST) From: Ed Gerck <egerck@laser.cps.softex.br> To: Stefan Santesson <stefan@accurata.se> cc: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? In-Reply-To: <3.0.32.19980930164259.00a84cc0@m1.403.telia.com> Message-ID: <Pine.LNX.4.02.9809301211200.25643-100000@laser.cps.softex.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk On Wed, 30 Sep 1998, Stefan Santesson wrote: > >Alan, I don't suggest any new certificate extensions >Ed, I don't want to define any universal criteria for how certificate >selection SHALL be done or any who decides what for whom, regulations. Stefan: Thank you for changing the focus and not requiring (as in your previous examples) that Alice would have her SSN in a public cert :-) Your question below fits now the first part of my previous reply, with a direct solution in SSL, as I present below. > >All I want to do is to define some mechanisms that CAN be used, if >required, by local PKI-related services in order to make it POSSIBLE for >them to build working services with STANDARD components. > >Let me highlight this again and describe a realistic problem relevant to me. > >Bank A offer web-based banking applications. This requires the end user to >get a specific certificate issued by Bank A. The certificate and the >corresponding private key is processed through the standard web browser of >the client. > >Two certificates and private keys are used in the normal process. >1) Certificate for SSL (TLS) security >2) Certificate for non-repudiation protection of Bank transactions. > >In addition to these certificates, a specific end-user may be populated >with several other certificates, un-known to the Bank. > >The question is. How can this Bank create a web based application without >distributing a customized client plug-in for the purpose. Suppose the Bank signs its own CA certificate and uses that self-signed CA cert to sign all Bank customer's certs of a certain class (to make your problem still more realistic), for types (1) and (2) above for each customer or, (for higher security) with a different CA cert for each type. Of course, that CA cert can be easily registered in a costumer's browser -- just using the standard menu options. This is justifiable regarding trust acceptance by a Bank's customer, because the Bank already exibits trusted functionality to the Bank's customer and the Bank's CA cert is used in the realm of said trusted functionality in regard to the customer's browser in cases (1) and (2) of your example. In other words, it requires no new assumptions, for neither party. Now, you have two phases: 1. The customer's browser must automatically authenticate the Bank's server, using the pre-acquired and trusted public-key Bank CA cert. If the Bank's server sends its server cert to the browser in SSL, right after the "server hello" message and self-signed by their own CA, the browser will be able to automatically verify and accept the Bank's server cert -- since it can be checked by the public-key contained in the Bank's own self-signed CA cert stored at the costumer's browser. 2. The Bank's server must authenticate the required customer's cert, which is appropriately requested by the Bank's server and is automatically presented by the customer's browser according to cert class and cert type, from a larger collection. Since the Bank's server is non-anonymous, it can automatically request the intended cert from the browser by sending only the DN of their own appropriate (ie, for that customer's class) CA cert in the "certificate request" message sent from server to browser in SSL -- which Bank CA cert is exactly the one that signed the required customer's cert. Since the Bank certainly did not use their own CA cert to sign any other types of certs for the customer, the Bank (and the customer) can trust the browser/SSL combination to block other customer certs that could have been selected from the customer's certificate pool and sent back in response. The server can also specify in the "certificate request" message the customer's "certificate type" it is requesting, as needed by the Bank -- for example in your cases (1) and (2) above. Or, for higher security, the Bank can use different CA certs for each type and send their DNs accordingly, in each case. It is important to note that *if* the customer's browser fails to authenticate the Bank's server, then this will generate a fatal handshake-failure alert in SSL if the non-authenticated Bank still tries to go into phase 2 above -- so, the second phase is privacy protected by the first. Perhaps, this also answers some of your previous concerns and could allow more sensitive information (from the customer) to be included in the customer's cert sent to the server -- but, by all means, not in plain (eg, the SSN itself) if privacy is really a concern since public client certificates are stored in general access areas at the server. Regarding possible problems of using hashes to protect US's SSN numbers in public certs (as I suggested in my previous reply), I include below one comentary I received and my reply -- since it may be also useful in your context: =============================== >This does not help. American SSN is only 9 digits long and only >includes digits. It will be trivial to do a dictionary attack in >this case. This may be true for other pieces of sensitive info as >well. The solution is to add "salt" -- like it is done in UNIX passwords. For example, you can add 50 chars of salt or as many as you want -- a passphrase. The point here is that since you know the SSN and the salt, no one else can guess the SSN from a dictionary attack on only 9 digits. Better still, you can change the hash in a new cert and keep the SSN constant, by changing the salt, so no one can verify your SSN in a new cert without your cooperation. Part of this technique is used in the MC-DN token in the Meta-Certificate Standard being developed by the MCG. See http://www.mcg.org.br/mcfaq.htm =============================== Cheers, Ed Gerck ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br http://novaware.cps.softex.br Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA00258 for ietf-pkix-bks; Wed, 30 Sep 1998 10:37:53 -0700 (PDT) Received: from mailsvr.basit.com (mailsvr-gw.basit.com [128.209.1.213]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA00254 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 10:37:44 -0700 (PDT) Received: from klerer.basit.com (shiva120 [128.209.144.120]) by mailsvr.basit.com (Guess_again/1.8) with SMTP id NAA06626 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 13:44:11 -0400 (EDT) Message-ID: <008101bdec99$e9fa7a60$010ed180@klerer.basit.com> From: "Robert Klerer" <klerer@xhair.com> To: <ietf-pkix@imc.org> Subject: Re: NEW Data type for certificate selection ? Date: Wed, 30 Sep 1998 13:44:02 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan, If I can suggest a more trivial example. I have a key pair that others use to send me encrypted email and another for encrypting files on my hard disk. There are good reasons to use two key pairs (different escrow policies, key lengths etc.). Locally my applications can use various means of keeping my private keys straight. My CA, by policy, will put both certifucates in a repository. People who have access to the repository who want to send me mail have no distinguishing application usage to select the proper certificate. The answer is not "Don't put your file certificate in the repostory". >David, > >Thank's for putting this issue in the right focus. > >Alan, I don't suggest any new certificate extensions >Ed, I don't want to define any universal criteria for how certificate >selection SHALL be done or any who decides what for whom, regulations. > >All I want to do is to define some mechanisms that CAN be used, if >required, by local PKI-related services in order to make it POSSIBLE for >them to build working services with STANDARD components. > >Let me highlight this again and describe a realistic problem relevant to me. > >Bank A offer web-based banking applications. This requires the end user to >get a specific certificate issued by Bank A. The certificate and the >corresponding private key is processed through the standard web browser of >the client. > >Two certificates and private keys are used in the normal process. >1) Certificate for SSL (TLS) security >2) Certificate for non-repudiation protection of Bank transactions. > >In addition to these certificates, a specific end-user may be populated >with several other certificates, un-known to the Bank. > >The question is. How can this Bank create a web based application without >distributing a customized client plug-in for the purpose. Well the Bank can >get far using Java Scripts but it will fail due to the problem that the >end-user may have to select a certificate. >Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. > >I realize that today there is no way to do this without distributing >customized plug-in components to end-users, but I strongly would like to se >options developed that helps getting around this. The current matching >mechanism in SSL and TLS is just not good enough to solve the problem. > >So If we instead had a standardized matching rule that could be invoked >into protocols and Java Scripts etc, then the situation would be much more >hopeful for the Bank in my case. > >They would then construct a match rule that with high probability would >point out the right end-user certificate and invoke that matching rule both >in the TLS protocol and in the Java Script, forming their secure >transaction application. > >It wouldn't have to be perfect, just good enough to handle some 95%+ of the >cases as long as the Bank could detect cases where it didn't work. Then the >non-working cases could be fixed by personal customer service. > >I see even more use for this matching rule. It could be used in S/MIME so >specify a preferred encryption certificate for replies to a mail. Of course >this matching rule could be used for X.500 directories as well (that's what >it was built for). MY concern here is however not _where_ the certificates >are stored but, how to select 1 of several known certificates regardless of >where they reside. > > >Comments? >How do wee proceed ? >Could we have any comments from Microsoft and Netscape ? > >/Stefan > >At 11:15 AM 9/30/98 -0400, David Horvath wrote: >>--- Message on the SEIS mailing list (list@seis.nc-forum.com) >> >>Alan, >> >>While I personally agree that X.500 provides a mature and feature rich >>core to implement certificate repositories, I am having trouble >>understanding some of your assertions as to why X.500 is the answer to >>so many problems. >> >>It seems to me that the first step for locating certificates in a >>repository is to define the fields in the certificate object that are a >>prerequisite to perform the match. Matching rules are a good start and >>foster the thought process required to provide a well designed solution. >>Once the matching rules are defined, a protocol such as DAP or LDAP V3 >>with extensions may be used to exploit the matching rules. In some >>cases, clients may choose not to use the matching rules and retrieve all >>certificates. Perhaps matching rules are not supported by the protocol >>(LDAP V2 or HTTP), therefore the client will collect all the >>certificates and perform the match locally. This may be even more >>efficient than submitting multiple searches with different variations of >>matching rules. It could easily be more efficient to submit one search >>and retrieve 10 certificates, then to submit 3 searches with different >>matching rules each time until the required certificate is found. This >>should be defined by local policies based on performance analysis. >> >>Once the rules for matching certificates are defined ( and I think X.500 >>matching rules are an excellent start ) the distribution model can be >>analyzed. This is another case where X.500 may be superior to LDAP, but >>unless you have a well planned global infrastructure neither X.500 or >>LDAP can help with the distribution model. >> >>Dave Horvath >> >>Alan Lloyd wrote: >>> >>> >>> Snip >>> >>> ---------- >>> From: pgut001@cs.auckland.ac.nz >>> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >>> list@seis.nc-forum.com >>> Sent: 9/29/98 1:01:30 PM >>> Subject: Re: NEW Data type for certificate selection ? >>> >>> Peter - you went through great lenghts to define the problem with >>> relationships between and searching directory based objects and a >>> distributed information issue and then you say: >>> " >>> If anyone has any useful solutions for this (apart from "We should >>> force >>> everyone to use an X.500 directory, that would solve everything" :-) I'd >>> be interested in hearing them. >>> >>> " >>> Oh well - that counts me out. I cannot do solutions - without the >>> solution :-))) >>> regards alan >>> >>> Peter. >>> >> >> >>----------------- SEIS mailing list (list@seis.nc-forum.com) >>Info about this list: http://www.nc-forum.com/seis >>SEIS Contact: info@seis.se >> >> >> >------------------------------------------------------------------- >Stefan Santesson <stefan@accurata.se> >Accurata Systemsäkerhet AB >Lotsgatan 27 D Tel. +46-40 152211 >216 42 Malmö Fax. +46-40 150790 >Sweden Mobile +46-70 5247799 > >PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >------------------------------------------------------------------- > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA29980 for ietf-pkix-bks; Wed, 30 Sep 1998 10:14:37 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA29976 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 10:14:34 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id NAA08397; Wed, 30 Sep 1998 13:21:48 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <3612686B.C127798B@chromatix.com> Date: Wed, 30 Sep 1998 13:20:43 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Stefan Santesson <stefan@accurata.se> CC: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? References: <3.0.32.19980930164259.00a84cc0@m1.403.telia.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan, Agreed, particularly on the point of not creating any new extensions. I would add that I firmly believe the matching rule mechanisms should be compatible with the work being done in X.500 and LDAP. I would also like to see X.500 and LDAP join forces and be compatible in the area of matching rules, I am not sure where LDAP stands at this time. Dave Horvath Stefan Santesson wrote: > > David, > > Thank's for putting this issue in the right focus. > > Alan, I don't suggest any new certificate extensions > Ed, I don't want to define any universal criteria for how certificate > selection SHALL be done or any who decides what for whom, regulations. > > All I want to do is to define some mechanisms that CAN be used, if > required, by local PKI-related services in order to make it POSSIBLE for > them to build working services with STANDARD components. > > Let me highlight this again and describe a realistic problem relevant to me. > > Bank A offer web-based banking applications. This requires the end user to > get a specific certificate issued by Bank A. The certificate and the > corresponding private key is processed through the standard web browser of > the client. > > Two certificates and private keys are used in the normal process. > 1) Certificate for SSL (TLS) security > 2) Certificate for non-repudiation protection of Bank transactions. > > In addition to these certificates, a specific end-user may be populated > with several other certificates, un-known to the Bank. > > The question is. How can this Bank create a web based application without > distributing a customized client plug-in for the purpose. Well the Bank can > get far using Java Scripts but it will fail due to the problem that the > end-user may have to select a certificate. > Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. > > I realize that today there is no way to do this without distributing > customized plug-in components to end-users, but I strongly would like to se > options developed that helps getting around this. The current matching > mechanism in SSL and TLS is just not good enough to solve the problem. > > So If we instead had a standardized matching rule that could be invoked > into protocols and Java Scripts etc, then the situation would be much more > hopeful for the Bank in my case. > > They would then construct a match rule that with high probability would > point out the right end-user certificate and invoke that matching rule both > in the TLS protocol and in the Java Script, forming their secure > transaction application. > > It wouldn't have to be perfect, just good enough to handle some 95%+ of the > cases as long as the Bank could detect cases where it didn't work. Then the > non-working cases could be fixed by personal customer service. > > I see even more use for this matching rule. It could be used in S/MIME so > specify a preferred encryption certificate for replies to a mail. Of course > this matching rule could be used for X.500 directories as well (that's what > it was built for). MY concern here is however not _where_ the certificates > are stored but, how to select 1 of several known certificates regardless of > where they reside. > > Comments? > How do wee proceed ? > Could we have any comments from Microsoft and Netscape ? > > /Stefan > > At 11:15 AM 9/30/98 -0400, David Horvath wrote: > >--- Message on the SEIS mailing list (list@seis.nc-forum.com) > > > >Alan, > > > >While I personally agree that X.500 provides a mature and feature rich > >core to implement certificate repositories, I am having trouble > >understanding some of your assertions as to why X.500 is the answer to > >so many problems. > > > >It seems to me that the first step for locating certificates in a > >repository is to define the fields in the certificate object that are a > >prerequisite to perform the match. Matching rules are a good start and > >foster the thought process required to provide a well designed solution. > >Once the matching rules are defined, a protocol such as DAP or LDAP V3 > >with extensions may be used to exploit the matching rules. In some > >cases, clients may choose not to use the matching rules and retrieve all > >certificates. Perhaps matching rules are not supported by the protocol > >(LDAP V2 or HTTP), therefore the client will collect all the > >certificates and perform the match locally. This may be even more > >efficient than submitting multiple searches with different variations of > >matching rules. It could easily be more efficient to submit one search > >and retrieve 10 certificates, then to submit 3 searches with different > >matching rules each time until the required certificate is found. This > >should be defined by local policies based on performance analysis. > > > >Once the rules for matching certificates are defined ( and I think X.500 > >matching rules are an excellent start ) the distribution model can be > >analyzed. This is another case where X.500 may be superior to LDAP, but > >unless you have a well planned global infrastructure neither X.500 or > >LDAP can help with the distribution model. > > > >Dave Horvath > > > >Alan Lloyd wrote: > >> > >> > >> Snip > >> > >> ---------- > >> From: pgut001@cs.auckland.ac.nz > >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; > >> list@seis.nc-forum.com > >> Sent: 9/29/98 1:01:30 PM > >> Subject: Re: NEW Data type for certificate selection ? > >> > >> Peter - you went through great lenghts to define the problem with > >> relationships between and searching directory based objects and a > >> distributed information issue and then you say: > >> " > >> If anyone has any useful solutions for this (apart from "We should > >> force > >> everyone to use an X.500 directory, that would solve everything" :-) I'd > >> be interested in hearing them. > >> > >> " > >> Oh well - that counts me out. I cannot do solutions - without the > >> solution :-))) > >> regards alan > >> > >> Peter. > >> > > > > > >----------------- SEIS mailing list (list@seis.nc-forum.com) > >Info about this list: http://www.nc-forum.com/seis > >SEIS Contact: info@seis.se > > > > > > > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systemsäkerhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malmö Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA28790 for ietf-pkix-bks; Wed, 30 Sep 1998 07:39:59 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA28786 for <ietf-pkix@imc.org>; Wed, 30 Sep 1998 07:39:57 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id QAA02188; Wed, 30 Sep 1998 16:46:36 +0200 (CEST) Received: from stefans (t3o68p79.telia.com [62.20.139.79]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id QAA25183; Wed, 30 Sep 1998 16:46:29 +0200 (CEST) Message-Id: <3.0.32.19980930164259.00a84cc0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 30 Sep 1998 16:43:41 +0200 To: David Horvath <dave@chromatix.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> From: Stefan Santesson <stefan@accurata.se> Subject: Re: NEW Data type for certificate selection ? Cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA28787 Sender: owner-ietf-pkix@imc.org Precedence: bulk David, Thank's for putting this issue in the right focus. Alan, I don't suggest any new certificate extensions Ed, I don't want to define any universal criteria for how certificate selection SHALL be done or any who decides what for whom, regulations. All I want to do is to define some mechanisms that CAN be used, if required, by local PKI-related services in order to make it POSSIBLE for them to build working services with STANDARD components. Let me highlight this again and describe a realistic problem relevant to me. Bank A offer web-based banking applications. This requires the end user to get a specific certificate issued by Bank A. The certificate and the corresponding private key is processed through the standard web browser of the client. Two certificates and private keys are used in the normal process. 1) Certificate for SSL (TLS) security 2) Certificate for non-repudiation protection of Bank transactions. In addition to these certificates, a specific end-user may be populated with several other certificates, un-known to the Bank. The question is. How can this Bank create a web based application without distributing a customized client plug-in for the purpose. Well the Bank can get far using Java Scripts but it will fail due to the problem that the end-user may have to select a certificate. Believe me, THIS IS TOTALLY UN-ACCEPTABLE FOR A COMMERCIAL BANK APPLICATION. I realize that today there is no way to do this without distributing customized plug-in components to end-users, but I strongly would like to se options developed that helps getting around this. The current matching mechanism in SSL and TLS is just not good enough to solve the problem. So If we instead had a standardized matching rule that could be invoked into protocols and Java Scripts etc, then the situation would be much more hopeful for the Bank in my case. They would then construct a match rule that with high probability would point out the right end-user certificate and invoke that matching rule both in the TLS protocol and in the Java Script, forming their secure transaction application. It wouldn't have to be perfect, just good enough to handle some 95%+ of the cases as long as the Bank could detect cases where it didn't work. Then the non-working cases could be fixed by personal customer service. I see even more use for this matching rule. It could be used in S/MIME so specify a preferred encryption certificate for replies to a mail. Of course this matching rule could be used for X.500 directories as well (that's what it was built for). MY concern here is however not _where_ the certificates are stored but, how to select 1 of several known certificates regardless of where they reside. Comments? How do wee proceed ? Could we have any comments from Microsoft and Netscape ? /Stefan At 11:15 AM 9/30/98 -0400, David Horvath wrote: >--- Message on the SEIS mailing list (list@seis.nc-forum.com) > >Alan, > >While I personally agree that X.500 provides a mature and feature rich >core to implement certificate repositories, I am having trouble >understanding some of your assertions as to why X.500 is the answer to >so many problems. > >It seems to me that the first step for locating certificates in a >repository is to define the fields in the certificate object that are a >prerequisite to perform the match. Matching rules are a good start and >foster the thought process required to provide a well designed solution. >Once the matching rules are defined, a protocol such as DAP or LDAP V3 >with extensions may be used to exploit the matching rules. In some >cases, clients may choose not to use the matching rules and retrieve all >certificates. Perhaps matching rules are not supported by the protocol >(LDAP V2 or HTTP), therefore the client will collect all the >certificates and perform the match locally. This may be even more >efficient than submitting multiple searches with different variations of >matching rules. It could easily be more efficient to submit one search >and retrieve 10 certificates, then to submit 3 searches with different >matching rules each time until the required certificate is found. This >should be defined by local policies based on performance analysis. > >Once the rules for matching certificates are defined ( and I think X.500 >matching rules are an excellent start ) the distribution model can be >analyzed. This is another case where X.500 may be superior to LDAP, but >unless you have a well planned global infrastructure neither X.500 or >LDAP can help with the distribution model. > >Dave Horvath > >Alan Lloyd wrote: >> >> >> Snip >> >> ---------- >> From: pgut001@cs.auckland.ac.nz >> To: cert-talk@structuredarts.com; ietf-pkix@imc.org; >> list@seis.nc-forum.com >> Sent: 9/29/98 1:01:30 PM >> Subject: Re: NEW Data type for certificate selection ? >> >> Peter - you went through great lenghts to define the problem with >> relationships between and searching directory based objects and a >> distributed information issue and then you say: >> " >> If anyone has any useful solutions for this (apart from "We should >> force >> everyone to use an X.500 directory, that would solve everything" :-) I'd >> be interested in hearing them. >> >> " >> Oh well - that counts me out. I cannot do solutions - without the >> solution :-))) >> regards alan >> >> Peter. >> > > >----------------- SEIS mailing list (list@seis.nc-forum.com) >Info about this list: http://www.nc-forum.com/seis >SEIS Contact: info@seis.se > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA05527 for ietf-pkix-bks; Tue, 29 Sep 1998 20:00:40 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA05523 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 20:00:39 -0700 (PDT) Received: from chromatix.com (cc1020663-a.hwrd1.md.home.com [24.3.62.220]) by chromatix.com (8.8.8/8.8.8) with ESMTP id XAA06421; Tue, 29 Sep 1998 23:07:34 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <36124B27.2FE16E0C@chromatix.com> Date: Wed, 30 Sep 1998 11:15:51 -0400 From: David Horvath <dave@chromatix.com> Organization: @Home Network X-Mailer: Mozilla 4.05 [en]C-AtHome0404 (Win95; U) MIME-Version: 1.0 To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> CC: "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: Re: NEW Data type for certificate selection ? References: <D1A949D4508DD1119C8100400533BEDC07B96A@DSG1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan, While I personally agree that X.500 provides a mature and feature rich core to implement certificate repositories, I am having trouble understanding some of your assertions as to why X.500 is the answer to so many problems. It seems to me that the first step for locating certificates in a repository is to define the fields in the certificate object that are a prerequisite to perform the match. Matching rules are a good start and foster the thought process required to provide a well designed solution. Once the matching rules are defined, a protocol such as DAP or LDAP V3 with extensions may be used to exploit the matching rules. In some cases, clients may choose not to use the matching rules and retrieve all certificates. Perhaps matching rules are not supported by the protocol (LDAP V2 or HTTP), therefore the client will collect all the certificates and perform the match locally. This may be even more efficient than submitting multiple searches with different variations of matching rules. It could easily be more efficient to submit one search and retrieve 10 certificates, then to submit 3 searches with different matching rules each time until the required certificate is found. This should be defined by local policies based on performance analysis. Once the rules for matching certificates are defined ( and I think X.500 matching rules are an excellent start ) the distribution model can be analyzed. This is another case where X.500 may be superior to LDAP, but unless you have a well planned global infrastructure neither X.500 or LDAP can help with the distribution model. Dave Horvath Alan Lloyd wrote: > > > Snip > > ---------- > From: pgut001@cs.auckland.ac.nz > To: cert-talk@structuredarts.com; ietf-pkix@imc.org; > list@seis.nc-forum.com > Sent: 9/29/98 1:01:30 PM > Subject: Re: NEW Data type for certificate selection ? > > Peter - you went through great lenghts to define the problem with > relationships between and searching directory based objects and a > distributed information issue and then you say: > " > If anyone has any useful solutions for this (apart from "We should > force > everyone to use an X.500 directory, that would solve everything" :-) I'd > be interested in hearing them. > > " > Oh well - that counts me out. I cannot do solutions - without the > solution :-))) > regards alan > > Peter. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA06015 for ietf-pkix-bks; Tue, 29 Sep 1998 10:32:40 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA06011 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 10:32:39 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id KAA18568; Tue, 29 Sep 1998 10:38:57 -0700 (PDT) Message-Id: <4.1.0.67.19980929132920.009c4d20@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.67 (Beta) Date: Tue, 29 Sep 1998 13:30:03 -0400 To: Allen_Rochkind@3com.com From: Russ Housley <housley@spyrus.com> Subject: Re: A question and comment about PKIX - Part 1, Version 11. Cc: ietf-pkix@imc.org In-Reply-To: <8825668D.00778D10.00@hqoutbound.ops.3com.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Allen: It means that the data in the CRL cannot be used to validate any certificates. Another source of revocation information must be used. Russ At 02:55 PM 9/28/98 -0700, Allen_Rochkind@3com.com wrote: >First the question. In Section 5.2 "CRL Extensions", p. 46, it says: > > "A CRL validation MUST fail if it encounters a critical extension >which it does not know how to process". > >My question is exactly what does it means that a "CRL validation fails"?. >Does this mean that the CRL is to be ignored and that any certificates that >might appear on the CRL are not invalidated by the CRL?. I would suppose >it is that interpretation rather than that a certificate validation fails >if such a CRL is encountered. > >And now a minor comment. I notice that RFC 2044 (on UTF8 strings) has been >obsoleted by RFC 2279. The comment is just to update the RFC reference in >the spec in Appendix A.1 under UTF8String (p.69). > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA03135 for ietf-pkix-bks; Tue, 29 Sep 1998 05:01:19 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA03131 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 05:01:18 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id IAA07388; Tue, 29 Sep 1998 08:06:01 -0400 (EDT) Message-Id: <199809291206.IAA07388@ietf.org> To: IETF-Announce: ; Cc: RFC Editor <rfc-editor@isi.edu> Cc: Internet Architecture Board <iab@isi.edu> Cc: ietf-pkix@imc.org From: The IESG <iesg-secretary@ietf.org> Subject: Protocol Action: Internet X.509 Public Key Infrastructure Certificate and CRL Profile to Proposed Standard Date: Tue, 29 Sep 1998 08:06:00 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk The IESG has approved the Internet-Draft Internet X.509 Public Key Infrastructure Certificate and CRL Profile <draft-ietf-pkix-ipki-part1-11.txt> as a Proposed Standard. This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Jeffrey Schiller and Marcus Leech. Technical Summary The PKIX Working Group is chartered to specify an Internet profile for the use of X.509 certificates. The focus of the profile is to ensure interoperation between implementations that conform to it. The Part I specification defines formats and requirements for Certificates and Certificate Revocation Lists (CRLs). It is part of a suite of documents, but can stand alone. Working Group Summary This document is the tenth revision of the Part I profile document. Input from many members of the community has gone into this draft which the working group has consensus on. Protocol Quality Many experts on Public Key Infrastructure and contributed and commented on this specification. Jeffrey I. Schiller reviewed the document for the IESG. Y2K Compliance The protocols and formats in this document are Year 2000 compliant. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA25568 for ietf-pkix-bks; Tue, 29 Sep 1998 00:26:22 -0700 (PDT) Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by mail.proper.com (8.8.8/8.8.5) with SMTP id AAA25564 for <ietf-pkix@imc.org>; Tue, 29 Sep 1998 00:26:14 -0700 (PDT) Received: from HYDRA ([195.67.109.114]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id JAA18103; Tue, 29 Sep 1998 09:32:34 +0200 Received: by HYDRA with Microsoft Mail id <01BDEB8B.32948E60@HYDRA>; Tue, 29 Sep 1998 09:26:11 +0200 Message-ID: <01BDEB8B.32948E60@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Ed Gerck'" <egerck@laser.cps.softex.br>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Date: Tue, 29 Sep 1998 09:26:09 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Peter, see in-line comment below. On Tue, 29 Sep 1998, Peter Gutmann wrote: >In that, the server application cannot define anything, at most could >suggest a list of CAs (see below), otherwise it would be easy either >to subvert the user's security choices or do a DoS attack. So, the >server must not be allowed to "help" in a decisive way which user >cert *will* be used -- as though it might seem useful at first: >> In order to make this user friendly, we have to create a mechanism >> where a server can help a client application to select one proper >> certificate out of many. In the example there is just 3 >> certificates to choose among but what if there is 20 or 30? >but such is not safe. The authenticating server may surely *suggest* a list of possible certificates that it may accept because it is always *you* (the user) that should manually select the proper one. In case you feel that a cert with SSN could create a disaster if you accidentally gave it to a wrong server the solution would be to have a local (user-defined) set of valid servers (i.e. their public keys). To insert a new server would require a few more clicks. I.e. similar to ActiveX controls or signed Java Applets. Such servers would typically be governmental (who gave you the SSN) and a *few* other parties that you hopefully trust like your bank or employer. A similar scheme could be used for defining a list of valid receivers of mail signed with a cert containing an SSN (or other sensitive information). I will come back soon with a server-to-cert selection scheme. Anders Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA07285 for ietf-pkix-bks; Mon, 28 Sep 1998 15:25:34 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id PAA07281 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 15:25:33 -0700 (PDT) Message-Id: <199809282225.PAA07281@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Mon, 28 Sep 1998 15:31:45 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: A question and comment about PKIX - Part 1, Version 11. In-Reply-To: <8825668D.00778D10.00@hqoutbound.ops.3com.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk >And now a minor comment. I notice that RFC 2044 (on UTF8 strings) has been >obsoleted by RFC 2279. The comment is just to update the RFC reference in >the spec in Appendix A.1 under UTF8String (p.69). Yes, please, since RFC 2279 had some technical corrections to RFC 2044, I believe. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA07078 for ietf-pkix-bks; Mon, 28 Sep 1998 14:49:02 -0700 (PDT) Received: from seattle.3com.com (seattle.3com.com [129.213.128.97]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA07074 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:49:01 -0700 (PDT) From: Allen_Rochkind@3com.com Received: from new-york.3com.com (new-york.3com.com [129.213.157.12]) by seattle.3com.com (8.8.8/8.8.8) with ESMTP id OAA21156 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:55:57 -0700 (PDT) Received: from hqoutbound.ops.3com.com (hqoutbound.OPS.3Com.COM [139.87.48.104]) by new-york.3com.com (8.8.8/8.8.8) with SMTP id OAA06803 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:55:56 -0700 (PDT) Received: by hqoutbound.ops.3com.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 8825668D.007878E7 ; Mon, 28 Sep 1998 14:55:52 -0700 X-Lotus-FromDomain: 3COM To: ietf-pkix@imc.org Message-ID: <8825668D.00778D10.00@hqoutbound.ops.3com.com> Date: Mon, 28 Sep 1998 14:55:42 -0700 Subject: A question and comment about PKIX - Part 1, Version 11. Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk First the question. In Section 5.2 "CRL Extensions", p. 46, it says: "A CRL validation MUST fail if it encounters a critical extension which it does not know how to process". My question is exactly what does it means that a "CRL validation fails"?. Does this mean that the CRL is to be ignored and that any certificates that might appear on the CRL are not invalidated by the CRL?. I would suppose it is that interpretation rather than that a certificate validation fails if such a CRL is encountered. And now a minor comment. I notice that RFC 2044 (on UTF8 strings) has been obsoleted by RFC 2279. The comment is just to update the RFC reference in the spec in Appendix A.1 under UTF8String (p.69). Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA06782 for ietf-pkix-bks; Mon, 28 Sep 1998 14:07:46 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA06778 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 14:07:43 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX3528L9>; Tue, 29 Sep 1998 07:11:57 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B96A@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'pgut001@cs.auckland.ac.nz '" <pgut001@cs.auckland.ac.nz> Subject: RE: NEW Data type for certificate selection ? Date: Tue, 29 Sep 1998 07:11:56 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Snip ---------- From: pgut001@cs.auckland.ac.nz To: cert-talk@structuredarts.com; ietf-pkix@imc.org; list@seis.nc-forum.com Sent: 9/29/98 1:01:30 PM Subject: Re: NEW Data type for certificate selection ? Peter - you went through great lenghts to define the problem with relationships between and searching directory based objects and a distributed information issue and then you say: " If anyone has any useful solutions for this (apart from "We should force everyone to use an X.500 directory, that would solve everything" :-) I'd be interested in hearing them. " Oh well - that counts me out. I cannot do solutions - without the solution :-))) regards alan Peter. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA06221 for ietf-pkix-bks; Mon, 28 Sep 1998 12:40:54 -0700 (PDT) Received: from laser.cps.softex.br (laser.cps.softex.br [143.106.29.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA06217 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 12:40:51 -0700 (PDT) Received: from laser (laser [143.106.29.34]) by laser.cps.softex.br (8.8.7/8.8.7) with SMTP id QAA25781; Mon, 28 Sep 1998 16:47:26 -0300 Date: Mon, 28 Sep 1998 16:47:25 -0300 (EST) From: Ed Gerck <egerck@laser.cps.softex.br> To: Peter Gutmann <pgut001@cs.auckland.ac.nz> cc: cert-talk@structuredarts.com, ietf-pkix@imc.org, list@seis.nc-forum.com Subject: Re: NEW Data type for certificate selection ? In-Reply-To: <199809281406.HAA29579@gateway-ext.StructuredArts.COM> Message-ID: <Pine.LNX.4.02.9809281408220.25643-100000@laser.cps.softex.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk On Tue, 29 Sep 1998, Peter Gutmann wrote: >Stefan Santesson <stefan@accurata.se> writes: > >>The problem I want to solve is how to pick 1 out of many certificates within >>an end user application. > >>The problem is how to select the right certificate in every suitable occasion >>when several certificates is accessed by the same application. > >>In order to make this user friendly, we have to create a mechanism where a >>server can help a client application to select one proper certificate out of >>many. In the example there is just 3 certificates to choose among but what if >>there is 20 or 30? > >This was something I looked at about 6 months ago while trying to come up with >a general abstraction for a certificate store. The problem you face is that >while it's easy enough to go from certificate -> capabilities, it's very >difficult to go from capabilities -> certificate. Put another way, given a >cert it's easy to answer the query "Can I do X with this", but given a >collection of certs it's very difficult to answer the query "Which cert is >required to do X". Stefan and Peter: As I understood, Stefan's problem (and examples) was pertinent to *signing* and *user authentication*. Specifically, this leads to two different subproblems, which are how to: 1. select which user's private-key should be used in response to a web *signing* query to be done by the user -- when many private-keys exist that can be accessed by the same application (eg, web browser), and 2. select which user public-key certificate should be exported in response to a web *authentication* query on the user, without exporting any public-key cert that has sensitive attribute data (eg, Alice's SSN). Of course, one can argue that "public-key certs" are just what the name implies -- public. Hence, sensitive private data such as SSN should not be stored in them and it is immaterial which public-key cert you export, securitywise and privacywise. In this line of thought, if hardpressed one would include a hash of the sensitive data in the public cert but never the data itself. In this scenario, subproblem (2) is trivial: select any or all. Subproblem (1) is not trivial, due to non-repudiation bits and other qualifiers, but is answered by each application and its user customization/history -- how it allows signing to be done (eg, if signing is automatic, if it requires a yes/no decision, if it needs a passphrase, etc.), how each private-key certificate is stored (eg, in plain-text, off-line in a SC, encrypted, etc.), and so on. However, if we accept that there may be valid uses for "public-key certs" which are not public, with all the security and privacy risks that may ensue from such usage (such as when Bill trusts Monica that trusts Linda; or, when Bill cannot revoke a token that was given to Monica and which unfortunately Monica had to surrender) -- then we must consider that each "non-public" public-key cert and private-key will be handled either by a special application or by an interactive and possibly customized procedure in a general application (eg, a web browser). Which then answers subproblems (1) and (2) also for "non-public" public-key certs. In that, the server application cannot define anything, at most could suggest a list of CAs (see below), otherwise it would be easy either to subvert the user's security choices or do a DoS attack. So, the server must not be allowed to "help" in a decisive way which user cert *will* be used -- as though it might seem useful at first: >> In order to make this user friendly, we have to create a mechanism >> where a server can help a client application to select one proper >> certificate out of many. In the example there is just 3 >> certificates to choose among but what if there is 20 or 30? but such is not safe. Regarding Peter's statements above, they seem to address a more general scenario where also server authentication is involved -- not just user signing/authentication. The server already sends a list of server acceptable CAs, to the client in SSL, but indeed that does not help much as the server is gropping in the dark as to what CAs would be acceptable to the user and what their capabilities might be acceptable to the user at the time. Which seems to need a deeper look in terms of Peter's two questions, also as we ask ourselves if the first question (ie, the relation certificate -> capabilities) is really "easy enough" in a more general scenario. Cheers, Ed Gerck ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br http://novaware.cps.softex.br Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA05133 for ietf-pkix-bks; Mon, 28 Sep 1998 10:36:01 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA05129 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 10:36:00 -0700 (PDT) Received: id NAA23349; Mon, 28 Sep 1998 13:40:24 -0400 Received: by gateway id <TTXVY461>; Mon, 28 Sep 1998 13:36:56 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500139B046@sothmxs01.entrust.com> From: Robert Zuccherato <robert.zuccherato@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Time Stamp and Notary Drafts Date: Mon, 28 Sep 1998 13:36:34 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk As some of you may have noticed, I have submitted the latest versions of our Time Stamp and Data Certification Server drafts as PKIX Internet Drafts, in accordance with the decisions made in Chicago. These drafts are based on the drafts that we have been submitting independently on these topics for some time now and reporting to PKIX on their progress. The Time Stamp Draft describes a protocol in which a trusted Time Stamp Authority provides evidence that a message existed at a particular point in time. It is available at: http://www.ietf.org/internet-drafts/draft-ietf-pkix-time-stamp-00.txt The Data Certification Server provides "notary" type services (signature validation, certificate path validation) in support of non-repudiation. This draft is available at: http://www.ietf.org/internet-drafts/draft-ietf-pkix-dcs-00.txt As usual, comments are welcome. Robert Zuccherato. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA03570 for ietf-pkix-bks; Mon, 28 Sep 1998 07:54:56 -0700 (PDT) Received: from mail.student.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA03564 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 07:54:54 -0700 (PDT) Received: from cs26.cs.auckland.ac.nz (pgut001@cs26.cs.auckland.ac.nz [130.216.36.9]) by mail.student.auckland.ac.nz (8.8.6/8.8.6/cs-master) with SMTP id DAA31163; Tue, 29 Sep 1998 03:01:30 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: by cs26.cs.auckland.ac.nz (relaymail v0.9) id <90699489017466>; Tue, 29 Sep 1998 03:01:30 (NZST) From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: cert-talk@structuredarts.com, ietf-pkix@imc.org, list@seis.nc-forum.com Subject: Re: NEW Data type for certificate selection ? Reply-To: pgut001@cs.auckland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz Date: Tue, 29 Sep 1998 03:01:30 (NZST) Message-ID: <90699489017466@cs26.cs.auckland.ac.nz> Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan Santesson <stefan@accurata.se> writes: >The problem I want to solve is how to pick 1 out of many certificates within >an end user application. >The problem is how to select the right certificate in every suitable occasion >when several certificates is accessed by the same application. >In order to make this user friendly, we have to create a mechanism where a >server can help a client application to select one proper certificate out of >many. In the example there is just 3 certificates to choose among but what if >there is 20 or 30? This was something I looked at about 6 months ago while trying to come up with a general abstraction for a certificate store. The problem you face is that while it's easy enough to go from certificate -> capabilities, it's very difficult to go from capabilities -> certificate. Put another way, given a cert it's easy to answer the query "Can I do X with this", but given a collection of certs it's very difficult to answer the query "Which cert is required to do X". Take the example of using a cert for email encryption. You start by trying a search for one of the extKeyUsage's which cover email encryption. If this fails you try again with a Netscape cert-type. If that fails you try again with one of the appropriate keyUsage's. Finally, if that fails you try again with no particular usage specified. This is an incredible pain to do, especially since each step can involve matching on multiple usage attributes, possibly with some sort of preferred order for a match. I never really came up with a solution for this, the best I could do was define a meta-attribute which summarised the various usage types in a single place so I could perform a single query to match on "name = foo and usage = mail encryption" (rather than arbitrary numbers of queries with the possibility of conflicting usages). The disadvantages of this are that you have to keep extending it to cover new usage types, and it needs to be stored somewhere other than the cert itself. My general idea was to include a kind of TLB mechanism for cert lookups which would allow (reasonably) fast and simple matching for frequently-used certs, but this is messy to do in an abstract manner. After discussing it with various people I dropped it into the "leave it for the next release" basket. If anyone has any useful solutions for this (apart from "We should force everyone to use an X.500 directory, that would solve everything" :-) I'd be interested in hearing them. Peter. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA03363 for ietf-pkix-bks; Mon, 28 Sep 1998 07:26:38 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id HAA03359 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 07:26:37 -0700 (PDT) Message-Id: <199809281426.HAA03359@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Mon, 28 Sep 1998 07:32:49 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: Questions about PKIX In-Reply-To: <8525668D.002BF40F.00@mta2.lotus.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Actually, those are questions about a specific PKIX implementation. As announced here earlier, that's being discussed on a different mailing list. See <http://www.imc.org/imc-pfl/> for information about signing up for the list and all the news that is known about the product. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA02828 for ietf-pkix-bks; Mon, 28 Sep 1998 06:08:00 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA02824 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 06:07:58 -0700 (PDT) Received: id JAA14392; Mon, 28 Sep 1998 09:12:56 -0400 Received: by gateway id <TTXVYTLB>; Mon, 28 Sep 1998 09:09:28 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500206DD8A@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Alan Lloyd'" <Alan.Lloyd@OpenDirectory.com.au> Cc: "'Warwick Ford'" <wford@verisign.com>, "'Steve Kent'" <kent@bbn.com> Subject: RE: comments on draft-ietf-pkix-ipki2opp-08.txt Date: Mon, 28 Sep 1998 09:07:02 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Alan, The PKIX WG embarked on this spec well over a year ago with the primary purpose being to standardize what was predominantly deployed at that time - LDAPv2 for use to access PKI repositories. A minimum subset of the LDAPv2 protocol was profiled, in order to enable relying party and certification authority systems to be able to access LDAP server PKI repositories without needing all the code a typical LDAP client would have. We were not attempting to standardize server to server communications, only a protocol for clients (relying parties and CAs) to use to access the repository. While I personally agree with some of your views about the more comprehensive functionality that can be provided in an X.500 based distributed systems environment, that wasn't the task we undertook. As the work on LDAPv2 dragged on and on and on we qestioned several times within the WG whether to drop this activity and concentrate instead on a more 'modern' directory technology such as LDAPv3, but every time this was raised, the PKIX WG agreed to proceed with the LDAPv2 specs and get them progressed since this is still a very widely deployed protocol, even though there is plenty of interest in LDAPv3 as well. The LDAPv2 protocol profile completed PKIX WG last call in January and the schema spec just a short time ago. No changes have been made to the protocol spec, the only reason it was re-issued was because it was about to expire becasue the schema spec (required for IESG approval of the protocol profile) took so long. I hope this answers your questions on 'why' the LDAP activity. Sharon > ---------- > From: Alan Lloyd[SMTP:Alan.Lloyd@OpenDirectory.com.au] > Sent: September 27, 1998 6:24 PM > To: 'ietf-pkix@imc.org' > Subject: comments on draft-ietf-pkix-ipki2opp-08.txt > > Comments: Internet X.509 Public Key Infrastructure > Operational Protocols - LDAPv2 > > Sorry for being my usual self. But what does this document do or solve. > > All it states is use LDAP V2 to a PKI repository? and highlights the > major failings of LDAP encoding when dealing with certificate attributes > with multiple values. ie. In that the client gets the lot (every > certificate - regardless) -- and if the client goes for CRLs as well - > and they are multi values of a CRL attribute - the client will get the > lot as well. > > Lets do some rough sums. A cert = 600 - 2k bytes average 1kb, 5-10 certs > per user, 3 certs in a path.. transfer = 20- 30kb just to verify a > signature. In addition CRLs - bad sites, and they could get large. > And LDAP accesses for the certs could be via referrals. Lets say that > we could be looking at optimistically at 10-30 seconds of validation > time. > I would be happy to be corrected here.. > > > Fundamental Problems with LDAP > > LDAP servers are "string based" and non distributed - hence the need to > use X.500 and migrate these LDAP servers to a distributed architecture. > Not all certificates one wishes to deal with will be in your local ldap > server - they will be in the directory system that one cooperates with. > > X.500 has certficate matching rules to enable selection of certificates > within a multi value attribute. > > I am not sure what cert matching rules LDAP servers have or even if they > support multi valued att matching or if they are compatible with X.500. > Again the encoding restrictions in LDAP could imply the non use of > these. > > It is obvious to most that LDAP is not very good generally and in the > case of PKI / certficate issues over a wider scale, totally unusable. > > In addition the process one builds into an LDAP client to deal with > referrals and LDAP certficate servers has to be lot larger and therefore > problematic, than that that uses distributed directories with sound > matching rules. > > ie. the best it can get depends on the tools to hand. > > I therefore beg why the document is being put forward because IMHO - it > promotes systems to be built that will not provide the business utility > demanded by companies using large scale EC/509 technologies. The result > can only be commercial disasters and pain for both suppliers and the > poor customer. > > Oh well - > > regards alan > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA02819 for ietf-pkix-bks; Mon, 28 Sep 1998 06:07:45 -0700 (PDT) Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA02815 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 06:07:43 -0700 (PDT) Received: from melcoweb.melco.co.jp ([133.141.191.73]) by florida.melco.co.jp (8.8.8+2.7Wbeta7/3.6Wbeta6-florida) with SMTP id WAA08964; Mon, 28 Sep 1998 22:03:40 +0900 (JST) Received: from inetgw.melco.co.jp (inetgw) by melcoweb.melco.co.jp (5.65+1.6W/3.5Wbeta) id AA04781; Mon, 28 Sep 98 22:08:15 JST Received: from katase.katase.isl.melco.co.jp ([133.141.13.135]) by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.6W-inetgw) with SMTP id WAA15195; Mon, 28 Sep 1998 22:20:13 +0900 (JST) Received: from iss.iss.isl.melco.co.jp by katase.katase.isl.melco.co.jp (4.1/6.4J.6-katase-2/) id AA27264; Mon, 28 Sep 98 22:14:03 JST Received: from zaku by iss.iss.isl.melco.co.jp (1.38.193.4/6.4J.6-isl2-2/iss-master) id AA23057; Mon, 28 Sep 1998 22:14:02 +0900 Message-Id: <360F8B0E.D3FD99CC@iss.isl.melco.co.jp> Date: Mon, 28 Sep 1998 22:11:42 +0900 From: "=?iso-2022-jp?B?GyRCNUhJcCEhPV8bKEI=?=" <yositake@iss.isl.melco.co.jp> X-Mailer: Mozilla 4.05 [ja] (Win95; I) Mime-Version: 1.0 To: Stefan Santesson <stefan@accurata.se> Cc: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com> Subject: Re: NEW Data type for certificate selection ? References: <3.0.32.19980928111642.00a76390@m1.403.telia.com> Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Mr. Santesson, I am not necessarily against you. I write all of my comments below because I would like to contribute to this issue. Stefan Santesson wrote: > Let me clarify my case. > > The problem I want to solve is how to pick 1 out of many certificates > within an end user application. > I think that the real problem is how an application select a suitable (or correct) certificate when there are multiple applications and multiple certificates within one PC. In your example below, S/MIME and another application (say, application X) hold Cert 1 in common. If we limit the situation to e-mail applications, this may be easy, but how do we realize it in a generalized way ? > An example. > > Alice has 4 certificates. > 1) E-mail based ID with low security > 2) Anonymous cert used for anonymous information services. > 3) Qualified ID-certificate (with her social security number) > 4) VISA SET-certificate. > > In this example: > - Cert 1 and 2 are issued by the same CA and have the same key usage. > - Cert 3 has key usage non-repudiation > > The problem is how to select the right certificate in every suitable > occasion when several certificates is accessed by the same application. > Clearly certificate 4 is no problem since it is used by a separate > application (the SET wallet). So starting the SET wallet application > automatically selects the right certificate. > > The problem in this case is not even S/MIME since Alice in this example > only uses certificate 1 in her mail application. > > Here the problem is her web-based applications since she use certificate > 1,2 and 3 with her browser. So every time she is asked to make a signature > or authenticate via TLS, there is a risk that she will select and export > the wrong certificate. In some cases maybe with a very unpleasant result. > In this example, I think the client application needs two kinds of information: which application it is and which level of security it needs. Something like "application identifier" and "secuirty level identifier" are necessary ? (Honestly speaking, I myself don't like the idea, "let's register an object identifier for each application in the world". Somebody has a good idea for this ?) Or something like "security context" which can determine a suitable certificate from among Cert 1, 2, or 3 ? > In order to make this user friendly, we have to create a mechanism where a > server can help a client application to select one proper certificate out > of many. In the example there is just 3 certificates to choose among but > what if there is 20 or 30? > This is not limited to that a server can help a client application. I think there is a case where a client application has to "think" which certificate it must select for itself. (I mean, without help from other party.) I think there is a case where an application has to select a certificate before it begins to communicate with other party, especially in the case of peer to peer communication. > The way to do this is, as I would suggest, a 2 step process: > 1) To define a general selective mechanism (such as the X.500 match rule) > 2) Get protocols, script languages and applications to support this. > Regretfully, the X.500 matching rule doesn't have "application identifer", "security level identifer", "security context", or something like that. I think we have to think a new mechanism outside it, if we don't modify or enhance it any more. > So this is not about whether selection should be done based on issuer name, > policy OID pr something else, but instead how to define a general > mechanisms which allows customized selection rules within a broad range of > applications and protocols. (In step 2 it is also about how a certificate > can be stored and marked so it won't be exported by any application without > the consent from its owner.) > For this purpose, too, I think we need a general mechanism to store and to select (namely, to manage) certificates within one machine. > I still think that The X.500 certificateMatch rule sounds interesting. > Is there any will to go further in this process? > As I said, I think we have to think a new mechanism outside the X.500 matching rules. I also think we can use the X.500 matching rules if we have some pieces of information within a certificate, but that in the situation which we are thinking, we are trying to select a certificate based on the information outside the certificate. (This is the one reason that I think of the term, "security context".) > To us this is a MAJOR factor for succeeding with a broad CA business case > and the vendors picking up this line will at least be in favor in those > procurements that I'm involved in. > > /Stefan (snip) Actually I have designed a system where there are a few applications and a few certificates in one PC. And I faced the problem how an application could select a suitable or correct certificate. In the end, I used something like "application identifier" for that system. But as I said, to "register an object identifier for each application in the world" don't seem to be a good idea. I have kept seeking a good solution since then ... Sorry that I can't show a clear and good solution, but I hope my comments will be of some help. Regards, Jun Yoshitake Mitsubishi Electric Corp. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA02371 for ietf-pkix-bks; Mon, 28 Sep 1998 05:12:10 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA02367 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 05:12:08 -0700 (PDT) Received: id IAA05607; Mon, 28 Sep 1998 08:16:44 -0400 Received: by gateway id <TTXVYT12>; Mon, 28 Sep 1998 08:13:15 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500206DD84@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt Date: Mon, 28 Sep 1998 08:13:13 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Santosh, This mechanism does allow Delta CRLs to be included in pkiCA entries. Both pkiCA and deltaCRL are auxiliary object classes. Multiple auxiliary object classes can be present in the same directory entry. Only one structural object class can be present in that same entry. For example, a CA entry could also be an organization entry. In that case, organization would be the structural object class. pkiCA would be an auxiliary class present in the same entry. If that CA used delta CRLs then the deltaCRL auxiliary object class would also be present in the same entry. The primary difference between structural and auxiliary object classes is that the structural object class is the one that is used to base the naming and the entry's location in in a directory tree structure, that's the reason there can only be one present in each entry. Auxiliary classes do not have this restriction. By defining the separate class for deltas we are now able to add them, in a uniform way, to entries of other types in future (e.g. possibly in attribute authority). Hope this helps. Happy to discuss further if required, give me a call. Sharon > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 27, 1998 12:32 PM > To: 'Internet-Drafts@ietf.org' > Cc: ietf-pkix@imc.org > Subject: RE: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt > > I find the schema acceptable for the certificates. > > I do not find the schema acceptable for delta CRL. I thought we had a > mechanism by which delta CRL could be stored in the object class pkiCA. > It does not seem to be the case. Sharon, I assume you recall the > comment and resolution in this forum. > > > -----Original Message----- > > From: Internet-Drafts@ietf.org [SMTP:Internet-Drafts@ietf.org] > > Sent: Thursday, September 24, 1998 10:27 AM > > Cc: ietf-pkix@imc.org > > Subject: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Public-Key Infrastructure (X.509) > > Working Group > > of the IETF. > > > > Title : Internet X.509 Public Key Infrastructure > > LDAPv2 Schema > > Author(s) : S. Boeyen, T. Howes, P. Richard > > Filename : draft-ietf-pkix-ldapv2-schema-02.txt > > Pages : 7 > > Date : 23-Sep-98 > > > > The schema defined in this document is a minimal schema to > > support > > PKIX in an LDAPv2 environment, as defined in > > draft-ietf-pkix- > > ipki2opp-07.txt. Only PKIX-specific components are specified > > here. > > LDAP servers, acting as PKIX repositories should support the > > auxi- > > liary object classes defined in this specification and > > integrate > > this schema specification with the generic and other > > application- > > specific schemas as appropriate, depending on the services to > > be > > supplied by that server. > > > > The key words 'MUST', 'SHALL', 'REQUIRED', 'SHOULD', > > 'RECOMMENDED', > > and 'MAY' in this document are to be interpreted as described > > in > > RFC 2119. > > > > Please send comments on this document to the ietf-pkix@imc.org > > mail > > list. > > > > Internet-Drafts are available by anonymous FTP. Login with the > > username > > "anonymous" and a password of your e-mail address. After logging in, > > type "cd internet-drafts" and then > > "get draft-ietf-pkix-ldapv2-schema-02.txt". > > A URL for the Internet-Draft is: > > ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ldapv2-schema-02.tx > > t > > > > Internet-Drafts directories are located at: > > > > Africa: ftp.is.co.za > > > > Europe: ftp.nordu.net > > ftp.nis.garr.it > > > > Pacific Rim: munnari.oz.au > > > > US East Coast: ftp.ietf.org > > > > US West Coast: ftp.isi.edu > > > > Internet-Drafts are also available by mail. > > > > Send a message to: mailserv@ietf.org. In the body type: > > "FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt". > > > > NOTE: The mail server at ietf.org can return the document in > > MIME-encoded form by using the "mpack" utility. To use this > > feature, insert the command "ENCODING mime" before the "FILE" > > command. To decode the response(s), you will need "munpack" or > > a MIME-compliant mail reader. Different MIME-compliant mail > > readers > > exhibit different behavior, especially when dealing with > > "multipart" MIME messages (i.e. documents which have been split > > up into multiple messages), so check your local documentation on > > how to manipulate these messages. > > > > > > Below is the data which will enable a MIME compliant mail reader > > implementation to automatically retrieve the ASCII version of the > > Internet-Draft. << Message: Untitled Attachment >> > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA29636 for ietf-pkix-bks; Mon, 28 Sep 1998 02:14:15 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA29632 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 02:14:11 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id LAA01066; Mon, 28 Sep 1998 11:20:25 +0200 (MET DST) Received: from stefans (t4o68p93.telia.com [62.20.139.213]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id LAA29513; Mon, 28 Sep 1998 11:20:09 +0200 (CEST) Message-Id: <3.0.32.19980928111642.00a76390@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 28 Sep 1998 11:17:31 +0200 To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com> From: Stefan Santesson <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id CAA29633 Sender: owner-ietf-pkix@imc.org Precedence: bulk Let me clarify my case. The problem I want to solve is how to pick 1 out of many certificates within an end user application. An example. Alice has 4 certificates. 1) E-mail based ID with low security 2) Anonymous cert used for anonymous information services. 3) Qualified ID-certificate (with her social security number) 4) VISA SET-certificate. In this example: - Cert 1 and 2 are issued by the same CA and have the same key usage. - Cert 3 has key usage non-repudiation The problem is how to select the right certificate in every suitable occasion when several certificates is accessed by the same application. Clearly certificate 4 is no problem since it is used by a separate application (the SET wallet). So starting the SET wallet application automatically selects the right certificate. The problem in this case is not even S/MIME since Alice in this example only uses certificate 1 in her mail application. Here the problem is her web-based applications since she use certificate 1,2 and 3 with her browser. So every time she is asked to make a signature or authenticate via TLS, there is a risk that she will select and export the wrong certificate. In some cases maybe with a very unpleasant result. In order to make this user friendly, we have to create a mechanism where a server can help a client application to select one proper certificate out of many. In the example there is just 3 certificates to choose among but what if there is 20 or 30? The way to do this is, as I would suggest, a 2 step process: 1) To define a general selective mechanism (such as the X.500 match rule) 2) Get protocols, script languages and applications to support this. So this is not about whether selection should be done based on issuer name, policy OID pr something else, but instead how to define a general mechanisms which allows customized selection rules within a broad range of applications and protocols. (In step 2 it is also about how a certificate can be stored and marked so it won't be exported by any application without the consent from its owner.) I still think that The X.500 certificateMatch rule sounds interesting. Is there any will to go further in this process? To us this is a MAJOR factor for succeeding with a broad CA business case and the vendors picking up this line will at least be in favor in those procurements that I'm involved in. /Stefan At 09:30 AM 9/27/98 +1000, Alan Lloyd wrote: >Yes I have views - see my draft lloyd-dir-cert-stat .. > >First one needs a fully distributed directory system. >Then one needs a good set of certificate matching rules in that >directory system to permit the selection of certficate components. >Including rules that can handle multi valued attributes. >Then one needs directory based certficate searches based on client >business semantics. >And then one needs certficate paths to associated with business >semantics in a trusted way rather than just crypto-cert-issuerId >mechanisms. > >I dont see the problem, simply because one has to add something else to >certs and pkis to make them work in a scaleable and useful way - and >that is big directory systems, matching rules that assist the >verification and a business information model that supports the >cert/crypto mechanisms. > > >I do not believe one will achieve much with to fix this issue without an >operational, business and information perspective. > > >just thoughts >regards alan > > > >---------- >From: Stefan Santesson >To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; >cert-talk@structuredarts.com >Sent: 9/24/98 10:41:23 PM >Subject: NEW Data type for certificate selection ? > >All, > >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an >environment >where the client is populated with many similar certificates for >different >purposes. > >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for >the >general case. > >In fact we can NEVER claim that we have an X.509 based architecture >ready >for the big market IF WE DON'T SOLVE THIS PROBLEM. > >A normal user (I.e grandmother) will never be able to pick the right >certificate by herself, if there is more than 1 to pick. > >The question raised here is: > >WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD >START. > >If we could create a standardized ASN.1 data type with the purpose of >defining the criteria for selecting 1 out of n certificates, then this >could be used as a common base for enhancing TLS, Java, Java script, >S/MIME >etc. > >The data type could be communicated from server to client, client to >server, server to server, client to client; I.e in any case where one >party >which to assist another party in selecting an appropriate certificate >for >any purpose (defined by the context). > >Do anyone have a better idea. > >I think this is a lost problem that has to be fixed, hopefully in a >standardized way. > >Comments, suggestions. > >/Stefan Santesson >------------------------------------------------------------------- >Stefan Santesson <stefan@accurata.se> >Accurata Systemsäkerhet AB >Lotsgatan 27 D Tel. +46-40 152211 >216 42 Malmö Fax. +46-40 150790 >Sweden Mobile +46-70 5247799 > >PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >------------------------------------------------------------------- > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA29311 for ietf-pkix-bks; Mon, 28 Sep 1998 01:12:47 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA29307 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 01:12:40 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX3528J0>; Mon, 28 Sep 1998 18:16:46 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B94C@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'tyone '" <tyone@iss.isl.melco.co.jp> Subject: RE: NEW Data type for certificate selection ? Date: Mon, 28 Sep 1998 18:16:45 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Tyone - the problem gets worse if one uses extensions - It means one is tying (by cryptography) the local context/usage of a certificate. And as you say, contexts may not be universal. In fact scaleability will hit once we force "application" tags into certificates, simply because - as you say, usage identifiers are open ended. Nothing will be perfect in this space, but my preference is to have certificate/permissions/business information approach that ties the crypto trust components to the User capabilities and applies these into a business context - all of which must be designed from a directory information perspective because of the authentication, access control, distribution and validation requirements demanded. As said, the requirement is to have a trusted EC environment. The components of such an environment include cert based fns, distributed dirs and a business/organisational directory schema and (as small as possible) client applications that rely on such services. Adding an extension in my mind does not solve the problem, it simply creates more because the "fix" is in the wrong place. And as you say correctly - its hard and difficult which just indicates IMHO that the problem is somewhere else. I personally think that one cannot add anymore detail to PKI/509 becuase the problems that are now being discussed are the limitations of LDAP to support efficient and scaleable PKI systems (when X.500 should be used) and the application,performance and trust of certificate based systems now depend on the application they are used for. And these are cost, operational, assurance and cost related issues. regards alan ---------- From: tyone To: ietf-pkix@imc.org Sent: 9/28/98 12:19:19 PM Subject: Re: NEW Data type for certificate selection ? Hi. What do you think of the idea that using cert policies extension for this purpose? The reason is, cert policies extension indicating how the certificate has been issued, and how the certificate should be used. If two different certificates have the same cert policies extension value and one can be used for application A, then it is reasonable that the other can be used for application A. if we decide to introduce a new extension or a new ASN1 field to X509 format, ,which indicates what kinds of applications can use the certificate, we first have to categorize applications from some view points( data sensitivity?). This categorizing work seems to be very hard and difficult. Takeshi Yoneda Mitsubishi Electric Corp. >All, >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an environment >where the client is populated with many similar certificates for different >purposes. >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for the >general case. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA28865 for ietf-pkix-bks; Mon, 28 Sep 1998 00:48:15 -0700 (PDT) Received: from lotus2.lotus.com (lotus2.lotus.com [192.233.136.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA28861 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 00:48:14 -0700 (PDT) From: Stefan_Salzmann/HAM/Lotus@lotus.com Received: from internet2.lotus.com (internet2 [9.95.4.236]) by lotus2.lotus.com (8.8.8/8.8.7) with ESMTP id DAA10830 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 03:59:14 -0400 (EDT) Received: from mta2.lotus.com (MTA2.lotus.com [9.95.5.6]) by internet2.lotus.com (8.8.8/8.8.7) with SMTP id DAA28532 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 03:53:32 -0400 (EDT) Received: by mta2.lotus.com(Lotus SMTP MTA Internal build v4.6.2 (651.2 6-10-1998)) id 8525668D.002BF5DA ; Mon, 28 Sep 1998 04:00:09 -0400 X-Lotus-FromDomain: LOTUSINT@LOTUS@MTA To: ietf-pkix@imc.org cc: Helmut_Speichermann/FRA/Lotus@lotus.com, Boris_Baltzer/MUC1/Lotus@lotus.com, Georg_Zyprian/FRA/Lotus@lotus.com Message-ID: <8525668D.002BF40F.00@mta2.lotus.com> Date: Mon, 28 Sep 1998 09:51:59 +0200 Subject: Questions about PKIX Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, I have got some questions concerning PKIX. So here they are: When will be the code of the PKIX reference available at the MIT Web Pages? What is Jonah in relation to PKIX? When starts the PKIX developers converence in October? Are there already White Papers available? Thanks for answering, Regards Stefan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA10325 for ietf-pkix-bks; Sun, 27 Sep 1998 19:17:09 -0700 (PDT) Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA10321 for <ietf-pkix@imc.org>; Sun, 27 Sep 1998 19:17:07 -0700 (PDT) Received: from melcoweb.melco.co.jp ([133.141.191.73]) by florida.melco.co.jp (8.8.8+2.7Wbeta7/3.6Wbeta6-florida) with SMTP id LAA05603 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 11:13:31 +0900 (JST) Received: from inetgw.melco.co.jp (inetgw) by melcoweb.melco.co.jp (5.65+1.6W/3.5Wbeta) id AA27021; Mon, 28 Sep 98 11:18:05 JST Received: from katase.katase.isl.melco.co.jp ([133.141.13.135]) by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.6W-inetgw) with SMTP id LAA04167 for <ietf-pkix@imc.org>; Mon, 28 Sep 1998 11:30:03 +0900 (JST) Received: from iss.iss.isl.melco.co.jp by katase.katase.isl.melco.co.jp (4.1/6.4J.6-katase-2/) id AA15585; Mon, 28 Sep 98 11:23:54 JST Received: from edberg by iss.iss.isl.melco.co.jp (1.38.193.4/6.4J.6-isl2-2/iss-master) id AA09263; Mon, 28 Sep 1998 11:23:53 +0900 Message-Id: <360EF227.7D17CD5B@iss.isl.melco.co.jp> Date: Mon, 28 Sep 1998 11:19:19 +0900 From: tyone <tyone@iss.isl.melco.co.jp> X-Mailer: Mozilla 4.05 [ja] (WinNT; I) Mime-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: NEW Data type for certificate selection ? Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi. What do you think of the idea that using cert policies extension for this purpose? The reason is, cert policies extension indicating how the certificate has been issued, and how the certificate should be used. If two different certificates have the same cert policies extension value and one can be used for application A, then it is reasonable that the other can be used for application A. if we decide to introduce a new extension or a new ASN1 field to X509 format, ,which indicates what kinds of applications can use the certificate, we first have to categorize applications from some view points( data sensitivity?). This categorizing work seems to be very hard and difficult. Takeshi Yoneda Mitsubishi Electric Corp. >All, >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an environment >where the client is populated with many similar certificates for different >purposes. >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for the >general case. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09408 for ietf-pkix-bks; Sun, 27 Sep 1998 15:20:57 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09403 for <ietf-pkix@imc.org>; Sun, 27 Sep 1998 15:20:53 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TX352825>; Mon, 28 Sep 1998 08:24:58 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B944@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: comments on draft-ietf-pkix-ipki2opp-08.txt Date: Mon, 28 Sep 1998 08:24:56 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Comments: Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 Sorry for being my usual self. But what does this document do or solve. All it states is use LDAP V2 to a PKI repository? and highlights the major failings of LDAP encoding when dealing with certificate attributes with multiple values. ie. In that the client gets the lot (every certificate - regardless) -- and if the client goes for CRLs as well - and they are multi values of a CRL attribute - the client will get the lot as well. Lets do some rough sums. A cert = 600 - 2k bytes average 1kb, 5-10 certs per user, 3 certs in a path.. transfer = 20- 30kb just to verify a signature. In addition CRLs - bad sites, and they could get large. And LDAP accesses for the certs could be via referrals. Lets say that we could be looking at optimistically at 10-30 seconds of validation time. I would be happy to be corrected here.. Fundamental Problems with LDAP LDAP servers are "string based" and non distributed - hence the need to use X.500 and migrate these LDAP servers to a distributed architecture. Not all certificates one wishes to deal with will be in your local ldap server - they will be in the directory system that one cooperates with. X.500 has certficate matching rules to enable selection of certificates within a multi value attribute. I am not sure what cert matching rules LDAP servers have or even if they support multi valued att matching or if they are compatible with X.500. Again the encoding restrictions in LDAP could imply the non use of these. It is obvious to most that LDAP is not very good generally and in the case of PKI / certficate issues over a wider scale, totally unusable. In addition the process one builds into an LDAP client to deal with referrals and LDAP certficate servers has to be lot larger and therefore problematic, than that that uses distributed directories with sound matching rules. ie. the best it can get depends on the tools to hand. I therefore beg why the document is being put forward because IMHO - it promotes systems to be built that will not provide the business utility demanded by companies using large scale EC/509 technologies. The result can only be commercial disasters and pain for both suppliers and the poor customer. Oh well - regards alan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA08414 for ietf-pkix-bks; Sun, 27 Sep 1998 09:26:54 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA08410 for <ietf-pkix@imc.org>; Sun, 27 Sep 1998 09:26:53 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <T19XDQFB>; Sun, 27 Sep 1998 12:32:13 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1ADC@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Internet-Drafts@ietf.org'" <Internet-Drafts@ietf.org> Cc: ietf-pkix@imc.org Subject: RE: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt Date: Sun, 27 Sep 1998 12:32:11 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I find the schema acceptable for the certificates. I do not find the schema acceptable for delta CRL. I thought we had a mechanism by which delta CRL could be stored in the object class pkiCA. It does not seem to be the case. Sharon, I assume you recall the comment and resolution in this forum. > -----Original Message----- > From: Internet-Drafts@ietf.org [SMTP:Internet-Drafts@ietf.org] > Sent: Thursday, September 24, 1998 10:27 AM > Cc: ietf-pkix@imc.org > Subject: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Public-Key Infrastructure (X.509) > Working Group > of the IETF. > > Title : Internet X.509 Public Key Infrastructure > LDAPv2 Schema > Author(s) : S. Boeyen, T. Howes, P. Richard > Filename : draft-ietf-pkix-ldapv2-schema-02.txt > Pages : 7 > Date : 23-Sep-98 > > The schema defined in this document is a minimal schema to > support > PKIX in an LDAPv2 environment, as defined in > draft-ietf-pkix- > ipki2opp-07.txt. Only PKIX-specific components are specified > here. > LDAP servers, acting as PKIX repositories should support the > auxi- > liary object classes defined in this specification and > integrate > this schema specification with the generic and other > application- > specific schemas as appropriate, depending on the services to > be > supplied by that server. > > The key words 'MUST', 'SHALL', 'REQUIRED', 'SHOULD', > 'RECOMMENDED', > and 'MAY' in this document are to be interpreted as described > in > RFC 2119. > > Please send comments on this document to the ietf-pkix@imc.org > mail > list. > > Internet-Drafts are available by anonymous FTP. Login with the > username > "anonymous" and a password of your e-mail address. After logging in, > type "cd internet-drafts" and then > "get draft-ietf-pkix-ldapv2-schema-02.txt". > A URL for the Internet-Draft is: > ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ldapv2-schema-02.tx > t > > Internet-Drafts directories are located at: > > Africa: ftp.is.co.za > > Europe: ftp.nordu.net > ftp.nis.garr.it > > Pacific Rim: munnari.oz.au > > US East Coast: ftp.ietf.org > > US West Coast: ftp.isi.edu > > Internet-Drafts are also available by mail. > > Send a message to: mailserv@ietf.org. In the body type: > "FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt". > > NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail > readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. << Message: Untitled Attachment >> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA21031 for ietf-pkix-bks; Sat, 26 Sep 1998 16:25:58 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA21027 for <ietf-pkix@imc.org>; Sat, 26 Sep 1998 16:25:50 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <TS1VBY1B>; Sun, 27 Sep 1998 09:30:03 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07B92F@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com '" <list@seis.nc-forum.com>, "'ietf-tls@consensus.com '" <ietf-tls@consensus.com>, "'cert-talk@structuredarts.com '" <cert-talk@structuredarts.com>, "'Stefan Santesson '" <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Date: Sun, 27 Sep 1998 09:30:02 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id QAA21028 Sender: owner-ietf-pkix@imc.org Precedence: bulk Yes I have views - see my draft lloyd-dir-cert-stat .. First one needs a fully distributed directory system. Then one needs a good set of certificate matching rules in that directory system to permit the selection of certficate components. Including rules that can handle multi valued attributes. Then one needs directory based certficate searches based on client business semantics. And then one needs certficate paths to associated with business semantics in a trusted way rather than just crypto-cert-issuerId mechanisms. I dont see the problem, simply because one has to add something else to certs and pkis to make them work in a scaleable and useful way - and that is big directory systems, matching rules that assist the verification and a business information model that supports the cert/crypto mechanisms. I do not believe one will achieve much with to fix this issue without an operational, business and information perspective. just thoughts regards alan ---------- From: Stefan Santesson To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; cert-talk@structuredarts.com Sent: 9/24/98 10:41:23 PM Subject: NEW Data type for certificate selection ? All, During the TLS session in Chicago (IETF meeting) I discussed with Jeff Weinstein, Netscape, the problem of certificate selection in an environment where the client is populated with many similar certificates for different purposes. We concluded that this is a general problem, not only for TLS, but for S/MIME, Java, Java script, etc, where signing and encryption based on an X.509 PKI is an option. I also conclude that the current TLS approach, using Issuer name as selection criteria, is hopelessly insufficient for the general case. In fact we can NEVER claim that we have an X.509 based architecture ready for the big market IF WE DON'T SOLVE THIS PROBLEM. A normal user (I.e grandmother) will never be able to pick the right certificate by herself, if there is more than 1 to pick. The question raised here is: WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. If we could create a standardized ASN.1 data type with the purpose of defining the criteria for selecting 1 out of n certificates, then this could be used as a common base for enhancing TLS, Java, Java script, S/MIME etc. The data type could be communicated from server to client, client to server, server to server, client to client; I.e in any case where one party which to assist another party in selecting an appropriate certificate for any purpose (defined by the context). Do anyone have a better idea. I think this is a lost problem that has to be fixed, hopefully in a standardized way. Comments, suggestions. /Stefan Santesson ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23104 for ietf-pkix-bks; Fri, 25 Sep 1998 09:18:29 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23100 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 09:18:29 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id JAA27992; Fri, 25 Sep 1998 09:22:39 -0700 (PDT) Received: from mmyers-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id JAA00996; Fri, 25 Sep 1998 09:24:33 -0700 (PDT) Message-Id: <3.0.32.19980925090738.0094f7e8@mail.verisign.com> X-Sender: mmyers@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 25 Sep 1998 09:24:36 -0700 To: Denis Pinkas <Denis.Pinkas@bull.net>, IETF-PXIX <ietf-pkix@imc.org> From: Michael Myers <mmyers@verisign.com> Subject: Re: Archive cutoff & Retention period Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA23101 Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis, At 10:03 AM 9/23/98 -0700, Denis Pinkas wrote: > >The "retention period" should be supported by all OCSP responders >and thus should be part of the standard response. Adding a >"retentionPeriod" after the "produceAt" from the ResponseData would >be simpler than defining an extension. We didn't want to break the response syntax, especially in light of the fact that support for long term retention of status data is not a core requirement. >Then, let us address the « Archive Cutoff » issue. > >If we were to support the archiving capability, with e.g. a 7 year >retention, we would need an additional time parameter in the request >to point to the equivalent of the right CRL issued at that time e.g. >7 years ago. This parameter is currently not present. Unless it is >added, the function cannot work. We thus have two options : add the >missing parameter or delete this capability. Opinions ? As the public debate on this issue had concluded, the requirement is to enable responders to assert a bound on the historical accuracy of their responses. The archive cutoff extension satisfies this requirement. This function speaks only to the most current status of the certificate, not to its status at any point in time. Mike Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22174 for ietf-pkix-bks; Fri, 25 Sep 1998 07:21:50 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22170 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 07:21:49 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA06021; Fri, 25 Sep 1998 10:27:54 -0400 (EDT) Message-Id: <199809251427.KAA06021@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki2opp-08.txt Date: Fri, 25 Sep 1998 10:27:54 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart Note: This revision reflects comments received during the last call period. A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 Author(s) : S. Boeyen, T. Howes, P. Richard Filename : draft-ietf-pkix-ipki2opp-08.txt Pages : 12 Date : 24-Sep-98 The protocol described in this document is designed to satisfy some of the operational requirements within the Internet X.509 Public Key Infrastructure (IPKI). Specifically, this document addresses requirements to provide access to Public Key Infrastructure (PKI) repositories for the purposes of retrieving PKI information and managing that same information. The mechanism described in this document is based on the Lightweight Directory Access Protocol (LDAP) v2, defined in RFC 1777, defining a profile of that protocol for use within the IPKI and updates encodings for certificates and revocation lists from RFC 1778. Additional mechanisms addressing PKIX operational requirements are specified in separate documents. The key words 'MUST', 'REQUIRED', 'SHOULD', 'RECOMMENDED', and 'MAY' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@imc.org mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki2opp-08.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ipki2opp-08.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki2opp-08.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980924132531.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki2opp-08.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki2opp-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980924132531.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA21217 for ietf-pkix-bks; Fri, 25 Sep 1998 04:31:00 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA21213 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 04:30:59 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id NAA16726; Fri, 25 Sep 1998 13:37:15 +0200 (CEST) Received: from stefans (t3o68p4.telia.com [62.20.139.4]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id NAA10344; Fri, 25 Sep 1998 13:37:14 +0200 (CEST) Message-Id: <3.0.32.19980925133351.00a88250@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 25 Sep 1998 13:34:29 +0200 To: "Miklos, Sue A." <samiklo@missi.ncsc.mil>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com'" <list@seis.nc-forum.com>, "'cert-talk@structuredarts.com'" <cert-talk@structuredarts.com> From: Stefan Santesson <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA21214 Sender: owner-ietf-pkix@imc.org Precedence: bulk Thank you Sue, This looks very useful. I could think of some enhancements, but since this is standard it's a very good way to start. Could you elaborate how the certificate mach rule could be invoked into a protocoll. Would it just be for the entity suggesting use of a certain type of certificate to communicate one (or a SEQUECE OF) CertificateAssertion data value(s)? If this is so, then all we have to do is to have this included in various protocolls and convince Microsoft, Netscape etc, to allow certificate selection using this maching rule. If we could achieve this then I think it would be a giant step in the right direction. What does Microsoft and Netscape say about this ??? Comments, suggestions! /Stefan Santesson At 12:02 PM 9/24/98 -0400, Miklos, Sue A. wrote: > > >Please consider the following matching rules for certificates, based on >the X.500 series. I would really like to see products developed that >can invoke them (as client) and products developed that can retrieve >them from the storage (as repository). I am not advocating this exact >syntax, but something very similar would be extremely beneficial. >Sandi > >>---------- >>From: Stefan Santesson[SMTP:stefan@accurata.se] >>Sent: Thursday, September 24, 1998 8:41 AM >>To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; >>cert-talk@structuredarts.com >>Subject: NEW Data type for certificate selection ? >> >>All, >> >>During the TLS session in Chicago (IETF meeting) I discussed with Jeff >>Weinstein, Netscape, the problem of certificate selection in an environment >>where the client is populated with many similar certificates for different >>purposes. >> >>We concluded that this is a general problem, not only for TLS, but for >>S/MIME, Java, Java script, etc, where signing and encryption based on an >>X.509 PKI is an option. I also conclude that the current TLS approach, >>using Issuer name as selection criteria, is hopelessly insufficient for the >>general case. >> >>In fact we can NEVER claim that we have an X.509 based architecture ready >>for the big market IF WE DON'T SOLVE THIS PROBLEM. >> >>A normal user (I.e grandmother) will never be able to pick the right >>certificate by herself, if there is more than 1 to pick. >> >>The question raised here is: >> >>WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. >> >>If we could create a standardized ASN.1 data type with the purpose of >>defining the criteria for selecting 1 out of n certificates, then this >>could be used as a common base for enhancing TLS, Java, Java script, S/MIME >>etc. >> >>The data type could be communicated from server to client, client to >>server, server to server, client to client; I.e in any case where one party >>which to assist another party in selecting an appropriate certificate for >>any purpose (defined by the context). >> >>Do anyone have a better idea. >> >>I think this is a lost problem that has to be fixed, hopefully in a >>standardized way. >> >>Comments, suggestions. >> >>/Stefan Santesson >>------------------------------------------------------------------- >>Stefan Santesson <stefan@accurata.se> >>Accurata Systemsäkerhet AB >>Lotsgatan 27 D Tel. +46-40 152211 >>216 42 Malmö Fax. +46-40 150790 >>Sweden Mobile +46-70 5247799 >> >>PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >>------------------------------------------------------------------- >> > >Attachment Converted: "c:\internet\eudora\attach\MATCH2.DOC" > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA18649 for ietf-pkix-bks; Fri, 25 Sep 1998 02:25:59 -0700 (PDT) Received: from florida.melco.co.jp (florida.melco.co.jp [192.218.140.46]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA18645 for <ietf-pkix@imc.org>; Fri, 25 Sep 1998 02:25:52 -0700 (PDT) Received: from melcoweb.melco.co.jp ([133.141.191.73]) by florida.melco.co.jp (8.8.8+2.7Wbeta7/3.6Wbeta6-florida) with SMTP id SAA24749; Fri, 25 Sep 1998 18:21:35 +0900 (JST) Received: from inetgw.melco.co.jp (inetgw) by melcoweb.melco.co.jp (5.65+1.6W/3.5Wbeta) id AA00363; Fri, 25 Sep 98 18:26:06 JST Received: from katase.katase.isl.melco.co.jp ([133.141.13.135]) by inetgw.melco.co.jp (8.8.8+2.7Wbeta7/3.6W-inetgw) with SMTP id SAA08497; Fri, 25 Sep 1998 18:37:55 +0900 (JST) Received: from iss.iss.isl.melco.co.jp by katase.katase.isl.melco.co.jp (4.1/6.4J.6-katase-2/) id AA29300; Fri, 25 Sep 98 18:31:52 JST Received: from zaku by iss.iss.isl.melco.co.jp (1.38.193.4/6.4J.6-isl2-2/iss-master) id AA19581; Fri, 25 Sep 1998 18:31:52 +0900 Message-Id: <360B627F.981A419E@iss.isl.melco.co.jp> Date: Fri, 25 Sep 1998 18:29:35 +0900 From: "=?iso-2022-jp?B?GyRCNUhJcCEhPV8bKEI=?=" <yositake@iss.isl.melco.co.jp> X-Mailer: Mozilla 4.05 [ja] (Win95; I) Mime-Version: 1.0 To: Stefan Santesson <stefan@accurata.se> Cc: ietf-pkix@imc.org, list@seis.nc-forum.com, ietf-tls@consensus.com, cert-talk@structuredarts.com Subject: Re: NEW Data type for certificate selection ? References: <3.0.32.19980924144039.00a6ccf0@m1.403.telia.com> Content-Type: text/plain; charset=iso-2022-jp X-Mime-Autoconverted: from 8bit to quoted-printable by inetgw.melco.co.jp id SAA08497 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id CAA18646 Sender: owner-ietf-pkix@imc.org Precedence: bulk I have two comments. 1. I'd like to clarify the scope. Is it limited to the case where one party which to assist another party ? I suggest that it include the case where a person has multiple certificates in his / her PC, WS, etc. It will be more useful and more efficient if there is a standardized mechanism for the case like this rather than that each application manages its certificates in its own way on one machine. Some applications could hold a certificate in common. 2. It would be better that we consider the generation management of a certificate. Suppose a certificate has expired and you get the new certificate on your PC. Namely, you have two certificates on your PC, the old one and the new one. Attention should be paid not to let an application select the old one. (Of course, things are easy if the old one is deleted. But is it really always good for all the cases, all applications,...?) (Issuer and Serial Number is nice, but you need the mechanism to record "this serial number is for the new one" when you get it for the first time.) Jun Yoshitake Mitsubishi Electric Corp. Stefan Santesson wrote: > All, > > During the TLS session in Chicago (IETF meeting) I discussed with Jeff > Weinstein, Netscape, the problem of certificate selection in an environment > where the client is populated with many similar certificates for different > purposes. > > We concluded that this is a general problem, not only for TLS, but for > S/MIME, Java, Java script, etc, where signing and encryption based on an > X.509 PKI is an option. I also conclude that the current TLS approach, > using Issuer name as selection criteria, is hopelessly insufficient for the > general case. > > In fact we can NEVER claim that we have an X.509 based architecture ready > for the big market IF WE DON'T SOLVE THIS PROBLEM. > > A normal user (I.e grandmother) will never be able to pick the right > certificate by herself, if there is more than 1 to pick. > > The question raised here is: > > WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. > > If we could create a standardized ASN.1 data type with the purpose of > defining the criteria for selecting 1 out of n certificates, then this > could be used as a common base for enhancing TLS, Java, Java script, S/MIME > etc. > > The data type could be communicated from server to client, client to > server, server to server, client to client; I.e in any case where one party > which to assist another party in selecting an appropriate certificate for > any purpose (defined by the context). > > Do anyone have a better idea. > > I think this is a lost problem that has to be fixed, hopefully in a > standardized way. > > Comments, suggestions. > > /Stefan Santesson > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systems$BgL(Berhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malm$Bö (B Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22412 for ietf-pkix-bks; Thu, 24 Sep 1998 08:55:58 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22408 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 08:55:56 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id MAA24293 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:02:10 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id MAA24288 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:02:09 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id MAA15598 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:01:26 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000285171@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 12:02:06 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDE7B3.263212E0@avenger.missi.ncsc.mil>; Thu, 24 Sep 1998 12:02:06 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980924160205Z-6343@avenger.missi.ncsc.mil> From: "Miklos, Sue A." <samiklo@missi.ncsc.mil> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'list@seis.nc-forum.com'" <list@seis.nc-forum.com>, "'ietf-tls@consensus.com'" <ietf-tls@consensus.com>, "'cert-talk@structuredarts.com'" <cert-talk@structuredarts.com>, "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: NEW Data type for certificate selection ? Date: Thu, 24 Sep 1998 12:02:05 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01BDE7B3.26345CD0" Sender: owner-ietf-pkix@imc.org Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------ =_NextPart_000_01BDE7B3.26345CD0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 Please consider the following matching rules for certificates, based on the X.500 series. I would really like to see products developed that can invoke them (as client) and products developed that can retrieve them from the storage (as repository). I am not advocating this exact syntax, but something very similar would be extremely beneficial. Sandi >---------- >From: Stefan Santesson[SMTP:stefan@accurata.se] >Sent: Thursday, September 24, 1998 8:41 AM >To: ietf-pkix@imc.org; list@seis.nc-forum.com; ietf-tls@consensus.com; >cert-talk@structuredarts.com >Subject: NEW Data type for certificate selection ? > >All, > >During the TLS session in Chicago (IETF meeting) I discussed with Jeff >Weinstein, Netscape, the problem of certificate selection in an = environment >where the client is populated with many similar certificates for = different >purposes. > >We concluded that this is a general problem, not only for TLS, but for >S/MIME, Java, Java script, etc, where signing and encryption based on = an >X.509 PKI is an option. I also conclude that the current TLS approach, >using Issuer name as selection criteria, is hopelessly insufficient for = the >general case. > >In fact we can NEVER claim that we have an X.509 based architecture = ready >for the big market IF WE DON'T SOLVE THIS PROBLEM. > >A normal user (I.e grandmother) will never be able to pick the right >certificate by herself, if there is more than 1 to pick. > >The question raised here is: > >WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD = START. > >If we could create a standardized ASN.1 data type with the purpose of >defining the criteria for selecting 1 out of n certificates, then this >could be used as a common base for enhancing TLS, Java, Java script, = S/MIME >etc. > >The data type could be communicated from server to client, client to >server, server to server, client to client; I.e in any case where one = party >which to assist another party in selecting an appropriate certificate = for >any purpose (defined by the context). > >Do anyone have a better idea. > >I think this is a lost problem that has to be fixed, hopefully in a >standardized way. > >Comments, suggestions. > >/Stefan Santesson >------------------------------------------------------------------- >Stefan Santesson <stefan@accurata.se> >Accurata Systems=E4kerhet AB =20 >Lotsgatan 27 D Tel. +46-40 152211 =20 >216 42 Malm=F6 Fax. +46-40 150790 =20 >Sweden Mobile +46-70 5247799 > >PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >------------------------------------------------------------------- > ------ =_NextPart_000_01BDE7B3.26345CD0 Content-Type: application/msword; name="MATCH.DOC" Content-Transfer-Encoding: base64 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAOwADAP7/CQAGAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAA EAAAAgAAAAEAAAD+////AAAAAAAAAAD///////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////9 ////HgAAAP7///8fAAAABQAAAAYAAAAHAAAACAAAAAkAAAAKAAAACwAAAAwAAAANAAAADgAAAA8A AAAQAAAAEQAAABIAAAATAAAAFAAAABUAAAAWAAAAFwAAABgAAAAZAAAAGgAAABsAAAAcAAAAHQAA ACAAAAD+/////v///yEAAAAiAAAAIwAAACQAAAAlAAAAJgAAACcAAAAoAAAAKQAAACoAAAArAAAA LAAAAP7///////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////1IA bwBvAHQAIABFAG4AdAByAHkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAWAAUA//////////8DAAAAAAkCAAAAAADAAAAAAAAARgAAAAAAAAAAAAAAAIZMlDsA6rwB AwAAAIADAAAAAAAAAQBDAG8AbQBwAE8AYgBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAABIAAgH///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAYgAAAAAAAABXAG8AcgBkAEQAbwBjAHUAbQBlAG4AdAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGgACAf////8EAAAA/////wAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAdTQAAAAAAAE8AYgBqAGUAYwB0AFAAbwBv AGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAEBAQAAAAIA AAD/////AAAAAAAAAAAAAAAAAAAAAAAAAACGTJQ7AOq8AYZMlDsA6rwBAAAAANQNNBRABNQNAQAA AP7///8DAAAABAAAAAUAAAAGAAAABwAAAAgAAAAJAAAACgAAAAsAAAAMAAAADQAAAP7///////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////8BAP7/ AwoAAP////8ACQIAAAAAAMAAAAAAAABGHAAAAE1pY3Jvc29mdCBXb3JkIDYuMCBEb2N1bWVudAAK AAAATVNXb3JkRG9jABAAAABXb3JkLkRvY3VtZW50LjYAAAAAADsAAwD+/wkABgAAAAAAAAAAAAAA AQAAAAEAAAAAAP7/AAADCgAAAAAAAAAAAAAAAAAAAAAAAAEAAADghZ/y+U9oEKuRCAArJ7PZMAAA ALACAAAOAAAABwAAAJgAAAACAAAA3AAAAAQAAAAAAQAACAAAACQBAAAMAAAASAEAAAsAAABsAQAA DQAAAJABAAAPAAAAtAEAABAAAADYAQAACgAAAPwBAAASAAAAIAIAAA4AAABEAgAACQAAAGgCAAAT AAAAjAIAAP//////////////////////////////////////////HgAAACgAAABDOlxNU09GRklD RVxXSU5XT1JEXFRFTVBMQVRFXE5PUk1BTC5ET1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAAAAFAAA ADEyLjcJTWF0Y2hpbmcgcnVsZXMAAAAAAAAAAAAeAAAADgAAAFN1ZSBBLiBNaWtsb3MAAAAAAAAA AAAAAAAAAAAeAAAADgAAAFN1ZSBBLiBNaWtsb3MAAAAAAAAAAAAAAAAAAABAAAAAhn3TndylZQA9 wAkEAAAAAGUAAAAAAAAAAAAAAAADAAAHMwAAHU0AAAAAAAAAAAAAAAAAAAAAAAAHMAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARAAAKAMAAABEAAAoAwAAKEcAAAAAAAAoRwAAAAAA AChHAAAAAAAAKEcAAAAAAAAoRwAAFAAAAKJHAAA8AAAAokcAAAAAAADeRwAAAAAAAN5HAAAAAAAA 3kcAAAAAAADeRwAAFgAAAPRHAAAiAAAAokcAAAAAAAAjTAAAZQAAABZIAAAAAAAAFkgAAAAAAAAW SAAAAAAAABZIAAAAAAAAFkgAAAAAAAAWSAAAAAAAABZIAAAAAAAAFkgAAAAAAAA4SAAAAgAAADpI AAAAAAAAOkgAAAAAAAA6SAAAIwAAAF1IAADUAQAAMUoAANQBAAAFTAAAHgAAAIhMAABUAAAA3EwA AEEAAAAjTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoRwAAAAAAABZIAAAAAAAAAAAaAB0AAwAFABZI AAAAAAAAFkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFkgAAAAAAAAWSAAAAAAAACNMAAAAAAAAFkgA AAAAAAAoRwAAAAAAAChHAAAAAAAAFkgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFkgAAAAAAAAWSAAA AAAAABZIAAAAAAAAFkgAAAAAAAAWSAAAAAAAAChHAAAAAAAAFkgAAAAAAAAoRwAAAAAAABZIAAAA AAAAOEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPEcAACYAAABiRwAAQAAAAChHAAAAAAAAKEcAAAAA AAAoRwAAAAAAAChHAAAAAAAAFkgAAAAAAAA4SAAAAAAAABZIAAAiAAAAFkgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAEVYQ0VSUFRTIEZST00gVEhFIDE5OTcgWC41MDAgU2VyaWVz IG9mIFJlY29tbWVuZGF0aW9ucyBmb3IgSW5mb3JtYXRpb25hbCBQdXJwb3NlcyBPbmx5Lg0NMTIu NwlNYXRjaGluZyBydWxlcw1UaGlzIERpcmVjdG9yeSBTcGVjaWZpY2F0aW9uIGRlZmluZXMgbWF0 Y2hpbmcgcnVsZXMgZm9yIHVzZSB3aXRoIGF0dHJpYnV0ZXMgb2YgdHlwZSBDZXJ0aWZpY2F0ZSwg Q2VydGlmaWNhdGVQYWlyLCBDZXJ0aWZpY2F0ZUxpc3QsIGFuZCBTdXBwb3J0ZWRBbGdvcml0aG0s IHJlc3BlY3RpdmVseS4NMTIuNy4xCUNlcnRpZmljYXRlIGV4YWN0IG1hdGNoDVRoZSBjZXJ0aWZp Y2F0ZSBleGFjdCBtYXRjaCBydWxlIGNvbXBhcmVzIGZvciBlcXVhbGl0eSBhIHByZXNlbnRlZCB2 YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1ZSBvZiB0eXBlIENlcnRpZmljYXRlLiBJdCB1bmlx dWVseSBzZWxlY3RzIGEgc2luZ2xlIGNlcnRpZmljYXRlLg1jZXJ0aWZpY2F0ZUV4YWN0TWF0Y2gg TUFUQ0hJTkctUlVMRSA6Oj0gewsJU1lOVEFYCQlDZXJ0aWZpY2F0ZUV4YWN0QXNzZXJ0aW9uCwlJ RAkJCWlkLW1yLWNlcnRpZmljYXRlRXhhY3RNYXRjaCB9DUNlcnRpZmljYXRlRXhhY3RBc3NlcnRp b24gOjo9IFNFUVVFTkNFIHsLCXNlcmlhbE51bWJlcgkJQ2VydGlmaWNhdGVTZXJpYWxOdW1iZXIs Cwlpc3N1ZXIJCQlOYW1lIH0NVGhpcyBtYXRjaGluZyBydWxlIHJldHVybnMgVFJVRSBpZiB0aGUg Y29tcG9uZW50cyBpbiB0aGUgYXR0cmlidXRlIHZhbHVlIG1hdGNoIHRob3NlIGluIHRoZSBwcmVz ZW50ZWQgdmFsdWUuDTEyLjcuMglDZXJ0aWZpY2F0ZSBtYXRjaA1UaGUgY2VydGlmaWNhdGUgbWF0 Y2ggcnVsZSBjb21wYXJlcyBhIHByZXNlbnRlZCB2YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1 ZSBvZiB0eXBlIENlcnRpZmljYXRlLiBJdCBzZWxlY3RzIG9uZSBvciBtb3JlIGNlcnRpZmljYXRl cyBvbiB0aGUgYmFzaXMgb2YgdmFyaW91cyBjaGFyYWN0ZXJpc3RpY3MuDWNlcnRpZmljYXRlTWF0 Y2ggTUFUQ0hJTkctUlVMRSA6Oj0gewsJU1lOVEFYCQlDZXJ0aWZpY2F0ZUFzc2VydGlvbgsJSUQJ CQlpZC1tci1jZXJ0aWZpY2F0ZU1hdGNoIH0NQ2VydGlmaWNhdGVBc3NlcnRpb24gOjo9IFNFUVVF TkNFIHsLCXNlcmlhbE51bWJlcgkJWzBdIENlcnRpZmljYXRlU2VyaWFsTnVtYmVyCQlPUFRJT05B TCwLCWlzc3VlcgkJCQlbMV0gTmFtZSAJCQlPUFRJT05BTCwLCXN1YmplY3RLZXlJZGVudGlmaWVy CVsyXSBTdWJqZWN0S2V5SWRlbnRpZmllcgkJT1BUSU9OQUwsCwlhdXRob3JpdHlLZXlJZGVudGlm aWVyCVszXSBBdXRob3JpdHlLZXlJZGVudGlmaWVyIAkJT1BUSU9OQUwsCwljZXJ0aWZpY2F0ZVZh bGlkCQlbNF0gVVRDVGltZQkJCU9QVElPTkFMLAsJcHJpdmF0ZUtleVZhbGlkCQlbNV0gR2VuZXJh bGl6ZWRUaW1lCQlPUFRJT05BTCwLCXN1YmplY3RQdWJsaWNLZXlBbGdJRAlbNl0gT0JKRUNUIElE RU5USUZJRVIJCU9QVElPTkFMLAsJa2V5VXNhZ2UJCQlbN10gS2V5VXNhZ2UJCQlPUFRJT05BTCwL CXN1YmplY3RBbHROYW1lCQlbOF0gQWx0TmFtZVR5cGUJCU9QVElPTkFMLAsJcG9saWN5CQkJCVs5 XSBDZXJ0UG9saWN5U2V0CQlPUFRJT05BTCwLCXBhdGhUb05hbWUJCVsxMF0gTmFtZQkJCU9QVElP TkFMIH0NQWx0TmFtZVR5cGUgOjo9IENIT0lDRSB7IAsJYnVpbHRpbk5hbWVGb3JtCUVOVU1FUkFU RUQgewsJCQkJCXJmYzgyMk5hbWUJCSgxKSwLCQkJCQlkTlNOYW1lCQkoMiksCwkJCQkJeDQwMEFk ZHJlc3MJCSgzKSwLCQkJCQlkaXJlY3RvcnlOYW1lCSg0KSwLCQkJCQllZGlQYXJ0eU5hbWUJCSg1 KSwLCQkJCQl1bmlmb3JtUmVzb3VyY2VJZGVudGlmaWVyICg2KSwLCQkJCQlpUEFkZHJlc3MJCSg3 KSwLCQkJCQlyZWdpc3RlcmVkSWQJCSg4KSB9LAsJb3RoZXJOYW1lRm9ybQlPQkpFQ1QgSURFTlRJ RklFUiB9DVRoaXMgbWF0Y2hpbmcgcnVsZSByZXR1cm5zIFRSVUUgaWYgYWxsIG9mIHRoZSBjb21w b25lbnRzIHRoYXQgYXJlIHByZXNlbnQgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZSBtYXRjaCB0aGUg Y29ycmVzcG9uZGluZyBjb21wb25lbnRzIG9mIHRoZSBhdHRyaWJ1dGUgdmFsdWUsIGFzIGZvbGxv d3M6DWEpCXNlcmlhbE51bWJlciBtYXRjaGVzIGlmIHRoZSB2YWx1ZSBvZiB0aGlzIGNvbXBvbmVu dCBpbiB0aGUgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVzZW50ZWQgdmFs dWU7DWIpCWlzc3VlciBtYXRjaGVzIGlmIHRoZSB2YWx1ZSBvZiB0aGlzIGNvbXBvbmVudCBpbiB0 aGUgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVzZW50ZWQgdmFsdWU7DWMp CXN1YmplY3RLZXlJZGVudGlmaWVyIG1hdGNoZXMgaWYgdGhlIHZhbHVlIG9mIHRoaXMgY29tcG9u ZW50IGluIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVz ZW50ZWQgdmFsdWU7IHRoZXJlIGlzIG5vIG1hdGNoIGlmIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZh bHVlIGNvbnRhaW5zIG5vIHN1YmplY3Qga2V5IGlkZW50aWZpZXIgZXh0ZW5zaW9uOw1kKQlhdXRo b3JpdHlLZXlJZGVudGlmaWVyIG1hdGNoZXMgaWYgdGhlIHZhbHVlIG9mIHRoaXMgY29tcG9uZW50 IGluIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlIGVxdWFscyB0aGF0IGluIHRoZSBwcmVzZW50 ZWQgdmFsdWU7IHRoZXJlIGlzIG5vIG1hdGNoIGlmIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVl IGNvbnRhaW5zIG5vIGF1dGhvcml0eSBrZXkgaWRlbnRpZmllciBleHRlbnNpb24gb3IgaWYgbm90 IGFsbCBjb21wb25lbnRzIGluIHRoZSBwcmVzZW50ZWQgdmFsdWUgYXJlIHByZXNlbnQgaW4gdGhl IHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWU7DWUpCWNlcnRpZmljYXRlVmFsaWQgbWF0Y2hlcyBpZiB0 aGUgcHJlc2VudGVkIHZhbHVlIGZhbGxzIHdpdGhpbiB0aGUgdmFsaWRpdHkgcGVyaW9kIG9mIHRo ZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOw1mKQlwcml2YXRlS2V5VmFsaWQgbWF0Y2hlcyBpZiB0 aGUgcHJlc2VudGVkIHZhbHVlIGZhbGxzIHdpdGhpbiB0aGUgcGVyaW9kIGluZGljYXRlZCBieSB0 aGUgcHJpdmF0ZSBrZXkgdXNhZ2UgcGVyaW9kIGV4dGVuc2lvbiBvZiB0aGUgc3RvcmVkIGF0dHJp YnV0ZSB2YWx1ZSBvciBpZiB0aGVyZSBpcyBubyBwcml2YXRlIGtleSB1c2FnZSBwZXJpb2QgZXh0 ZW5zaW9uIGluIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOw1nKQlzdWJqZWN0UHVibGljS2V5 QWxnSUQgbWF0Y2hlcyBpZiBpdCBpcyBlcXVhbCB0byB0aGUgYWxnb3JpdGhtIGNvbXBvbmVudCBv ZiB0aGUgYWxnb3JpdGhtSWRlbnRpZmllciBvZiB0aGUgc3ViamVjdFB1YmxpY0tleUluZm9ybWF0 aW9uIGNvbXBvbmVudCBvZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsNaCkJa2V5VXNhZ2Ug bWF0Y2hlcyBpZiBhbGwgb2YgdGhlIGJpdHMgc2V0IGluIHRoZSBwcmVzZW50ZWQgdmFsdWUgYXJl IGFsc28gc2V0IGluIHRoZSBrZXkgdXNhZ2UgZXh0ZW5zaW9uIGluIHRoZSBzdG9yZWQgYXR0cmli dXRlIHZhbHVlLCBvciBpZiB0aGVyZSBpcyBubyBrZXkgdXNhZ2UgZXh0ZW5zaW9uIGluIHRoZSBz dG9yZWQgYXR0cmlidXRlIHZhbHVlOw1pKQlzdWJqZWN0QWx0TmFtZSBtYXRjaGVzIGlmIHRoZSBz dG9yZWQgYXR0cmlidXRlIHZhbHVlIGNvbnRhaW5zIHRoZSBzdWJqZWN0IGFsdGVybmF0aXZlIG5h bWUgZXh0ZW5zaW9uIHdpdGggYW4gQWx0TmFtZXMgY29tcG9uZW50IG9mIHRoZSBzYW1lIG5hbWUg dHlwZSBhcyBpbmRpY2F0ZWQgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZTsNaikJcG9saWN5IG1hdGNo ZXMgaWYgYWxsIG9mIHRoZSBwb2xpY3kgZWxlbWVudHMgaWRlbnRpZmllZCBpbiBvbmUgb2YgdGhl IHByZXNlbnRlZCB2YWx1ZXMgYXJlIGNvbnRhaW5lZCBpbiB0aGUgc2V0IG9mIHBvbGljeUVsZW1l bnRJZHMgaW4gYW55IG9mIHRoZSBwb2xpY3lJbmZvcm1hdGlvbiB2YWx1ZXMgaW4gdGhlIGNlcnRp ZmljYXRlIHBvbGljaWVzIGV4dGVuc2lvbiBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsg IHRoZXJlIGlzIG5vIG1hdGNoIGlmIHRoZXJlIGlzIG5vIGNlcnRpZmljYXRlIHBvbGljaWVzIGV4 dGVuc2lvbiBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsNaykJcGF0aFRvTmFtZSBtYXRj aGVzIHVubGVzcyB0aGUgY2VydGlmaWNhdGUgaGFzIGEgbmFtZSBjb25zdHJhaW50cyBleHRlbnNp b24gd2hpY2ggaW5oaWJpdHMgdGhlIGNvbnN0cnVjdGlvbiBvZiBhIGNlcnRpZmljYXRpb24gcGF0 aCB0byB0aGUgcHJlc2VudGVkIG5hbWUgdmFsdWUuDTEyLjcuMwlDZXJ0aWZpY2F0ZSBwYWlyIGV4 YWN0IG1hdGNoDVRoZSBjZXJ0aWZpY2F0ZSBwYWlyIGV4YWN0IG1hdGNoIHJ1bGUgY29tcGFyZXMg Zm9yIGVxdWFsaXR5IGEgcHJlc2VudGVkIHZhbHVlIHdpdGggYW4gYXR0cmlidXRlIHZhbHVlIG9m IHR5cGUgQ2VydGlmaWNhdGVQYWlyLiBJdCB1bmlxdWVseSBzZWxlY3RzIGEgc2luZ2xlIGNyb3Nz LWNlcnRpZmljYXRlIHBhaXIuDWNlcnRpZmljYXRlUGFpckV4YWN0TWF0Y2ggTUFUQ0hJTkctUlVM RQk6Oj0JewsJU1lOVEFYCQlDZXJ0aWZpY2F0ZVBhaXJFeGFjdEFzc2VydGlvbgsJSUQJCQlpZC1t ci1jZXJ0aWZpY2F0ZVBhaXJFeGFjdE1hdGNoIH0NQ2VydGlmaWNhdGVQYWlyRXhhY3RBc3NlcnRp b24gOjo9IFNFUVVFTkNFIHsNCWZvcndhcmRBc3NlcnRpb24gCVswXSBDZXJ0aWZpY2F0ZUV4YWN0 QXNzZXJ0aW9uIE9QVElPTkFMLA0JcmV2ZXJzZUFzc2VydGlvbiAJWzFdIENlcnRpZmljYXRlRXhh Y3RBc3NlcnRpb24gT1BUSU9OQUwgfQ0JKCBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIGZvcndhcmRB c3NlcnRpb24gUFJFU0VOVH0gfA0JICBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIHJldmVyc2VBc3Nl cnRpb24gUFJFU0VOVH0gKQ1UaGlzIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBUUlVFIGlmIHRoZSBj b21wb25lbnRzIHRoYXQgYXJlIHByZXNlbnQgaW4gdGhlIGZvcndhcmRBc3NlcnRpb24gYW5kIHJl dmVyc2VBc3NlcnRpb24gY29tcG9uZW50cyBvZiB0aGUgcHJlc2VudGVkIHZhbHVlIG1hdGNoIHRo ZSBjb3JyZXNwb25kaW5nIGNvbXBvbmVudHMgb2YgdGhlIGZvcndhcmQgYW5kIHJldmVyc2UgY29t cG9uZW50cywgcmVzcGVjdGl2ZWx5LCBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZS4NMTIu Ny40CUNlcnRpZmljYXRlIHBhaXIgbWF0Y2gNVGhlIGNlcnRpZmljYXRlIHBhaXIgbWF0Y2ggcnVs ZSBjb21wYXJlcyBhIHByZXNlbnRlZCB2YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1ZSBvZiB0 eXBlIENlcnRpZmljYXRlUGFpci4gSXQgc2VsZWN0cyBvbmUgb3IgbW9yZSBjcm9zcy1jZXJ0aWZp Y2F0ZSBwYWlycyBvbiB0aGUgYmFzaXMgb2YgdmFyaW91cyBjaGFyYWN0ZXJpc3RpY3Mgb2YgZWl0 aGVyIHRoZSBmb3J3YXJkIG9yIHJldmVyc2UgY2VydGlmaWNhdGUgb2YgdGhlIHBhaXIuDWNlcnRp ZmljYXRlUGFpck1hdGNoIE1BVENISU5HLVJVTEUgOjo9CXsLCVNZTlRBWAkJQ2VydGlmaWNhdGVQ YWlyQXNzZXJ0aW9uCwlJRAkJCWlkLW1yLWNlcnRpZmljYXRlUGFpck1hdGNoIH0NQ2VydGlmaWNh dGVQYWlyQXNzZXJ0aW9uIDo6PSBTRVFVRU5DRSB7DQlmb3J3YXJkQXNzZXJ0aW9uIAlbMF0gQ2Vy dGlmaWNhdGVBc3NlcnRpb24gT1BUSU9OQUwsDQlyZXZlcnNlQXNzZXJ0aW9uIAlbMV0gQ2VydGlm aWNhdGVBc3NlcnRpb24gT1BUSU9OQUwgfQ0JKCBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIGZvcndh cmRBc3NlcnRpb24gUFJFU0VOVH0gfA0JICBXSVRIIENPTVBPTkVOVFMgCXsuLi4sIHJldmVyc2VB c3NlcnRpb24gUFJFU0VOVH0gKQ1UaGlzIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBUUlVFIGlmIGFs bCBvZiB0aGUgY29tcG9uZW50cyB0aGF0IGFyZSBwcmVzZW50IGluIHRoZSBmb3J3YXJkQXNzZXJ0 aW9uIGFuZCByZXZlcnNlQXNzZXJ0aW9uIGNvbXBvbmVudHMgb2YgdGhlIHByZXNlbnRlZCB2YWx1 ZSBtYXRjaCB0aGUgY29ycmVzcG9uZGluZyBjb21wb25lbnRzIG9mIHRoZSBmb3J3YXJkIGFuZCBy ZXZlcnNlIGNvbXBvbmVudHMsIHJlc3BlY3RpdmVseSwgaW4gdGhlIHN0b3JlZCBhdHRyaWJ1dGUg dmFsdWUsIHVzaW5nIHRoZSBydWxlcyBnaXZlbiBpbiAxMi43LjIuDTEyLjcuNQlDZXJ0aWZpY2F0 ZSBsaXN0IGV4YWN0IG1hdGNoDVRoZSBjZXJ0aWZpY2F0ZSBsaXN0IGV4YWN0IG1hdGNoIHJ1bGUg Y29tcGFyZXMgZm9yIGVxdWFsaXR5IGEgcHJlc2VudGVkIHZhbHVlIHdpdGggYW4gYXR0cmlidXRl IHZhbHVlIG9mIHR5cGUgQ2VydGlmaWNhdGVMaXN0LiBJdCB1bmlxdWVseSBzZWxlY3RzIGEgc2lu Z2xlIENSTC4NY2VydGlmaWNhdGVMaXN0RXhhY3RNYXRjaCBNQVRDSElORy1SVUxFCTo6PQl7CwlT WU5UQVgJCUNlcnRpZmljYXRlTGlzdEV4YWN0QXNzZXJ0aW9uCwlJRAkJCWlkLW1yLWNlcnRpZmlj YXRlTGlzdEV4YWN0TWF0Y2ggfQ1DZXJ0aWZpY2F0ZUxpc3RFeGFjdEFzc2VydGlvbiA6Oj0gU0VR VUVOQ0Ugew0JaXNzdWVyCQkJTmFtZSwNCXRoaXNVcGRhdGUJCVVUQ1RpbWUsDQlkaXN0cmlidXRp b25Qb2ludAlEaXN0cmlidXRpb25Qb2ludE5hbWUgT1BUSU9OQUwgfQ1UaGUgcnVsZSByZXR1cm5z IFRSVUUgaWYgdGhlIGNvbXBvbmVudHMgaW4gdGhlIHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWUgbWF0 Y2ggdGhvc2UgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZS4gSWYgdGhlIGRpc3RyaWJ1dGlvblBvaW50 IGNvbXBvbmVudCBpcyBwcmVzZW50IHRoZW4gaXQgbXVzdCBtYXRjaCBpbiBhdCBsZWFzdCBvbmUg bmFtZSBmb3JtLg0xMi43LjYJQ2VydGlmaWNhdGUgbGlzdCBtYXRjaA1UaGUgY2VydGlmaWNhdGUg bGlzdCBtYXRjaCBydWxlIGNvbXBhcmVzIGEgcHJlc2VudGVkIHZhbHVlIHdpdGggYW4gYXR0cmli dXRlIHZhbHVlIG9mIHR5cGUgQ2VydGlmaWNhdGVMaXN0LiBJdCBzZWxlY3RzIG9uZSBvciBtb3Jl IENSTHMgb24gdGhlIGJhc2lzIG9mIHZhcmlvdXMgY2hhcmFjdGVyaXN0aWNzLg1jZXJ0aWZpY2F0 ZUxpc3RNYXRjaCBNQVRDSElORy1SVUxFIDo6PSB7DQlTWU5UQVgJQ2VydGlmaWNhdGVMaXN0QXNz ZXJ0aW9uCwlJRAkJaWQtbXItY2VydGlmaWNhdGVMaXN0TWF0Y2ggfQ1DZXJ0aWZpY2F0ZUxpc3RB c3NlcnRpb24gOjo9IFNFUVVFTkNFIHsNCWlzc3VlcgkJCU5hbWUJT1BUSU9OQUwsDQltaW5DUkxO dW1iZXIJCVswXQlDUkxOdW1iZXIJT1BUSU9OQUwsCwltYXhDUkxOdW1iZXIJCVsxXQlDUkxOdW1i ZXIJT1BUSU9OQUwsCwlyZWFzb25GbGFncwkJUmVhc29uRmxhZ3MJT1BUSU9OQUwsCwlkYXRlQW5k VGltZQkJVVRDVGltZQlPUFRJT05BTCwNCWRpc3RyaWJ1dGlvblBvaW50CQlbMl0JRGlzdHJpYnV0 aW9uUG9pbnROYW1lIE9QVElPTkFMIH0NVGhlIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBUUlVFIGlm IGFsbCBvZiB0aGUgY29tcG9uZW50cyB0aGF0IGFyZSBwcmVzZW50IGluIHRoZSBwcmVzZW50ZWQg dmFsdWUgbWF0Y2ggdGhlIGNvcnJlc3BvbmRpbmcgY29tcG9uZW50cyBvZiB0aGUgc3RvcmVkIGF0 dHJpYnV0ZSB2YWx1ZSwgYXMgZm9sbG93czoNYSkJaXNzdWVyIG1hdGNoZXMgaWYgdGhlIHZhbHVl IG9mIHRoaXMgY29tcG9uZW50IGluIHRoZSBhdHRyaWJ1dGUgdmFsdWUgZXF1YWxzIHRoYXQgaW4g dGhlIHByZXNlbnRlZCB2YWx1ZTsNYikJbWluQ1JMTnVtYmVyIG1hdGNoZXMgaWYgaXRzIHZhbHVl IGlzIGxlc3MgdGhhbiBvciBlcXVhbCB0byB0aGUgdmFsdWUgaW4gdGhlIENSTCBudW1iZXIgZXh0 ZW5zaW9uIG9mIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOyB0aGVyZSBpcyBubyBtYXRjaCBp ZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyBubyBDUkwgbnVtYmVyIGV4dGVu c2lvbjsNYykJbWF4Q1JMTnVtYmVyIG1hdGNoZXMgaWYgaXRzIHZhbHVlIGlzIGdyZWF0ZXIgdGhh biBvciBlcXVhbCB0byB0aGUgdmFsdWUgaW4gdGhlIENSTCBudW1iZXIgZXh0ZW5zaW9uIG9mIHRo ZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlOyB0aGVyZSBpcyBubyBtYXRjaCBpZiB0aGUgc3RvcmVk IGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyBubyBDUkwgbnVtYmVyIGV4dGVuc2lvbjsNZCkJcmVh c29uRmxhZ3MgbWF0Y2hlcyBpZiBhbnkgb2YgdGhlIGJpdHMgdGhhdCBhcmUgYXJlIHNldCBpbiB0 aGUgcHJlc2VudGVkIHZhbHVlIGFyZSBhbHNvIHNldCBpbiB0aGUgb25seVNvbWVSZWFzb25zIGNv bXBvbmVudHMgb2YgdGhlIGlzc3VpbmcgZGlzdHJpYnV0aW9uIHBvaW50IGV4dGVuc2lvbiBvZiB0 aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsgdGhlcmUgaXMgbm8gbWF0Y2ggaWYgdGhlIHN0b3Jl ZCBhdHRyaWJ1dGUgdmFsdWUgY29udGFpbnMgbm8gaXNzdWluZyBkaXN0cmlidXRpb24gcG9pbnQg ZXh0ZW5zaW9uOw1lKQlkYXRlQW5kVGltZSBtYXRjaGVzIGlmIHRoZSB2YWx1ZSBpcyBlcXVhbCB0 byBvciBsYXRlciB0aGFuIHRoZSB2YWx1ZSBpbiB0aGUgdGhpc1VwZGF0ZSBjb21wb25lbnQgb2Yg dGhlIHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWUgYW5kIGlzIGVhcmxpZXIgdGhhbiB0aGUgdmFsdWUg aW4gdGhlIG5leHRVcGRhdGUgY29tcG9uZW50IG9mIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVl OyB0aGVyZSBpcyBubyBtYXRjaCBpZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlu cyBubyBuZXh0VXBkYXRlIGNvbXBvbmVudDsNZikJZGlzdHJpYnV0aW9uUG9pbnQgbWF0Y2hlcyBp ZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyBhbiBpc3N1aW5nIGRpc3RyaWJ1 dGlvbiBwb2ludCBleHRlbnNpb24gYW5kIHRoZSB2YWx1ZSBvZiB0aGlzIGNvbXBvbmVudCBpbiB0 aGUgcHJlc2VudGVkIHZhbHVlIGVxdWFscyB0aGUgY29ycmVzcG9uZGluZyB2YWx1ZSwgaW4gYXQg bGVhc3Qgb25lIG5hbWUgZm9ybSwgaW4gdGhhdCBleHRlbnNpb24uDTEyLjcuNwlBbGdvcml0aG0g aWRlbnRpZmllciBtYXRjaA1UaGUgYWxnb3JpdGhtIGlkZW50aWZpZXIgbWF0Y2ggcnVsZSBjb21w YXJlcyBmb3IgZXF1YWxpdHkgYSBwcmVzZW50ZWQgdmFsdWUgd2l0aCBhbiBhdHRyaWJ1dGUgdmFs dWUgb2YgdHlwZSBTdXBwb3J0ZWRBbGdvcml0aG0uIA1hbGdvcml0aG1JZGVudGlmaWVyTWF0Y2gg TUFUQ0hJTkctUlVMRQk6Oj0gICB7CwlTWU5UQVgJCUFsZ29yaXRobUlkZW50aWZpZXILCUlECQkJ aWQtbXItYWxnb3JpdGhtSWRlbnRpZmllck1hdGNoIH0NVGhlIHJ1bGUgcmV0dXJucyBUUlVFIGlm IHRoZSBwcmVzZW50ZWQgdmFsdWUgaXMgZXF1YWwgdG8gdGhlIGFsZ29yaXRobUlkZW50aWZpZXIg Y29tcG9uZW50IG9mIHRoZSBzdG9yZWQgYXR0cmlidXRlIHZhbHVlLg0xMy4zCUF0dHJpYnV0ZSBD ZXJ0aWZpY2F0ZSBNYXRjaGluZyBSdWxlDVRoZSBhdHRyaWJ1dGUgY2VydGlmaWNhdGUgbWF0Y2hp bmcgcnVsZSBjb21wYXJlcyBhIHByZXNlbnRlZCB2YWx1ZSB3aXRoIGFuIGF0dHJpYnV0ZSB2YWx1 ZSBvZiB0eXBlIEF0dHJpYnV0ZUNlcnRpZmljYXRlLiBUaGlzIG1hdGNoaW5nIHJ1bGVzIGFsbG93 cyBtb3JlIGNvbXBsZXggbWF0Y2hpbmcgdGhhbiB0aGUgY2VydGlmaWNhdGVFeGFjdE1hdGNoLg1h dHRyaWJ1dGVDZXJ0aWZpY2F0ZU1hdGNoICBNQVRDSElORy1SVUxFICA6Oj0gIHsLCVNZTlRBWAlB dHRyaWJ1dGVDZXJ0aWZpY2F0ZUFzc2VydGlvbgsJSUQJCWlkLW1yLWF0dHJpYnV0ZUNlcnRpZmlj YXRlTWF0Y2ggIH0NQXR0cmlidXRlQ2VydGlmaWNhdGVBc3NlcnRpb24gIDo6PSAgU0VRVUVOQ0Ug IHsLCXN1YmplY3QJWzBdCUNIT0lDRSB7CwkJYmFzZUNlcnRpZmljYXRlSUQJWzBdICBJc3N1ZXJT ZXJpYWwsCwkJc3ViamVjdE5hbWUJCVsxXSAgR2VuZXJhbE5hbWVzfSBPUFRJT05BTCwLCWlzc3Vl cgkJWzFdCUdlbmVyYWxOYW1lcyBPUFRJT05BTCwLCWF0dENlcnRWYWxpZAlbMl0JR2VuZXJhbGl6 ZWRUaW1lIE9QVElPTkFMLA0JYXR0VHlwZQlbM10JU0VUIE9GIEF0dHJpYnV0ZVR5cGUgT1BUSU9O QUx9DZUJQXQgbGVhc3Qgb25lIGNvbXBvbmVudCBvZiB0aGUgc2VxdWVuY2UgbXVzdCBiZSBwcmVz ZW50DVRoZSBtYXRjaGluZyBydWxlIHJldHVybnMgVFJVRSBpZiBhbGwgb2YgdGhlIGNvbXBvbmVu dHMgdGhhdCBhcmUgcHJlc2VudCBpbiB0aGUgcHJlc2VudGVkIHZhbHVlIG1hdGNoIHRoZSBjb3Jy ZXNwb25kaW5nIGNvbXBvbmVudHMgb2YgdGhlIGF0dHJpYnV0ZSB2YWx1ZSwgYXMgZm9sbG93czoN YSkJYmFzZUNlcnRpZmljYXRlSUQgbWF0Y2hlcyBpZiBpdCBpcyBlcXVhbCB0byB0aGUgSXNzdWVy U2VyaWFsIGNvbXBvbmVudCBvZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZTsNYikJc3ViamVj dE5hbWUgbWF0Y2hlcyBpZiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZSBjb250YWlucyB0aGUg bmFtZSBleHRlbnNpb24gd2l0aCB0aGUgc2FtZSBuYW1lIHR5cGUgYXMgaW5kaWNhdGVkIGluIHRo ZSBwcmVzZW50ZWQgdmFsdWU7DWMpCWlzc3VlciBtYXRjaGVzIGlmIHRoZSBzdG9yZWQgYXR0cmli dXRlIHZhbHVlIGNvbnRhaW5zIHRoZSBuYW1lIGNvbXBvbmVudCBvZiB0aGUgc2FtZSBuYW1lIHR5 cGUgYXMgaW5kaWNhdGVkIGluIHRoZSBwcmVzZW50ZWQgdmFsdWU7DWQpCWF0dENlcnRWYWxpZGQg bWF0Y2hlcyBpZiBpdCBmYWxscyB3aXRoaW4gdGhlIHNwZWNpZmllZCB2YWxpZGl0eSBwZXJpb2Qg b2YgdGhlIHN0b3JlZCBhdHRyaWJ1dGUgdmFsdWUuDWUpIAlmb3IgZWFjaCBhdHRUeXBlIGluIHRo ZSBwcmVzZW50ZWQgdmFsdWUsIHRoZXJlIGlzIGFuIGF0dHJpYnV0ZSBvZiB0aGF0IHR5cGUgcHJl c2VudCBpbiB0aGUgYXR0cmlidXRlcyBjb21wb25lbnQgb2YgdGhlIHN0b3JlZCB2YWx1ZS4NMTgu Mi40CVJlYWRlciBhbmQgS2V5IElkZW50aWZpZXIgTWF0Y2hpbmcgUnVsZQ1BIG1hdGNoaW5nIHJ1 bGUgZm9yIGEgbGlzdCBvZiBhdXRob3JpemVkIHJlYWRlcnMgYW5kIHRoZWlyIGFzc29jaWF0ZWQg a2V5cyBpcyBhcyBmb2xsb3dzOg1yZWFkZXJBbmRLZXlJRE1hdGNoIE1BVENISU5HLVJVTEUgIDo6 PSAgewsJU1lOVEFYCVJlYWRlckFuZEtleUlEQXNzZXJ0aW9uCwlJRAkJaWQtbXItcmVhZGVyQW5k S2V5SURNYXRjaCAgfQ1SZWFkZXJBbmRLZXlJREFzc2VydGlvbiAgOjo9ICBTRVFVRU5DRSB7DQsJ a2V5SWRlbnRpZmllcglLZXlJZGVudGlmaWVyLAsJYXV0aFJlYWRlcnMJQXV0aFJlYWRlcnMgT1BU SU9OQUwgIH0NVGhlIG1hdGNoaW5nIHJ1bGUgcmV0dXJucyBhIFRSVUUgaWYgYWxsIG9mIHRoZSBj b21wb25lbnRzIHRoYXQgYXJlIHByZXNlbnQgaW4gdGhlIHByZXNlbnRlZCB2YWx1ZSBtYXRjaCB0 aGUgY29ycmVzcG9uZGluZyBjb21wb25lbnRzIG9mIHRoZSBhdHRyaWJ1dGUgdmFsdWUsIGFzIGZv bGxvd3M6DWEpCWtleUlkZW50aWZpZXIgbWF0Y2hlcyBpZiBpdCBpcyBlcXVhbCB0byB0aGUga2V5 SWRlbnRpZmllciBjb21wb25lbnQgb2YgdGhlIFByb3RlY3RlZEtleSBpbiB0aGUgc3RvcmVkIGF0 dHJpYnV0ZSB2YWx1ZTsNYikJaWYgcHJlc2VudCB0aGUgYXV0aFJlYWRlcnMgbWF0Y2hlcyBpZiBp dCBpcyBlcXVhbCB0byBvbmUgb2YgdGhlIG5hbWVzIGluIHRoZSBhdXRoUmVhZGVycyBjb21wb25l bnQgb2YgdGhlIFByb3RlY3RlZEtleSBpbiB0aGUgc3RvcmVkIGF0dHJpYnV0ZSB2YWx1ZS4NDQ0N DQ0NDQ0NDQ0NUmVmLg1uby4HTWF0Y2hpbmcgUnVsZQdEB0FDUCAxMzMHTm90ZXMNKG15IHJlY29t bWVuZGVkIG9yZGVyIGZvciBzdXBwb3J0ICNuKQcHMS4HYWxnb3JpdGhtSWRlbnRpZmllck1hdGNo B28HbQcjMQcHMi4HYXR0cmlidXRlQ2VydGlmaWNhdGVNYXRjaAdvB20HIzYHBzMuB2F0dHJpYnV0 ZUludGVncml0eU1hdGNoB28HbwcHBzQuB2NlcnRpZmljYXRlRXhhY3RNYXRjaAdvB28HBwc1Lgdj ZXJ0aWZpY2F0ZUxpc3RFeGFjdE1hdGNoB28HbQcjNQcHNi4HY2VydGlmaWNhdGVMaXN0TWF0Y2gH bwdtByM0Bwc3LgdjZXJ0aWZpY2F0ZU1hdGNoB28HbQcjMgcHOC4HY2VydGlmaWNhdGVQYWlyRXhh Y3RNYXRjaAdvB28HBwc5LgdjZXJ0aWZpY2F0ZVBhaXJNYXRjaAdvB20HIzMHBzEwLgdyZWFkZXJB bmRLZXlJRE1hdGNoB28HbQdDb25kaXRpb25hbCBvbiBzdXBwb3J0IG9mIHRoZSBlbmNyeXB0ZWQg dmFyaWFudCBvZiBhdHRyaWJ1dGVzIGFzIGRlc2NyaWJlZCBpbiBQYXJhIDQwOCBvZiBBQ1AgMTMz DSM3BwcNDQ0NVGFibGUgZnJvbSBBQ1AgMTMzLCBBbm5leCBEIC0gVGFibGUgRC0xNS4NDVBsZWFz ZSBub3RlIHRoYXQgaXQgaXNuknQgdmFsaWQgZm9yIGEgRFNBIHRvIGJlIGFibGUgdG8gbWF0Y2gg YXNzZXJ0aW9ucywgdW5sZXNzIHRoZSBjbGllbnRzIGNhbiBhc3NlcnQgdGhlIG1hdGNoIGNyaXRl cmlhLg3QzxHgobEa4QAAAAAAAAAAAAAAAAAAAAA7AAMA/v8JAAYAAAAAAAAAAAAAAAEAAAABAAAA AAAAAAAQAAACAAAAAQAAAP7///8AAAAAAAAAAP////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////8FAFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0AYQB0 AGkAbwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAACAP///////////////wAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADgAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////// ////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPtsvAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAhjMCGQDqvAEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAGKYxQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAeAAAAEwAAAE1pY3Jvc29mdCBXb3JkIDYuMAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAeAAAAAgAAADQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQzxHgobEa4QAAAAAAAAAAAAAAAAAA AAA7AAMA/v8JAP////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// ////////////////////////////////AAMAAFkDAADBAwAAzAMAAM4DAADdAwAA3wMAAO4DAAD0 AwAABgQAABUEAAAWBAAAngQAAKkEAADUBAAA1QQAABQGAAAVBgAAhAYAAI8GAADdBgAA3gYAAC4L AAA6CwAAoAsAAKYLAAAMDAAAIAwAAOsMAAABDQAAKA4AADgOAACbDgAAqg4AAIsPAACgDwAAvw8A AMgPAADaDwAA7g8AAPUPAAAQEAAAPRAAAEUQAAALEQAAGREAAHgRAACAEQAAyREAAM8RAAA8EgAA TBIAAFsSAABsEgAAHBMAACYTAABOFAAAXRQAAJMUAACUFAAAaxYAAHsWAACAFgAAkBYAAN0WAADk FgAA6RYAAPAWAAApFwAAKhcAAKMXAACyFwAARBgAAEUYAAAFGgAAFRoAABoaAAAqGgAAdxoAAH4a AACDGgAAihoAAOQaAADlGgAAdxsAAIYbAACpGwAAqhsAAB8dAAAwHQAAcx0AAHQdAADtHQAA/B0A AGggAABpIAAAAP328Pb99v32/QD99v0A/QD99v0A/fb99v32/fb99v32/fb99v32/fb99v32/fb9 9v32/fb99v32/QD99v32/fb99v0A/fb9AP32/fb99v32/QD99v0A/fb9AP32/QAACl0DAGMSAEkB AAEADFWBXQMAYxIASQEAAQAESQEAAV9pIAAAbCAAAHIgAADYIAAA5CAAAK0hAAC5IQAAhSIAAJAi AADoIgAA9yIAALMjAAC+IwAA/yMAAAkkAABXJAAAYSQAAMckAADRJAAA4CQAAPEkAABcJgAAbiYA AHAmAABxJgAAIScAADQnAABdJwAAhycAAAAoAAA6KAAATygAAFEoAAABKQAACCkAAAkpAAANKQAA LikAAC8pAABPKQAAUCkAAFEpAABYKQAAXCkAAF0pAABeKQAAZykAAHEpAAB9KQAAgSkAAIIpAACO KQAA4ykAAOQpAADlKQAAHSoAAB4qAADEKgAAxSoAAMgqAADZKgAA+CoAAAQrAAAxKwAAPCsAAL8r AADFKwAARiwAAFMsAABzLAAAfSwAAKssAAC5LAAAwCwAAAstAAAWLQAAvi0AAJcuAABDLwAAUC8A AG8vAAB8LwAAji8AAJovAADMLwAA1i8AANcvAAAKMAAAFTAAACcwAAAzMAAA/fb99v32/fb99v32 /fb99v32/fb99v0A/fb9AP0A9AD9AP0A/QD9AP0A/QD9AP0A/QD9AP0A8ez9AP32/fb99v32/ef9 AP0A9AD0AOUA5wDnAPQA9ucA5wD0AAAAAANQFgAIVYFdAwBjEgAACFWBVoFJAQABAARVgVaBAAJV gQAMVYFdAwBjEgBJAQABAARJAQABWjMwAABfMAAAsDAAAMgwAADUMAAA7TAAADkxAABSMQAAXjEA AHIxAACaMQAAszEAAL0xAADRMQAA2TEAANoxAABcMgAABzMAAAD9+v36/fr9+v36/fr99/0AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVAWAFWBBEkBAAEAA1AWAAARAAMAAFgDAABZAwAAbQMAABYEAAA1BAAA1QQAAEYFAACoBQAA FQYAAC4GAADeBgAAQAcAAGUJAACDCgAAKwsAAJ0LAAAJDAAA6AwAACUOAACYDgAAiA8AADoQAAAI EQAAxhEAABkTAAC8EwAA4BMAAJQUAAARFQAAPhUAAHkVAAC1FQAA6xUAACEWAAAqFwAASBcAAEUY AACzGAAA2xgAABEZAABIGQAAfhkAAP0AAsAhCAH7AAHAIQgB+wABwCEIAfkAAsAh8AD3AAHAIfAA +QACwCHwAPMAA8Ah2ADzAAPAIdgA+QACwCHwAPcAAcAh8AD5AALAIfAA8wADwCHYAPMADMAh2ADz AAvAIdgA8QACwCHwAO8AAsAh8ADvAALAIfAA7wADwCHwAO8ABMAh8ADvAALAIfAA7wADwCHwAO8A A8Ah8ADvAAPAIfAA7wADwCHwAO8ABMAh8ADvAALAIfAA9wABwCHwAPkAAsAh8ADzAAPAIdgA8wAB wCHYAO0AAcAh2ADtAAHAIdgA7QABwCHYAO0AAcAh2AD5AAPAIfAA9wABwCHwAPkAA8Ah8ADzAAPA IdgA8wABwCHYAO0AAcAh2ADtAAHAIdgA7QABwCHYAAAAAAAAAAAAAREAAAEPAAABAAAAAxAAEAoA AAABBAAAARMAAAECAAACAgAFACp+GQAAtBkAAOUaAAAJGwAAqhsAACccAABUHAAAZBwAAHocAACu HAAAdB0AAJIdAABDHgAAbB4AAK8eAADXHgAA8B4AAIIfAAC7HwAAaSAAANUgAACqIQAAgiIAALAj AADdJAAAziUAAPAlAABxJgAA5CYAAF4nAACHJwAAUSgAANAoAAC5KQAA5SkAAB4qAADFKgAALisA ALwrAABDLAAArCwAADUtAABkLQAA/gABwCHYAPwAA8Ah8AD6AAHAIfAA/AACwCHwAPYAA8Ah2AD2 AAHAIdgA/gABwCHYAP4AAcAh2AD+AAHAIdgA/AACwCHwAPoAAcAh8AD0AALAIfAA9gABwCHYAP4A AsAh2AD2AAHAIdgA/gABwCHYAP4ABMAh2AD+AAHAIdgA/AACwCHwAPIAAsAh8ADyAAPAIfAA8gAD wCHwAPIABMAh8ADyAATAIfAA8gADwCHwAPoAAcAh8AD8AALAIfAA9gADwCHYAPwAAsAh8ADwAAHA IQgB/AACwCHwAO4AA8Ah2ADuAAbAIdgA/gABwCHYAOwAAcAh3QD8AALAIfAA8gACwCHwAPIAAsAh 8ADyAALAIfAA8gACwCHwAPIAAsAh8ADpAAHAISABAgkABQAAARQAAAEQAAABAgAAAQ8AAAESAAAD EAAQCgAAAAEEAAABEwAAAREAKmQtAAC+LQAAKi4AAFMuAACXLgAAQC8AALovAABTMAAAVDAAAFUw AABWMAAAVzAAAFgwAABZMAAAWjAAAFswAABcMAAAXTAAAF4wAABfMAAAZDAAAGgwAAB2MAAAeDAA AIAwAACGMAAArDAAAK0wAACwMAAAyTAAAMswAADNMAAA0DAAANEwAADUMAAA7jAAAPAwAADyMAAA 9TAAAPYwAAD5MAAA/gABwCHwAPwAA8Ah3QD8AAHAId0A/AADwCHdAP4AAsAh8AD6AALAIfAA+gAC wCHwAPoAAcAh8AD6AAHAIfAA+gABwCHwAPoAAcAh8AD6AAHAIfAA+gABwCHwAPoAAcAh8AD6AAHA IfAA+gABwCHwAPoAAcAh8AD6AAHAIfAA+gABwCHwAPQAAYoB3QD0AAGKAd0A9AABSw3dAPQAAUQB 3QD0AAKsAt0A9AAByxHdAPQAAcsR3QDgAAHLEd0A9AABigHdAPQAAUsN3QD0AAFEAd0A9AABrALd APQAAcsR3QDgAAHLEd0A9AABigHdAPQAAUsN3QD0AAFEAd0A9AABrALdAPQAAcsR3QDgAAHLEd0A 9AABigHdAAAAAAATAAAYARkBuGwAuwoACgAKAAoACQAJAL4OAAUU+3b9mgu2DToR3CMABRQAEAAA EQAAGAEAARUAAAEUAAABEwAo+TAAABExAAATMQAAFTEAABYxAAAXMQAAGjEAADAxAAAyMQAANDEA ADUxAAA2MQAAOTEAAFMxAABVMQAAVzEAAFoxAABbMQAAXjEAAHMxAAB1MQAAdzEAAHoxAAB7MQAA fjEAAI8xAACRMQAAkzEAAJYxAACXMQAAmjEAALQxAAC2MQAAuDEAALkxAAC6MQAAvTEAANIxAADU MQAA1jEAANkxAADaMQAA+gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A +gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6 AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYA AcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gAB Sw3dAPoAAUQB3QD6AAGsAt0A+gAByxHdAOYAAcsR3QD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGs At0A+gAByxHdAOYAAcsR3QAAAAAAABMAABgBGQG4bAC7CgAKAAoACgAJAAkAvg4ABRT7dv2aC7YN OhHcIwAFFAAQAAARAAAYASnaMQAA3jEAAPIxAAD0MQAA9jEAAFgyAABbMgAAXDIAAF0yAABeMgAA XzIAAGAyAACKMgAAizIAAAczAAD6AAGKAd0A+gABSw3dAPoAAUQB3QD6AAGsAt0A+gACyxHdAPoA AcsR3QDmAAHLEd0A5AABwCHwAOQAAcAh8ADkAAHAIfAA5AABwCHwAOQAAcAh8ADkAAHAIfAA5AAC wCHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAABAAAAEwAAGAEZAbhsALsKAAoACgAKAAkACQC+DgAFFPt2/ZoLtg06 EdwjAAUUABAAABEAABgBDg4AFwAIAAEASwAPAAAAAAAaAABA8f8CABoABk5vcm1hbAACAAAAAwBh CQQALgABQAEAAgAuAAlIZWFkaW5nIDEAAAoAAQAIARXwABY8AAsAVYFdAgBjHABrHAAASgACQAEA AgBKAA5IZWFkaW5nIDIsMixsMQAhAAIABQMHAQgBERoDE+b8FTkBDw4ABBoDpwQ0BsEHAAAAAAAL AFWBXQQAYQkIYxYAACgAA0ABAAIAKAAJSGVhZGluZyAzAAAKAAMACAEV8AAWPAAFAFWBYxgAAEgA BEAxAAIASAAOSGVhZGluZyA0LDQsbDMAIgAEAAUDBwERGgMT5vwVtQAWAAAPDgAEGgOnBDQGwQcA AAAACQBdBABhCQhjFAAAAAAAAAAAAAAwAAlAEQACADAACUhlYWRpbmcgOQAADAAJAAUBBwEV4AEW AAAMAF0EAGEJCGMYAGsAACIAQUDy/6EAIgAWRGVmYXVsdCBQYXJhZ3JhcGggRm9udAAAAAAAAAAA AAAAOgD+TwEA8gA6AAhlbnVtbGV2MQAdAA8ABQMRpwQTc/4VVgAPDgAEGgOnBDQGwQcAAAAAAAYA XQQAYQkIRAD+TwEAEgFEAAVBU04uMQAAJAAQABWIAA8dAAn+Af0DpwQ0BmsIEwtKDQ8QYBQAAAAA AAAAAAALAFWBXQMAYQkIYxIAACAA/k8BARIBIAALQVNOLjEgQ29udC4AAAUAEQAVAAAAAAAkAP5P AQACACQAAmxiAA8AEgAFAwgBEA4AFYgAFngAAAMAXQQAADgAQkABADIBOAAJQm9keSBUZXh0AAAa ABMABQMViAAWeAAPDgAEGgOnBDQGwQcAAAAABgBdBABhCQheAP5PAQBCAV4AA2FzbgAAQwAUAAcB ECsAEWwCFCT/AAAWeAAPLwAPawKOBLIGHQmIC/MNXhDKEjUVoBcLGnYc4h5NIbgjQEBAQEBAQEBA QEBAQEBAAAgAVYFdAwBjEgAkAP5PAQBSASQAAmxpAA0AFQAFAxHQAhOY/hZ4AAAFAF0EAGIBABoA /k+iAGEBGgAKQVNOLjEgV29yZAADAGEABAAAAAAABzAAAAUA/////wAA/////wYABCH//wEAACH/ /wIABCH//wMAACH//wQABCH//wUAACD//wYAAAAAAEYHAAAhEwAAuxwAAB4nAABfLQAABzAAAAAA PQAAAAEACQEAAAIArgAAAAMApwAAAAQABQAAAAUAAAAAAAAAAADQJQAAHicAAC4oAAC8KAAAQykA AJcrAAAHMAAAmgAUAJoAFACaABMAmgATAJoAEwCaABQABgAAAAADAABpIAAAMzAAAAczAAAaABsA HAAAAwAAfhkAAGQtAAD5MAAA2jEAAAczAAAdAB4AHwAgACEAIgANU3VlIEEuIE1pa2xvcxFDOlxY NTAwXE1BVENILkRPQ/9ASFAgTGFzZXJKZXQgNVNpLzVTaSBNWABMUFQyOgBIUDVTSQBIUCBMYXNl ckpldCA1U2kvNVNpIE1YAAAAAAAAAAAAAAoDNwJEAJABA/cAAAEAAQDAGMASZAABAAcAWAIBAAEA WAICAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANwIBAAAACAAAAAEAA1BYAlgCBgACAAAAAQAAEFdJ TldPUkQAAAAAAAEAAAAAgAEAAQABAAAAAAAAAAAAAAAAAAABQ291cmllciBOZXcAAAAAAAAAAAAA AAAAAAAAAAAAAACwBJABAAADACAABwAAACgAAAAIAAEAAgABAAYAAwABAFgCAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdwlMUFQyAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEhQNVNJ AAAAAABIUCBMYXNlckpldCA1U2kvNVNpIE1YAAAAAAAAAAAAAAoDNwJEAJABA/cAAAEAAQDAGMAS ZAABAAcAWAIBAAEAWAICAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANwIBAAAACAAAAAEAA1BYAlgC BgACAAAAAQAAEFdJTldPUkQAAAAAAAEAAAAAgAEAAQABAAAAAAAAAAAAAAAAAAABQ291cmllciBO ZXcAAAAAAAAAAAAAAAAAAAAAAAAAAACwBJABAAADACAABwAAACgAAAAIAAEAAgABAAYAAwABAFgC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdwlMUFQyAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAEhQNVNJAAAAAAABgAEABjAAAAYwAAAJAACAAIAGMAAABQAAAFwvAABlABUWkAEAAFRp bWVzIE5ldyBSb21hbgAMFpABAgBTeW1ib2wACyaQAQAAQXJpYWwAFiKQAQAKSGVsdmV0aWNhAEFy aWFsAPIcEpABAAZUaW1lcwBUaW1lcyBOZXcgUm9tYW4AACIABAABCIgYAADQAgAAaAEAAAAAUPMV puErG2YAAAAABAAbAAAAAAAAAAAAAAAAAAAAAAAEAIMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AABZAkEAAAATMTIuNwlNYXRjaGluZyBydWxlcwAAAA1TdWUgQS4gTWlrbG9zDVN1ZSBBLiBNaWts b3MAAAAAAAAAAAAA0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAOwADAP7/CQAGAAAAAAAAAAAAAAAB AAAAAQAAAAAAAAAAEAAAAgAAAAEAAAD+////AAAAAAAAAAD///////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////// //////////////8= ------ =_NextPart_000_01BDE7B3.26345CD0-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21795 for ietf-pkix-bks; Thu, 24 Sep 1998 07:59:51 -0700 (PDT) Received: from always.got.net (root@you.got.net [207.111.232.11]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21791 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:59:50 -0700 (PDT) Received: from got.net (SantaCruz-x2-3-133.got.net [209.66.100.133]) by always.got.net (8.8.8/8.8.7/Debian/GNU) with ESMTP id IAA22427; Thu, 24 Sep 1998 08:05:37 -0700 Message-ID: <360A5FAF.9012BC3D@got.net> Date: Thu, 24 Sep 1998 08:05:20 -0700 From: Michael McNeil <memcneil@got.net> Organization: GMT X-Mailer: Mozilla 4.04 [en] (WinNT; U) MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Stephen Kent <kent@bbn.com>, Warwick Ford <wford@verisign.com>, ietf-pkix@imc.org, Jeffrey Schiller <jis@mit.edu> Subject: Re: meeting minutes References: <v04011701b22c2cbc4e8e@[128.33.238.151]> <3609BEDD.B8F71C12@got.net> <360A8F3E.B7DA84C5@bull.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis Pinkas wrote: >Michael, >As you say it, the minutes from the meeting are correct. >>Stephen Kent wrote: >>[snip] >>>NEW TOPICS: >>>- Timestamp & Notary proposals (Carlisle Adams) >>> >>>Several folks continuing work on these topics and have published >>>an independent draft on these topics. The authors received a fair >>>amount of private feedback, and hope to be able to bring forward a >>>well-formed proposal. Jeff Schiller gave his permission to bring >>>this into the WG, based on the WG having made substantial progress >>>on the other work items. Thus we will expand the charter to >>>encompass these topics. >>This is what occurred during the PKIX sessions at the 42nd IETF >>meeting with regards to timestamping; however the above is not >>the whole story. >> >>Between sessions at the IETF meeting I talked with various people >>about the new Internet-Draft (authored by Dave Mills, Todd Glassey, >>and me) which extends the NTP protocol towards serving as a vehicle >>for PKI certified and secured time ("ephemeral" time; "what time is >>it *now*?" time), as well as also providing for *timestamps* of >>data -- within the same protocol, essentially as gravy (a different >>usage, I admit). >From your short description, people might think that the two drafts >are equivalent. Yes, thank you for pointing that out. The two sets of drafts are quite distinct, of course, as we're well aware. I thought insufficiently of the readers' perspective in wording the description unfortunately. >Let me highlight some of the main differences: >Let us call: > >"draft 1", the draft: >ftp://ietf.org/internet-drafts/draft-adams-time-stamp-02.txt Et al. >and "draft 2", the draft: >ftp://ietf.org/internet-drafts/draft-mills-ntp-auth-coexist-01.txt > >Draft 1 is all in ASN1, as the rest of the other messages supported >by PKIX, e.g. CMP. So it is in the spirit of the other documents. On >the contrary, Draft 2 is supporting 32 bits words and is much more >compact (unless that advantage will be lost by many extensions !) We think not, but good point. >The time formats are different between draft 1 and 2. Draft 1 is >using the same time format as the rest of the PKIX documents, while >draft 2 is using a 32 bits time representation. NTP actually uses 64 bits of time, with 32 bits of fractional second information. The 32-bit seconds count will roll over in 2038; I have suggested (Dave Mills and I disagree as to the desirability of this) that 8-bit extensions to the time fields be added in an extension field. >Draft 1 supports the time stamping of an imprint and as a side >effect, may provide a trusted time when using the optional nonces. The question is what would be the quality of the time (ephemeral time) passed using that protocol. A heavyweight protocol almost by definition takes more time to convey than a lightweight one -- and it's the quality of the time itself that we're interested in here (ignoring timestamps for the moment). A longer time to pass the time futzes the precision of the time. Moreover, draft 1 lacks the fractional seconds information NTP maintains, lacks the extra fields NTP possesses which allow it to communicate the accuracy of the time and the last time that the server's time was updated from a reliable source. These last deficiencies can be fixed, of course, in the draft 1 proposal (though perhaps not the "heavyweight" issue); any deficiencies in the draft 2 protocol noted below can also be repaired (except perhaps the "lightweight" issue). ;-) >Draft 2 is unclear about time stamping, in particular the indication >of the hash function used for the imprint and its protection. It >allows various extension fields and so the minimum format to be >supported is left undefined. Draft 2 is a work in progress (this last is the second version), and admittedly is less finished in this regard than draft 1. We expect to have another Internet-Draft ready for publication, with details of the important extensions fields fleshed out, by the 43rd IETF in December. >It is also unclear about the replay protection when only the time >is returned (unless that information is present is some other >documents ?). NTP has inherent replay resistance in that if your time is already reasonably good, replay attacks are instantly visible as being old. Moreover, NTP normally (despite conveying an absolute time) only steers the time -- it doesn't reset a machine to a radically different time, appearing out of the blue within an NTP packet. Even so, additional authentication is desirable to present spurious NTP attacks; that is the point of the "draft 2" Internet-Draft. A more fundamental protection against replay attacks, from a cryptographic point of view, is to require that the client as a sanity check do a unicast probe of the server every now and then, rather than depending on broadcast packets, including random bits of its own in its request -- which then get echoed back in the signed NTP reply from the server. Detecting its bits in the reply, the client knows it's in response to its own most recent request. >>I spoke with Jeff Schiller about this. After he'd had a chance >>to look over the Internet-Draft (i.e., >><draft-mills-ntp-auth-coexist-01.txt>), we spoke again, very near >>the end of the IETF meeting. Jeff at that time suggested that >>since it was now apparent to him that the issue of PKI and time >>goes well beyond the question of timestamps to the issue of how >>secure *time itself* can be conveyed over an insecure network, he >>thought that perhaps the PKIX working group was not equipped to >>properly address this expanded issue -- or at least Jeff thought >>the IESG ought to be consulted first on the question before the >>issue of PKIX handling it or a separate "time" working group >>being set up is laid to rest. >From what is above, "draft 2" would not be usable in a PKIX >environment, where the compactness of the messages is not the >issue, since the Time Stamp will be used mostly either in a >store and forward environment or in a local environment. > >However, there may be some good reasons to have a 32 bits >oriented and more compact protocol for acquiring a secure time >for other environments and therefore it can make sense to have >two protocols. I agree. >>Thus the issue stands as far as I know. I've addressed two e-mails >>to Jeff since the IETF meeting (on 8 and 21 September) but so far >>have not received a reply (I assume it takes time to poll the IESG >>membership). I have no particular stake in which way the decision >>goes (except I think *some* working group needs to address time >>*and* timestamping), >I am not sure that a *single* working group needs to address both >time and timestamping. Good point. >As a good example, we have already have the PKIX and the SPKI >working groups: PKIX is using ASN.1, while SPKI does not. >A similar parallelism ! :-) A parallelism I hope doesn't draw a rain of stones and bricks! ;-) >>but wished to alert you that despite the outcome of the PKIX sessions, >>the question of whether PKIX handles it appears not quite settled. Thank you for your comments, Denis! Regards, Michael McNeil GMT memcneil@got.net 1-831-438-7811 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21579 for ietf-pkix-bks; Thu, 24 Sep 1998 07:25:27 -0700 (PDT) Received: from bilbo.thawte.com (bilbo.thawte.com [196.25.207.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21575 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:25:14 -0700 (PDT) Received: from thawte.com (really [196.25.207.2]) by thawte.com via in.smtpd with esmtp id <m0zMCQA-0004eAC@bilbo.thawte.com> (Debian Smail3.2.0.101) for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 16:31:02 +0200 (SAST) Message-ID: <360A56AA.93669667@thawte.com> Date: Thu, 24 Sep 1998 16:26:50 +0200 From: Mark Shuttleworth <marks@thawte.com> Reply-To: marks@thawte.com Organization: Thawte Consulting X-Mailer: Mozilla 4.5b2 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: NEW Data type for certificate selection ? Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms78C9DE34404C8A045EF33A31" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms78C9DE34404C8A045EF33A31 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hiya I'd love to see a general solution to this problem. For example, this might enable servers to run multiple SSL servers on one IP/port address, instead of requiring an IP per secure domain. It might also work well with our Strong Extranet, because the server could say "I need a client cert from one of these CA's, and it must have an identity in this sxnet zone". -- Mark Shuttleworth Thawte --------------ms78C9DE34404C8A045EF33A31 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIH8AYJKoZIhvcNAQcCoIIH4TCCB90CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BhMwggLSMIICO6ADAgECAgItQzANBgkqhkiG9w0BAQQFADCBuTELMAkGA1UEBhMCWkExFTAT BgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxGjAYBgNVBAoTEVRo YXd0ZSBDb25zdWx0aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYgUlNBIElLIDE5OTguOS4xNiAx Nzo1NTE2MDQGA1UEAxMtVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIFJTQSBJc3N1ZXIgMTk5 OC45LjE2MB4XDTk4MDkxNjE4MzQ1NFoXDTk5MDkxNjE4MzQ1NFowczEVMBMGA1UEBBMMU2h1 dHRsZXdvcnRoMRUwEwYDVQQqEwxNYXJrIFJpY2hhcmQxIjAgBgNVBAMTGU1hcmsgUmljaGFy ZCBTaHV0dGxld29ydGgxHzAdBgkqhkiG9w0BCQEWEG1hcmtzQHRoYXd0ZS5jb20wXDANBgkq hkiG9w0BAQEFAANLADBIAkEAw8CXH/zhGBuu9boNBAXbPp+77G8rFuuuzboLsKl5DkqfgmXf /JOadF3bwNG1QetRQKuEQek4jTNQPqjxdiQo/QIDAQABo3IwcDARBglghkgBhvhCAQEEBAMC BaAwDgYDVR0PAQH/BAQDAgWgMBwGBStlAQQBBBMwEQIBADAMMAoCAQEEBW1hcmtzMAwGA1Ud EwEB/wQCMAAwHwYDVR0jBBgwFoAU/j5gnGuMD7DYM8bKxh5YsHE4teAwDQYJKoZIhvcNAQEE BQADgYEATUOQ3uxrewGzaUVHZZgsul+T2PrBsQMe/Tw2CZO7jjj0EM4ajBLo334y5xJNBtjo n9SoxhnEhfKo5GQsXgy+Ugb0FxFlrP3d1gMNHzDmg80gxw5JCPuzgN6IQGBXewnxdb2W2tse Gbo5uJjquMwIggkVMd8Hz2O8uQvIBm1LdZowggM5MIICoqADAgECAgEKMA0GCSqGSIb3DQEB BAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlD YXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZp Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJl ZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20w HhcNOTgwOTE2MTc1NTM0WhcNMDAwOTE1MTc1NTM0WjCBuTELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxGjAYBgNVBAoTEVRoYXd0 ZSBDb25zdWx0aW5nMSkwJwYDVQQLEyBUaGF3dGUgUEYgUlNBIElLIDE5OTguOS4xNiAxNzo1 NTE2MDQGA1UEAxMtVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIFJTQSBJc3N1ZXIgMTk5OC45 LjE2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpeXU1NBfCALuByF9JL+ra44e6yAH AhWEa4/QkyQfG53uaLK5LE/pk2cXEBceoflDQSO5MKp2l7vz5/2BwLUxi/amUCZU8pUo6xmk HpcesOK4m8EEmjLQPAlsT+Q1T/B2vwATA09FCGDz/LTQkAGKEsmcun9S6iqTNTY8POQ1LwID AQABozcwNTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFHJJwnM0xlX0C3ZygX53 9IfnxrIOMA0GCSqGSIb3DQEBBAUAA4GBACzHgh8BQz4Hj+5pXKlkgvjAlq2TK8ubUNdAmoHC uqZ2nTyVQNxVweFVgnmrCimm1QzhVyg+j/m71d8Nk1iqWy2LjzPk3VgVNXZyFSm9QvRakgt3 X50n25otThuCBo7SjVa7ld7bDGUF3pWeAt1TF76+/GvDGiJ6FCthvcKfXnpaMYIBpTCCAaEC AQEwgcAwgbkxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcT C0R1cmJhbnZpbGxlMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEpMCcGA1UECxMgVGhh d3RlIFBGIFJTQSBJSyAxOTk4LjkuMTYgMTc6NTUxNjA0BgNVBAMTLVRoYXd0ZSBQZXJzb25h bCBGcmVlbWFpbCBSU0EgSXNzdWVyIDE5OTguOS4xNgICLUMwCQYFKw4DAhoFAKB9MBgGCSqG SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTk4MDkyNDE0MjY1MFowHgYJ KoZIhvcNAQkPMREwDzANBggqhkiG9w0DAgIBKDAjBgkqhkiG9w0BCQQxFgQUdte0yJez9q3I TJRb4V+uB9bopawwDQYJKoZIhvcNAQEBBQAEQDhgTnn8/oGeVEanel2njqWPQsFdd4BaZzO6 6aRt8q/LvBwyO+baEiC25qSgyfF6iOA8AV4l7WDZu5Y/2B6r6Eg= --------------ms78C9DE34404C8A045EF33A31-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21513 for ietf-pkix-bks; Thu, 24 Sep 1998 07:21:25 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21509 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:21:24 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02163; Thu, 24 Sep 1998 10:27:24 -0400 (EDT) Message-Id: <199809241427.KAA02163@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ldapv2-schema-02.txt Date: Thu, 24 Sep 1998 10:27:24 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure LDAPv2 Schema Author(s) : S. Boeyen, T. Howes, P. Richard Filename : draft-ietf-pkix-ldapv2-schema-02.txt Pages : 7 Date : 23-Sep-98 The schema defined in this document is a minimal schema to support PKIX in an LDAPv2 environment, as defined in draft-ietf-pkix- ipki2opp-07.txt. Only PKIX-specific components are specified here. LDAP servers, acting as PKIX repositories should support the auxi- liary object classes defined in this specification and integrate this schema specification with the generic and other application- specific schemas as appropriate, depending on the services to be supplied by that server. The key words 'MUST', 'SHALL', 'REQUIRED', 'SHOULD', 'RECOMMENDED', and 'MAY' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@imc.org mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ldapv2-schema-02.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923172008.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ldapv2-schema-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ldapv2-schema-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923172008.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21495 for ietf-pkix-bks; Thu, 24 Sep 1998 07:20:40 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21491 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:20:39 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02093; Thu, 24 Sep 1998 10:26:39 -0400 (EDT) Message-Id: <199809241426.KAA02093@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-dcs-00.txt Date: Thu, 24 Sep 1998 10:26:39 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Data Certification Server Protocols Author(s) : C. Adams, R. Zuccherato Filename : draft-ietf-pkix-dcs-00.txt Pages : 14 Date : 23-Sep-98 This document describes a general data certification service and the protocols to be used when communicating with it. The Data Certification Server is a Trusted Third Party (TTP) that can be used as one component in building reliable non-repudiation services (see [ISONR]). Useful Data Certification Server responsibilities in a PKI are to validate signatures and to provide up-to-date information regarding the status of public key certificates. We give examples of how to use the Data Certification Server to extend the lifetime of a signature beyond key expiry or revocation and to query the Data Certification Server regarding the status of a public key certificate. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in RFC 2119 [RFC2119]. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-dcs-00.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dcs-00.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-dcs-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923134838.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-dcs-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-dcs-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923134838.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21490 for ietf-pkix-bks; Thu, 24 Sep 1998 07:20:35 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21486 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:20:34 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02081; Thu, 24 Sep 1998 10:26:34 -0400 (EDT) Message-Id: <199809241426.KAA02081@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-time-stamp-00.txt Date: Thu, 24 Sep 1998 10:26:34 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Time Stamp Protocols Author(s) : C. Adams, P. Cain, B. Pinkas, R. Zuccherato Filename : draft-ietf-pkix-time-stamp-00.txt Pages : 15 Date : 23-Sep-98 This document describes the format of the data returned by a Time Stamp Authority and the protocols to be used when communicating with it. The time stamping service can be used as a Trusted Third Party (TTP) as one component in building reliable non-repudiation services (see [ISONR]). In order to reduce the amount of trust required of a TSA we introduce (in Appendix C) the optional Temporal Data Authority (TDA) whose function is to provide further corroborating evidence of the time contained in the token. We also give an example of how to place a signature at a particular point in time, from which the appropriate certificate status information (e.g. CRLs) may be checked. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-time-stamp-00.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-time-stamp-00.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-time-stamp-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923134327.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-time-stamp-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-time-stamp-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923134327.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21482 for ietf-pkix-bks; Thu, 24 Sep 1998 07:20:10 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21477 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:20:08 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA02063; Thu, 24 Sep 1998 10:26:09 -0400 (EDT) Message-Id: <199809241426.KAA02063@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki-part1-11.txt Date: Thu, 24 Sep 1998 10:26:08 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart Note: This revision reflects comments received during the last call period. A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Certificate and CRL Profile Author(s) : R. Housley, W. Ford, T. Polk, D. Solo Filename : draft-ietf-pkix-ipki-part1-11.txt Pages : 128 Date : 23-Sep-98 This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use in the Internet. An overview of the approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms (e.g., IP addresses). Standard certificate extensions are described, and a set of required extensions is defined. The X.509 v2 CRL format is described and a required extension set is defined as well. An algorithm for X.509 certificate path validation is described. Supplemental information is provided describing the format of public keys and digital signatures in X.509 certificates for common Internet public key encryption algorithms (i.e., RSA, DSA, and Diffie-Hellman). ASN.1 modules and examples are provided in the appendices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@imc.org mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki-part1-11.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ipki-part1-11.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki-part1-11.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980923132903.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki-part1-11.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki-part1-11.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980923132903.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21425 for ietf-pkix-bks; Thu, 24 Sep 1998 07:06:55 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21421 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 07:06:54 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id HAA09631; Thu, 24 Sep 1998 07:12:51 -0700 (PDT) Message-Id: <199809241412.HAA09631@spyrus.com> X-Sender: rhousley@mail.spyrus.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.52 (Beta) Date: Thu, 24 Sep 1998 09:56:50 -0400 To: "Todd S. Glassey" <TSGman@earthlink.net> From: Russ Housley <housley@spyrus.com> Subject: Re: Amending the PKIX-WG Charter to reflect the addition of timestamping Cc: ietf-pkix@imc.org In-Reply-To: <001c01bde698$615e7640$200ba8c0@tsg-laptop> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk It looks okay to me..... At 07:17 PM 9/22/98 -0700, you wrote: >Hi All, back in February we were working to amend the PKI WG's charter to >encompass timestamping and the certified timer resources that enable these >facilities. Now that Jeff Schiller has OK'd PKIX's having its own >timestamping/timebase facility we need to finish the charter update process. >here then is a proposed charter for your review and comments. > >Thanks, > >----- > >Todd Glassey > >Stephen Kent's report of the meeting minutes - excerpt below - > >- Timestamp & Notary proposals (Carlisle Adams) > >Several folks continuing work on these topics and have published an >independent draft on >these topics. The authors received a fair amount of private feedback, and >hope to be able to >bring forward a well-formed proposal. Jeff Schiller gave his permission to >bring this into >the WG, based on the WG having made substantial progress on the other work >items. Thus >we will expand the charter to encompass these topics. > > >----- BEGINNING OF CHARTER TEXT ---- > >Public-Key Infrastructure (X.509) (PKIX) >-------------------------------------------------- > > Charter > Last Modified: September 18, 1998 > > Current Status: Active Working Group > >Chair(s): >Stephen Kent <kent@bbn.com> >Warwick Ford <wford@verisign.com> > >Security Area Director(s): >Jeffrey Schiller <jis@mit.edu> >Marcus Leech <mleech@nortel.ca> > >Security Area Advisor: >Jeffrey Schiller <jis@mit.edu> > >Mailing Lists: >General Discussion:ietf-pkix@imc.org >To Subscribe: ietf-pkix-request@imc.org >In Body: subscribe (In Body) >Archive: http://www.imc.org/ietf-pkix > >Description of Working Group: >Many Internet protocols and applications which use the Internet employ >public-key technology for security purposes and require a public-key >infrastructure (PKI) to securely manage public keys for widely-distributed >users or systems. The X.509 standard constitutes a widely-accepted basis >for such >an infrastructure, defining data formats and procedures related to >distribution >of public keys via certificates digitally signed by certification >authorities >(CAs). > >For example, RFC 1422 specified the basis of an X.509-based PKI, targeted >primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). >Since RFC 1422 was issued, application requirements for an Internet PKI have >broadened tremendously, and the capabilities of X.509 have advanced with the >development of standards defining the X.509 version 3 certificate and >version 2 certificate revocation list (CRL). > >Charter of the Working Group: >The charter of the working group will be to develop Internet standards >needed to support the use of an X.509-based PKI. The goal of this Working >Group (WG) >will be to further facilitate the use of X.509 certificates in applications >that >make use of the Internet and to promote interoperability between different >implementations choosing to make use of X.509 certificates. > >The resulting PKI is intended to provide a framework, which will support a >range of trust/hierarchy environments and a range of usage environments >(RFC1422 >is an example of one such model). > >Candidate applications to be served by this PKI include, but are not limited >to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), IPSEC protocols, Internet >payment protocols, time based authentication, timestamping, and www >protocols. > >This project will not preclude use of non-infrastructure public-key >distribution techniques nor of non-X.509 PKIs by such applications. Efforts >will be made to coordinate with the IETF White Pages (X.500/WHOIS++) >project. > >The group will focus on tailoring and profiling the features available in >the v3 X.509 certificate to best match the requirements and characteristics >of the >Internet environment. > >Other topics to be addressed potentially include: > > * Alternatives for CA-to-CA certification links and structures, >including > guidelines for constraints > > * Revocation alternatives, including profiling of X.509 v2 CRL >extensions > * Certificate and CRL distribution options (X.500-based, >non-X.500-based) > * Guidelines for policy definition and registration > * Administrative protocols and procedures, including certificate > generation, revocation notification, cross-certification, and >key-pair > updating > * Naming and name forms (how entities are identified, e.g., email > address, URN, DN, misc.) > * Generation of client key pairs by the PKI > * Services that support non-repudiation. This can include sources of > credible time data and/or certificate path validation services. > >----- END OF CHARTER TEXT ---- > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20975 for ietf-pkix-bks; Thu, 24 Sep 1998 05:50:11 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA20971 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 05:50:10 -0700 (PDT) Received: id IAA22113; Thu, 24 Sep 1998 08:54:41 -0400 Received: by gateway id <S2S6ZMGZ>; Thu, 24 Sep 1998 08:51:16 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500206DD59@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: CryptoNEWS@aol.com, "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org Subject: RE: X.509 Documentation Date: Thu, 24 Sep 1998 08:51:15 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA20972 Sender: owner-ietf-pkix@imc.org Precedence: bulk On the server that Denis pointed to, you'll find the final text of the 1997 edition of X.509 (as submitted to the ITU and ISO for publication) at: ftp://ftp.bull.com/pub/OSIdirectory/ITU/97x509final.doc (the primary reason this is not yet available for purchase from either ITU or ISO is that they will not publish or sell it until all the other parts of the 1997 X.500 Series are also ready (soon we're told by the editor). As for current work underway in X.509, there is a Working Document which is currently being revised to reflect the outcome of the September meeting. The previous version of that document is available at: ftp://ftp.bull.com/pub/OSIdirectory/Phoenix98Output/CertificateExtensionsWD. doc When the revisions are complete (within 2 months) the new version will likely be found in: ftp://ftp.bull.com/pub/OSIdirectory/Beijing98/Vancouver98/ These two documents provide a complete picture of the X.509 activity except of course for defect reports. These are recorded together with the defects on the other parts of the X.500 Series at the bull.com site, but at present it is somewhat out of date (should be updated within 2 months as well). Hope this helps. Sharon > ---------- > From: Denis Pinkas[SMTP:Denis.Pinkas@bull.net] > Sent: September 24, 1998 2:59 PM > To: CryptoNEWS@aol.com > Cc: ietf-pkix@imc.org > Subject: Re: X.509 Documentation > > CryptoNEWS@aol.com a écrit: > > > Ladies and Gentlemen, > > > > Some body posted an address of a site where a document for X.509 can be > > obtained. > > Can that kind person post the information again? > > Take a look at :ftp://ftp.bull.com/pub/OSIdirectory/ > > Denis > > > Thanks, > > > > CryptoNEWS > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20857 for ietf-pkix-bks; Thu, 24 Sep 1998 05:38:06 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA20853 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 05:38:04 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by maild.telia.com (8.8.8/8.8.8) with ESMTP id OAA03085; Thu, 24 Sep 1998 14:44:08 +0200 (CEST) Received: from stefans (t4o68p1.telia.com [62.20.139.121]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id OAA25911; Thu, 24 Sep 1998 14:44:02 +0200 (CEST) Message-Id: <3.0.32.19980924144039.00a6ccf0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 24 Sep 1998 14:41:23 +0200 To: ietf-pkix@imc.org, list@seis.nc-forum.com, ietf-tls@consensus.com, cert-talk@structuredarts.com From: Stefan Santesson <stefan@accurata.se> Subject: NEW Data type for certificate selection ? Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA20854 Sender: owner-ietf-pkix@imc.org Precedence: bulk All, During the TLS session in Chicago (IETF meeting) I discussed with Jeff Weinstein, Netscape, the problem of certificate selection in an environment where the client is populated with many similar certificates for different purposes. We concluded that this is a general problem, not only for TLS, but for S/MIME, Java, Java script, etc, where signing and encryption based on an X.509 PKI is an option. I also conclude that the current TLS approach, using Issuer name as selection criteria, is hopelessly insufficient for the general case. In fact we can NEVER claim that we have an X.509 based architecture ready for the big market IF WE DON'T SOLVE THIS PROBLEM. A normal user (I.e grandmother) will never be able to pick the right certificate by herself, if there is more than 1 to pick. The question raised here is: WOULD A STANDARDIZED DATA TYPE FOR CERTIFICATE SELECTION BE A GOOD START. If we could create a standardized ASN.1 data type with the purpose of defining the criteria for selecting 1 out of n certificates, then this could be used as a common base for enhancing TLS, Java, Java script, S/MIME etc. The data type could be communicated from server to client, client to server, server to server, client to client; I.e in any case where one party which to assist another party in selecting an appropriate certificate for any purpose (defined by the context). Do anyone have a better idea. I think this is a lost problem that has to be fixed, hopefully in a standardized way. Comments, suggestions. /Stefan Santesson ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA20658 for ietf-pkix-bks; Thu, 24 Sep 1998 04:54:03 -0700 (PDT) Received: from mail.student.auckland.ac.nz (mail.student.auckland.ac.nz [130.216.35.101]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA20654 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 04:54:02 -0700 (PDT) Received: from cs26.cs.auckland.ac.nz (pgut001@cs26.cs.auckland.ac.nz [130.216.36.9]) by mail.student.auckland.ac.nz (8.8.6/8.8.6/cs-master) with SMTP id XAA13067; Thu, 24 Sep 1998 23:59:34 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Received: by cs26.cs.auckland.ac.nz (relaymail v0.9) id <90663837419831>; Thu, 24 Sep 1998 23:59:34 (NZST) From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: Petra.Gloeckner@darmstadt.gmd.de, ietf-pkix@imc.org Subject: Re: basic constraint extension Reply-To: pgut001@cs.auckland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz Date: Thu, 24 Sep 1998 23:59:34 (NZST) Message-ID: <90663837419831@cs26.cs.auckland.ac.nz> Sender: owner-ietf-pkix@imc.org Precedence: bulk >the draft-ietf-pkix-ipki-part1-10 says the basic constraint extension MUST >appear as a critical extension in all CA certificates but it SHOULD NOT >appear in end entity certificates. > >Why should the basic constraint extension not appear in end entity >certificates? Looking back through the different versions, this has been in there since at least -08, although not worded quite as strongly as this. It seems like a Bad Thing, since this clashes with the (US) federal profile and Australian profile and... well I'm not going to enumerate them all, but unless there's some really good reason for it I don't see why it should be absent, especially since the generally accepted way (other profiles notwithstanding) seems to be to encode it as an empty sequence in end-user certs. Peter. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA18001 for ietf-pkix-bks; Thu, 24 Sep 1998 02:51:43 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA17997 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 02:51:41 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id LAA09608; Thu, 24 Sep 1998 11:59:00 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id LAA15648; Thu, 24 Sep 1998 11:59:08 +0200 (DFT) Message-ID: <360A968C.FD285E0E@bull.net> Date: Thu, 24 Sep 1998 11:59:24 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: CryptoNEWS@aol.com CC: ietf-pkix@imc.org Subject: Re: X.509 Documentation References: <4932bdcf.360a0cc8@aol.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk CryptoNEWS@aol.com a écrit: > Ladies and Gentlemen, > > Some body posted an address of a site where a document for X.509 can be > obtained. > Can that kind person post the information again? Take a look at :ftp://ftp.bull.com/pub/OSIdirectory/ Denis > Thanks, > > CryptoNEWS Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA17852 for ietf-pkix-bks; Thu, 24 Sep 1998 02:21:50 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA17848 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 02:21:47 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id LAA12895; Thu, 24 Sep 1998 11:28:09 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id LAA16688; Thu, 24 Sep 1998 11:27:58 +0200 (DFT) Message-ID: <360A8F3E.B7DA84C5@bull.net> Date: Thu, 24 Sep 1998 11:28:15 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Michael McNeil <memcneil@got.net> CC: Stephen Kent <kent@bbn.com>, Warwick Ford <wford@verisign.com>, ietf-pkix@imc.org, Jeffrey Schiller <jis@mit.edu> Subject: Re: meeting minutes References: <v04011701b22c2cbc4e8e@[128.33.238.151]> <3609BEDD.B8F71C12@got.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Michael, As you say it, the minutes from the meeting are correct. > Stephen Kent wrote: > [snip] > >NEW TOPICS: > >- Timestamp & Notary proposals (Carlisle Adams) > > > >Several folks continuing work on these topics and have published > >an independent draft on these topics. The authors received a fair > >amount of private feedback, and hope to be able to bring forward a > >well-formed proposal. Jeff Schiller gave his permission to bring > >this into the WG, based on the WG having made substantial progress > >on the other work items. Thus we will expand the charter to > >encompass these topics. > > This is what occurred during the PKIX sessions at the 42nd IETF meeting > with regards to timestamping; however the above is not the whole story. > > Between sessions at the IETF meeting I talked with various people about > the new Internet-Draft (authored by Dave Mills, Todd Glassey, and me) > which extends the NTP protocol towards serving as a vehicle for PKI > certified and secured time ("ephemeral" time; "what time is it *now*?" > time), as well as also providing for *timestamps* of data -- within the > same protocol, essentially as gravy (a different usage, I admit). >From your short description, people might think that the two drafts are equivalent. Let me highlight some of the main differences: Let us call: "draft 1", the draft: ftp://ietf.org/internet-drafts/draft-adams-time-stamp-02.txt and "draft 2", the draft: ftp://ietf.org/internet-drafts/draft-mills-ntp-auth-coexist-01.txt Draft 1 is all in ASN1, as the rest of the other messages supported by PKIX, e.g. CMP. So it is in the spirit of the other documents. On the contrary, Draft 2 is supporting 32 bits words and is much more compact (unless that advantage will be lost by many extensions !) The time formats are different between draft 1 and 2. Draft 1 is using the same time format as the rest of the PKIX documents, while draft 2 is using a 32 bits time representation. Draft 1 supports the time stamping of an imprint and as a side effect, may provide a trusted time when using the optional nonces. Draft 2 is unclear about time stamping, in particular the indication of the hash function used for the imprint and its protection. It allows various extension fields and so the minimum format to be supported is left undefined. It is also unclear about the replay protection when only the time is returned (unless that information is present is some other documents ?). > I spoke with Jeff Schiller about this. After he'd had a chance to look > over the Internet-Draft (i.e., <draft-mills-ntp-auth-coexist-01.txt>), > we spoke again, very near the end of the IETF meeting. Jeff at that > time suggested that since it was now apparent to him that the issue of > PKI and time goes well beyond the question of timestamps to the issue of > how secure *time itself* can be conveyed over an insecure network, he > thought that perhaps the PKIX working group was not equipped to properly > address this expanded issue -- or at least Jeff thought the IESG ought > to be consulted first on the question before the issue of PKIX handling > it or a separate "time" working group being set up is laid to rest. >From what is above, "draft 2" would not be usable in a PKIX environment, where the compactness of the messages is not the issue, since the Time Stamp will be used mostly either in a store and forward environment or in a local environment. However, there may be some good reasons to have a 32 bits oriented and more compact protocol for acquiring a secure time for other environments and therefore it can make sense to have two protocols. > Thus the issue stands as far as I know. I've addressed two e-mails to > Jeff since the IETF meeting (on 8 and 21 September) but so far have not > received a reply (I assume it takes time to poll the IESG membership). > I have no particular stake in which way the decision goes (except I > think *some* working group needs to address time *and* timestamping), I am not sure that a *single* working group needs to address both time and timestamping. As a good example, we have already have the PKIX and the SPKI working groups: PKIX is using ASN.1, while SPKI does not. A similar parallelism ! :-) Regards, Denis > but wished to alert you that despite the outcome of the PKIX sessions, > the question of whether PKIX handles it appears not quite settled. > > Regards, > Michael McNeil > GMT > memcneil@got.net > 1-831-438-7811 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA17767 for ietf-pkix-bks; Thu, 24 Sep 1998 02:05:52 -0700 (PDT) Received: from imo26.mx.aol.com (imo26.mx.aol.com [198.81.17.70]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA17763 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 02:05:50 -0700 (PDT) From: CryptoNEWS@aol.com Received: from CryptoNEWS@aol.com by imo26.mx.aol.com (IMOv16.10) id 7HBDa02301 for <ietf-pkix@imc.org>; Thu, 24 Sep 1998 05:11:36 -0400 (EDT) Message-ID: <4932bdcf.360a0cc8@aol.com> Date: Thu, 24 Sep 1998 05:11:36 EDT To: ietf-pkix@imc.org Mime-Version: 1.0 Subject: X.509 Documentation Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 224 Sender: owner-ietf-pkix@imc.org Precedence: bulk Ladies and Gentlemen, Some body posted an address of a site where a document for X.509 can be obtained. Can that kind person post the information again? Thanks, CryptoNEWS Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA29806 for ietf-pkix-bks; Wed, 23 Sep 1998 20:33:18 -0700 (PDT) Received: from always.got.net (root@you.got.net [207.111.232.11]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA29799 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 20:33:17 -0700 (PDT) Received: from got.net (SantaCruz-x2-3-133.got.net [209.66.100.133]) by always.got.net (8.8.8/8.8.7/Debian/GNU) with ESMTP id UAA17148; Wed, 23 Sep 1998 20:39:22 -0700 Message-ID: <3609BEDD.B8F71C12@got.net> Date: Wed, 23 Sep 1998 20:39:10 -0700 From: Michael McNeil <memcneil@got.net> Organization: GMT X-Mailer: Mozilla 4.04 [en] (WinNT; U) MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com>, Warwick Ford <wford@verisign.com> CC: ietf-pkix@imc.org, Jeffrey Schiller <jis@mit.edu> Subject: Re: meeting minutes References: <v04011701b22c2cbc4e8e@[128.33.238.151]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Stephen Kent wrote: [snip] >NEW TOPICS: >- Timestamp & Notary proposals (Carlisle Adams) > >Several folks continuing work on these topics and have published >an independent draft on these topics. The authors received a fair >amount of private feedback, and hope to be able to bring forward a >well-formed proposal. Jeff Schiller gave his permission to bring >this into the WG, based on the WG having made substantial progress >on the other work items. Thus we will expand the charter to >encompass these topics. This is what occurred during the PKIX sessions at the 42nd IETF meeting with regards to timestamping; however the above is not the whole story. Between sessions at the IETF meeting I talked with various people about the new Internet-Draft (authored by Dave Mills, Todd Glassey, and me) which extends the NTP protocol towards serving as a vehicle for PKI certified and secured time ("ephemeral" time; "what time is it *now*?" time), as well as also providing for *timestamps* of data -- within the same protocol, essentially as gravy (a different usage, I admit). I spoke with Jeff Schiller about this. After he'd had a chance to look over the Internet-Draft (i.e., <draft-mills-ntp-auth-coexist-01.txt>), we spoke again, very near the end of the IETF meeting. Jeff at that time suggested that since it was now apparent to him that the issue of PKI and time goes well beyond the question of timestamps to the issue of how secure *time itself* can be conveyed over an insecure network, he thought that perhaps the PKIX working group was not equipped to properly address this expanded issue -- or at least Jeff thought the IESG ought to be consulted first on the question before the issue of PKIX handling it or a separate "time" working group being set up is laid to rest. Thus the issue stands as far as I know. I've addressed two e-mails to Jeff since the IETF meeting (on 8 and 21 September) but so far have not received a reply (I assume it takes time to poll the IESG membership). I have no particular stake in which way the decision goes (except I think *some* working group needs to address time *and* timestamping), but wished to alert you that despite the outcome of the PKIX sessions, the question of whether PKIX handles it appears not quite settled. Regards, Michael McNeil GMT memcneil@got.net 1-831-438-7811 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA24408 for ietf-pkix-bks; Wed, 23 Sep 1998 11:00:10 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA24404 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 11:00:08 -0700 (PDT) Message-Id: <199809231800.LAA24404@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Wed, 23 Sep 1998 11:05:32 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Fwd: I-D ACTION:draft-ietf-tls-ac509prof-00.txt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk I thought this might be of interest to the PKIX WG. --Paul Hoffman, Director --Internet Mail Consortium >To: IETF-Announce: ; >Cc: ietf-tls@consensus.com >From: Internet-Drafts@ietf.org >Reply-to: Internet-Drafts@ietf.org >Subject: I-D ACTION:draft-ietf-tls-ac509prof-00.txt >Date: Wed, 23 Sep 1998 10:43:01 -0400 >Sender: cclark@ns.cnri.reston.va.us > >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the Transport Layer Security Working Group of >the IETF. > > Title : An Internet AttributeCertificate Profile > for Authorization > Author(s) : S. Farrell > Filename : draft-ietf-tls-ac509prof-00.txt > Pages : 11 > Date : 22-Sep-98 > > Authorization support is required for various Internet > protocols, for example, TLS, CMS and their consumers, > and others. The X.509 AttributeCertificate provides a > structure which can form the basis for such services > [X.509]. This specification defines two profiles (a > simple one and a 'full' one) for the use of X.509 > AttributeCertificates to provide such authorization > services. > >Internet-Drafts are available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-tls-ac509prof-00.txt". >A URL for the Internet-Draft is: >ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-ac509prof-00.txt > >Internet-Drafts directories are located at: > > Africa: ftp.is.co.za > > Europe: ftp.nordu.net > ftp.nis.garr.it > > Pacific Rim: munnari.oz.au > > US East Coast: ftp.ietf.org > > US West Coast: ftp.isi.edu > >Internet-Drafts are also available by mail. > >Send a message to: mailserv@ietf.org. In the body type: > "FILE /internet-drafts/draft-ietf-tls-ac509prof-00.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >Content-Type: text/plain >Content-ID: <19980922141332.I-D@ietf.org> > >ENCODING mime >FILE /internet-drafts/draft-ietf-tls-ac509prof-00.txt > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-ac509prof-00.txt> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA22037 for ietf-pkix-bks; Wed, 23 Sep 1998 06:57:39 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA22033 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 06:57:37 -0700 (PDT) Received: id KAA28894; Wed, 23 Sep 1998 10:01:06 -0400 Received: by gateway id <S2S6Z20Q>; Wed, 23 Sep 1998 09:57:44 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC97BC@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Steve Kent'" <kent@bbn.com>, "'Warwick Ford'" <wford@verisign.com> Subject: Revised LDAPv2 specs have been submitted Date: Wed, 23 Sep 1998 09:57:43 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk A revision of the PKIX LDAPv2 protocol profile has been submitted and notice should appear shortly. The only reason for this revision is because the previous one (in the hands of the IESG pending submission of an accompanying schema spec) exires this month. No changes other than updating version number, date and the name of the ietf-pkix mail list were made. A revision of the PKIX LDAPv2 schema I-D has been submitted and notice should appear shortly. This revision addresses the comments submitted during PKIX WG last call. Sharon ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA21064 for ietf-pkix-bks; Wed, 23 Sep 1998 04:29:19 -0700 (PDT) Received: from maila.telia.com (root@maila.telia.com [194.236.189.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA21060 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 04:29:00 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by maila.telia.com (8.8.8/8.8.8) with ESMTP id NAA12330; Wed, 23 Sep 1998 13:35:13 +0200 (CEST) Received: from stefans (t4o68p71.telia.com [62.20.139.191]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id NAA26921; Wed, 23 Sep 1998 13:35:09 +0200 (CEST) Message-Id: <3.0.32.19980923133149.00a71210@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 23 Sep 1998 13:32:27 +0200 To: Al Arsenault <aarsenault@spyrus.com>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Stefan Santesson <stefan@accurata.se> Subject: Re: PKIX Roadmap Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA21061 Sender: owner-ietf-pkix@imc.org Precedence: bulk Al, I totally agree with everything you say in this last mail. /Stefan At 08:15 AM 9/22/98 -0400, Al Arsenault wrote: >At 06:25 AM 9/22/98 +0200, Stefan Santesson wrote: >>Al, >> >>Just a short reply to CA disaster (See below). >> >>Thanks for your reply, I still disagree to the disaster part. >> >>CA2 does not have to be dismanteled, since CA 2:s key is intact. >>What has to be done is that: >>- CA1 is rebuilt with new key >>- The compromise of CA1 and its new key has to be communicated with >>out-of-band means >>- CA1 cross certify CA2 (and other CA:s) using the new key >>- New cross certificates to CA1 has to be issued and published by other CA:s. >> >>Now all certificates issued by CA2 before the disaster of CA1 can be used >>and trusted. >>This since the disaster of CA1 didn't destroy CA2, just the link to CA2 >>from CA1. >> >>/Stefan > >Stefan, > > The more I think about this, the more I realize we agree. It's the words >that need figuring out. Perhaps the words in the draft roadmap are too >strong; we'll have to think about that. > > First, let me note that when CA1 and CA2 are cross-certified - that is, >have a peer relationship, with neither subordinate to the other - I agree >with you about what happens when CA1's key is compromised. > > Now, let us assume that there is a hierarchical relationship - CA2 is >subordinate to CA1. This means to me that the trust anchor used by end >entities below CA2 is not CA2 - it's CA1. When CA1's key is discovered to >be compromised, what you do is: > > 1 - communicate out of band the compromise. This means that CA2 and all >entities below it are essentially "out of action" temporarily; since CA1 is >the trust anchor, there's no way to construct a valid cert path > > 2 - reconstitute CA1 with a new key; > > 3 - get CA2's key to CA1 for certification (most likely through >out-of-band means). Yes, this can still be the same key; since CA2's key >wasn't compromised, it can still be used, and it will make things easier in >that you don't have to go re-signing end-entity certs with a new CA2 key. > >Now, you're back in action. > >If you agree that this is right, we can figure out words that say that. >The point I wanted to convey is that the entire PKI is dead in this case >until CA1 is brought up and a new CA2 cert is signed, because you can't >construct a valid path back to a valid trust anchor. > >(Of course, if trust anchor's compromised key happens to be on all >end-entity hardware tokens in a form that can't easily be changed, you've >still got a problem, but that's beyond the scope of PKIX :-) > > Al Arsenault > >- the above opinions are my own. They may or may not reflect the opinions >of my employer or of any other organization with which I have a relationship. > > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA17883 for ietf-pkix-bks; Wed, 23 Sep 1998 00:56:18 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA17879 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 00:56:16 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA15024 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 10:03:30 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id KAA17156 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 10:03:37 +0200 (DFT) Message-ID: <360929FB.C577E062@bull.net> Date: Wed, 23 Sep 1998 10:03:55 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: IETF-PXIX <ietf-pkix@imc.org> Subject: Archive cutoff & Retention period Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Archive cutoff & Retention period This item has been separated from my list of other comments since it might start a new thread. On page 12 there is section 5.4.4. named « Archive Cutoff ». In part PKIX-1 on page 12, we have the following sentence: An entry may be removed from the CRL after appearing on one regularly scheduled CRL issued beyond the revoked certificate's validity period. This means that a revoked entry has to stay at least "little bit" after the expiration date of the certificate. In practice this is a few days, but not necessarily years because the size of the information to keep would be pretty big. So we need to make a difference between a "retention period" of a few days and a possible archiving of the status information during years (see later). The "retention period" should be supported by all OCSP responders and thus should be part of the standard response. Adding a "retentionPeriod" after the "produceAt" from the ResponseData would be simpler than defining an extension. Then, let us address the « Archive Cutoff » issue. If we were to support the archiving capability, with e.g. a 7 year retention, we would need an additional time parameter in the request to point to the equivalent of the right CRL issued at that time e.g. 7 years ago. This parameter is currently not present. Unless it is added, the function cannot work. We thus have two options : add the missing parameter or delete this capability. Opinions ? Denis Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA17850 for ietf-pkix-bks; Wed, 23 Sep 1998 00:52:30 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA17846 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 00:52:25 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id JAA04146 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 09:59:15 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id JAA12434 for <ietf-pkix@imc.org>; Wed, 23 Sep 1998 09:59:22 +0200 (DFT) Message-ID: <360928FB.2D9D963E@bull.net> Date: Wed, 23 Sep 1998 09:59:40 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: IETF-PXIX <ietf-pkix@imc.org> Subject: Minor comments on OCSP-06 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Here are a few minor/editorial comments on OCSP-06. An additional comment (on "Archive cutoff") has been separated from this list of comments since it might generate a new thread. Some of them might be a duplication of comments already made. 1. On page 2, in the second paragraph of the section 3 a sentence may let think that once the OCSP server replies « good » the certificate can be accepted. The only thing that is known is « not revoked ». A better rewording would be : « An OCSP client issues a status request to an OCSP responder and obtains a revocation status of the certificate in question. » 2. On page 3, third paragraph before the bottom of the page. The term « produceAt » is used but not yet introduced. For clarity of reading a rephrasing should be made. Hereafter is a proposal : « At the minimum, this positive response indicates that the certificate is not revoked, but does not necessarily mean that the certificate was ever issued or that the current time is within the certificates validity interval ». 3. On page 3, second paragraph before the bottom of the page. « On hold » is reason code under « revoke ». In the explanations it would be nice to remember here that « on hold » is under this category. Here is a proposal: « The « revoked » state indicates that the certificate has been definitively or temporarily revoked (i.e. placed on hold). » 4. On page 4, in the fifth paragraph of the section 3.3. the response « certRequired » is of no use any more since only a CertId can be placed in the request. Therefore it should be deleted. [This comment has already be made]. 5. On page 6, the fifth item of the section 4.2. states : « The response is in its validity period ». It is unclear to understand what this means. It may be guessed that it is the time interval between the « thisUpdate » and « nextUpdate ». However in section 5.2.2.1. pages 9/10, nextUpdate is optional so this test cannot be done in general. By splitting this item into two items, a better wording would be : 6. The time at which the status being indicated is known to be correct (thisUpdate) is sufficiently recent. 7. When available, the time at or before which newer information will be available about the status of the certificate (nextUpdate)is greater than the current time. 8. On page 8, in the same way « certRequired (4) » should be deleted. [This comment has already be made] 9. On page 9, CRLReason should be expanded so that the « on hold » status can be made visible. This is pretty important since by trying again it is possible to get later on a « good » result. 10. On page 11, The section 5.4 "Extensions" should be renumbered 6 in order to have a section dealing with all the optional extensions. Denis Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA02987 for ietf-pkix-bks; Tue, 22 Sep 1998 19:13:48 -0700 (PDT) Received: from avocet.prod.itd.earthlink.net (avocet.prod.itd.earthlink.net [207.217.120.50]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA02983 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 19:13:47 -0700 (PDT) Received: from tsg-laptop (1Cust96.tnt4.sfo1.da.uu.net [208.250.191.96]) by avocet.prod.itd.earthlink.net (8.8.7/8.8.5) with SMTP id TAA10448 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 19:20:08 -0700 (PDT) From: "Todd S. Glassey" <TSGman@earthlink.net> To: "Ietf-Pkix" <ietf-pkix@imc.org> Subject: Amending the PKIX-WG Charter to reflect the addition of timestamping Date: Tue, 22 Sep 1998 19:17:57 -0700 Message-ID: <001c01bde698$615e7640$200ba8c0@tsg-laptop> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi All, back in February we were working to amend the PKI WG's charter to encompass timestamping and the certified timer resources that enable these facilities. Now that Jeff Schiller has OK'd PKIX's having its own timestamping/timebase facility we need to finish the charter update process. here then is a proposed charter for your review and comments. Thanks, ----- Todd Glassey Stephen Kent's report of the meeting minutes - excerpt below - - Timestamp & Notary proposals (Carlisle Adams) Several folks continuing work on these topics and have published an independent draft on these topics. The authors received a fair amount of private feedback, and hope to be able to bring forward a well-formed proposal. Jeff Schiller gave his permission to bring this into the WG, based on the WG having made substantial progress on the other work items. Thus we will expand the charter to encompass these topics. ----- BEGINNING OF CHARTER TEXT ---- Public-Key Infrastructure (X.509) (PKIX) -------------------------------------------------- Charter Last Modified: September 18, 1998 Current Status: Active Working Group Chair(s): Stephen Kent <kent@bbn.com> Warwick Ford <wford@verisign.com> Security Area Director(s): Jeffrey Schiller <jis@mit.edu> Marcus Leech <mleech@nortel.ca> Security Area Advisor: Jeffrey Schiller <jis@mit.edu> Mailing Lists: General Discussion:ietf-pkix@imc.org To Subscribe: ietf-pkix-request@imc.org In Body: subscribe (In Body) Archive: http://www.imc.org/ietf-pkix Description of Working Group: Many Internet protocols and applications which use the Internet employ public-key technology for security purposes and require a public-key infrastructure (PKI) to securely manage public keys for widely-distributed users or systems. The X.509 standard constitutes a widely-accepted basis for such an infrastructure, defining data formats and procedures related to distribution of public keys via certificates digitally signed by certification authorities (CAs). For example, RFC 1422 specified the basis of an X.509-based PKI, targeted primarily at satisfying the needs of Internet Privacy Enhanced Mail (PEM). Since RFC 1422 was issued, application requirements for an Internet PKI have broadened tremendously, and the capabilities of X.509 have advanced with the development of standards defining the X.509 version 3 certificate and version 2 certificate revocation list (CRL). Charter of the Working Group: The charter of the working group will be to develop Internet standards needed to support the use of an X.509-based PKI. The goal of this Working Group (WG) will be to further facilitate the use of X.509 certificates in applications that make use of the Internet and to promote interoperability between different implementations choosing to make use of X.509 certificates. The resulting PKI is intended to provide a framework, which will support a range of trust/hierarchy environments and a range of usage environments (RFC1422 is an example of one such model). Candidate applications to be served by this PKI include, but are not limited to, PEM, MOSS, GSS-API mechanisms (e.g., SPKM), IPSEC protocols, Internet payment protocols, time based authentication, timestamping, and www protocols. This project will not preclude use of non-infrastructure public-key distribution techniques nor of non-X.509 PKIs by such applications. Efforts will be made to coordinate with the IETF White Pages (X.500/WHOIS++) project. The group will focus on tailoring and profiling the features available in the v3 X.509 certificate to best match the requirements and characteristics of the Internet environment. Other topics to be addressed potentially include: * Alternatives for CA-to-CA certification links and structures, including guidelines for constraints * Revocation alternatives, including profiling of X.509 v2 CRL extensions * Certificate and CRL distribution options (X.500-based, non-X.500-based) * Guidelines for policy definition and registration * Administrative protocols and procedures, including certificate generation, revocation notification, cross-certification, and key-pair updating * Naming and name forms (how entities are identified, e.g., email address, URN, DN, misc.) * Generation of client key pairs by the PKI * Services that support non-repudiation. This can include sources of credible time data and/or certificate path validation services. ----- END OF CHARTER TEXT ---- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA25907 for ietf-pkix-bks; Tue, 22 Sep 1998 05:29:18 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA25903 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 05:29:16 -0700 (PDT) Received: id IAA16369; Tue, 22 Sep 1998 08:31:45 -0400 Received: by gateway id <S2S6Z1VK>; Tue, 22 Sep 1998 08:28:25 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC97A8@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Steve Kent'" <kent@bbn.com>, "'Warwick Ford'" <wford@verisign.com>, "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Subject: text for attributes Date: Tue, 22 Sep 1998 08:28:14 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Although we have not reached specific wording which is 100% agreed by everyone, we have reached agreement on what the contents of the cACertificate and crossCertificatePair attributes are to be used for. In order to bring this to closure, Santosh and I plan to go with the advice of our co-chairs and proceed with the word 'realm', along with the clarification that its meaning is defined locally and hope everyone will be willing to live with that. Also, this will be liaised to the X.509 group as the PKIX recommendation to resolve the associated defect report in that standard. Thanks to everyone for their input and I assume I'm not the only one looking forward to a reduced amount of email each morning :-) ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA25745 for ietf-pkix-bks; Tue, 22 Sep 1998 05:13:14 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA25741 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 05:13:13 -0700 (PDT) Received: from intern_pc ([209.172.119.112]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id FAA15055; Tue, 22 Sep 1998 05:17:57 -0700 (PDT) Message-Id: <3.0.6.32.19980922081543.00902790@mail.spyrus.com> X-Sender: aarsenault@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Tue, 22 Sep 1998 08:15:43 -0400 To: Stefan Santesson <stefan@accurata.se>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Al Arsenault <aarsenault@spyrus.com> Subject: Re: PKIX Roadmap In-Reply-To: <3.0.32.19980922062458.00a7e6f0@m1.403.telia.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 06:25 AM 9/22/98 +0200, Stefan Santesson wrote: >Al, > >Just a short reply to CA disaster (See below). > >Thanks for your reply, I still disagree to the disaster part. > >CA2 does not have to be dismanteled, since CA 2:s key is intact. >What has to be done is that: >- CA1 is rebuilt with new key >- The compromise of CA1 and its new key has to be communicated with >out-of-band means >- CA1 cross certify CA2 (and other CA:s) using the new key >- New cross certificates to CA1 has to be issued and published by other CA:s. > >Now all certificates issued by CA2 before the disaster of CA1 can be used >and trusted. >This since the disaster of CA1 didn't destroy CA2, just the link to CA2 >from CA1. > >/Stefan Stefan, The more I think about this, the more I realize we agree. It's the words that need figuring out. Perhaps the words in the draft roadmap are too strong; we'll have to think about that. First, let me note that when CA1 and CA2 are cross-certified - that is, have a peer relationship, with neither subordinate to the other - I agree with you about what happens when CA1's key is compromised. Now, let us assume that there is a hierarchical relationship - CA2 is subordinate to CA1. This means to me that the trust anchor used by end entities below CA2 is not CA2 - it's CA1. When CA1's key is discovered to be compromised, what you do is: 1 - communicate out of band the compromise. This means that CA2 and all entities below it are essentially "out of action" temporarily; since CA1 is the trust anchor, there's no way to construct a valid cert path 2 - reconstitute CA1 with a new key; 3 - get CA2's key to CA1 for certification (most likely through out-of-band means). Yes, this can still be the same key; since CA2's key wasn't compromised, it can still be used, and it will make things easier in that you don't have to go re-signing end-entity certs with a new CA2 key. Now, you're back in action. If you agree that this is right, we can figure out words that say that. The point I wanted to convey is that the entire PKI is dead in this case until CA1 is brought up and a new CA2 cert is signed, because you can't construct a valid path back to a valid trust anchor. (Of course, if trust anchor's compromised key happens to be on all end-entity hardware tokens in a form that can't easily be changed, you've still got a problem, but that's beyond the scope of PKIX :-) Al Arsenault - the above opinions are my own. They may or may not reflect the opinions of my employer or of any other organization with which I have a relationship. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA25513 for ietf-pkix-bks; Tue, 22 Sep 1998 04:31:33 -0700 (PDT) Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by mail.proper.com (8.8.8/8.8.5) with SMTP id EAA25509 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 04:31:31 -0700 (PDT) Received: from HYDRA ([195.67.109.114]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id NAA78840; Tue, 22 Sep 1998 13:36:57 +0200 Received: by HYDRA with Microsoft Mail id <01BDE62D.342F16E0@HYDRA>; Tue, 22 Sep 1998 13:30:45 +0200 Message-ID: <01BDE62D.342F16E0@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: RE: OCSP - Public Key Dstribution Date: Tue, 22 Sep 1998 13:30:44 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis, > something that is nontrivial. And "Certificate Domain" is also missing. ??? Certificate Domain is some kind of indication of what kind of certificate(s) you want to validate. I.e. like SET-certificates, a National ID-card, OBI-trader etc. This could be of interest in both the request and in the response. I.e. a trusted OCSP server may support overlapping or disjunct domains and a typical subscriber may be interested in just one type. To standardize this seems unnecessary in the same sense as defining trust models in OCSP. It is a *deployment* issue like certificate policies and liabilities. Other extensions, like certificate validation might be considered once OCSP is closed. I assume that the "closing" of OCSP will be pretty theoretical when the definition of extensions starts. Already an IETF agenda item it seems Regards Anders Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA25221 for ietf-pkix-bks; Tue, 22 Sep 1998 03:35:04 -0700 (PDT) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA25217 for <ietf-pkix@imc.org>; Tue, 22 Sep 1998 03:35:01 -0700 (PDT) Received: from darmstadt.gmd.de (pc-ravenna [141.12.33.61]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id LAA28659; Tue, 22 Sep 1998 11:28:34 +0200 (MET DST) Message-ID: <36076D59.62280554@darmstadt.gmd.de> Date: Tue, 22 Sep 1998 11:26:49 +0200 From: "Petra Glöckner" <Petra.Gloeckner@darmstadt.gmd.de> X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: ietf-pkix@imc.org CC: herfert@darmstadt.gmd.de Subject: basic constraint extension References: <199809081502.LAA04610@ietf.org> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms6C21A3596B2679A5F64C275F" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a cryptographically signed message in MIME format. --------------ms6C21A3596B2679A5F64C275F Content-Type: multipart/mixed; boundary="------------C84E92343668538B0D7F006C" This is a multi-part message in MIME format. --------------C84E92343668538B0D7F006C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello all, the draft-ietf-pkix-ipki-part1-10 says the basic constraint extension MUST appear as a critical extension in all CA certificates but it SHOULD NOT appear in end entity certificates. Why should the basic constraint extension not appear in end entity certificates ? Is it purely to safe some bits or is there another reason, like keeping the draft more flexibel, e.g. to allow an end entity to issue a certificate for his encryption key himself using his signature key and certificate ? In general, is it possible for an end entity to use his signature key and certificate to issue a certificate for his encryption key himself ? Or do you have to have the CA bit set to true in your certificate in order to be able to issue certificates for your own encryption keys ? Any ideas and thoughts are welcome ! Best regards - Petra --------------C84E92343668538B0D7F006C Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Petra Glöckner Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Petra Glöckner n: ;Petra Glöckner org: GMD-TKT email;internet: Petra.Gloeckner@darmstadt.gmd.de x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------C84E92343668538B0D7F006C-- --------------ms6C21A3596B2679A5F64C275F Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIO7wYJKoZIhvcNAQcCoIIO4DCCDtwCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC DVcwggMFMIICbqADAgECAgIC8zANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJERTEMMAoG A1UEChMDR01EMR8wHQYDVQQLExZDTEFTUyAwIFRSSUFMIFNFUlZJQ0VTMTgwNgYDVQQLEy9U cnVzdEZhY3RvcnkgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENlcnRpZmljYXRlczAeFw05ODA3 MTMxNzQ2NDlaFw0wMDAxMDEwMDAwMDBaMGYxCzAJBgNVBAYTAkRFMQwwCgYDVQQKEwNHTUQx LzAtBgkqhkiG9w0BCQEWIFBldHJhLkdsb2Vja25lckBkYXJtc3RhZHQuZ21kLmRlMRgwFgYD VQQDEw9QZXRyYSBHbG9lY2tuZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwgqVtX54BPIm LAu+u8i7lnOV6lf+79amGCL9Ao5UOStKuLHC2dwH7MP5A8gPVeeiP1kk2tr9hXJmIVDYP7kS cQIDAQABo4H1MIHyMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgCwMIHRBglghkgBhvhC AQ0EgcMWgcBDQVVUSU9OOiBUaGUgRGlnaXRhbCBJRCBzdWJqZWN0cyBvZiBJQ0UtVEVMCkNs YXNzIDAgVHJpYWwgU2VydmljZXMgYXJlIG5vdCBhdXRoZW50aWNhdGVkLgpJdCBtYXkgYmUg dGhlIGhvbGRlcidzIHJlYWwgbmFtZSBvciBhbiBhbGlhcy4KVXNlIHRoaXMgRGlnaXRhbCBJ RCBmb3IgdGVzdCBwdXJwb3NlZCBvbmx5LgooYykgR01EIDE5OTcwDQYJKoZIhvcNAQEEBQAD gYEASgeR+7xR+g2YPSXpdAojcDD1jeo2sMa1hyspawERPfLgagUDcaX5MS/TjYZ8K3lz3Tve G6U0pWPwRBtAnns/A8hoNApONSQEXupnhNgaRwljFEXm+shdanA33iZKfs6NVCnb1Mbs96pK xUgpXw4TRe//afL0nNiaRCmSfXohytgwggOhMIIDCqADAgECAgEBMA0GCSqGSIb3DQEBBAUA MGcxCzAJBgNVBAYTAkRFMQwwCgYDVQQKEwNHTUQxHzAdBgNVBAsTFkNMQVNTIDAgVFJJQUwg U0VSVklDRVMxKTAnBgNVBAsTIFRydXN0RmFjdG9yeSBEaWdpdGFsIElEIFNlcnZpY2VzMB4X DTk3MTIxNzA4MDMyNloXDTAwMDEwMTAwMDAwMFowdjELMAkGA1UEBhMCREUxDDAKBgNVBAoT A0dNRDEfMB0GA1UECxMWQ0xBU1MgMCBUUklBTCBTRVJWSUNFUzE4MDYGA1UECxMvVHJ1c3RG YWN0b3J5IEluZGl2aWR1YWwgU3Vic2NyaWJlciBDZXJ0aWZpY2F0ZXMwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBANQJUsDpSSmA85HJLPHj4jDUTWXPUwYaqNvA3r3AdhFqIacLQwtn FOoMR4CZqaewurOWI23kw2NK4/2I+GdTwkk5aEYAo4eA9FFwHBxq+b80xbO4ymTKxkah8DTv acv+JkLwFnjc7DEzuJoK61ywR8UJP/FQjD53o8ATXhoGNIIDAgMBAAGjggFMMIIBSDAfBgNV HSMEGDAWgBR43QkpxguDM6Uc3wFLHlNH8iD1SzAdBgNVHQ4EFgQUM47EbBv7+7Tjj2OaluUR VEIj7fwwDgYDVR0PAQH/BAQDAgH2MA8GA1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQD AgAHMIHRBglghkgBhvhCAQ0EgcMWgcBDQVVUSU9OOiBUaGUgRGlnaXRhbCBJRCBzdWJqZWN0 cyBvZiBJQ0UtVEVMCkNsYXNzIDAgVHJpYWwgU2VydmljZXMgYXJlIG5vdCBhdXRoZW50aWNh dGVkLgpJdCBtYXkgYmUgdGhlIGhvbGRlcidzIHJlYWwgbmFtZSBvciBhbiBhbGlhcy4KVXNl IHRoaXMgRGlnaXRhbCBJRCBmb3IgdGVzdCBwdXJwb3NlZCBvbmx5LgooYykgR01EIDE5OTcw DQYJKoZIhvcNAQEEBQADgYEAXWnV7vH1s9e0opHh/Hk1nOgpxEbx7XaSAbnVzdUoOxxKvbkl o0QaB79OV4oLkrFAscMU8iKWN9RkBmWuartRnq45DRsAWMur8DlgbrShlMBEC71OsE2I1FMP xGe/rJwp2x5Or1M1mchKI808S7WblPyJxCBOMt3Q1in7F1Boz1wwggNgMIICyaADAgECAgEB MA0GCSqGSIb3DQEBBAUAMEgxDzANBgNVBAcTBkV1cm9wZTEQMA4GA1UEChMHSUNFLVRFTDEj MCEGA1UECxMaQ0xBU1MgMCBUUklBTCBTRVJWSUNFUyBQS0kwHhcNOTcxMjE3MDgwMzI0WhcN MDAwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJERTEMMAoGA1UEChMDR01EMR8wHQYDVQQLExZD TEFTUyAwIFRSSUFMIFNFUlZJQ0VTMSkwJwYDVQQLEyBUcnVzdEZhY3RvcnkgRGlnaXRhbCBJ RCBTZXJ2aWNlczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7gWKqAf0MfIp/QL9wMe3 mzEt/+DYSUs6VqkgXehMSbLblwPV7v+QhzhH/JSUoQKVi85qQom7+tnXBJxylB4mfl4AsqyG SE4IGZPnVcxI4rzW5vhrNVCSzeAkqe2PnoPpZrlh8IYYYKINeGzmZ5QMWEmnDp8+M13zzAUD A/11ZFMCAwEAAaOCATkwggE1MB8GA1UdIwQYMBaAFLNK4JQgbBz8WKb6QycGs8Hxz6SyMB0G A1UdDgQWBBR43QkpxguDM6Uc3wFLHlNH8iD1SzAOBgNVHQ8BAf8EBAMCAfYwDwYDVR0TAQH/ BAUwAwEB/zCB0QYJYIZIAYb4QgENBIHDFoHAQ0FVVElPTjogVGhlIERpZ2l0YWwgSUQgc3Vi amVjdHMgb2YgSUNFLVRFTApDbGFzcyAwIFRyaWFsIFNlcnZpY2VzIGFyZSBub3QgYXV0aGVu dGljYXRlZC4KSXQgbWF5IGJlIHRoZSBob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMu ClVzZSB0aGlzIERpZ2l0YWwgSUQgZm9yIHRlc3QgcHVycG9zZWQgb25seS4KKGMpIEdNRCAx OTk3MA0GCSqGSIb3DQEBBAUAA4GBAK+hyS6CuuCt2kH7FlvTgpYf39q4sji5JytL3KCExfLe b4H+YPNbO7cy08KTGa9qSQyodh5+KwXFH9lUct5//bFkm4WfKHH7O2u4+rjWGfGZV6VB1ZCD dX5CdvVu8O3qNPoQThw60WowKJIS8FkW5BKLP7SB4VJetNrKMz9zwWnJMIIDQTCCAqqgAwIB AgIBADANBgkqhkiG9w0BAQQFADBIMQ8wDQYDVQQHEwZFdXJvcGUxEDAOBgNVBAoTB0lDRS1U RUwxIzAhBgNVBAsTGkNMQVNTIDAgVFJJQUwgU0VSVklDRVMgUEtJMB4XDTk3MTIxNzA3NTg0 NVoXDTAwMDEwMTAwMDAwMFowSDEPMA0GA1UEBxMGRXVyb3BlMRAwDgYDVQQKEwdJQ0UtVEVM MSMwIQYDVQQLExpDTEFTUyAwIFRSSUFMIFNFUlZJQ0VTIFBLSTCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEA9jNYTNZLLl7MxMhg1dSc0wq+PiSq4LkPwDL9J+dQk1EJdLWaopkd/NNR uM37r03RVbSHeI0FPQoylnJpu0Kj6KNWxVwIeGeWGrIdhRShUSh3n2bFSD/0T5uHWvsN1U9f d6uxDaYHcnfLLCtTi76Piu2GCJK4eH3W76Oo3Ei4VoMCAwEAAaOCATkwggE1MB8GA1UdIwQY MBaAFLNK4JQgbBz8WKb6QycGs8Hxz6SyMB0GA1UdDgQWBBSzSuCUIGwc/Fim+kMnBrPB8c+k sjAOBgNVHQ8BAf8EBAMCAfYwDwYDVR0TAQH/BAUwAwEB/zCB0QYJYIZIAYb4QgENBIHDFoHA Q0FVVElPTjogVGhlIERpZ2l0YWwgSUQgc3ViamVjdHMgb2YgSUNFLVRFTApDbGFzcyAwIFRy aWFsIFNlcnZpY2VzIGFyZSBub3QgYXV0aGVudGljYXRlZC4KSXQgbWF5IGJlIHRoZSBob2xk ZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMuClVzZSB0aGlzIERpZ2l0YWwgSUQgZm9yIHRl c3QgcHVycG9zZWQgb25seS4KKGMpIEdNRCAxOTk3MA0GCSqGSIb3DQEBBAUAA4GBALkKsGZG E5ckTCE0F7hTF2eZgnDZYgm709UJeozPRB/3KjuyjdxlbVj2eiCWVB9HpH0KK2kEqnhgiHWL xwQGuycFD7Px7SDIwjEC/7c9YERIw1GmGWe2g6EatOP3oS/4tCy72TODDhD5WeYAMFcpKihR Skp0N+zOhEuDvxyXGauuMYIBYDCCAVwCAQEwfDB2MQswCQYDVQQGEwJERTEMMAoGA1UEChMD R01EMR8wHQYDVQQLExZDTEFTUyAwIFRSSUFMIFNFUlZJQ0VTMTgwNgYDVQQLEy9UcnVzdEZh Y3RvcnkgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENlcnRpZmljYXRlcwICAvMwCQYFKw4DAhoF AKB9MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTk4MDkyMjA5 MjY0OVowHgYJKoZIhvcNAQkPMREwDzANBggqhkiG9w0DAgIBKDAjBgkqhkiG9w0BCQQxFgQU Ypl1kQvQEkbLfHbDhyuczu2HatYwDQYJKoZIhvcNAQEBBQAEQCWTOZQScCOMbV6jt7j/IN+M XcHMcvD2wgOSKEb1Sqr48Aof6oFV3oeBQseB8SJqpl93ZiCRYZBl+1T3SVMCdZc= --------------ms6C21A3596B2679A5F64C275F-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA03834 for ietf-pkix-bks; Mon, 21 Sep 1998 21:22:03 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA03830 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 21:22:01 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id GAA05716; Tue, 22 Sep 1998 06:28:20 +0200 (CEST) Received: from stefans (t2o68p111.telia.com [62.20.138.231]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id GAA27141; Tue, 22 Sep 1998 06:28:18 +0200 (CEST) Message-Id: <3.0.32.19980922062458.00a7e6f0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 22 Sep 1998 06:25:35 +0200 To: Al Arsenault <aarsenault@spyrus.com>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Stefan Santesson <stefan@accurata.se> Subject: Re: PKIX Roadmap Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id VAA03831 Sender: owner-ietf-pkix@imc.org Precedence: bulk Al, Just a short reply to CA disaster (See below). Thanks for your reply, I still disagree to the disaster part. CA2 does not have to be dismanteled, since CA 2:s key is intact. What has to be done is that: - CA1 is rebuilt with new key - The compromise of CA1 and its new key has to be communicated with out-of-band means - CA1 cross certify CA2 (and other CA:s) using the new key - New cross certificates to CA1 has to be issued and published by other CA:s. Now all certificates issued by CA2 before the disaster of CA1 can be used and trusted. This since the disaster of CA1 didn't destroy CA2, just the link to CA2 from CA1. /Stefan At 01:32 PM 9/21/98 -0400, Al Arsenault wrote: >Stefan, > > Thanks for your comments. Responses in line (Sean can make changes to the >draft as appropriate). > > >At 04:19 PM 9/21/98 +0200, Stefan Santesson wrote: >>Al, >> >>I finally got time to look a little bit deeper into the roadmap document. >>I think it is very well formed but I have some minor disagreements. >> >>1) Concerning definition and use of the term Root CA >>2) Result from CA compromise >>3) Use of certificates. >> >>1 - Root CA >>--------- >>Definition and use of the term Root CA in sections 2, 3.4.5 and 5.1.2 gives >>the impression that Root CA is at the top of some hierarchy. >> >>This does not seem to harmonize with the definition of root CA in >>"Certificate Management Protocols" >> >> "We use the term "root CA" to indicate a CA that is directly trusted by >> an end entity; that is, securely acquiring the value of a root CA public >> key requires some out-of-band step(s). This term is not meant to imply >> that a root CA is necessarily at the top of any hierarchy, simply that >> the CA in question is trusted directly." >> >>So in fact every CA in a domain is likely to be "root" for some of its >>subscribers. >>I personally prefer the rem "Top CA" when describing a hierarchy. >> > >You are correct; I was using the term "rootCA" to indicate the top of a >hierarchy (possibly, a hierarchy of depth one - two counting the end >entity). That is inconsistent with CMP. We'll have to resolve that. I >personally prefer using the term "rootCA" to mean the top of a hierarchy, >and "trust anchor" to mean the CA that the end-entity directly trusts. But >we'll figure out something - "topCA" is probably feasible for now. > > >> >>2 - CA compromise >>------------------ >>In section 3.4.5 it is said that compromise of a root CA is always >>catastrophic and that the entire infrastructure subordinate to that root CA >>has to be dismantled and started over again. This gives the impression that >>a subordinate CA has to be dismatled. >> >>My comment is that >>a) Since the rootCA does not denote any hierarchy we can't define which CA >>that is subordinate or not to a specific root CA >>b) A compromised CA does only require that particular CA to be dismantled. >>No other non-compromised CA has to be dismantled. Other CA:s has to revoke >>cross certificates to th compromised CA and all subscribers using the >>compromised CA as root CA, are totally cut off until they get another >>rootCA key, but that's another aspect. >> > >Your comment (a) is correct, given the different meaning of "rootCA" that I >didn't catch earlier. However, I disagree with part of your comment (b). >That to me goes to the heart of a "CA Certificate" vs. a >"Cross-certificate". > >Suppose that CA2 has no self-signed certificates (it might have a >self-issued certificate for key management, but that's not relevant at this >point). CA2's CA certificate is issued and signed by CA1. Thus, CA2 is >subordinate to CA1. Now, if CA1's private key is compromised, then CA2 >must be "dismantled". That is, there is no reliable way for an outside >entity to know whether CA2's cert was legitimately issued prior to the >compromise of CA1's key, or whether CA2's cert was signed by the malicious >party now holding the copy of CA1's private key. The only thing you can do >is kill CA2 and start over with a new cert issued by the new, re-installed >CA1. (Not to mention the mechanical problem of constructing a valid cert >path going through CA2 to the valid CA1:-). Of course, "dismantling" is a >strong word; you'd have to rebuild CA1 with a new key, and sign a new >certificate for CA2 using the new, un-compromised key. You wouldn't >necessarily need to erase CA2's database, train new people, buy a new >hardware platform, etc. :-) > >With a cross-certificate, as you point out, there's no need to do anything >over than revoke the cross-cert CA2 has issued for CA1 (if there is one). > > >>3 - Certificate usage >>--------------------- >>Section 3.1 states that: >>"Certificates is used in the process of validating signed data." >>This definition is leaving out any use for the purpose of encryption. I.e. >>data encryption, key agreement and key exchange. >> > >Agreed. > > > Al Arsenault > >- the above opinions are my own. They may or may not reflect the opinions >of my employer or of any other organization with which I have a relationship. > > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA29811 for ietf-pkix-bks; Mon, 21 Sep 1998 10:30:40 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA29807 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 10:30:39 -0700 (PDT) Received: from intern_pc ([209.172.119.112]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id KAA06046; Mon, 21 Sep 1998 10:35:08 -0700 (PDT) Message-Id: <3.0.6.32.19980921133257.009044e0@mail.spyrus.com> X-Sender: aarsenault@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Mon, 21 Sep 1998 13:32:57 -0400 To: Stefan Santesson <stefan@accurata.se>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Al Arsenault <aarsenault@spyrus.com> Subject: Re: PKIX Roadmap In-Reply-To: <3.0.32.19980921161854.00a71640@m1.403.telia.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan, Thanks for your comments. Responses in line (Sean can make changes to the draft as appropriate). At 04:19 PM 9/21/98 +0200, Stefan Santesson wrote: >Al, > >I finally got time to look a little bit deeper into the roadmap document. >I think it is very well formed but I have some minor disagreements. > >1) Concerning definition and use of the term Root CA >2) Result from CA compromise >3) Use of certificates. > >1 - Root CA >--------- >Definition and use of the term Root CA in sections 2, 3.4.5 and 5.1.2 gives >the impression that Root CA is at the top of some hierarchy. > >This does not seem to harmonize with the definition of root CA in >"Certificate Management Protocols" > > "We use the term "root CA" to indicate a CA that is directly trusted by > an end entity; that is, securely acquiring the value of a root CA public > key requires some out-of-band step(s). This term is not meant to imply > that a root CA is necessarily at the top of any hierarchy, simply that > the CA in question is trusted directly." > >So in fact every CA in a domain is likely to be "root" for some of its >subscribers. >I personally prefer the rem "Top CA" when describing a hierarchy. > You are correct; I was using the term "rootCA" to indicate the top of a hierarchy (possibly, a hierarchy of depth one - two counting the end entity). That is inconsistent with CMP. We'll have to resolve that. I personally prefer using the term "rootCA" to mean the top of a hierarchy, and "trust anchor" to mean the CA that the end-entity directly trusts. But we'll figure out something - "topCA" is probably feasible for now. > >2 - CA compromise >------------------ >In section 3.4.5 it is said that compromise of a root CA is always >catastrophic and that the entire infrastructure subordinate to that root CA >has to be dismantled and started over again. This gives the impression that >a subordinate CA has to be dismatled. > >My comment is that >a) Since the rootCA does not denote any hierarchy we can't define which CA >that is subordinate or not to a specific root CA >b) A compromised CA does only require that particular CA to be dismantled. >No other non-compromised CA has to be dismantled. Other CA:s has to revoke >cross certificates to th compromised CA and all subscribers using the >compromised CA as root CA, are totally cut off until they get another >rootCA key, but that's another aspect. > Your comment (a) is correct, given the different meaning of "rootCA" that I didn't catch earlier. However, I disagree with part of your comment (b). That to me goes to the heart of a "CA Certificate" vs. a "Cross-certificate". Suppose that CA2 has no self-signed certificates (it might have a self-issued certificate for key management, but that's not relevant at this point). CA2's CA certificate is issued and signed by CA1. Thus, CA2 is subordinate to CA1. Now, if CA1's private key is compromised, then CA2 must be "dismantled". That is, there is no reliable way for an outside entity to know whether CA2's cert was legitimately issued prior to the compromise of CA1's key, or whether CA2's cert was signed by the malicious party now holding the copy of CA1's private key. The only thing you can do is kill CA2 and start over with a new cert issued by the new, re-installed CA1. (Not to mention the mechanical problem of constructing a valid cert path going through CA2 to the valid CA1:-). Of course, "dismantling" is a strong word; you'd have to rebuild CA1 with a new key, and sign a new certificate for CA2 using the new, un-compromised key. You wouldn't necessarily need to erase CA2's database, train new people, buy a new hardware platform, etc. :-) With a cross-certificate, as you point out, there's no need to do anything over than revoke the cross-cert CA2 has issued for CA1 (if there is one). >3 - Certificate usage >--------------------- >Section 3.1 states that: >"Certificates is used in the process of validating signed data." >This definition is leaving out any use for the purpose of encryption. I.e. >data encryption, key agreement and key exchange. > Agreed. Al Arsenault - the above opinions are my own. They may or may not reflect the opinions of my employer or of any other organization with which I have a relationship. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA29336 for ietf-pkix-bks; Mon, 21 Sep 1998 09:17:24 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA29332 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 09:17:22 -0700 (PDT) Received: from [128.33.238.151] (TC151.BBN.COM [128.33.238.151]) by po1.bbn.com (8.8.6/8.8.6) with ESMTP id MAA05250 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 12:23:14 -0400 (EDT) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="============_-1305727475==_ma============" X-Sender: kent@po1.bbn.com Message-Id: <v04011701b22c2cbc4e8e@[128.33.238.151]> Date: Mon, 21 Sep 1998 12:20:00 -0400 To: ietf-pkix@imc.org From: Stephen Kent <kent@bbn.com> Subject: meeting minutes Sender: owner-ietf-pkix@imc.org Precedence: bulk --============_-1305727475==_ma============ Content-Type: text/plain; charset="us-ascii" Folks, I apologize for not having mailed these sooner, for review. They were done by Friday, of IETF week, but then got lost in an avalanche of travel and e-mail. Please review and respond to me with corrections by the end of this week. Thanks, Steve ----------------------- PKIX WG Meeting Minutes 8/26-27/98 The PKIX WG met twice during the 42nd IETF and a approximately 190 individuals participated in these meetings. The meeting began with a review of the status of all of the WG document, presented by Warwick Ford, WG co-chair. The following text summarizes the status of the documents: PKIX Certificate/CRL Profile (draft-ietf-pkix-ipki-part1-09.txt) - IESG Last Call KEA Algorithm Profile (draft-ietf-pkix-ipki-kea-02.txt) - Close to completion by Editors HTTP/FTP Operations (draft-ietf-pkix-opp-ftp-http-04.txt) - Ready for WG last call LDAP V2 Profile (March 98 draft)- At IESG, pending WG delivery of V2 Schema LDAP V2 Schema (draft-ietf-pkix-ldapv2-schema-01.txt) - In WG last call OCSP (draft-ietf-pkix-ocsp-05.txt) - In WG last call CMP (draft-ietf-pkix-ipki3cmp-08.txt) and CRMF (draft-ietf-pkix-crmf-01.txt) - In hands of IESG; pending IESG last call CMMF (draft-ietf-pkix-cmmf-02.txt) and CMC (draft-ietf-pkix-cmc-01.txt) - In WG last call Certificate Policy/Practices Guideline (draft-ietf-pkix-ipki-part4-03.txt) - In SA Director's hands, pending publication as Informational RFC REVIEWS OF ESTABLISHED PROJECTS: - PKIX Certificate and CRL Profile (Tim Polk) Ready for IESG ballot, after receipt of minor editorial comments during IETF last call. Straw polls used to resolve last few contentious issues, specifically mandating use of DNs for all Issuers, and mandating use of strict subtrees for the NameConstraints extension. Jeff Schiller noted that the IETF web site has pointers to the Entrust license required for inclusion of CRL distribution point within this document. The license is easy to execute; there is a reciprocity clause that requires licensing to Entrust any intellectual property associated with CRL distribution, as a side effect of - KEA and ECDS Algorithms (Tim Polk) Work on these algorithm IDs continues, subject to resolution of some intellectual property issues. - LDAP V2 Schema and Profile (Tim Moses, Dave Horvath, Santosh Chokhani) Most of the schema are not controversial; outstanding issues is whether all CA certificates should appear in the cross certificate directory attribute, or whether certificates that are internal to a domain should appear in the CA certificate attribute. There is consensus that any self-signed CA certificates belong in the latter attribute. The disagreement here revolves around alternative certificate validation algorithms; both approaches have been implemented and both work, each favoring a different PKI model. The CA certificate attribute has been a feature of X.509 for a long while, so the proposal to move all (non- self-signed) CA certificates to the cross CA certificate attribute represents a non-backward compatible change for systems not making use of cross certificates. Still, this is the direction currently being pursued by the X.509 committee in resolving this ambiguity in the original standard. Performance analysis of 6 different approaches, under varying assumptions of PKI models, shows that putting all (non-self signed) CA certificates in the cross certificate attribute results in worse performance. We can make a decision now to get this long overdue schema out, or postpone and discuss more (since this is a newly discovered issue). (Although this discussion is taking place in the context of LDAP v2, the same issue arises in LDAP v3. However, v3 has better filtering capabilities and this it is believed that the issue would be less of a concern, but this is not universally agreed upon.) Work on LDAP v3 is progressing in the IETF, and so if we postpone action on this ID, it may be OBE and we will need to focus on v3 instead. Proposed compromise approach is to duplicate intra-domain CA certificates in both attributes (#4 in Santosh's analysis posted to the WG list), and which has very good overall performance. One objection raised to this is that it can result in added data sent back if one retrieves both attribute contents. Straw poll conducted resulted on no clear winner, but the two finalists are the proposed compromise and the older, backward compatible approach; the WG rejected the proposal from the current LDAP schema. - OCSP (Tim Myers and Ambrish Malpani) Various minor, but technically important, edits to many parts of the document, in response to comments from the WG list. Changes included a uniform key identifier, optional use of TLS/SSL for privacy protection of exchanges, etc. An objection was raised to mandating use of a signature, when a lower layer protocol might be used to provide security. A straw poll overwhelmingly supported the mandatory use of signatures of in OCSP. Thus there appears to be no outstanding significant technical issues at this time. A separate OCSP response extensions document will be created to define additional responses - CMP and CRMF In IESG last call. No further status to report. - CMMF and CMC (Mike Myers) The CMMF draft has completed WG last call, minor changes have been made in response to comments received during last call, it and will be forwarded to the IESG. CMC also has completed WG last call, and undergone changes in response to comments received during that process. Pending approval of secure initialization issues briefed at this meeting, the document will be forwarded to the IESG. The secure initialization requirements for CMC include use of a shared secret in a keyed hash calculation, with this secret distributed via a confidentiality-secure channel. However, objections were raised to defining this as the only way to achieve secure initialization, e.g., as opposed to use of SecurID cards or S-KEY authentication in the context of an integrity and confidentiality secure channel. It seems likely that additional mechanisms should be allowed, but there is a desire to avoid an explosion of allowed user authentication techniques, which would hinder interoperability or greatly burden CA software. This issue will be brought to the list for resolution. - IBM PKIX Software Distribution (Charlie Kaufman) IBM is implementing PKIX technology and making it available for use in products, as well as in R&D environments. Code is a mix of C++ software plus Java GUIs. Provided facilities include CMP, CRMF, LDAP, basic CA and RA functions, and client certificate processing. No crypto is included in the distribution; the software makes calls to a CAPI. The first release relies on the Cylink cyrpto toolkit, which also will be available via this web site; later version will also make use of BSAFE. Initial distribution is via an MIT web site and is not exportable. A pointer for a mailing list was provided: imc-pfi@imc.org. NEW TOPICS: - Timestamp & Notary proposals (Carlisle Adams) Several folks continuing work on these topics and have published an independent draft on these topics. The authors received a fair amount of private feedback, and hope to be able to bring forward a well-formed proposal. Jeff Schiller gave his permission to bring this into the WG, based on the WG having made substantial progress on the other work items. Thus we will expand the charter to encompass these topics. - Web-based Integrated CA services Protocol (Mine Sakurai) This presentation describes use of HTTP as an underlying communication protocol among CAs, RAs, etc. The underlying model also defines issuing, validation, and publishing authority modules within the CA. ICAP has been implemented for use with S/MIME in a medical information system in Japan. An I-D has been published describing ICAP: draft-ietf-????. It was noted that the acronym "ICAP" is already in use by a calendar protocol, so another protocol acronym would be appropriate. - Enhanced CRL Distribution Options (Phillip Hallam-Baker & Warwick Ford) There is an I-D describing alternatives CRL distribution technique, which was developed in response to the intellectual property problem that temporarily prevented use of the CRL distribution point mechanism. The CRL format can be extended to specify the scope of the CRL, e.g., by serial number range, as an alternative to placing the pointer in the certificate. To address the CRL location aspect of CRL distribution points, one also can establish CRL managers that are either locally trusted or that represent a separate CRL distribution channel, perhaps serving multiple CAs. By adding two new CRL extensions, one can extend the CRL distribution model in interesting new ways. These suggestions are being forwarded to ISO for consideration. See the latest I-D, under the PKIX, for more details. - PKIX Roadmap (Al Arsenault) The set of PKIX documents has become rather large and potentially confusing. An outline was presented as a basis for a document that would become an informational RFC, to help explain the relationships among these documents, and to other efforts, e.g., SPKI. An initial draft is ready and will be made available immediately after this IETF meeting. - Qualified Certificates (Stefan Santesson) In EC a legal framework for "qualified certificates" is being developed, referring to individual certificates that will be accepted for legally binding, international transactions, and with legal liability implications for the CAs issuing such certificates. (These certificates are used only for non-repudiation.) It is analogous to some of the work under UNICTRAL for EDI. For PKIX, the potential work item would be a profile for such certificates, specifying which extensions are mandatory and optional, establishing values and semantics for some of the extensions. For example, one might mandate use of the policy extension with a specific value to identify such certificates, with policy qualifiers to express additional characteristics of policy variants, appropriate key usage flags, naming schema constraints, etc. --============_-1305727475==_ma============ Content-Type: text/enriched; charset="us-ascii" Folks, I apologize for not having mailed these sooner, for review. They were done by Friday, of IETF week, but then got lost in an avalanche of travel and e-mail. Please review and respond to me with corrections by the end of this week. Thanks, Steve ----------------------- <fontfamily><param>Times</param><bigger><bigger>PKIX WG Meeting Minutes 8/26-27/98 The PKIX WG met twice during the 42nd IETF and a approximately 190 individuals participated in these meetings. The meeting began with a review of the status of all of the WG document, presented by Warwick Ford, WG co-chair. The following text summarizes the status of the documents: PKIX Certificate/CRL Profile (draft-ietf-pkix-ipki-part1-09.txt) - IESG Last Call KEA Algorithm Profile (draft-ietf-pkix-ipki-kea-02.txt) - Close to completion by Editors HTTP/FTP Operations (draft-ietf-pkix-opp-ftp-http-04.txt) - Ready for WG last call LDAP V2 Profile (March 98 draft)- At IESG, pending WG delivery of V2 Schema LDAP V2 Schema (draft-ietf-pkix-ldapv2-schema-01.txt) - In WG last call OCSP (draft-ietf-pkix-ocsp-05.txt) - In WG last call CMP (draft-ietf-pkix-ipki3cmp-08.txt) and CRMF (draft-ietf-pkix-crmf-01.txt) - In hands of IESG; pending IESG last call CMMF (draft-ietf-pkix-cmmf-02.txt) and CMC (draft-ietf-pkix-cmc-01.txt) - In WG last call Certificate Policy/Practices Guideline (draft-ietf-pkix-ipki-part4-03.txt) - In SA Director's hands, pending publication as Informational RFC REVIEWS OF ESTABLISHED PROJECTS: - PKIX Certificate and CRL Profile (Tim Polk) Ready for IESG ballot, after receipt of minor editorial comments during IETF last call. Straw polls used to resolve last few contentious issues, specifically mandating use of DNs for all Issuers, and mandating use of strict subtrees for the NameConstraints extension. Jeff Schiller noted that the IETF web site has pointers to the Entrust license required for inclusion of CRL distribution point within this document. The license is easy to execute; there is a reciprocity clause that requires licensing to Entrust any intellectual property associated with CRL distribution, as a side effect of - KEA and ECDS Algorithms (Tim Polk) Work on these algorithm IDs continues, subject to resolution of some intellectual property issues. - LDAP V2 Schema and Profile (Tim Moses, Dave Horvath, Santosh Chokhani) Most of the schema are not controversial; outstanding issues is whether all CA certificates should appear in the cross certificate directory attribute, or whether certificates that are internal to a domain should appear in the CA certificate attribute. There is consensus that any self-signed CA certificates belong in the latter attribute. The disagreement here revolves around alternative certificate validation algorithms; both approaches have been implemented and both work, each favoring a different PKI model. The CA certificate attribute has been a feature of X.509 for a long while, so the proposal to move all (non- self-signed) CA certificates to the cross CA certificate attribute represents a non-backward compatible change for systems not making use of cross certificates. Still, this is the direction currently being pursued by the X.509 committee in resolving this ambiguity in the original standard. Performance analysis of 6 different approaches, under varying assumptions of PKI models, shows that putting all (non-self signed) CA certificates in the cross certificate attribute results in worse performance. We can make a decision now to get this long overdue schema out, or postpone and discuss more (since this is a newly discovered issue). (Although this discussion is taking place in the context of LDAP v2, the same issue arises in LDAP v3. However, v3 has better filtering capabilities and this it is believed that the issue would be less of a concern, but this is not universally agreed upon.) Work on LDAP v3 is progressing in the IETF, and so if we postpone action on this ID, it may be OBE and we will need to focus on v3 instead. Proposed compromise approach is to duplicate intra-domain CA certificates in both attributes (#4 in Santosh's analysis posted to the WG list), and which has very good overall performance. One objection raised to this is that it can result in added data sent back if one retrieves both attribute contents. Straw poll conducted resulted on no clear winner, but the two finalists are the proposed compromise and the older, backward compatible approach; the WG rejected the proposal from the current LDAP schema. - OCSP (Tim Myers and Ambrish Malpani) Various minor, but technically important, edits to many parts of the document, in response to comments from the WG list. Changes included a uniform key identifier, optional use of TLS/SSL for privacy protection of exchanges, etc. An objection was raised to mandating use of a signature, when a lower layer protocol might be used to provide security. A straw poll overwhelmingly supported the mandatory use of signatures of in OCSP. Thus there appears to be no outstanding significant technical issues at this time. A separate OCSP response extensions document will be created to define additional responses - CMP and CRMF In IESG last call. No further status to report. - CMMF and CMC (Mike Myers) The CMMF draft has completed WG last call, minor changes have been made in response to comments received during last call, it and will be forwarded to the IESG. CMC also has completed WG last call, and undergone changes in response to comments received during that process. Pending approval of secure initialization issues briefed at this meeting, the document will be forwarded to the IESG. The secure initialization requirements for CMC include use of a shared secret in a keyed hash calculation, with this secret distributed via a confidentiality-secure channel. However, objections were raised to defining this as the only way to achieve secure initialization, e.g., as opposed to use of SecurID cards or S-KEY authentication in the context of an integrity and confidentiality secure channel. It seems likely that additional mechanisms should be allowed, but there is a desire to avoid an explosion of allowed user authentication techniques, which would hinder interoperability or greatly burden CA software. This issue will be brought to the list for resolution. - IBM PKIX Software Distribution (Charlie Kaufman) IBM is implementing PKIX technology and making it available for use in products, as well as in R&D environments. Code is a mix of C++ software plus Java GUIs. Provided facilities include CMP, CRMF, LDAP, basic CA and RA functions, and client certificate processing. No crypto is included in the distribution; the software makes calls to a CAPI. The first release relies on the Cylink cyrpto toolkit, which also will be available via this web site; later version will also make use of BSAFE. Initial distribution is via an MIT web site and is not exportable. A pointer for a mailing list was provided: imc-pfi@imc.org. NEW TOPICS: - Timestamp & Notary proposals (Carlisle Adams) Several folks continuing work on these topics and have published an independent draft on these topics. The authors received a fair amount of private feedback, and hope to be able to bring forward a well-formed proposal. Jeff Schiller gave his permission to bring this into the WG, based on the WG having made substantial progress on the other work items. Thus we will expand the charter to encompass these topics. - Web-based Integrated CA services Protocol (Mine Sakurai) This presentation describes use of HTTP as an underlying communication protocol among CAs, RAs, etc. The underlying model also defines issuing, validation, and publishing authority modules within the CA. ICAP has been implemented for use with S/MIME in a medical information system in Japan. An I-D has been published describing ICAP: draft-ietf-????. It was noted that the acronym "ICAP" is already in use by a calendar protocol, so another protocol acronym would be appropriate. - Enhanced CRL Distribution Options (Phillip Hallam-Baker & Warwick Ford) There is an I-D describing alternatives CRL distribution technique, which was developed in response to the intellectual property problem that temporarily prevented use of the CRL distribution point mechanism. The CRL format can be extended to specify the scope of the CRL, e.g., by serial number range, as an alternative to placing the pointer in the certificate. To address the CRL location aspect of CRL distribution points, one also can establish CRL managers that are either locally trusted or that represent a separate CRL distribution channel, perhaps serving multiple CAs. By adding two new CRL extensions, one can extend the CRL distribution model in interesting new ways. These suggestions are being forwarded to ISO for consideration. See the latest I-D, under the PKIX, for more details. - PKIX Roadmap (Al Arsenault) The set of PKIX documents has become rather large and potentially confusing. An outline was presented as a basis for a document that would become an informational RFC, to help explain the relationships among these documents, and to other efforts, e.g., SPKI. An initial draft is ready and will be made available immediately after this IETF meeting. - Qualified Certificates (Stefan Santesson) In EC a legal framework for "qualified certificates" is being developed, referring to individual certificates that will be accepted for legally binding, international transactions, and with legal liability implications for the CAs issuing such certificates. (These certificates are used only for non-repudiation.) It is analogous to some of the work under UNICTRAL for EDI. For PKIX, the potential work item would be a profile for such certificates, specifying which extensions are mandatory and optional, establishing values and semantics for some of the extensions. For example, one might mandate use of the policy extension with a specific value to identify such certificates, with policy qualifiers to express additional characteristics of policy variants, appropriate key usage flags, naming schema constraints, etc. </bigger></bigger></fontfamily> --============_-1305727475==_ma============-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA28710 for ietf-pkix-bks; Mon, 21 Sep 1998 07:34:25 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA28706 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 07:34:21 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id QAA11344; Mon, 21 Sep 1998 16:40:31 +0200 (CEST) Received: from stefans (t4o68p96.telia.com [62.20.139.216]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id QAA06265; Mon, 21 Sep 1998 16:22:11 +0200 (CEST) Message-Id: <3.0.32.19980921161854.00a71640@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 21 Sep 1998 16:19:49 +0200 To: Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, "Arsenault, Al W." <awarsen@missi.ncsc.mil> From: Stefan Santesson <stefan@accurata.se> Subject: Re: PKIX Roadmap Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA28707 Sender: owner-ietf-pkix@imc.org Precedence: bulk Al, I finally got time to look a little bit deeper into the roadmap document. I think it is very well formed but I have some minor disagreements. 1) Concerning definition and use of the term Root CA 2) Result from CA compromise 3) Use of certificates. 1 - Root CA --------- Definition and use of the term Root CA in sections 2, 3.4.5 and 5.1.2 gives the impression that Root CA is at the top of some hierarchy. This does not seem to harmonize with the definition of root CA in "Certificate Management Protocols" "We use the term "root CA" to indicate a CA that is directly trusted by an end entity; that is, securely acquiring the value of a root CA public key requires some out-of-band step(s). This term is not meant to imply that a root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly." So in fact every CA in a domain is likely to be "root" for some of its subscribers. I personally prefer the rem "Top CA" when describing a hierarchy. 2 - CA compromise ------------------ In section 3.4.5 it is said that compromise of a root CA is always catastrophic and that the entire infrastructure subordinate to that root CA has to be dismantled and started over again. This gives the impression that a subordinate CA has to be dismatled. My comment is that a) Since the rootCA does not denote any hierarchy we can't define which CA that is subordinate or not to a specific root CA b) A compromised CA does only require that particular CA to be dismantled. No other non-compromised CA has to be dismantled. Other CA:s has to revoke cross certificates to th compromised CA and all subscribers using the compromised CA as root CA, are totally cut off until they get another rootCA key, but that's another aspect. 3 - Certificate usage --------------------- Section 3.1 states that: "Certificates is used in the process of validating signed data." This definition is leaving out any use for the purpose of encryption. I.e. data encryption, key agreement and key exchange. Regards /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA22403 for ietf-pkix-bks; Mon, 21 Sep 1998 00:38:25 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA22390 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 00:36:58 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id JAA17478; Mon, 21 Sep 1998 09:18:26 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id JAA16740; Mon, 21 Sep 1998 09:18:25 +0200 (DFT) Message-ID: <36067C64.DE008EBB@bull.net> Date: Mon, 21 Sep 1998 09:18:44 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Anders Rundgren <anders.rundgren@jaybis.com> CC: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: OCSP - Public Key Dstribution References: <01BDE484.F1DA1820@HYDRA> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Anders Rundgren a écrit: > Salut Denis, This sounds a little bit familiar to me. :-( Please do not mix French and English. > Pardon my ignorance but does a returned issuerKeyHash give you the > possibility to verify a certificate signature *after* its status has been checked? Yes. > Don't you need the original (unhashed) issuer public key to to that? You can get it after the OCSP request. > I.e. does this enhanced OCSP draft essentially support my suggested OCSP++ > (previously I called it OCVP) system *without* requiring extensions? That would be > just fantastic! I took a look at the URL address you are providing. Since the description is pretty short, it is hard to answer your question. However the text says "an easy-to-use system for checking status and validity of a certificate." In this version of OCSP, there is no intent for checking the validity of the certificate but only its revocation/on-hold status. Checking the status would be far more complicated and controversial. Denis > http://www.jaybis.com/specifications/pkix/ocsp.html > > Please enlighten me! > > Regards > Anders Rundgren > > ---------- > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > Sent: Saturday, September 19, 1998 02:15 > To: Andreas Berger > Cc: Peter Sylvester; ambarish@valicert.com; ietf-pkix@imc.org > Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt > > Andreas, > > I share your concerns. > > The current definition of CertId is as follows: > > CertID ::= SEQUENCE { > hashAlgorithm AlgorithmIdentifier, > issuerNameHash OCTET STRING, -- Hash of Issuer's DN > issuerKeyHash OCTET STRING, -- Hash of Issuers public > key > serialNumber CertificateSerialNumber } > > CertID is used both in the request and in the response. > I would suggest to change it to: > > CertID ::= SEQUENCE { > hashAlgorithm AlgorithmIdentifier, > issuerNameHash OCTET STRING, -- Hash of Issuer's DN > issuerKeyHash OCTET STRING OPTIONAL, -- Hash of > Issuers public key > serialNumber CertificateSerialNumber } > > making the issuerKeyHash optional. > > The issuerKeyHash would be optional for a request but mandatory for > a response. The rational is as follows: the requester needs "at > some time" to get the public key of the issuer in order to verify > the certificate. If we mandate that field to be always present > thent it must get it *before* the request to the OCSP server. If we > make it optional, then it may get it before or after the request to > the OCSP server. This gives some flexibility, without too many > options. > > The OCSP server should anyway have the Issuers public key and thus > its hash. The hash may allow the requester to disambigous some > responses in case of anonymity. > > Denis > > > I agree with this discussion and would like to add some thoughts: > > > > Peter Sylvester wrote: > > > > I actually think OCVP is a bigger thing than just making the hash > > > > of the issuer's PUBLIC key NULL. That whole topic should be > > > > addressed at one shot > > > > > > > I am *not* really talking about OCVP, I am talking about 'CertID', > > > a short way to identify a certificate. The syntax > > > for the identification should be flexible enough > > > > > > - not to require more than the original certificate in > > > order to construct the identification. > > The is a very good assumption. While the authority key *may* be > > available, it certainly isn´t always available. > > > > > - to allow identification of a certificate in a given context > > > ==> serial number for example or/and hash of cert > > The serial number is a little bit weaker but supported by other parts of > > X.509, PKIX and several mail protocols, using issuer/serial for > > identification of a certificate. So issuer/serial or > > issuer/certificate-hash look like valid combinations. It may be a good > > idea to be able add a subject public key hash if necessary. > > > > > - to allow the OCSP provider to find the source of > > > information provider. > > > ==> name of issuer may be necessary, hash of issuer name > > > may not be sufficient. > > So for identification of issuer we probably have a choice of issuer-name > > or issuer-hash, probably in combination with issuer-public-key or > > issuer-public-key-hash as an optional parameter. > > > > > - to ensure that the creator of the certificate really has > > > a copy of a cert. > > > ==> hash of cert for example, or serialnumber if authority > > > allocates them in a sparse way. > > > If we assume that the orginal version of OCSP where it was > > > possible to just have a cert did make sense, thus I do not > > > see why there is a need for the issuer public key extract > > > in the certID. At least it should be optional in some way. > > > > > > It seems useful to me to fix a syntax for CertID that > > > is sufficiently open for extensions without requiring > > > a new protocol version.. > > > > The removal of the certificate proper as a means to "identify" a > > certificate forced us to specify an extension to OCSP to do this > > (transport the certificate in the request - optional, or in the reply - > > optional). If the consensus is that OCSP should not be able to transport > > the certificate proper, I think we should at least open the possibility > > to transport a certitficate hash. > > > > That leads me back to the idea of making a lot of the identification > > parameters in "CertID" optional. But we will get serious > > interoperability issues. So either we build specific CertIDs with > > specific purposes in mind or we need some profiling (and probably a > > means for the responder to transport valid combinations back to the > > client). > > > > Andreas > > -- > > Fifty-three percent of Fortune 1000 executives think the > > Arch Deluxe is something that helps to run a computer. > > -- Jericho Communications > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA22389 for ietf-pkix-bks; Mon, 21 Sep 1998 00:36:51 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA22383 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 00:36:11 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id JAA09835; Mon, 21 Sep 1998 09:29:18 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id JAA15096; Mon, 21 Sep 1998 09:29:22 +0200 (DFT) Message-ID: <36067EF5.8F246720@bull.net> Date: Mon, 21 Sep 1998 09:29:41 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Michael Myers <mmyers@verisign.com> CC: ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <3.0.32.19980918180005.00920ee4@mail.verisign.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Michael, I first suggest that you re-read my last proposal from Friday which does not contradicts your rational but contradicts your conclusion. > All, > > The intent was to provide an alternative to CRLs. Following that model, > there's an underlying assumption that the end-entity is in possession of > the CA's certificate (as would be needed to validate the signature on a CRL.) Yes, the underlying assumption that the end-entity has to get the CA's public key or certificate. But, we should not make any assumption whether that information must be obtained BEFORE or AFTER the OCSP request. > OCSP never had a requirement to validate an end-entity certificate in the > absence of the CA certificate at the requestor end. It's not just a > requirement on syntax at the request. This would also imply path > validation logic on the server. The consensus has been conclusively > established that full certificate validation is beyond the scope of this > protocol. I strongly agree with your last sentence. > There's consequently no need to alter the request syntax. I respectfully disagree with your conclusion. Denis > Mike -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA04797 for ietf-pkix-bks; Sun, 20 Sep 1998 17:02:12 -0700 (PDT) Received: from typhoon.dstc.qut.edu.au (root@typhoon.dstc.qut.edu.au [131.181.71.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA04793 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 17:02:06 -0700 (PDT) Received: from dstc.qut.edu.au (tornado.dstc.qut.edu.au [131.181.71.3]) by typhoon.dstc.qut.edu.au (8.8.5/8.8.5) with ESMTP id KAA06232 for <ietf-pkix@imc.org>; Mon, 21 Sep 1998 10:08:18 +1000 (EST) Message-Id: <199809210008.KAA06232@typhoon.dstc.qut.edu.au> X-Mailer: exmh version 2.0.2 2/24/98 To: ietf-pkix@imc.org Subject: Re: Testing the ASN.1 in Part 1 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 21 Sep 1998 10:08:16 +1000 From: Dean Povey <povey@dstc.qut.edu.au> Sender: owner-ietf-pkix@imc.org Precedence: bulk Just another minor point: id-ad, id-ad-ocsp and id-ad-caIssuers are defined in both PKIX1Implicit88 and PKIX1Explicit88. -- Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla: Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/ Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit: Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA02905 for ietf-pkix-bks; Sun, 20 Sep 1998 10:35:53 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA02901 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 10:35:51 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id TAA10451; Sun, 20 Sep 1998 19:41:59 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id TAA02115; Sun, 20 Sep 1998 19:41:58 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id TAA18646; Sun, 20 Sep 1998 19:41:58 +0200 Date: Sun, 20 Sep 1998 19:41:58 +0200 Message-Id: <199809201741.TAA18646@emeriau.edelweb.fr> To: anders.rundgren@jaybis.com Subject: Re: OCSP - Public Key Dstribution Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk Anders, the proposal of Denis solves a different problem. It makes the syntax easier for the client, it doesn't require a field that may be unnecessary. An interpretation of OCSP or OCVP is independant of the syntax change. It is the interpretation of the RESULT that counts: - In OCSP you interprete 'good' as 'I have not information that it is NOT GOOD'. - in OCSP you would interprete 'unknown' as 'I know that this CA has never issued the CA, or I do not know the CA'. Denis' proposal makes the proposal more lightweight. You can even consider that an OCSP or OCVP does not need more than just a serial number (because it operated in a very restricted environment of just one CA), but well, the protocol should be able to cover a large range of applications. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA02899 for ietf-pkix-bks; Sun, 20 Sep 1998 10:35:23 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA02895 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 10:35:21 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id TAA10447; Sun, 20 Sep 1998 19:41:29 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id TAA02111; Sun, 20 Sep 1998 19:41:28 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id TAA18643; Sun, 20 Sep 1998 19:41:28 +0200 Date: Sun, 20 Sep 1998 19:41:28 +0200 Message-Id: <199809201741.TAA18643@emeriau.edelweb.fr> To: ietf-pkix@imc.org, mmyers@verisign.com Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Sender: owner-ietf-pkix@imc.org Precedence: bulk > All, You :-) , > > The intent was to provide an alternative to CRLs. Following that model, > there's an underlying assumption that the end-entity is in possession of > the CA's certificate (as would be needed to validate the signature on a CRL.) This is a description that is somewhat strange. What is an alternative to CRLs? Read part1 of pkix. An alternative is something that replace completely the usage of CRLs. CRLs by definition are one means to detect revoked certs, YOUR intention was to have just access to a remotely manged CRL. There has been a lot of discussion that OCSP is a service that allows what it says in its definition, online status verification, and not just lookup of a remote CRL base. A lot of effort has been made to ensure that a minimal OCSP service can actually implemented using CRLs, otherwise one may have just used a certHash in the request, and not used the serial number. Anyway, an alternative has not a defined model, so what do we have to follow? And why is there any underlying model. This is NOT documented in OCSP, and the contrary seems to be indicated in pkix part 1. Splitting a local logic that looks into a list a CRLs into a client server protocol MAY require additional security (as it is mentioned in pkix part1). You MAY require that a request an a response to be signed by requestor and the responder sign the response. A server MAY require that the client proves in some way that it is actually in possession of a cert, or whatever else you can image. Or: CRLs are ONE way to obtain status information of certs OCSP is not a client server implemention of CRL lookup but a general mecanism to obtain status information about certificates, and it CAN be implemented using just CRLs on the server side but it is open to provide MORE service. > > OCSP never had a requirement to validate an end-entity certificate in the > absence of the CA certificate at the requestor end. It's not just a > requirement on syntax at the request. This would also imply path > validation logic on the server. The consensus has been conclusively > established that full certificate validation is beyond the scope of this > protocol. > The first version of the protocol allowed just to present a certificate in a request. Whether the client actually has the corresponding cert before or after the validation is left to the client. Denis proposal does not put any requirement for path validation on the server, on the contrary, The server otherwise tell: I know about ONE CA and it's public key hash is what I return in the response. It the request needs to contain a key hash, the server MUST validate the public key in order to return 'unknown' if it doesn't match. Thus, in some sense the actual text requires validation on the server, and Denis' proposal removes that requirement. The only TECHNICAL problem that can happen is that the server KNOWS about more than ONE certificate having the SAME serial number and the same CA name. In this case the server should return the status of all of them, and let the client decide. > There's consequently no need to alter the request syntax. You can always deduce everything from an empty or false premises. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA29413 for ietf-pkix-bks; Sun, 20 Sep 1998 01:54:00 -0700 (PDT) Received: from caesar.udac.se (caesar.udac.se [193.44.79.10]) by mail.proper.com (8.8.8/8.8.5) with SMTP id BAA29409 for <ietf-pkix@imc.org>; Sun, 20 Sep 1998 01:53:57 -0700 (PDT) Received: from HYDRA ([195.67.109.114]) by caesar.udac.se (8.7.3/NetworkC-1) with SMTP id KAA59705; Sun, 20 Sep 1998 10:59:56 +0200 Received: by HYDRA with Microsoft Mail id <01BDE484.F1DA1820@HYDRA>; Sun, 20 Sep 1998 10:53:48 +0200 Message-ID: <01BDE484.F1DA1820@HYDRA> From: Anders Rundgren <anders.rundgren@jaybis.com> To: "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: OCSP - Public Key Dstribution Date: Sun, 20 Sep 1998 10:53:46 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id BAA29410 Sender: owner-ietf-pkix@imc.org Precedence: bulk Salut Denis, Pardon my ignorance but does a returned issuerKeyHash give you the possibility to verify a certificate signature *after* its status has been checked? Don't you need the original (unhashed) issuer public key to to that? I.e. does this enhanced OCSP draft essentially support my suggested OCSP++ (previously I called it OCVP) system *without* requiring extensions? That would be just fantastic! http://www.jaybis.com/specifications/pkix/ocsp.html Please enlighten me! Regards Anders Rundgren ---------- From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] Sent: Saturday, September 19, 1998 02:15 To: Andreas Berger Cc: Peter Sylvester; ambarish@valicert.com; ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Andreas, I share your concerns. The current definition of CertId is as follows: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber } CertID is used both in the request and in the response. I would suggest to change it to: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING OPTIONAL, -- Hash of Issuers public key serialNumber CertificateSerialNumber } making the issuerKeyHash optional. The issuerKeyHash would be optional for a request but mandatory for a response. The rational is as follows: the requester needs "at some time" to get the public key of the issuer in order to verify the certificate. If we mandate that field to be always present thent it must get it *before* the request to the OCSP server. If we make it optional, then it may get it before or after the request to the OCSP server. This gives some flexibility, without too many options. The OCSP server should anyway have the Issuers public key and thus its hash. The hash may allow the requester to disambigous some responses in case of anonymity. Denis > I agree with this discussion and would like to add some thoughts: > > Peter Sylvester wrote: > > > I actually think OCVP is a bigger thing than just making the hash > > > of the issuer's PUBLIC key NULL. That whole topic should be > > > addressed at one shot > > > > > I am *not* really talking about OCVP, I am talking about 'CertID', > > a short way to identify a certificate. The syntax > > for the identification should be flexible enough > > > > - not to require more than the original certificate in > > order to construct the identification. > The is a very good assumption. While the authority key *may* be > available, it certainly isn´t always available. > > > - to allow identification of a certificate in a given context > > ==> serial number for example or/and hash of cert > The serial number is a little bit weaker but supported by other parts of > X.509, PKIX and several mail protocols, using issuer/serial for > identification of a certificate. So issuer/serial or > issuer/certificate-hash look like valid combinations. It may be a good > idea to be able add a subject public key hash if necessary. > > > - to allow the OCSP provider to find the source of > > information provider. > > ==> name of issuer may be necessary, hash of issuer name > > may not be sufficient. > So for identification of issuer we probably have a choice of issuer-name > or issuer-hash, probably in combination with issuer-public-key or > issuer-public-key-hash as an optional parameter. > > > - to ensure that the creator of the certificate really has > > a copy of a cert. > > ==> hash of cert for example, or serialnumber if authority > > allocates them in a sparse way. > > If we assume that the orginal version of OCSP where it was > > possible to just have a cert did make sense, thus I do not > > see why there is a need for the issuer public key extract > > in the certID. At least it should be optional in some way. > > > > It seems useful to me to fix a syntax for CertID that > > is sufficiently open for extensions without requiring > > a new protocol version.. > > The removal of the certificate proper as a means to "identify" a > certificate forced us to specify an extension to OCSP to do this > (transport the certificate in the request - optional, or in the reply - > optional). If the consensus is that OCSP should not be able to transport > the certificate proper, I think we should at least open the possibility > to transport a certitficate hash. > > That leads me back to the idea of making a lot of the identification > parameters in "CertID" optional. But we will get serious > interoperability issues. So either we build specific CertIDs with > specific purposes in mind or we need some profiling (and probably a > means for the responder to transport valid combinations back to the > client). > > Andreas > -- > Fifty-three percent of Fortune 1000 executives think the > Arch Deluxe is something that helps to run a computer. > -- Jericho Communications -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA21235 for ietf-pkix-bks; Sat, 19 Sep 1998 13:51:03 -0700 (PDT) Received: from cylink.com ([204.160.108.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA21231 for <ietf-pkix@imc.org>; Sat, 19 Sep 1998 13:51:02 -0700 (PDT) Received: by cylink.com (8.8.8/SMI-SVR4) id OAA07962; Sat, 19 Sep 1998 14:01:17 -0700 (PDT) Received: from cylink252.cylink.com(205.226.82.252) by enforcer.cylink.com via smap (V2.0) id xma007960; Sat, 19 Sep 98 14:00:57 -0700 Reply-To: <amit@netcom.com> From: "Amit Kapoor" <amit@netcom.com> To: "PKIX" <ietf-pkix@imc.org> Subject: Testing the ASN.1 in Part 1 Date: Sat, 19 Sep 1998 13:58:24 -0700 Message-ID: <001a01bde410$3dbd7cc0$0a01040a@mordor.cylink.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk The following two in PKIX1Implicit93 (and 88): DistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, cRLIssuer [2] GeneralNames OPTIONAL } DistributionPointName ::= CHOICE { fullName [0] GeneralNames, nameRelativeToCRLIssuer [1] RelativeDistinguishedName } Is the tagging correct for DistributionPointName in DistributionPoint considering the package is defined as IMPLICIT tagging? How will will the decoder know which one of the two DistributionPointName (GeneralNames | RelativeDistinguishedName) is represented by [0]? Similarly for IssuingDistPointSyntax. I recall a message from someone from OSS a while back on somewhat a similar subject but afraid could not locate it in the archives. Thanks. Amit Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA26882 for ietf-pkix-bks; Fri, 18 Sep 1998 17:54:41 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA26878 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 17:54:40 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id RAA13604; Fri, 18 Sep 1998 17:58:14 -0700 (PDT) Received: from mmyers-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id SAA11253; Fri, 18 Sep 1998 18:00:07 -0700 (PDT) Message-Id: <3.0.32.19980918180005.00920ee4@mail.verisign.com> X-Sender: mmyers@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 18 Sep 1998 18:00:08 -0700 To: ietf-pkix@imc.org From: Michael Myers <mmyers@verisign.com> Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk All, The intent was to provide an alternative to CRLs. Following that model, there's an underlying assumption that the end-entity is in possession of the CA's certificate (as would be needed to validate the signature on a CRL.) OCSP never had a requirement to validate an end-entity certificate in the absence of the CA certificate at the requestor end. It's not just a requirement on syntax at the request. This would also imply path validation logic on the server. The consensus has been conclusively established that full certificate validation is beyond the scope of this protocol. There's consequently no need to alter the request syntax. Mike Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA25592 for ietf-pkix-bks; Fri, 18 Sep 1998 14:33:09 -0700 (PDT) Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA25586 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 14:33:07 -0700 (PDT) Received: from catalyst (catalyst.llnl.gov [128.115.223.10]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2) with SMTP id OAA19912; Fri, 18 Sep 1998 14:39:10 -0700 (PDT) Message-Id: <3.0.3.32.19980918143811.00b1f6e0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 18 Sep 1998 14:38:11 -0700 To: "Flanigan, Bill" <flanigab@ncr.disa.mil>, ietf-pkix@imc.org From: Tony Bartoletti <azb@llnl.gov> Subject: RE: proposed text for attributes In-Reply-To: <5F21F6A15446D211B0730020484016A34A8DED@RBMAIL103> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 04:39 PM 9/18/98 -0400, Flanigan, Bill wrote: >Hmm. I'm starting to have a what-does-it really-say/mean problem with >things like the "may" word, the "local policy" words, and, in fact, the >wording of the entire paragraph on the cACertificate attribute. What >happened to the "shall" word, and what does "local policy" add in the way >clarification? > It's not what goes where (we seem to have rough consensus here), but >rather how to express this with minimal ambiguity and number of words. How >about a single sentence along the lines of "The cACertificate attribute of a >CA's directory entry shall be used to store self-issued certificates (if >any) and certificates issued to this CA by CAs in the same realm as this >CA"? Why not replace "realm" (or domain or scope) with what the word(s) intend. I take "CA's in the same realm/domain" to mean "CA's acting under a common authority-to-issue". Does this help? ___tony___ Tony Bartoletti LL SPI-NET GURU LL LL Computer Security Technology Center LL LL LL Lawrence Livermore National Lab LL LL LL PO Box 808, L - 303 LL LL LLLLLLLL Livermore, CA 94551-9900 LL LLLLLLLL email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA25057 for ietf-pkix-bks; Fri, 18 Sep 1998 13:29:40 -0700 (PDT) Received: from rbhub100.chamb.disa.mil (rbhub100.chamb.disa.mil [209.22.120.23]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA25053 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 13:29:39 -0700 (PDT) Received: by rbhub100.chamb.disa.mil with Internet Mail Service (5.5.2232.9) id <TDQTCBB7>; Fri, 18 Sep 1998 16:34:34 -0400 Message-ID: <5F21F6A15446D211B0730020484016A34A8DED@RBMAIL103> From: "Flanigan, Bill" <flanigab@ncr.disa.mil> To: ietf-pkix@imc.org Subject: RE: proposed text for attributes Date: Fri, 18 Sep 1998 16:39:58 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hmm. I'm starting to have a what-does-it really-say/mean problem with things like the "may" word, the "local policy" words, and, in fact, the wording of the entire paragraph on the cACertificate attribute. What happened to the "shall" word, and what does "local policy" add in the way clarification? It's not what goes where (we seem to have rough consensus here), but rather how to express this with minimal ambiguity and number of words. How about a single sentence along the lines of "The cACertificate attribute of a CA's directory entry shall be used to store self-issued certificates (if any) and certificates issued to this CA by CAs in the same realm as this CA"? Bill Flanigan %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% William F. Flanigan, Jr., Ph.D. Voice: (703) 681-2318 Defense Information Systems Agency Fax: (703) 681-2814 Information Assurance Engineering DSN: 761 5600 Columbia Pike, Room 632 Voice Mail: (703) 681-2318 Falls Church, VA 22041-2717 Internet: <flanigab@ncr.disa.mil> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > -----Original Message----- > From: Paul Hoffman / IMC [SMTP:phoffman@imc.org] > Sent: Friday, September 18, 1998 12:39 PM > To: ietf-pkix@imc.org > Subject: Re: proposed text for attributes > > >Unless there are any other objections to the wording, I'll get the draft > >revised with this wording and submitted by Monday. > > I'd like to echo David Kurn's concern that the wording with respect to the > cACertificate attribute of a CA's directory entry. If you don't define > "realm", > then there doesn't seem much point to saying that "some things that person > accessing the directory cannot determine will appear in the cACertificate > attribute". Why is that still in the spec if it's up to local policy to > decide > what to put there? > > Maybe better wording would be "The cACertificate attribute of a CA's > directory > entry may be populated with certificates defined by local policy" and > leave > the > rest of the paragraph out. > > > --Paul Hoffman, Director > --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA23955 for ietf-pkix-bks; Fri, 18 Sep 1998 11:09:14 -0700 (PDT) Received: from romulus.cs.ut.ee (jan@romulus.cs.ut.ee [193.40.5.125]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA23951 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 11:09:12 -0700 (PDT) Received: from localhost (jan@localhost) by romulus.cs.ut.ee (8.9.1/8.9.1/romulus-1.4) with SMTP id VAA13259 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 21:15:08 +0300 (EET DST) Date: Fri, 18 Sep 1998 21:15:06 +0300 ( ) From: Jan Willemson <jan@cs.ut.ee> To: ietf-pkix@imc.org Subject: Who uses what? Message-ID: <Pine.GSO.4.02A.9809182058590.12460-100000@romulus.cs.ut.ee> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Hello! Excuse me please for being yet-another-newbie and asking a newbie question. But this is the only way to get smart. I have been reading ietf-pkix drafts for some time and found a lot of proposed X.509 extensions. On the other hand there are many companies (Netscape etc) producing cert-software that uses (as I understand) some of these extensions and some extensions of their own. So - is there somewhere out there an overview of who uses what? I believe there is, but my webcrawling has not been able to find it yet. I would be grateful for all hints/links etc. Thank you:) Jan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA23493 for ietf-pkix-bks; Fri, 18 Sep 1998 10:23:23 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA23488; Fri, 18 Sep 1998 10:23:22 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id KAA15812; Fri, 18 Sep 1998 10:28:13 -0700 (PDT) Message-Id: <199809181728.KAA15812@spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.52 (Beta) Date: Fri, 18 Sep 1998 13:29:49 -0400 To: Dean Povey <povey@dstc.qut.edu.au> From: Russ Housley <housley@spyrus.com> Subject: Re: Testing the ASN.1 in Part 1 Cc: Paul Hoffman / IMC <phoffman@imc.org>, ietf-pkix@imc.org In-Reply-To: <199809180548.PAA24765@typhoon.dstc.qut.edu.au> References: <Your message of "Tue, 15 Sep 1998 14:29:01 +1000." <199809150429.OAA08287@typhoon.dstc.qut.edu.au> Mime-Version: 1.0 Content-Type: text/html; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk <html> You found a minor editorial error in the document, but not an ASN.1 error.<br> <br> For some reason, CertificatePolicies is defined here and where it should be.<br> <br> The two lines with '*' at the front should be deleted:<br> <br> <font face="Courier New, Courier"> id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }<br> <br> * CertificatePoliciesSyntax ::=<br> * SEQUENCE SIZE (1..MAX) OF PolicyInformation<br> <br> PolicyConstraints ::= SEQUENCE {<br> requireExplicitPolicy [0] SkipCerts OPTIONAL,<br> inhibitPolicyMapping [1] SkipCerts OPTIONAL }<br> <br> SkipCerts ::= INTEGER (0..MAX)<br> <br> <br> </font>Russ<br> <br> <br> <br> At 03:47 PM 9/18/98 +1000, Dean Povey wrote:<br> ><br> >><br> >><br> >>>Anyone who plans to get around to checking the ASN.1 after part 1 becomes<br> >>>an RFC: could you do it now instead? This would be a great help to us all.<br> >>>Thanks!<br> >>><br> ><br> >More bugs in PKIX1ImplictXX<br> ><br> >The ASN.1 for PolicyConstraints is incorrect. In both the 88 and 93 versions <br> >it is specified as a SEQUENCE SIZE(1..MAX) OF SEQUENCE { ... }. This is <br> >inconsistent with the X.509 definition and it also doesn't make any sense for <br> >it to be a SEQUENCE OF. The definition of PolicyConstraints should be:<br> ><br> >PolicyConstraints ::= SEQUENCE {<br> ><x-tab> </x-tab>requireExplicitPolicy<x-tab> </x-tab>[0] SkipCerts OPTIONAL,<br> ><x-tab> </x-tab>inhibitPolicyMapping<x-tab> </x-tab>[1] SkipCerts OPTIONAL }<br> ><br> >Also the authorityInfoAccess OID is missing in the 88 module, it should be:<br> ><br> >id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }<br> ><br> >More as I find 'em :-).<br> ><br> ><br> >-- <br> >Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla:<br> >Research Scientist | ph: +61 7 3864 5120 | <a href="http://www.cryptozilla.org/" eudora="autourl">www.cryptozilla.org/</a><br> >Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit:<br> >Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/<br> ><br> ><br> </html> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23017 for ietf-pkix-bks; Fri, 18 Sep 1998 09:33:46 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23013 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 09:33:45 -0700 (PDT) Message-Id: <199809181633.JAA23013@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.63 (Beta) Date: Fri, 18 Sep 1998 09:39:16 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: proposed text for attributes In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50AC9788@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk >Unless there are any other objections to the wording, I'll get the draft >revised with this wording and submitted by Monday. I'd like to echo David Kurn's concern that the wording with respect to the cACertificate attribute of a CA's directory entry. If you don't define "realm", then there doesn't seem much point to saying that "some things that person accessing the directory cannot determine will appear in the cACertificate attribute". Why is that still in the spec if it's up to local policy to decide what to put there? Maybe better wording would be "The cACertificate attribute of a CA's directory entry may be populated with certificates defined by local policy" and leave the rest of the paragraph out. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22573 for ietf-pkix-bks; Fri, 18 Sep 1998 08:40:12 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22569 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 08:40:10 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id RAA21236; Fri, 18 Sep 1998 17:41:08 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id RAA21071; Fri, 18 Sep 1998 17:41:07 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id RAA17885; Fri, 18 Sep 1998 17:41:07 +0200 Date: Fri, 18 Sep 1998 17:41:07 +0200 Message-Id: <199809181541.RAA17885@emeriau.edelweb.fr> To: aberger@darmstadt.gmd.de, Denis.Pinkas@bull.net Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Cc: ambarish@valicert.com, ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk I support the suggestion from Denis. I suggest that one adds an optional hash of the certificate. it MAY be returned by the OCSP server, and it MAY be requested by the OCSP server. one could use the now obsolete error code certrequired (rename it certhashrequired). Whenever a client actually has the cert I would expect that it always sets the certHash in the request, the OCSP server may remove the certHash in the response if the certHash value was not used in order for identification, e.g. when only the serialNumber was used. CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING OPTIONAL, -- Hash of Issuers public key serialNumber CertificateSerialNumber certHash OCTET STRING OPTIONAL, -- hash of the certificate. } Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22288 for ietf-pkix-bks; Fri, 18 Sep 1998 08:08:01 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22284 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 08:07:56 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id RAA16372; Fri, 18 Sep 1998 17:14:34 +0200 Received: from bull.net (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with ESMTP id RAA17286; Fri, 18 Sep 1998 17:14:27 +0200 (DFT) Message-ID: <3602F778.27E7C98D@bull.net> Date: Fri, 18 Sep 1998 17:14:48 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull X-Mailer: Mozilla 4.03 [fr] (Win16; I) MIME-Version: 1.0 To: Andreas Berger <aberger@darmstadt.gmd.de> CC: Peter Sylvester <Peter.Sylvester@edelweb.fr>, ambarish@valicert.com, ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <199809180856.KAA17797@emeriau.edelweb.fr> <360230B4.B31B53E8@darmstadt.gmd.de> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Andreas, I share your concerns. The current definition of CertId is as follows: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber } CertID is used both in the request and in the response. I would suggest to change it to: CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING OPTIONAL, -- Hash of Issuers public key serialNumber CertificateSerialNumber } making the issuerKeyHash optional. The issuerKeyHash would be optional for a request but mandatory for a response. The rational is as follows: the requester needs "at some time" to get the public key of the issuer in order to verify the certificate. If we mandate that field to be always present thent it must get it *before* the request to the OCSP server. If we make it optional, then it may get it before or after the request to the OCSP server. This gives some flexibility, without too many options. The OCSP server should anyway have the Issuers public key and thus its hash. The hash may allow the requester to disambigous some responses in case of anonymity. Denis > I agree with this discussion and would like to add some thoughts: > > Peter Sylvester wrote: > > > I actually think OCVP is a bigger thing than just making the hash > > > of the issuer's PUBLIC key NULL. That whole topic should be > > > addressed at one shot > > > > > I am *not* really talking about OCVP, I am talking about 'CertID', > > a short way to identify a certificate. The syntax > > for the identification should be flexible enough > > > > - not to require more than the original certificate in > > order to construct the identification. > The is a very good assumption. While the authority key *may* be > available, it certainly isn´t always available. > > > - to allow identification of a certificate in a given context > > ==> serial number for example or/and hash of cert > The serial number is a little bit weaker but supported by other parts of > X.509, PKIX and several mail protocols, using issuer/serial for > identification of a certificate. So issuer/serial or > issuer/certificate-hash look like valid combinations. It may be a good > idea to be able add a subject public key hash if necessary. > > > - to allow the OCSP provider to find the source of > > information provider. > > ==> name of issuer may be necessary, hash of issuer name > > may not be sufficient. > So for identification of issuer we probably have a choice of issuer-name > or issuer-hash, probably in combination with issuer-public-key or > issuer-public-key-hash as an optional parameter. > > > - to ensure that the creator of the certificate really has > > a copy of a cert. > > ==> hash of cert for example, or serialnumber if authority > > allocates them in a sparse way. > > If we assume that the orginal version of OCSP where it was > > possible to just have a cert did make sense, thus I do not > > see why there is a need for the issuer public key extract > > in the certID. At least it should be optional in some way. > > > > It seems useful to me to fix a syntax for CertID that > > is sufficiently open for extensions without requiring > > a new protocol version.. > > The removal of the certificate proper as a means to "identify" a > certificate forced us to specify an extension to OCSP to do this > (transport the certificate in the request - optional, or in the reply - > optional). If the consensus is that OCSP should not be able to transport > the certificate proper, I think we should at least open the possibility > to transport a certitficate hash. > > That leads me back to the idea of making a lot of the identification > parameters in "CertID" optional. But we will get serious > interoperability issues. So either we build specific CertIDs with > specific purposes in mind or we need some profiling (and probably a > means for the responder to transport valid combinations back to the > client). > > Andreas > -- > Fifty-three percent of Fortune 1000 executives think the > Arch Deluxe is something that helps to run a computer. > -- Jericho Communications -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA21046 for ietf-pkix-bks; Fri, 18 Sep 1998 05:00:00 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id EAA21042 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 04:59:58 -0700 (PDT) Received: id IAA04558; Fri, 18 Sep 1998 08:03:06 -0400 Received: by gateway id <S2S6Y5Z8>; Fri, 18 Sep 1998 07:59:50 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9788@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: proposed text for attributes Date: Fri, 18 Sep 1998 07:59:42 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh and I prefer the use of 'realm'. Scope, although not as bad as domain, also has some other meanings associated with it in the PKI area. Unless there are any other objections to the wording, I'll get the draft revised with this wording and submitted by Monday. I also will be submitting a new version of the LDAPv2 protocol profile, but this is only because the current draft expires this month. There are no changes to it and it passed last call back in January (for those who weren't following this list at that time, the IESG would not allow it to progress to RFC without this accompanying schema). Sharon ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA18545 for ietf-pkix-bks; Fri, 18 Sep 1998 03:02:10 -0700 (PDT) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA18541 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 03:02:07 -0700 (PDT) Received: from darmstadt.gmd.de (aberger@pc-turin [141.12.33.71]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id MAA27586; Fri, 18 Sep 1998 12:06:18 +0200 (MET DST) Message-ID: <360230B4.B31B53E8@darmstadt.gmd.de> Date: Fri, 18 Sep 1998 12:06:44 +0200 From: Andreas Berger <aberger@darmstadt.gmd.de> X-Mailer: Mozilla 4.05 [en] (X11; I; Linux 2.0.35 i586) MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ambarish@valicert.com, ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <199809180856.KAA17797@emeriau.edelweb.fr> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree with this discussion and would like to add some thoughts: Peter Sylvester wrote: > > I actually think OCVP is a bigger thing than just making the hash > > of the issuer's PUBLIC key NULL. That whole topic should be > > addressed at one shot > > > I am *not* really talking about OCVP, I am talking about 'CertID', > a short way to identify a certificate. The syntax > for the identification should be flexible enough > > - not to require more than the original certificate in > order to construct the identification. The is a very good assumption. While the authority key *may* be available, it certainly isn´t always available. > - to allow identification of a certificate in a given context > ==> serial number for example or/and hash of cert The serial number is a little bit weaker but supported by other parts of X.509, PKIX and several mail protocols, using issuer/serial for identification of a certificate. So issuer/serial or issuer/certificate-hash look like valid combinations. It may be a good idea to be able add a subject public key hash if necessary. > - to allow the OCSP provider to find the source of > information provider. > ==> name of issuer may be necessary, hash of issuer name > may not be sufficient. So for identification of issuer we probably have a choice of issuer-name or issuer-hash, probably in combination with issuer-public-key or issuer-public-key-hash as an optional parameter. > - to ensure that the creator of the certificate really has > a copy of a cert. > ==> hash of cert for example, or serialnumber if authority > allocates them in a sparse way. > If we assume that the orginal version of OCSP where it was > possible to just have a cert did make sense, thus I do not > see why there is a need for the issuer public key extract > in the certID. At least it should be optional in some way. > > It seems useful to me to fix a syntax for CertID that > is sufficiently open for extensions without requiring > a new protocol version.. The removal of the certificate proper as a means to "identify" a certificate forced us to specify an extension to OCSP to do this (transport the certificate in the request - optional, or in the reply - optional). If the consensus is that OCSP should not be able to transport the certificate proper, I think we should at least open the possibility to transport a certitficate hash. That leads me back to the idea of making a lot of the identification parameters in "CertID" optional. But we will get serious interoperability issues. So either we build specific CertIDs with specific purposes in mind or we need some profiling (and probably a means for the responder to transport valid combinations back to the client). Andreas -- Fifty-three percent of Fortune 1000 executives think the Arch Deluxe is something that helps to run a computer. -- Jericho Communications Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA18216 for ietf-pkix-bks; Fri, 18 Sep 1998 01:56:54 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA18212 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 01:56:53 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id LAA08690; Fri, 18 Sep 1998 11:02:54 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id LAA17532; Fri, 18 Sep 1998 11:02:54 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id LAA17802; Fri, 18 Sep 1998 11:02:53 +0200 Date: Fri, 18 Sep 1998 11:02:53 +0200 Message-Id: <199809180902.LAA17802@emeriau.edelweb.fr> To: ietf-pkix@imc.org, danjw1@pacbell.net Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Sender: owner-ietf-pkix@imc.org Precedence: bulk > I thought the issue with this was that in a case of a request where the > certificate was sent in place of the certID, a response could not be > formed unless the responder already had the issuer cert (or at least > knew its key hash). This has been dealt with, since request now must > have a certID for each requested cert. Was there some additional issue > I wasn't aware of? The original text provided to USE a certificate and nothing else to form a request. This is no longer possible. CertID in its current form cannot be used as a replacement for a certificate in the case where the client does not have the issuer cert. The syntax for CertID has not been discussed in the context where this is the ONLY way to identify a cert. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA18176 for ietf-pkix-bks; Fri, 18 Sep 1998 01:50:30 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA18171 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 01:50:27 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id KAA08440; Fri, 18 Sep 1998 10:56:25 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id KAA17394; Fri, 18 Sep 1998 10:56:24 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id KAA17797; Fri, 18 Sep 1998 10:56:24 +0200 Date: Fri, 18 Sep 1998 10:56:24 +0200 Message-Id: <199809180856.KAA17797@emeriau.edelweb.fr> To: ambarish@valicert.com Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk > > > > I actually think OCVP is a bigger thing than just making the hash > of the issuer's PUBLIC key NULL. That whole topic should be > addressed at one shot > I am *not* really talking about OCVP, I am talking about 'CertID', a short way to identify a certificate. The syntax for the identification should be flexible enough - not to require more than the original certificate in order to construct the identification. - to allow identification of a certificate in a given context ==> serial number for example or/and hash of cert - to allow the OCSP provider to find the source of information provider. ==> name of issuer may be necessary, hash of issuer name may not be sufficient. - to ensure that the creator of the certificate really has a copy of a cert. ==> hash of cert for example, or serialnumber if authority allocates them in a sparse way. If we assume that the orginal version of OCSP where it was possible to just have a cert did make sense, thus I do not see why there is a need for the issuer public key extract in the certID. At least it should be optional in some way. It seems useful to me to fix a syntax for CertID that is sufficiently open for extensions without requiring a new protocol version.. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA18121 for ietf-pkix-bks; Fri, 18 Sep 1998 01:43:45 -0700 (PDT) Received: from mail-gw.pacbell.net (mail-gw.pacbell.net [206.13.28.25]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA18117 for <ietf-pkix@imc.org>; Fri, 18 Sep 1998 01:43:44 -0700 (PDT) Received: from pacbell.net (ppp-206-170-3-162.okld03.pacbell.net [206.170.3.162]) by mail-gw.pacbell.net (8.8.8/8.7.1+antispam) with ESMTP id BAA19674; Fri, 18 Sep 1998 01:49:45 -0700 (PDT) Message-ID: <36021C9D.7B5FFABE@pacbell.net> Date: Fri, 18 Sep 1998 01:41:01 -0700 From: Dan Weinstein <danjw1@pacbell.net> X-Mailer: Mozilla 4.5b2 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org, Peter.Sylvester@edelweb.fr Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk >some remarks about the lastest OCSP draft: > >- It seems that the remarks about not knowing the public > key of an issuer are not addressed. > > It seems sufficient to ME to allow that the > hash of the issure private key MAY be a length 0 octet string, > something like that, or one might add the public > key of the OCSP responder instead. > > Thoughts? I thought the issue with this was that in a case of a request where the certificate was sent in place of the certID, a response could not be formed unless the responder already had the issuer cert (or at least knew its key hash). This has been dealt with, since request now must have a certID for each requested cert. Was there some additional issue I wasn't aware of? Dan Weinstein danjw1@pacbell.net Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id WAA07834 for ietf-pkix-bks; Thu, 17 Sep 1998 22:42:05 -0700 (PDT) Received: from typhoon.dstc.qut.edu.au (root@typhoon.dstc.qut.edu.au [131.181.71.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id WAA07821; Thu, 17 Sep 1998 22:42:01 -0700 (PDT) Received: from dstc.qut.edu.au (tornado.dstc.qut.edu.au [131.181.71.3]) by typhoon.dstc.qut.edu.au (8.8.5/8.8.5) with ESMTP id PAA24765; Fri, 18 Sep 1998 15:48:00 +1000 (EST) Message-Id: <199809180548.PAA24765@typhoon.dstc.qut.edu.au> X-Mailer: exmh version 2.0.2 2/24/98 cc: Paul Hoffman / IMC <phoffman@imc.org>, ietf-pkix@imc.org Subject: Re: Testing the ASN.1 in Part 1 In-reply-to: Your message of "Tue, 15 Sep 1998 14:29:01 +1000." <199809150429.OAA08287@typhoon.dstc.qut.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 18 Sep 1998 15:47:57 +1000 From: Dean Povey <povey@dstc.qut.edu.au> Sender: owner-ietf-pkix@imc.org Precedence: bulk > > >>Anyone who plans to get around to checking the ASN.1 after part 1 becomes >>an RFC: could you do it now instead? This would be a great help to us all. >>Thanks! >> More bugs in PKIX1ImplictXX The ASN.1 for PolicyConstraints is incorrect. In both the 88 and 93 versions it is specified as a SEQUENCE SIZE(1..MAX) OF SEQUENCE { ... }. This is inconsistent with the X.509 definition and it also doesn't make any sense for it to be a SEQUENCE OF. The definition of PolicyConstraints should be: PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } Also the authorityInfoAccess OID is missing in the 88 module, it should be: id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } More as I find 'em :-). -- Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla: Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/ Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit: Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26263 for ietf-pkix-bks; Thu, 17 Sep 1998 14:47:40 -0700 (PDT) Received: from atlantic.valicert.com (qmailr@old-atlantic.valicert.com [209.185.6.135]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA26259 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 14:47:39 -0700 (PDT) Received: (qmail 2737 invoked from network); 17 Sep 1998 21:53:34 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by 209.185.6.162 with SMTP; 17 Sep 1998 21:53:34 -0000 Message-ID: <360184DB.74788BAE@valicert.com> Date: Thu, 17 Sep 1998 14:53:31 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b2 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: fast review of draft-ietf-pkix-ocsp-06.txt References: <199809171636.SAA17487@emeriau.edelweb.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Peter, Great catches - comments follow: Peter Sylvester wrote: > > hello, > > some remarks about the lastest OCSP draft: > > - It seems that the remarks about not knowing the public > key of an issuer are not addressed. > > It seems sufficient to ME to allow that the > hash of the issure private key MAY be a length 0 octet string, > something like that, or one might add the public > key of the OCSP responder instead. > > Thoughts? > I actually think OCVP is a bigger thing than just making the hash of the issuer's PUBLIC key NULL. That whole topic should be addressed at one shot > > - the remark > > " Response extensions may be used to > convey additional information on assertions made by the responder > regarding the status of the certificate such as positive statement > about issuance, validity, etc." > > should be removed behind all possible responses since extensions > can also be used to indicate additional interpretations for > revoked, notknown. > > > - > The response "certRequired" is returned in cases where the server > > requires the client to supply the certificate data itself in order to > > construct a response. > > This paragraph should be removed > > etc for the ASN.1 response code > certRequired (4), --Must supply certificate Agreed - will be fixed. Thanks for catching this > > - A.1.1 : "Where privacy is a > requirement, OCSP transactions exchanged using HTTP SHOULD be protected > using either TLS or SSL." > > Shouldn't the SHOULD be a MAY ? > > one could also use a VPN for example Agreed. > > Or just add 'or by lower layer protection'. > > have fun. -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23625 for ietf-pkix-bks; Thu, 17 Sep 1998 09:30:23 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23621 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 09:30:22 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id SAA27290 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 18:36:02 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id SAA11058 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 18:36:02 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id SAA17487 for ietf-pkix@imc.org; Thu, 17 Sep 1998 18:36:01 +0200 Date: Thu, 17 Sep 1998 18:36:01 +0200 Message-Id: <199809171636.SAA17487@emeriau.edelweb.fr> To: ietf-pkix@imc.org Subject: fast review of draft-ietf-pkix-ocsp-06.txt Sender: owner-ietf-pkix@imc.org Precedence: bulk hello, some remarks about the lastest OCSP draft: - It seems that the remarks about not knowing the public key of an issuer are not addressed. It seems sufficient to ME to allow that the hash of the issure private key MAY be a length 0 octet string, something like that, or one might add the public key of the OCSP responder instead. Thoughts? - the remark " Response extensions may be used to convey additional information on assertions made by the responder regarding the status of the certificate such as positive statement about issuance, validity, etc." should be removed behind all possible responses since extensions can also be used to indicate additional interpretations for revoked, notknown. - > The response "certRequired" is returned in cases where the server > requires the client to supply the certificate data itself in order to > construct a response. This paragraph should be removed etc for the ASN.1 response code certRequired (4), --Must supply certificate - A.1.1 : "Where privacy is a requirement, OCSP transactions exchanged using HTTP SHOULD be protected using either TLS or SSL." Shouldn't the SHOULD be a MAY ? one could also use a VPN for example Or just add 'or by lower layer protection'. have fun. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23589 for ietf-pkix-bks; Thu, 17 Sep 1998 09:22:26 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23585 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 09:22:25 -0700 (PDT) Received: id MAA26121; Thu, 17 Sep 1998 12:26:32 -0400 Received: by gateway id <S2S6YV9W>; Thu, 17 Sep 1998 12:23:18 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9785@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: ietf-pkix@imc.org, "'bgmiller@dc.jones.com'" <bgmiller@dc.jones.com> Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attrib utes Date: Thu, 17 Sep 1998 12:23:15 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I'm flexible on the term and have passed that on to Santosh (awaiting his reply). I see nothing wrong with scope or realm and am open to suggestion. I agree that it would be good to select a term that doesn't have a predefined meaning in the IETF. It is important to keep the definition of the specific criteria for its use as a local matter so this mechanism can be used in different environments with different criteria for the 'hints' provided by the CA to relying parties, regardless of whether relying parties choose to examine those hints or not. That, we've been in agreement on thoughout this debate, but I'm quite agreeable to a different 'less loaded' term. > ---------- > From: bgmiller[SMTP:bgmiller@dc.jones.com] > Sent: September 16, 1998 10:26 PM > To: ietf-pkix@imc.org > Subject: Re: Storage of CA Certificates in LDAP and X.500 Directory > Attributes > > > > Paul Hoffman / IMC wrote: > > > I agree with David. The word "domain" has a specific meaning in the > IETF, > > and this definition doesn't match it. Could you use "realm" instead? Or > are > > there better words? > > How about "scope"? > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23104 for ietf-pkix-bks; Thu, 17 Sep 1998 08:38:23 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23100 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 08:38:22 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id IAA17795; Thu, 17 Sep 1998 08:44:19 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <SW42KV8H>; Thu, 17 Sep 1998 08:43:56 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF5B7@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'bgmiller@dc.jones.com'" <bgmiller@dc.jones.com>, ietf-pkix@imc.org Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attrib utes Date: Thu, 17 Sep 1998 08:43:54 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I think the actual choice of word here is not the issue. You can call it "Kingdom", but the flaw in the specification persists, since the last sentence implies that the word has a definition that depends upon the personal interpretation of the implementor. This doesn't make for portable programs. I think the reason the specification needs the word is so that the spec can give guidance about when to put a cross-cert in one bucket or in another bucket. And this, if I follow the recent conversations, has to do with advice about how to do path development. (I'm stepping out on shaky ground here). *IF* we wish to say to those writing path evaluation programs: "You should look in the first bucket (caCertificates) first, and then in the second bucket" then we can give some guidance about how to populate the two buckets, which could in effect would say: You should put certificates in the appropriate bucket according to your expectation about how to optimize the path development given that clients will look in the caCertificates first. Your choice will affect efficiency, not correctness. I go back to something I remember from learning about Object-Oriented programming .... don't ask "what is it", but rather "what does it do". David Kurn Compaq Computer Corp -----Original Message----- From: bgmiller [mailto:bgmiller@dc.jones.com] Sent: Wednesday, September 16, 1998 7:27 PM To: ietf-pkix@imc.org Subject: Re: Storage of CA Certificates in LDAP and X.500 Directory Attributes Paul Hoffman / IMC wrote: > I agree with David. The word "domain" has a specific meaning in the IETF, > and this definition doesn't match it. Could you use "realm" instead? Or are > there better words? How about "scope"? Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22458 for ietf-pkix-bks; Thu, 17 Sep 1998 07:04:25 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22454 for <ietf-pkix@imc.org>; Thu, 17 Sep 1998 07:04:24 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id KAA14218; Thu, 17 Sep 1998 10:09:50 -0400 (EDT) Message-Id: <199809171409.KAA14218@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ocsp-06.txt Date: Thu, 17 Sep 1998 10:09:49 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP Author(s) : M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams Filename : draft-ietf-pkix-ocsp-06.txt Pages : 20 Date : 16-Sep-98 This document specifies a protocol useful in determining the current status of a digital certificate without requiring CRLs. Additional mechanisms addressing PKIX operational requirements are specified in separate documents. An overview of the protocol is provided in section 3. Functional requirements are specified in section 4. Details of the protocol are in section 5. We cover security issues with the protocol in section 6. Appendix A defines OCSP over HTTP, appendix B accumulates ASN.1 syntactic elements and appendix C specifies the mime types for the messages. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document (in uppercase, as shown) are to be interpreted as described in [RFC2119]. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ocsp-06.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ocsp-06.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ocsp-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980916113902.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ocsp-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ocsp-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980916113902.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA29190 for ietf-pkix-bks; Wed, 16 Sep 1998 19:24:20 -0700 (PDT) Received: from dc.jones.com (dc.jones.com [206.156.0.9]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA29186 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 19:24:18 -0700 (PDT) Received: from dc.jones.com (cm0714h.jones.com [208.159.209.173]) by dc.jones.com (8.8.8/8.8.8) with ESMTP id WAA19170 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 22:27:11 -0400 (EDT) Message-ID: <3600735C.98A336F8@dc.jones.com> Date: Wed, 16 Sep 1998 22:26:37 -0400 From: bgmiller <bgmiller@dc.jones.com> Reply-To: bgmiller@dc.jones.com Organization: Jones Internet Channel X-Mailer: Mozilla 4.05 [en]C-JIC-DC (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: Storage of CA Certificates in LDAP and X.500 Directory Attributes References: <199809162243.PAA27828@mail.proper.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Paul Hoffman / IMC wrote: > I agree with David. The word "domain" has a specific meaning in the IETF, > and this definition doesn't match it. Could you use "realm" instead? Or are > there better words? How about "scope"? Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA27832 for ietf-pkix-bks; Wed, 16 Sep 1998 15:43:37 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id PAA27828 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 15:43:36 -0700 (PDT) Message-Id: <199809162243.PAA27828@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 16 Sep 1998 15:49:01 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attributes In-Reply-To: <418B8B7ACE69D111879B00805F6F281DFFF5AE@exccup-25006.mis.ta ndem.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 03:22 PM 9/16/98 -0700, Kurn, David wrote: >I still think the use of "domain" is very confusing, and should be removed >from the text. I agree with David. The word "domain" has a specific meaning in the IETF, and this definition doesn't match it. Could you use "realm" instead? Or are there better words? --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA27652 for ietf-pkix-bks; Wed, 16 Sep 1998 15:16:39 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA27648 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 15:16:38 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id PAA23758; Wed, 16 Sep 1998 15:22:29 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <SW42KM98>; Wed, 16 Sep 1998 15:22:04 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF5AE@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, ietf-pkix@imc.org Subject: RE: Storage of CA Certificates in LDAP and X.500 Directory Attrib utes Date: Wed, 16 Sep 1998 15:22:03 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I still think the use of "domain" is very confusing, and should be removed from the text. -----Original Message----- From: Santosh Chokhani [mailto:chokhani@cygnacom.com] Sent: Wednesday, September 16, 1998 2:23 PM To: ietf-pkix@imc.org Subject: Storage of CA Certificates in LDAP and X.500 Directory Attributes Based on the pkix co-chair request, Sharon and I jointly propose the following text: "The cACertificate attribute of a CA's directory entry shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward elements of the crossCertificatePair attribute of a CA's directory entry shall be used to store all certificates issued to this CA, which are not self-issued. Optionally, the reverse elements of the crossCertificatePair attribute, of a CA's directory entry may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present in a single attribute value, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. When a reverse element is present, the forward element value and the reverse element value need not be stored in the same attribute value; in other words, they can be stored in either a single attribute value or two attribute values. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. Santosh Chokhani CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA. 22102 (703) 848-0883 (voice) (703) 848-0960 (fax) chokhani@cygancom.com http://www.cygnacom.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA27294 for ietf-pkix-bks; Wed, 16 Sep 1998 14:18:03 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA27290 for <ietf-pkix@imc.org>; Wed, 16 Sep 1998 14:18:00 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7T51TK>; Wed, 16 Sep 1998 17:22:56 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1AAE@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: ietf-pkix@imc.org Subject: Storage of CA Certificates in LDAP and X.500 Directory Attributes Date: Wed, 16 Sep 1998 17:22:55 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Based on the pkix co-chair request, Sharon and I jointly propose the following text: "The cACertificate attribute of a CA's directory entry shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward elements of the crossCertificatePair attribute of a CA's directory entry shall be used to store all certificates issued to this CA, which are not self-issued. Optionally, the reverse elements of the crossCertificatePair attribute, of a CA's directory entry may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present in a single attribute value, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. When a reverse element is present, the forward element value and the reverse element value need not be stored in the same attribute value; in other words, they can be stored in either a single attribute value or two attribute values. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. Santosh Chokhani CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA. 22102 (703) 848-0883 (voice) (703) 848-0960 (fax) chokhani@cygancom.com http://www.cygnacom.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA12601 for ietf-pkix-bks; Tue, 15 Sep 1998 10:46:56 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA12597 for <ietf-pkix@imc.org>; Tue, 15 Sep 1998 10:46:55 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id KAA01587; Tue, 15 Sep 1998 10:50:19 -0700 (PDT) Received: from wford-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id KAA14084; Tue, 15 Sep 1998 10:52:08 -0700 (PDT) Message-Id: <3.0.32.19980915134441.0129cf5c@mail.verisign.com> X-Sender: wford@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 15 Sep 1998 13:52:32 -0700 To: ietf-pkix@imc.org From: Warwick Ford <wford@verisign.com> Subject: Schema Straw Poll Closure Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Well, thank you all for the enthusiastic balloting and commenting. Steve and I have at last managed to synch up, and here is how we interpret the Straw Poll result. There was no clear concensus winner in either Option 1 or Option 2. There was significant support for both options, at least on the basis of installed product, plus various positions on technical grounds. We clearly need to accommodate the requirements of option 1 supporters by permitting the population of the cACertificate attribute with self-issued certificates and certificates issued by another CA to this CA within the context of a locally defined domain. In fairness to all, we feel we should also accommodate the requirement of option 2 supporters to have all certificates issued by CAs to this CA (which are placed in the subject CA entry at all), regardless of the definition of domain, populated in the crossCertificatePair attribute forward element. As secondary points, there appears to be consensus that population of the reverse element is always optional. Text regarding optional, mutual cross-certification also needs to be finalized but this will hopefully not be contentious. This resolution should allow relying parties to operate under either option successfully; the main negative in this resolution seems to be that, in option 1 environments, there would necessarily be some duplication of data in the directory. This essentially means a compromise that hopefully all parties can live with, although we know it will not go down in history as the most brilliant technical decision of all time. In the absence of violent objections, we propose that Sharon and Santosh jointly craft text that follows this resolution, and that we seek to close debate on this topic ASAP. Warwick --------------------------------------------------------------------- Warwick Ford, VeriSign, Inc., Tel (781)2456996 x225; Fax (781)2456006 wford@verisign.com; 301 Edgewater Pl, Suite 210, Wakefield, MA 01880 --------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA11380 for ietf-pkix-bks; Tue, 15 Sep 1998 08:56:25 -0700 (PDT) Received: from firewall.globeset.com (root@firewall.globeset.com [207.239.133.67]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA11376 for <ietf-pkix@imc.org>; Tue, 15 Sep 1998 08:56:24 -0700 (PDT) Received: from drought.globeset.com (trevor@drought.globeset.com [10.1.192.39]) by firewall.globeset.com (8.9.0/8.9.0) with ESMTP id LAA26296 for <ietf-pkix@imc.org>; Tue, 15 Sep 1998 11:02:08 -0500 (CDT) Received: (from trevor@localhost) by drought.globeset.com (8.7.6/8.7.3) id LAA27450; Tue, 15 Sep 1998 11:02:03 -0500 From: Trevor Sosebee <trevor@globeset.com> Date: Tue, 15 Sep 1998 11:02:01 -0500 (CDT) To: ietf-pkix@imc.org Subject: UTF8String definition in PKIX-3 X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <13822.36613.678919.467432@drought> Mime-Version: 1.0 (generated by tm-edit 7.108) Content-Type: text/plain; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk In PKIX-3, UTF8String is defined as UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING. I was wondering I someone could point me to the version of X.680 where UTF8String is defined. Thanks, Trevor Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA14487 for ietf-pkix-bks; Mon, 14 Sep 1998 21:23:34 -0700 (PDT) Received: from typhoon.dstc.qut.edu.au (root@typhoon.dstc.qut.edu.au [131.181.71.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA14482; Mon, 14 Sep 1998 21:23:30 -0700 (PDT) Received: from dstc.qut.edu.au (tornado.dstc.qut.edu.au [131.181.71.3]) by typhoon.dstc.qut.edu.au (8.8.5/8.8.5) with ESMTP id OAA08287; Tue, 15 Sep 1998 14:29:04 +1000 (EST) Message-Id: <199809150429.OAA08287@typhoon.dstc.qut.edu.au> X-Mailer: exmh version 2.0.2 2/24/98 To: Paul Hoffman / IMC <phoffman@imc.org> cc: ietf-pkix@imc.org Subject: Re: Testing the ASN.1 in Part 1 In-reply-to: Your message of "Mon, 14 Sep 1998 08:36:12 MST." <199809141530.IAA08890@mail.proper.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 15 Sep 1998 14:29:01 +1000 From: Dean Povey <povey@dstc.qut.edu.au> Sender: owner-ietf-pkix@imc.org Precedence: bulk >Anyone who plans to get around to checking the ASN.1 after part 1 becomes >an RFC: could you do it now instead? This would be a great help to us all. >Thanks! > *grr* I was putting this off :-) I am using the 88ish syntax PKIX1Explicit88 parses fine, but there are stuff ups in the imports in PKIX1Implicit88 To the IMPORTS section in PKIX1Implicit88 add the following: id-pkix, BMPString, UniversalString, UTF8String And delete the following two redundant definitions: id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } Other than that it looks like so far so good. I'll have to do some more work until this is fully tested. -- Dean Povey, | e-m: povey@dstc.edu.au | Cryptozilla: Research Scientist | ph: +61 7 3864 5120 | www.cryptozilla.org/ Security Unit, DSTC | fax: +61 7 3864 1282 | Oscar - PKI Toolkit: Brisbane, Australia | www: security.dstc.edu.au/ | oscar.dstc.qut.edu.au/ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA09835 for ietf-pkix-bks; Mon, 14 Sep 1998 10:17:45 -0700 (PDT) Received: from mail-out2.apple.com (mail-out2.apple.com [17.254.0.51]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA09830; Mon, 14 Sep 1998 10:17:43 -0700 (PDT) Received: from mailgate.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out2.apple.com (8.8.5/8.8.5) with ESMTP id KAA43924; Mon, 14 Sep 1998 10:19:03 -0700 Received: from scv1.apple.com (scv1.apple.com) by mailgate.apple.com (mailgate.apple.com - SMTPRS 2.0.15) with ESMTP id <B0002256729@mailgate.apple.com>; Mon, 14 Sep 1998 10:18:56 -0700 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv1.apple.com (8.8.5/8.8.5) with ESMTP id KAA10684; Mon, 14 Sep 1998 10:18:55 -0700 Message-Id: <199809141718.KAA10684@scv1.apple.com> X-Mailer: Microsoft Outlook Express for Macintosh - 4.01 (295) Date: Mon, 14 Sep 1998 10:18:54 -0700 Subject: Re: Testing the ASN.1 in Part 1 From: "Aram Perez" <aram@apple.com> To: "Paul Hoffman / IMC" <phoffman@imc.org>, ietf-pkix@imc.org MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Paul, Check the web site of Open Systems Solutions (http://www.oss.com). They do free ASN.1 syntax checking for groups such as IETF. Regards, Aram Perez Apple Computer, Inc. >Greetings, all. I know that all this discussion of LDAP is fascinating, but >I'd like to come back to draft-ietf-pkix-ipki-part1 for a second. It is in >IESG last call, almost ready (we hope) to become an RFC. Tim has just made >minor tweaks to it (it is now -10.txt), and we're almost there. > >Has anyone tested the full ASN.1 in part 1 lately? Given the anti-ASN.1 >sentiment in the IETF, it would be Very Embarassing if we got an RFC and >had to revise it due to an ASN.1 error. Worse yet, it would be bad if there >was an error and two implementors did different things to get around it. > >Anyone who plans to get around to checking the ASN.1 after part 1 becomes >an RFC: could you do it now instead? This would be a great help to us all. >Thanks! > >--Paul Hoffman, Director >--Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA09714 for ietf-pkix-bks; Mon, 14 Sep 1998 10:03:42 -0700 (PDT) Received: from atlantic.valicert.com (qmailr@old-atlantic.valicert.com [209.185.6.135]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA09709 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 10:03:41 -0700 (PDT) Received: (qmail 6298 invoked from network); 14 Sep 1998 17:09:19 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 14 Sep 1998 17:09:19 -0000 Message-ID: <35FD4DD3.C7E6F4F4@valicert.com> Date: Mon, 14 Sep 1998 10:09:39 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Andreas Berger <aberger@darmstadt.gmd.de> CC: pkix <ietf-pkix@imc.org> Subject: Re: OCSP ASN.1 comments References: <35FD13B7.DE69F00D@darmstadt.gmd.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Andreas, Thanks for the comment - it has already been fixed. Regards, Ambarish Andreas Berger wrote: > > Hi, > > I am forwarding here parts of a comment of Mr. Thomas Garnatz, Security > Networks GmbH: > > There is a context sensitive coding in ResponseData and ResponderID > > ResponseData ::= SEQUENCE { > version [0] EXPLICIT Version DEFAULT v1, > reponderID ResponderID, > ... > } > > ResponderID ::= CHOICE { > byName [0] Name, > byKey [1] KeyHash > } > > Since the version field is optional (i.e. not present for version 1) it > is not very easy to distinguish between version (explicit [0]) and > byName [0]. The suggested idea is to either remove the DEFAULT or not to > use [0] for byName. > > I hope I got the translation right and made some sense to the ASN.1 > gurus (myself not being one). > > Andreas Berger > -- > Fifty-three percent of Fortune 1000 executives think the > Arch Deluxe is something that helps to run a computer. > -- Jericho Communications -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA08894 for ietf-pkix-bks; Mon, 14 Sep 1998 08:30:53 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA08890 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 08:30:52 -0700 (PDT) Message-Id: <199809141530.IAA08890@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Mon, 14 Sep 1998 08:36:12 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Testing the ASN.1 in Part 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Greetings, all. I know that all this discussion of LDAP is fascinating, but I'd like to come back to draft-ietf-pkix-ipki-part1 for a second. It is in IESG last call, almost ready (we hope) to become an RFC. Tim has just made minor tweaks to it (it is now -10.txt), and we're almost there. Has anyone tested the full ASN.1 in part 1 lately? Given the anti-ASN.1 sentiment in the IETF, it would be Very Embarassing if we got an RFC and had to revise it due to an ASN.1 error. Worse yet, it would be bad if there was an error and two implementors did different things to get around it. Anyone who plans to get around to checking the ASN.1 after part 1 becomes an RFC: could you do it now instead? This would be a great help to us all. Thanks! --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA07863 for ietf-pkix-bks; Mon, 14 Sep 1998 05:56:23 -0700 (PDT) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA07859 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 05:56:15 -0700 (PDT) Received: from darmstadt.gmd.de (aberger@pc-turin [141.12.33.71]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id PAA27331 for <ietf-pkix@imc.org>; Mon, 14 Sep 1998 15:01:21 +0200 (MET DST) Message-ID: <35FD13B7.DE69F00D@darmstadt.gmd.de> Date: Mon, 14 Sep 1998 15:01:43 +0200 From: Andreas Berger <aberger@darmstadt.gmd.de> X-Mailer: Mozilla 4.05 [en] (X11; I; Linux 2.0.30 i586) MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: OCSP ASN.1 comments Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, I am forwarding here parts of a comment of Mr. Thomas Garnatz, Security Networks GmbH: There is a context sensitive coding in ResponseData and ResponderID ResponseData ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, reponderID ResponderID, ... } ResponderID ::= CHOICE { byName [0] Name, byKey [1] KeyHash } Since the version field is optional (i.e. not present for version 1) it is not very easy to distinguish between version (explicit [0]) and byName [0]. The suggested idea is to either remove the DEFAULT or not to use [0] for byName. I hope I got the translation right and made some sense to the ASN.1 gurus (myself not being one). Andreas Berger -- Fifty-three percent of Fortune 1000 executives think the Arch Deluxe is something that helps to run a computer. -- Jericho Communications Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA06297 for ietf-pkix-bks; Sat, 12 Sep 1998 15:22:49 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA06293 for <ietf-pkix@imc.org>; Sat, 12 Sep 1998 15:22:48 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id AAA01228; Sun, 13 Sep 1998 00:28:21 +0200 (CEST) Received: from stefans (t1o68p15.telia.com [62.20.138.15]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id AAA03222; Sun, 13 Sep 1998 00:28:10 +0200 (CEST) Message-Id: <3.0.32.19980913002508.00a62ae0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sun, 13 Sep 1998 00:25:48 +0200 To: Mike Smith <mfsmith@zionsbank.com>, ietf-pkix@imc.org From: Stefan Santesson <stefan@accurata.se> Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id PAA06294 Sender: owner-ietf-pkix@imc.org Precedence: bulk Mike, First of all. I truly hope that I didn't offend you with my remark. I certainly didn't want that. Yes, the problem you raise is both real and relevant. I just don't share the same belief in automation through policy definition codings in certificate extensions. I do believe that it MAY work sufficient in a fairly closed environment where one organization has the control over interpretations and implementations. But international standard, no way. Actually I believe that the policy OID in certificates may serve automation just fine in real life. If trust automation is developing to be an competitive edge in a certain community, then CA:s will try to adopt to well known policies and indicate them in the certificates. So in that case there will just be a limited space of policy OID:s to consider. Whether this will happen or not is up to the market but the market sure has the tools needed if there is money to be made through interoperability. Over specifying things before the true need has emerged is always dangerous. And I'm sorry to say that we Europeans have some quite extensive experiences along that line. /Stefan At 10:11 AM 9/11/98 -0600, Mike Smith wrote: >OK, the quagmire consensus is taken for what it is. I first proposed enhancing automating some trust decisions using a new extension, then using the existing policy qualifier. The overwhelming response from people whose comments I respect is that we should consider the policy OID sufficient. > >If this is to be technological solution for automated processing, then we need to step backwards a few years and look at the definition of "to process" with regard to the actual CPS that the OID points towards. > >Maybe the old PKIX 1 needs to be restructured to retain its contents and menaing, but to specify a parsable structure and standardize (define rigidly) the terms used in the policies and practices or concept of operations (whatever people are using the OID to point towards). > >The goal here is not to reopen old wounds or pull people into yet another quagmire (my cletic genetics may predispose me to jumping inot bogs, however). The question that folks seem to be attemoting to address is the automation of trust domains. > >The feedback I get is not really "you are off track", but that "the problem is too big to solve", or that this group is incapable of solving this problem in a timely manner. > >I disagree. This group is comprised of the most experienced and, IMO, brightest technologists in the industry. > >So, I pose the question to the best and brightest: How do you suggest, then that we automate domain or trust processing? > >I think I know how we are going to operate across domains of trust in the finanical industry. I suggest that we in the IETF apply our great resources building AUTOMATED systems that have a high assurance of working together across the Internet. > >If, as some have suggested , I need to write a draft covering these issues, I am up for that (if Warwick and Stephen think it is worth the group's time). > >Michael > >>>> Stefan Santesson <stefan@accurata.se> 09/11 8:44 AM >>> >****************** InterScan Message (on zbc2) > >noname is scanned and no virus found >********************************************************* > ! >! > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA06115 for ietf-pkix-bks; Sat, 12 Sep 1998 14:23:54 -0700 (PDT) Received: from mail.spyrus.com.au (fwuser@[203.37.128.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA06111 for <ietf-pkix@imc.org>; Sat, 12 Sep 1998 14:23:47 -0700 (PDT) Message-ID: <A1019E9C2D34D211A501006008C2045001BF66@MAIL> From: Charles Moore <cmoore@spyrus.com.au> To: "'Peter Lipp'" <Peter.Lipp@iaik.tu-graz.ac.at>, Paul Koning <pkoning@xedia.com>, mfsmith@zionsbank.com Cc: ietf-pkix@imc.org Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Sun, 13 Sep 1998 07:31:56 +1000 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk All, we ( Australian National Standards Group) have been working on a simular problem. I.e how does a relying party know what evidence of Identity that the RA/CA makes a statement about when performing the registration process. There are assocaited issues, but lets start with this one. We have a working draft that proposes the use of a policy qualifier as below: pkaf-policy-Identification CERT-POLICY-QUALIFIER ::= { POLICY-QUALIFIER-ID id-pkaf-policy-Identification QUALIFIER-TYPE Identification } Identification ::= BIT STRING { driversLicense (0), passport (1), creditCard (2), organisationIDBadge (3), governmentIDBadge (4), articlesOfIncorp (5), companySeal (6), notarizedDoc (7), biometricThumb (8), biometricVoice (9), biometricFace (10), biometricRetina (11) } We have not used A CP ( or any reference to a CPS) alone to do this as experience is that within a given policy there is no direct mapping to the level of identification needed. Identification is not the driver for a CP or CPS, but rather a qualifier of these. Hope this assists the discussion. Regards Charles Moore SPYRUS Pty Ltd Phone: +61 73 256 7465, Extension 101 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA23955 for ietf-pkix-bks; Fri, 11 Sep 1998 12:52:46 -0700 (PDT) Received: from iaik.tu-graz.ac.at (archimedes.iaik.tu-graz.ac.at [129.27.234.31]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA23951 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 12:52:44 -0700 (PDT) Received: from plipp [129.27.239.102] by iaik.tu-graz.ac.at (SMTPD32-4.06) id A0D22800C6; Fri, 11 Sep 1998 21:58:10 +03d00 From: "Peter Lipp" <Peter.Lipp@iaik.tu-graz.ac.at> To: "Paul Koning" <pkoning@xedia.com>, <mfsmith@zionsbank.com> Cc: <ietf-pkix@imc.org> Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Fri, 11 Sep 1998 21:59:08 +0200 Message-ID: <000001bdddbe$a311f630$0a03a8c0@plipp.iaik.tu-graz.ac.at> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 In-Reply-To: <199809111807.OAA28256@tonga.xedia.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk > I very much doubt that a mapping from natural language legal > terminology to formal logic will be defined anytime in the next 10 > years. Come to think of it, thinking of Goedel makes me wonder if > it's even theoretically possible. But that would not be necessary. I could well imagine defining a set of attributes describing the most important elements of such statements like ... passport needed .... ... anything that looks like an ID with photo sufficient ... ... we don't check anything at all .... or things like that. The problem I see is in all cases the trust into the truthfulness of such statements - it does not help anybody if my machine can verify that indeed the CA claims to having seen a passport if I don't trust the CA not to lie in the first place. This needs checks by myself or trusted representatives in any case, and no formal logic will help. Peter Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA23179 for ietf-pkix-bks; Fri, 11 Sep 1998 11:32:59 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA23175 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 11:32:58 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Fri, 11 Sep 1998 12:33:29 -0600 Message-Id: <s5f91899.098@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 11 Sep 1998 12:33:22 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: pkoning@xedia.com Cc: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk I think you've got it. As far as being ahead of state of the art, I've been in meetings with many of the folks on this list several years ago when the same issues of parsing the CPS in order to automate were brought up. By the way, I was not suggesting parsing a free-form CPS, but structuring the CPS for automated processing, which might need then both a human and machine readable form or sections of the same CPS. The saying goes (Warren Miller, Ski Film producer): "If you don't do it now, You'll only be another year older when you do". Michael >>> Paul Koning <pkoning@xedia.com> 09/11 12:07 PM >>> >>>>> "Mike" == Mike Smith <mfsmith@zionsbank.com> writes: Mike> ...Maybe the old PKIX 1 needs to be restructured to retain its Mike> contents and menaing, but to specify a parsable structure and Mike> standardize (define rigidly) the terms used in the policies and Mike> practices or concept of operations (whatever people are using Mike> the OID to point towards). Mike> ...The feedback I get is not really "you are off track", but that Mike> "the problem is too big to solve", or that this group is Mike> incapable of solving this problem in a timely manner. Mike> I disagree. This group is comprised of the most experienced Mike> and, IMO, brightest technologists in the industry. Mike> So, I pose the question to the best and brightest: How do you Mike> suggest, then that we automate domain or trust processing? I think the question you pose is not a little, but vastly beyond the state of the art. As I understand it, the goal you're posing is: define a way for the CA to encode into the cert information that the relying party can use to decide whether the subject of that cert was authenticated by means strong enough to be satisfactory to the relying party. A somewhat analogous question (though not applicable to a particular cert) is whether the CA's CPS is strong enough for the relying party. It seems to me that this latter question is one you drop onto your company's lawyer to settle. It involves parsing natural language (well, anyway, legal language) to see what it means, and whether that meaning is satisfactory to your corporate requirements. I very much doubt that a mapping from natural language legal terminology to formal logic will be defined anytime in the next 10 years. Come to think of it, thinking of Goedel makes me wonder if it's even theoretically possible. The above would seem to be just as applicable to the cert subject authentication statement as it is to the CPS. After all, the authentication used in creating a particular cert is basically just the application of the CPS to that particular subject. paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA22902 for ietf-pkix-bks; Fri, 11 Sep 1998 11:03:49 -0700 (PDT) Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA22898 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 11:03:48 -0700 (PDT) Received: from xedia.com by relay3.UU.NET with SMTP (peer crosschecked as: madway.xedia.com [198.202.232.199]) id QQfgke24932; Fri, 11 Sep 1998 14:07:44 -0400 (EDT) Received: from tonga.xedia.com by xedia.com (4.1/SMI-4.1) id AA26501; Fri, 11 Sep 98 14:06:53 EDT Received: by tonga.xedia.com (SMI-8.6/SMI-SVR4) id OAA28256; Fri, 11 Sep 1998 14:07:42 -0400 Date: Fri, 11 Sep 1998 14:07:42 -0400 Message-Id: <199809111807.OAA28256@tonga.xedia.com> From: Paul Koning <pkoning@xedia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: mfsmith@zionsbank.com Cc: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication References: <s5f8f745.021@zionsbank.com> X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs Lucid Sender: owner-ietf-pkix@imc.org Precedence: bulk >>>>> "Mike" == Mike Smith <mfsmith@zionsbank.com> writes: Mike> ...Maybe the old PKIX 1 needs to be restructured to retain its Mike> contents and menaing, but to specify a parsable structure and Mike> standardize (define rigidly) the terms used in the policies and Mike> practices or concept of operations (whatever people are using Mike> the OID to point towards). Mike> ...The feedback I get is not really "you are off track", but that Mike> "the problem is too big to solve", or that this group is Mike> incapable of solving this problem in a timely manner. Mike> I disagree. This group is comprised of the most experienced Mike> and, IMO, brightest technologists in the industry. Mike> So, I pose the question to the best and brightest: How do you Mike> suggest, then that we automate domain or trust processing? I think the question you pose is not a little, but vastly beyond the state of the art. As I understand it, the goal you're posing is: define a way for the CA to encode into the cert information that the relying party can use to decide whether the subject of that cert was authenticated by means strong enough to be satisfactory to the relying party. A somewhat analogous question (though not applicable to a particular cert) is whether the CA's CPS is strong enough for the relying party. It seems to me that this latter question is one you drop onto your company's lawyer to settle. It involves parsing natural language (well, anyway, legal language) to see what it means, and whether that meaning is satisfactory to your corporate requirements. I very much doubt that a mapping from natural language legal terminology to formal logic will be defined anytime in the next 10 years. Come to think of it, thinking of Goedel makes me wonder if it's even theoretically possible. The above would seem to be just as applicable to the cert subject authentication statement as it is to the CPS. After all, the authentication used in creating a particular cert is basically just the application of the CPS to that particular subject. paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA22010 for ietf-pkix-bks; Fri, 11 Sep 1998 09:16:19 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA22006 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 09:16:18 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Fri, 11 Sep 1998 10:16:48 -0600 Message-Id: <s5f8f890.088@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 11 Sep 1998 10:16:37 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk OK, the quagmire consensus is taken for what it is. I first proposed automating some trust decisions using a new extension, then using the existing policy qualifier. The overwhelming response from people whose comments I respect is that we should consider the policy OID sufficient. If this is to be the technological solution for automated processing, then we need to step backwards a few years and look at the definition of "to process" with regard to the actual CPS that the OID points towards. Maybe the old PKIX 1 needs to be restructured to retain its contents and meaning, but to specify a parsable structure and standardize (define rigidly) the terms used in the policies , practices or concept of operations (whatever people are using the OID to point towards). The goal here is not to reopen old wounds or pull people into yet another quagmire (my Celtic genetics may predispose me to jumping inot bogs, however). The question that folks seem to be attempting to address is the automation of trust domains. The feedback I get is not really "you are off track", but that "the problem is too big to solve", or that this group is incapable of solving this problem in a timely manner. I disagree. This group is comprised of the most experienced and, IMO, brightest technologists in the industry. So, I pose the question to the best and brightest: How do you suggest, then, that we automate domain or trust processing? I think I know how we are going to operate across domains of trust in the finanical industry. I suggest that we in the IETF apply our great resources building AUTOMATED systems that have a high assurance of working together across the Internet. If, as some have suggested , I need to write a draft covering these issues, I am up for that (if Warwick and Stephen think it is worth the group's time). Michael >>> Stefan Santesson <stefan@accurata.se> 09/11 8:44 AM >>> ****************** InterScan Message (on zbc2) noname is scanned and no virus found ********************************************************* Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA21953 for ietf-pkix-bks; Fri, 11 Sep 1998 09:10:26 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA21948 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 09:10:25 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Fri, 11 Sep 1998 10:11:17 -0600 Message-Id: <s5f8f745.021@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 11 Sep 1998 10:11:04 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: stefan@accurata.se, ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk OK, the quagmire consensus is taken for what it is. I first proposed enhancing automating some trust decisions using a new extension, then using the existing policy qualifier. The overwhelming response from people whose comments I respect is that we should consider the policy OID sufficient. If this is to be technological solution for automated processing, then we need to step backwards a few years and look at the definition of "to process" with regard to the actual CPS that the OID points towards. Maybe the old PKIX 1 needs to be restructured to retain its contents and menaing, but to specify a parsable structure and standardize (define rigidly) the terms used in the policies and practices or concept of operations (whatever people are using the OID to point towards). The goal here is not to reopen old wounds or pull people into yet another quagmire (my cletic genetics may predispose me to jumping inot bogs, however). The question that folks seem to be attemoting to address is the automation of trust domains. The feedback I get is not really "you are off track", but that "the problem is too big to solve", or that this group is incapable of solving this problem in a timely manner. I disagree. This group is comprised of the most experienced and, IMO, brightest technologists in the industry. So, I pose the question to the best and brightest: How do you suggest, then that we automate domain or trust processing? I think I know how we are going to operate across domains of trust in the finanical industry. I suggest that we in the IETF apply our great resources building AUTOMATED systems that have a high assurance of working together across the Internet. If, as some have suggested , I need to write a draft covering these issues, I am up for that (if Warwick and Stephen think it is worth the group's time). Michael >>> Stefan Santesson <stefan@accurata.se> 09/11 8:44 AM >>> ****************** InterScan Message (on zbc2) noname is scanned and no virus found ********************************************************* Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA21226 for ietf-pkix-bks; Fri, 11 Sep 1998 08:01:51 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA21222 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 08:01:49 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id LAA27778; Fri, 11 Sep 1998 11:05:58 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35F93C79.E50E1015@chromatix.com> Date: Fri, 11 Sep 1998 11:06:33 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Denis.Pinkas@bull.net CC: Santosh Chokhani <chokhani@cygnacom.com>, "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population References: <51BF55C30B4FD1118B4900207812701E1B1A60@WUHER> <35F96A8E.6C3A@bull.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Dennis, See comments below. Denis Pinkas wrote: > > Santosh, > > Here is my answer to your question. > > > Denis: > > > I agree with you. Clarification of the text is easy. > > ??? > > > However, I have a > > question. Must a certificate issued to a CA appear in the forward > > element, caCertificate or can it be missing altogether? > > "MUST" is the wrong verb. A certificate issued by another CA is not > mandated to be present at all. It MAY be present. > > Let me now re-phrase your question: May a certificate issued to a CA by > another CA appear in the forward element, caCertificate or can it be > missing altogether? > > My answer is the following: It may only appear in the forward element of > a crossCertificatePair. > > I was quite happy (and still am I !) with the original text. I still > wonder with the rational of the two buckets. > The problem with the original text is that it breaks the implementations that used the certificationAuthority-V2 object class. That object class stated the caCertificate was mandatory. This has been established and accepted, therefore the original text is not an option anymore. We have heard arguments from both sides for option 1 and option 2. Each of which have their own pros and cons. I suggest we stick with those two options and move forward. Furthermore, Santosh has submitted strong technical arguments for the two bucket approach. The two bucket approach allows you to logically distinguish between two types of CA Certs without mandating that a CA define its policies with respect to bucket population. If the CA publishes it in the "wrong" bucket it will NOT compromise security and it will NOT cause a denial of service, as long as clients look at both attributes. It lead to inefficient path construction in the worst case, but that's a given if you have a one bucket approach. Another issue is the duplication of certificates. After profiling at least one directory server we know that performance degrades after an entry reaches a certain size. In other words you can usually get excellent sub second response time out of a server ( in fact many responses per second ) if the entry stays small. As the entry grows in size, the response gets slower. We have tested with entries up to several megabytes in size and have proved this. Additionally, many companies still use small pipes for their network infrastructure, and those pipes can be easily saturated. We should make a conscious decision to attempt to minimize the amount of data a client will retrieve from a single entry while satisfying both option 1 and option 2 proponents. > Up to now, none of the arguments about the notion of "local domain" has > proven to be non-controversy. If the notion of local domain is important > (I still wonder about it), there might be a different way to look at the > issue. LDAPv2 allows to query any server that offers that interface, so > different set of queries could be considered: > > 1) Queries made to one or more local domain servers, > 2) Queries made to one or more public domain servers. > > As the name indicates it, local domain servers may not be publicly > accessible, e.g. protected by firewalls or some other access control > methods. Local domain servers would publish only what is relevant for > their notion of local domain. They must publish everything that is > relevant. > > Public domain servers would have no notion of "local domain". They must > publish everything certificate that is pertinent to a CA entry that they > publish. If entries for CA1, CA4 and CA5 are present, then all > certificates issued by these CAs must be present and all > cross-certificates, if any, between these CAs must also be present. > However, a cross-certificate issued by the CA 7 for the CA 1 would not > need to be present. Are you saying the schema/or the DIT structure will be different for a CA in a public directory vs a private directory? If so, I think we are going down a dangerous path. Given a globally unique DN why would you want to do this? Dave Horvath > > Denis > > > I think the text in terms of saying that the forward element need not be > > present in all cases is easy. > > > > > -----Original Message----- > > > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > > > Sent: Wednesday, September 09, 1998 8:44 PM > > > To: Santosh Chokhani > > > Cc: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: Re: forward & reverse elements - population > > > > > > Santosh, > > > > > > Your new proposed text does not address my concern correctly. > > > > > > For a crossCertificatePair Attribute, either the forward element only > > > MAY be present, or the reverse element only MAY be present, or the > > > reverse and the forward elements may be both present. > > > > > > Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward > > > element > > > shall not be mandated to be present in a crossCertificatePair > > > Attribute. > > > > > > Denis > > > > > > > Sharon: > > > > > > > I can agree to the following text for the two option instead. > > > Please > > > > note that I have further clarified cross-certificate by tying the DN > > > and > > > > public keys. > > > > > > > > I think the following texts are consistent with and further > > > > clarifications of the two options. > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > > particular CA's directory entry, shall be used to store certificates > > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > > element of the crossCertificatePair attribute, held in a particular > > > CA's > > > > directory entry, may contain a subset of certificates issued by this > > > CA > > > > to other CAs. When both the forward and the reverse elements are > > > > present, issuer name in one certificate shall match the subject name > > > in > > > > the other and vice versa, and the subject public key in one > > > certificate > > > > shall be capable of verifying the digital signature on the other > > > > certificate and vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA certificates > > > shall > > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > > particular CA's directory entry, shall be used to store all > > > certificates > > > > issued to this CA. Optionally, the reverse element of the > > > > crossCertificatePair attribute, held in a particular CA's directory > > > > entry, may contain a subset of certificates issued by this CA to > > > other > > > > CAs. When both the forward and the reverse elements are present, > > > issuer > > > > name in one certificate shall match the subject name in the other > > > and > > > > vice versa, and the subject public key in one certificate shall be > > > > capable of verifying the digital signature on the other certificate > > > and > > > > vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA certificates > > > shall > > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > -----Original Message----- > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > [] I agree. I do not have problem with the following > > > language. > > > > > > " A certificate issued to a CA by another shall be stored either > > > in > > > > > the > > > > > > caCertificate or forward component of crossCertificatePair > > > attribute > > > > > of > > > > > > the subject CA. Optionally, a subset of certificates issued by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA." > > > > > > > > > > > > Please note that to me subset includes none, some, or all. > > > If > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > Santosh, the only issue I have with this text is that (at least > > > with > > > > > the > > > > > rationale behind option 2) any cert that appears in the > > > cACertificate > > > > > attribute of a given CA > > > > > entry, should also appear in the crossCertificatePair attribute in > > > the > > > > > same > > > > > CA entry. > > > > > What about deleting the reference to the cACertificate attribute > > > from > > > > > your > > > > > text and proposing this as new text just for the > > > crossCertificatePair > > > > > attribute? > > > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > > together > > > > > in the > > > > > mutual case, so we should also consider adding the last paragraph > > > of > > > > > the > > > > > text David proposed for that. > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > > > forward component of crossCertificatePair attribute of > > > > > > the subject CA. Optionally, a subset of certificates issued by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA. When both elements are present in the same > > > value, > > > > > the > > > > > > value shall represent a mutual cross-certification of the two > > > CAs. " > > > > > > > > > > > If we can come to consensus on that attribute, then let's see what > > > we > > > > > can do > > > > > with the cACertificate attribute text. > > > > > > > > > > I agree with your view on what a subset is and I think that same > > > > > definition > > > > > would apply to the contents of the cACertificate attribute as a > > > subset > > > > > of > > > > > the crossCertificatePair forward elements in option 2. > > > > > > -- > > > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > > > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > > > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21102 for ietf-pkix-bks; Fri, 11 Sep 1998 07:41:23 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21098 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 07:41:22 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id QAA00126 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 16:46:47 +0200 (MET DST) Received: from stefans (t2o68p33.telia.com [62.20.138.153]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id QAA11065 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 16:46:46 +0200 (CEST) Message-Id: <3.0.32.19980911164344.00996d60@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 11 Sep 1998 16:44:21 +0200 To: <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id HAA21099 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is really fascinating. When I read the proposal for a new extension I said to my self: Good this man i brave. I wonder how many seconds he will live before he is gunned down. Not because the idea is stupid. Just because of the obvious "quagmire" syndrome. I have recently studied one extensive trial to specify such extensions and I just want to join to the consensus here. - This is a quagmire and not suited for standardization (at least not within PKIX). - The policy OID solves the problem as far needed. And according to changing CPS:es. One CPS may change many times as long as it reflects the same policy. If security drops below policy requirements then a new policy OID has to be identified. So minimum security level is defined by policy and not by CPS. /Stefan At 01:48 PM 9/10/98 -0400, Phillip M Hallam-Baker wrote: > >> If we have standard identifiers, one byte each, provides 0 to 255 >> specific categories, with say, ten as internet standards. >> >> With initial authentication method, maybe we start with (decimal): >> 0 as anonymous, >> 1 as self-authenticated, >> 2 as driver license or government ID card >> 3 as passport >> 4 as military > >This is heading straight into the quagmire I spoke about... > >Decimal numbers is just about the worst approach since it means that >a central registry has to be kept - yet another task for IANA! and >the arbitrary limit of 255 sounds guaranteed to ensure that the >namespace will quickly become cluttered with ad hoc private >definitions being used on an 'experimental' basis. > >I don't see any value in the taxonomy presented. What is a 'military' >identification method? Is identification by the US army equivalent to >that of the Taleban in Afghanistan? > >The drivers license is particularly dubious. My UK drivers license >has no photograph and is valid until sometime after 2020. > >Are there CAs who actually want to specify their exact authorization >processes? Are such processes objectively definable? A commercial >CA does not define authorization procedures for every concievable >document they might accept in their CPS. The first time a US CA >decides on acceptable forms of authentication for a Monaco >corporation is likely to be when they get a purchase request. > > >If you want to take the matter further I suggest you write an >Internet Draft and see if the working group chairs want to >make it a work item. > > Phill > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA16901 for ietf-pkix-bks; Fri, 11 Sep 1998 02:16:50 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA16896 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 02:16:46 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id LAA13435; Fri, 11 Sep 1998 11:23:50 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id LAA15724; Fri, 11 Sep 1998 11:23:51 +0200 (DFT) Message-ID: <35F96A8E.6C3A@bull.net> Date: Fri, 11 Sep 1998 11:23:10 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Santosh Chokhani <chokhani@cygnacom.com> CC: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population References: <51BF55C30B4FD1118B4900207812701E1B1A60@WUHER> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh, Here is my answer to your question. > Denis: > I agree with you. Clarification of the text is easy. ??? > However, I have a > question. Must a certificate issued to a CA appear in the forward > element, caCertificate or can it be missing altogether? "MUST" is the wrong verb. A certificate issued by another CA is not mandated to be present at all. It MAY be present. Let me now re-phrase your question: May a certificate issued to a CA by another CA appear in the forward element, caCertificate or can it be missing altogether? My answer is the following: It may only appear in the forward element of a crossCertificatePair. I was quite happy (and still am I !) with the original text. I still wonder with the rational of the two buckets. Up to now, none of the arguments about the notion of "local domain" has proven to be non-controversy. If the notion of local domain is important (I still wonder about it), there might be a different way to look at the issue. LDAPv2 allows to query any server that offers that interface, so different set of queries could be considered: 1) Queries made to one or more local domain servers, 2) Queries made to one or more public domain servers. As the name indicates it, local domain servers may not be publicly accessible, e.g. protected by firewalls or some other access control methods. Local domain servers would publish only what is relevant for their notion of local domain. They must publish everything that is relevant. Public domain servers would have no notion of "local domain". They must publish everything certificate that is pertinent to a CA entry that they publish. If entries for CA1, CA4 and CA5 are present, then all certificates issued by these CAs must be present and all cross-certificates, if any, between these CAs must also be present. However, a cross-certificate issued by the CA 7 for the CA 1 would not need to be present. Denis > I think the text in terms of saying that the forward element need not be > present in all cases is easy. > > > -----Original Message----- > > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > > Sent: Wednesday, September 09, 1998 8:44 PM > > To: Santosh Chokhani > > Cc: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > Subject: Re: forward & reverse elements - population > > > > Santosh, > > > > Your new proposed text does not address my concern correctly. > > > > For a crossCertificatePair Attribute, either the forward element only > > MAY be present, or the reverse element only MAY be present, or the > > reverse and the forward elements may be both present. > > > > Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward > > element > > shall not be mandated to be present in a crossCertificatePair > > Attribute. > > > > Denis > > > > > Sharon: > > > > > I can agree to the following text for the two option instead. > > Please > > > note that I have further clarified cross-certificate by tying the DN > > and > > > public keys. > > > > > > I think the following texts are consistent with and further > > > clarifications of the two options. > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store certificates > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > element of the crossCertificatePair attribute, held in a particular > > CA's > > > directory entry, may contain a subset of certificates issued by this > > CA > > > to other CAs. When both the forward and the reverse elements are > > > present, issuer name in one certificate shall match the subject name > > in > > > the other and vice versa, and the subject public key in one > > certificate > > > shall be capable of verifying the digital signature on the other > > > certificate and vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store all > > certificates > > > issued to this CA. Optionally, the reverse element of the > > > crossCertificatePair attribute, held in a particular CA's directory > > > entry, may contain a subset of certificates issued by this CA to > > other > > > CAs. When both the forward and the reverse elements are present, > > issuer > > > name in one certificate shall match the subject name in the other > > and > > > vice versa, and the subject public key in one certificate shall be > > > capable of verifying the digital signature on the other certificate > > and > > > vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > -----Original Message----- > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > ---------- > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > Sent: September 8, 1998 10:05 AM > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > --stuff deleted > > > > > > > > > > > [] I agree. I do not have problem with the following > > language. > > > > > " A certificate issued to a CA by another shall be stored either > > in > > > > the > > > > > caCertificate or forward component of crossCertificatePair > > attribute > > > > of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA." > > > > > > > > > > Please note that to me subset includes none, some, or all. > > If > > > > > folks want further clarification, it is ok by me. > > > > > > > > > Santosh, the only issue I have with this text is that (at least > > with > > > > the > > > > rationale behind option 2) any cert that appears in the > > cACertificate > > > > attribute of a given CA > > > > entry, should also appear in the crossCertificatePair attribute in > > the > > > > same > > > > CA entry. > > > > What about deleting the reference to the cACertificate attribute > > from > > > > your > > > > text and proposing this as new text just for the > > crossCertificatePair > > > > attribute? > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > together > > > > in the > > > > mutual case, so we should also consider adding the last paragraph > > of > > > > the > > > > text David proposed for that. > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > > forward component of crossCertificatePair attribute of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA. When both elements are present in the same > > value, > > > > the > > > > > value shall represent a mutual cross-certification of the two > > CAs. " > > > > > > > > > If we can come to consensus on that attribute, then let's see what > > we > > > > can do > > > > with the cACertificate attribute text. > > > > > > > > I agree with your view on what a subset is and I think that same > > > > definition > > > > would apply to the contents of the cACertificate attribute as a > > subset > > > > of > > > > the crossCertificatePair forward elements in option 2. > > > > -- > > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id AAA15497 for ietf-pkix-bks; Fri, 11 Sep 1998 00:54:12 -0700 (PDT) Received: from ns0.zergo.com (ns0.zergo.com [194.159.81.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA15489 for <ietf-pkix@imc.org>; Fri, 11 Sep 1998 00:54:09 -0700 (PDT) Message-Id: <199809110919.KAA08686@ns0.zergo.com> Received: forwarded by SMTP 3.0.6. From: Graham Bland <gbland@zergo.com> Date: Fri, 11 Sep 1998 8:49:49 +0000 To: ietf-pkix@imc.org Subject: RE: RE: New Extension Proposed: Method O MIME-version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Mailer: TFS Gateway /222000000/222041752/222002972/223090911/ Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id AAA15493 Sender: owner-ietf-pkix@imc.org Precedence: bulk I think this is impossible to achieve for the following reasons 1. 255 categories would be far too few, in practice they would expand to thousands. 2. With each category there are wide variations, drivers licences for example contain different details, have different validity periods, some have photos, some don't and they are issued by Governments (some of whom I would not trust). Are photocopies acceptable? Must the driving licence be presented in person or can it be posted? Need it be current? All these have a substantial bearing on the degree of trust I can place in a certificate. 3. It would take us years to agree on the categories and the meanings For these reasons this could not replace a CPS. Graham Bland > -----Original Message----- > From: mfsmith@zionsbank.com > Sent: 10 September 1998 18:06 > To: Ian Roberts; Graham Bland; Chris Wright; chokhani@cygnacom.com; > azb@llnl.gov; william.burr@nist.gov; BJUENEMAN@novell.com; > pbaker@verisign.com > Cc: ietf-pkix@imc.org > Subject: Re: RE: New Extension Proposed: Method O > > > -------------------------------------------------------------- > -------------- > Maybe "new" extension is too strong a phrase. How about > defining the policy > qulifiers to have some standard" meanings, then: > > reliance limit > licensure, licensing body > authentication method > etc. > > If we have standard identifiers, one byte each, provides 0 to > 255 specific > categories, with say, ten as internet standards. > > With initial authentication method, maybe we start with (decimal): > 0 as anonymous, > 1 as self-authenticated, > 2 as driver license or government ID card > 3 as passport > 4 as military > > then start with combinations including common attributes, > such as credit > bureau rating as of issuance, etc. > > I do understand that, while policy OIDs may be supported some largely > deployed systems do not support the policy qualifiers, but > the standards do, > so why don't we use them to improve our automation needs. > Any time we need > to rely on individ > uals obtaining, reading and being held accountable to a two > hundred page > contract (CPS), we limit its usability. > > Having standard definitions for the most common usages and > having these > signed as part of the cert by the issuer should facilitate > automatic policy > acceptance across those domains with multiple policies (if I > have accepted > all of the Verisig > n roots, then all of the categories of authentication are > accepted. If each > cert has the main characteristics of trust (initial authentication, CA > licensure, reliance liits, CPS location/OID, etc.), then I > should be able to > set my acceptanc > e on user selected criteria, > without re-reading the two hundred pages of each of the CAs > my company does > business with. > > Michael > > >>> Santosh Chokhani <chokhani@cygnacom.com> 09/09 1:25 PM >>> > The certificate policy is supposed to the represented in the > certificate > as an object identifier. The amendment to X.509 defines how the > applications process that field to determine if a certificate is > acceptable, including certificate policy and associated authentication > mechanism. > > X.509 amendment offer a rich set of capabilities in this area in terms > of what goes in a certificate, and how applications perform path > validation. > > > -----Original Message----- > > From: Tony Bartoletti [SMTP:azb@llnl.gov] > > Sent: Wednesday, September 09, 1998 3:12 PM > > To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; > > william.burr@nist.gov; BJUENEMAN@novell.com > > Cc: ietf-pkix@imc.org > > Subject: RE: New Extension Proposed: Method Of Authentication > > > > At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: > > >The subscriber authentication at the various stages (such > as initial > > >registration, registration after revocation, revocation request, > > normal > > >rekey, etc.) is supposed to be described in the certificate policy. > > >Thus, the certificate policy asserted points to the authentication > > >method. > > > > True, but this certainly places a limit upon the degree of > automation > > that can be employed in the future, at least until we have software > > that can read a CPS and base decisions upon it. No time soon. > > > > Granted, some 20 bits describing authentication method(s) would be > > contentious, but the very exercise would reveal much about where and > > how trust is really anchored, and the degree to which > automated agents > > could evolve. > > > > >There is NO need for another extension. > > > > Have enough work already? ;) > > > > ___tony___ > > > > >> -----Original Message----- > > >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > > >> Sent: Wednesday, September 09, 1998 1:16 PM > > >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > > >> Cc: ietf-pkix@imc.org > > >> Subject: RE: New Extension Proposed: Method Of Authentication > > >> > > >> > In using certificates, it is useful to know what form of > > >> > authentication is used by a CA to identify a new certificate > > >> > requester. A certificate extension seems the best > place to store > > > > >> > this information. > > >> > > >> This sounds to me like a trip into a quagmire. I don't think that > > >> it is possible to charaterize authentication mechanisms usefully > > >> in a set of binary flags. > > >> > > >> For example two CAs may be requiring presentation of a driving > > >> license for authentication, only one CA may be using a state of > > >> MA license with photo ID and another a UK driving license without > > >> photo ID. > > >> > > >> Even with documents such as passports there is considerable > > >> variation between countries in the strictness of their > proceedures. > > >> > > >> Then there are proceedural variations, is the applicant present > > >> in person or were the credentials merely faxed... > > >> > > >> > > >> Nor is the mechanism of authentication by itself particularly > > >> usefull unless there is an evaluation of the reliability of the > > >> party performing it. > > >> > > >> Of course one can start to characterise these characteristics > > >> as well but to do so merely throws up yet more information which > > >> might be relevant, factors which become increasingly subjective. > > >> > > >> > > >> This is a hard AI problem - establishing a shared vocabulary of > > >> terms which permits exchange of concepts whose semantics are > > >> not embedded in the communication mechanism or indeed any > > >> mechanism for which a formal description is available. > > >> > > >> Phill > > > > > > > > > > Tony Bartoletti LL > > SPI-NET GURU LL LL > > Computer Security Technology Center LL LL LL > > Lawrence Livermore National Lab LL LL LL > > PO Box 808, L - 303 LL LL LLLLLLLL > > Livermore, CA 94551-9900 LL LLLLLLLL > > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ! > > > -- Zergo Limited, The Square, Basing View, Basingstoke, Hants. RG21 4EG, UK Tel: + 44 (0) 1442 342 600 Fax: +44 (0) 1256 812 901 Website: http://www.zergo.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA24782 for ietf-pkix-bks; Thu, 10 Sep 1998 12:16:00 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA24777 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 12:15:55 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id PAA27185 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:21:19 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id PAA27171 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:21:17 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id PAA00818 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:20:38 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000267235@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 15:21:10 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDDCCE.A3748CA0@avenger.missi.ncsc.mil>; Thu, 10 Sep 1998 15:21:09 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980910192109Z-33919@avenger.missi.ncsc.mil> From: "Fillingham, David W." <dwfilli@missi.ncsc.mil> To: "'Mike Smith'" <mfsmith@zionsbank.com>, "'chokhani@cygnacom.com'" <chokhani@cygnacom.com>, "'azb@llnl.gov'" <azb@llnl.gov>, "'william.burr@nist.gov'" <william.burr@nist.gov>, "'BJUENEMAN@novell.com'" <BJUENEMAN@novell.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Thu, 10 Sep 1998 15:21:09 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree with Phillip. My folder containing the debate on the meaning of the non-repudiation key usage bit contains 97 messages from people trying to define what that one bit is supposed to mean. Trying to convey security policies via a similar method strikes me as doomed from the start. Dave Fillingham >---------- >From: Phillip M Hallam-Baker[SMTP:pbaker@verisign.com] >Sent: Thursday, September 10, 1998 1:48 PM >To: Mike Smith; chokhani@cygnacom.com; azb@llnl.gov; william.burr@nist.gov; >BJUENEMAN@novell.com >Cc: ietf-pkix@imc.org >Subject: RE: RE: New Extension Proposed: Method Of Authentication > > >> If we have standard identifiers, one byte each, provides 0 to 255 >> specific categories, with say, ten as internet standards. >> >> With initial authentication method, maybe we start with (decimal): >> 0 as anonymous, >> 1 as self-authenticated, >> 2 as driver license or government ID card >> 3 as passport >> 4 as military > >This is heading straight into the quagmire I spoke about... > >Decimal numbers is just about the worst approach since it means that >a central registry has to be kept - yet another task for IANA! and >the arbitrary limit of 255 sounds guaranteed to ensure that the >namespace will quickly become cluttered with ad hoc private >definitions being used on an 'experimental' basis. > >I don't see any value in the taxonomy presented. What is a 'military' >identification method? Is identification by the US army equivalent to >that of the Taleban in Afghanistan? > >The drivers license is particularly dubious. My UK drivers license >has no photograph and is valid until sometime after 2020. > >Are there CAs who actually want to specify their exact authorization >processes? Are such processes objectively definable? A commercial >CA does not define authorization procedures for every concievable >document they might accept in their CPS. The first time a US CA >decides on acceptable forms of authentication for a Monaco >corporation is likely to be when they get a purchase request. > > >If you want to take the matter further I suggest you write an >Internet Draft and see if the working group chairs want to >make it a work item. > > Phill > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24098 for ietf-pkix-bks; Thu, 10 Sep 1998 10:43:18 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24094 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 10:43:17 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id KAA16666; Thu, 10 Sep 1998 10:46:17 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id KAA12380; Thu, 10 Sep 1998 10:48:02 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Mike Smith" <mfsmith@zionsbank.com>, <chokhani@cygnacom.com>, <azb@llnl.gov>, <william.burr@nist.gov>, <BJUENEMAN@novell.com> Cc: <ietf-pkix@imc.org> Subject: RE: RE: New Extension Proposed: Method Of Authentication Date: Thu, 10 Sep 1998 13:48:20 -0400 Message-ID: <002001bddce3$3318eb80$9d07a8c0@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <s5f7a303.014@zionsbank.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk > If we have standard identifiers, one byte each, provides 0 to 255 > specific categories, with say, ten as internet standards. > > With initial authentication method, maybe we start with (decimal): > 0 as anonymous, > 1 as self-authenticated, > 2 as driver license or government ID card > 3 as passport > 4 as military This is heading straight into the quagmire I spoke about... Decimal numbers is just about the worst approach since it means that a central registry has to be kept - yet another task for IANA! and the arbitrary limit of 255 sounds guaranteed to ensure that the namespace will quickly become cluttered with ad hoc private definitions being used on an 'experimental' basis. I don't see any value in the taxonomy presented. What is a 'military' identification method? Is identification by the US army equivalent to that of the Taleban in Afghanistan? The drivers license is particularly dubious. My UK drivers license has no photograph and is valid until sometime after 2020. Are there CAs who actually want to specify their exact authorization processes? Are such processes objectively definable? A commercial CA does not define authorization procedures for every concievable document they might accept in their CPS. The first time a US CA decides on acceptable forms of authentication for a Monaco corporation is likely to be when they get a purchase request. If you want to take the matter further I suggest you write an Internet Draft and see if the working group chairs want to make it a work item. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23067 for ietf-pkix-bks; Thu, 10 Sep 1998 08:58:52 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA23063 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 08:58:51 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Thu, 10 Sep 1998 09:59:31 -0600 Message-Id: <s5f7a303.014@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Thu, 10 Sep 1998 09:59:21 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: chokhani@cygnacom.com, azb@llnl.gov, william.burr@nist.gov, BJUENEMAN@novell.com, pbaker@verisign.com Cc: ietf-pkix@imc.org Subject: Re: RE: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Maybe "new" extension is too strong a phrase. How about defining the policy qulifiers to have some standard" meanings, then: reliance limit licensure, licensing body authentication method etc. If we have standard identifiers, one byte each, provides 0 to 255 specific categories, with say, ten as internet standards. With initial authentication method, maybe we start with (decimal): 0 as anonymous, 1 as self-authenticated, 2 as driver license or government ID card 3 as passport 4 as military then start with combinations including common attributes, such as credit bureau rating as of issuance, etc. I do understand that, while policy OIDs may be supported some largely deployed systems do not support the policy qualifiers, but the standards do, so why don't we use them to improve our automation needs. Any time we need to rely on individuals obtaining, reading and being held accountable to a two hundred page contract (CPS), we limit its usability. Having standard definitions for the most common usages and having these signed as part of the cert by the issuer should facilitate automatic policy acceptance across those domains with multiple policies (if I have accepted all of the Verisign roots, then all of the categories of authentication are accepted. If each cert has the main characteristics of trust (initial authentication, CA licensure, reliance liits, CPS location/OID, etc.), then I should be able to set my acceptance on user selected criteria, without re-reading the two hundred pages of each of the CAs my company does business with. Michael >>> Santosh Chokhani <chokhani@cygnacom.com> 09/09 1:25 PM >>> The certificate policy is supposed to the represented in the certificate as an object identifier. The amendment to X.509 defines how the applications process that field to determine if a certificate is acceptable, including certificate policy and associated authentication mechanism. X.509 amendment offer a rich set of capabilities in this area in terms of what goes in a certificate, and how applications perform path validation. > -----Original Message----- > From: Tony Bartoletti [SMTP:azb@llnl.gov] > Sent: Wednesday, September 09, 1998 3:12 PM > To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; > william.burr@nist.gov; BJUENEMAN@novell.com > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: > >The subscriber authentication at the various stages (such as initial > >registration, registration after revocation, revocation request, > normal > >rekey, etc.) is supposed to be described in the certificate policy. > >Thus, the certificate policy asserted points to the authentication > >method. > > True, but this certainly places a limit upon the degree of automation > that can be employed in the future, at least until we have software > that can read a CPS and base decisions upon it. No time soon. > > Granted, some 20 bits describing authentication method(s) would be > contentious, but the very exercise would reveal much about where and > how trust is really anchored, and the degree to which automated agents > could evolve. > > >There is NO need for another extension. > > Have enough work already? ;) > > ___tony___ > > >> -----Original Message----- > >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > >> Sent: Wednesday, September 09, 1998 1:16 PM > >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > >> Cc: ietf-pkix@imc.org > >> Subject: RE: New Extension Proposed: Method Of Authentication > >> > >> > In using certificates, it is useful to know what form of > >> > authentication is used by a CA to identify a new certificate > >> > requester. A certificate extension seems the best place to store > > >> > this information. > >> > >> This sounds to me like a trip into a quagmire. I don't think that > >> it is possible to charaterize authentication mechanisms usefully > >> in a set of binary flags. > >> > >> For example two CAs may be requiring presentation of a driving > >> license for authentication, only one CA may be using a state of > >> MA license with photo ID and another a UK driving license without > >> photo ID. > >> > >> Even with documents such as passports there is considerable > >> variation between countries in the strictness of their proceedures. > >> > >> Then there are proceedural variations, is the applicant present > >> in person or were the credentials merely faxed... > >> > >> > >> Nor is the mechanism of authentication by itself particularly > >> usefull unless there is an evaluation of the reliability of the > >> party performing it. > >> > >> Of course one can start to characterise these characteristics > >> as well but to do so merely throws up yet more information which > >> might be relevant, factors which become increasingly subjective. > >> > >> > >> This is a hard AI problem - establishing a shared vocabulary of > >> terms which permits exchange of concepts whose semantics are > >> not embedded in the communication mechanism or indeed any > >> mechanism for which a formal description is available. > >> > >> Phill > > > > > > Tony Bartoletti LL > SPI-NET GURU LL LL > Computer Security Technology Center LL LL LL > Lawrence Livermore National Lab LL LL LL > PO Box 808, L - 303 LL LL LLLLLLLL > Livermore, CA 94551-9900 LL LLLLLLLL > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22915 for ietf-pkix-bks; Thu, 10 Sep 1998 08:43:51 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA22911 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 08:43:50 -0700 (PDT) Message-Id: <199809101543.IAA22911@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Thu, 10 Sep 1998 08:49:00 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Fwd: I-D ACTION:draft-ietf-ipsec-pki-req-00.txt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk This draft may interest people in the PKIX group. It is also available from <http://www.imc.org/draft-ietf-ipsec-pki-req>. --Paul Hoffman, Director --Internet Mail Consortium >To: IETF-Announce: ; >Cc: ipsec@tis.com >From: Internet-Drafts@ietf.org >Reply-to: Internet-Drafts@ietf.org >Subject: I-D ACTION:draft-ietf-ipsec-pki-req-00.txt >Date: Thu, 10 Sep 1998 10:34:19 -0400 >Sender: cclark@ns.cnri.reston.va.us > >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the IP Security Protocol Working Group of the IETF. > > Title : PKI Requirements for IP Security > Author(s) : R. Thayer > Filename : draft-ietf-ipsec-pki-req-00.txt > Pages : 22 > Date : 09-Sep-98 > > The IP Security (IPSec) protocol set now being defined in the > IETF uses public key cryptography for authentication in it's key > management protocol. This document defines the requirements that > IPSec has for Public Key Infrastructure (PKI) protocols, formats, > and services. > > The key words 'SHALL', 'REQUIRED', 'SHOULD', 'RECOMMENDED', and > 'MAY' in this document are to be interpreted as described in RFC > 2119. > > Please send comments on this document to the ipsec@tis.com > mailing list. > >Internet-Drafts are available by anonymous FTP. Login with the username >"anonymous" and a password of your e-mail address. After logging in, >type "cd internet-drafts" and then > "get draft-ietf-ipsec-pki-req-00.txt". >A URL for the Internet-Draft is: >ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-pki-req-00.txt > >Internet-Drafts directories are located at: > > Africa: ftp.is.co.za > > Europe: ftp.nordu.net > ftp.nis.garr.it > > Pacific Rim: munnari.oz.au > > US East Coast: ftp.ietf.org > > US West Coast: ftp.isi.edu > >Internet-Drafts are also available by mail. > >Send a message to: mailserv@ietf.org. In the body type: > "FILE /internet-drafts/draft-ietf-ipsec-pki-req-00.txt". > >NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > >Below is the data which will enable a MIME compliant mail reader >implementation to automatically retrieve the ASCII version of the >Internet-Draft. >Content-Type: text/plain >Content-ID: <19980909162526.I-D@ietf.org> > >ENCODING mime >FILE /internet-drafts/draft-ietf-ipsec-pki-req-00.txt > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-pki-req-00.txt> > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22538 for ietf-pkix-bks; Thu, 10 Sep 1998 08:14:28 -0700 (PDT) Received: from slack.lne.com (NoBody@slack.lne.com [140.174.94.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22534 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 08:14:26 -0700 (PDT) Received: (from ericm@localhost) by slack.lne.com (8.9.0/8.9.0) id IAA12666; Thu, 10 Sep 1998 08:19:50 -0700 From: Eric Murray <ericm@lne.com> Message-Id: <199809101519.IAA12666@slack.lne.com> Subject: Re: New Extension Proposed: Method Of Authentication To: pkoning@xedia.com (Paul Koning) Date: Thu, 10 Sep 1998 08:19:49 -0700 (PDT) Cc: azb@llnl.gov, ietf-pkix@imc.org In-Reply-To: <199809101321.JAA14290@tonga.xedia.com> from "Paul Koning" at Sep 10, 98 09:21:30 am MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Paul Koning writes: > > Incidentally, as an aside -- this discussion made me worry about the > potential for unrestrained growth of certificates. As someone > involved in building diskless (embedded) systems, megabyte-sized certs > worry me a lot. Me too. Our company also does embedded systems which need to accept and verify certs. Please keep your certs small if you really want them to be ubiquitous. I'd much rather see a URI and perhaps a hash in the cert instead of the entire CPS. -- Eric Murray N*Able Technologies www.nabletech.com (email: ericm at the sites lne.com or nabletech.com) PGP keyid:E03F65E5 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21461 for ietf-pkix-bks; Thu, 10 Sep 1998 06:17:21 -0700 (PDT) Received: from relay5.UU.NET (relay5.UU.NET [192.48.96.15]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21457 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 06:17:20 -0700 (PDT) Received: from xedia.com by relay5.UU.NET with SMTP (peer crosschecked as: madway.xedia.com [198.202.232.199]) id QQfgft03924; Thu, 10 Sep 1998 09:21:34 -0400 (EDT) Received: from tonga.xedia.com by xedia.com (4.1/SMI-4.1) id AA09439; Thu, 10 Sep 98 09:20:42 EDT Received: by tonga.xedia.com (SMI-8.6/SMI-SVR4) id JAA14290; Thu, 10 Sep 1998 09:21:30 -0400 Date: Thu, 10 Sep 1998 09:21:30 -0400 Message-Id: <199809101321.JAA14290@tonga.xedia.com> From: Paul Koning <pkoning@xedia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: azb@llnl.gov Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication References: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> <3.0.3.32.19980909162025.00a06390@poptop.llnl.gov> X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs Lucid Sender: owner-ietf-pkix@imc.org Precedence: bulk >>>>> "Tony" == Tony Bartoletti <azb@llnl.gov> writes: >... Tony> Still, suppose the certificate did contain the CPS hash. Tony> Imagine that a client system, in the course of validating Tony> certificates, determines that a particular CPS has changed. Tony> That is, some of the certs point to the older CPS, and some to Tony> a brand new CPS. Assume further that it can (securely) Tony> retrieve both the older and newer CPS at will. It can still Tony> validate the older certs, but it can do nothing with the newer Tony> ones until a human steps in to read the new CPS, and then Tony> determine its sufficiency for the purpose(s) at hand. Tony> In terms of automation, "the bits stop here." I think that's as it should be. Whether a new CPS is sufficient for the purposes at hand, in any situation where someone cares enough to look at the CPS at all, is a question that undoubtedly involves lawyers, or even people involved in still less formal processes. Until and unless someone comes up with a mapping from legal english to formal logic (unlikely given Goedel's theorem) I believe the bits HAVE to stop where you said. Incidentally, as an aside -- this discussion made me worry about the potential for unrestrained growth of certificates. As someone involved in building diskless (embedded) systems, megabyte-sized certs worry me a lot. paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21325 for ietf-pkix-bks; Thu, 10 Sep 1998 06:02:10 -0700 (PDT) Received: from getafix.fcpl.co.in (Getafix.fcpl.co.in [196.1.104.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21320 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 06:02:03 -0700 (PDT) Received: from TinTins.fcpl.co.in ([196.1.104.84]) by getafix.fcpl.co.in (post.office MTA v2.0 0613 ID# 291-17719) with SMTP id AAA135 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 18:38:00 +0530 Message-ID: <000b01bddcbc$29a0ac40$546801c4@TinTins.fcpl.co.in> From: "Shailesh" <shailesh@fcpl.co.in> To: <ietf-pkix@imc.org> Subject: PKIX transports using HTTP Date: Thu, 10 Sep 1998 18:38:54 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk 1. What is more standard way of communicating PKIX messages on HTTP : Put them as a part of URL OR Put them in the "Entity (optional) part of the request and response" 2. What extensions of the HTTP or part of the core protocol talks about polling? How does one poll using HTTP? Thanks with best regards Shailesh Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA21056 for ietf-pkix-bks; Thu, 10 Sep 1998 05:47:22 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA21051 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:47:17 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id OAA01964; Thu, 10 Sep 1998 14:54:13 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id OAA19716; Thu, 10 Sep 1998 14:54:06 +0200 (DFT) Message-ID: <35F84A56.32A2@bull.net> Date: Thu, 10 Sep 1998 14:53:26 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Eric Murray <ericm@lne.com> CC: ietf-pkix@imc.org Subject: Re: New Extension Proposed: Method Of Authentication References: <199809091924.MAA11040@slack.lne.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Eric Murray wrote: > Santosh Chokhani writes: > > The subscriber authentication at the various stages (such as initial > > registration, registration after revocation, revocation request, normal > > rekey, etc.) is supposed to be described in the certificate policy. > > Thus, the certificate policy asserted points to the authentication > > method. > > There is NO need for another extension. > I agree that putting the policy into an extension is a quagmire. > However, given that most CPSs will be on web sites, and those > CPSs can be changed at any time, should there be a way to > indicate which CPS is in effect at any given time during > the certificate's life? > Say Fred is issued a cert by Carl the CA. Carl signs Fred's > cert under the then-current CPS 1.2, which required Carl > to verify Fred's identity using dental charts. Sometime > later, Carl changes his CPS to version 1.3, which no longer requires > dental charts as a form of identification, but instead > accepts a state driver's license. > Fred would like to sign a contract to purchase a house. The lender > requires a high-quality signature, and a cert with only a state > driver's license as identification isn't good enough. How does Fred > indicate that his cert was issued under the older, more rigorous CPS? You are adressing an important issue. When you sign a contract, you usually look at the back of the page where there is either the full terms of the contract or a short form of them with a pointer to a full form. It is thus important to know whether you agree or not with these: if yes, you sign, if not you don't. The equivalent in electronic terms is to point to a security policy and sign it (i.e. add the security policy to the core of the signed message and sign the whole). Different pointers may be used. Here are two examples: an OID, a URL address. If the policy changes, the pointer must change. A hash of the policy has to be used to make sure which terms you were agreeing with. These terms will indicate which CAs are adequate to be used by the signers and which security policies from that CA will be adequate to be used, relative to these terms. > One way to deal with this is to revoke all certs issued under a > given CPS when it is changed. I'm not sure that that provides any assurance > that a given cert was issued under the current CPS though- a receiving > party would have to depend on the current CPS stating that such > is the policy. And it's obviously very undesireable from a CA standpoint. Indeed ! > Another way would be to require the CA to sign their CPSs and include > version numbers, and to include in the cert extension which points to > the CPS, the version number of the CPS which was in effect when the cert > was issued. This will prevent CAs from updating CPSs "out from > underneath" existing certs. That may or may not be a desired effect. :-( > I did a very quick read of the draft and didn't see anything that > handles this problem. But I have not been following the discussion very > much and have not studied the draft, so I could well have missed it. If > there's already something in the draft to deal with this, or this > subject has already been discussed on the list, please accept my > apologies. You did not missed it, the draft is silent on this kind of topic, but it would not be the right place anyway to place it. At the Chicago meeting, we talked about expanding the work to handle non repudiation in more details. If such an extension of the work happens, then we could possibly deal with this kind of topic. Denis > -- > Eric Murray N*Able Technologies www.nabletech.com > (email: ericm at the sites lne.com or nabletech.com) PGP keyid:E03F65E5 -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20901 for ietf-pkix-bks; Thu, 10 Sep 1998 05:19:37 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA20897 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:19:34 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id OAA22350; Thu, 10 Sep 1998 14:26:25 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id OAA19816; Thu, 10 Sep 1998 14:26:20 +0200 (DFT) Message-ID: <35F843D4.7FF4@bull.net> Date: Thu, 10 Sep 1998 14:25:40 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Mike Smith <mfsmith@zionsbank.com> CC: william.burr@nist.gov, BJUENEMAN@novell.com, ietf-pkix@imc.org Subject: Re: New Extension Proposed: Method Of Authentication References: <s5f6527f.038@zionsbank.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Mike Smith wrote: > > In using certificates, it is useful to know what form of > authentication is used by a CA to identify a new certificate > requester. A certificate extension seems the best place to store > this information. > > At one time, Bob Jeuneman prepared a paper proposing this extension > and detailing many categories, from anonymous, self-authenticated, > self authenticated with data verifired (or with credit account, etc.), > authenticated in person, in person with governement-issued picture ID, > multiple forms of government picture IDs with current credit reports > and corporate D&B, etc. > The current practice, I beleive, is to embed the authentication > mechanism in a CA operations or policy statement tha may or may not > be online for someone to peruse and make their own judgement. > Putting a clear indicator in the signed cert would help. > Comments? Bob? If we were going in that direction then we might need to indicate whether one or more of the following has been presented: a driving license, a passport, an ID card, a bill from an Electricity supplier, a bill from a Telephone company, a bill from a Water supplier, etc ... We already have (too) many extensions. The policy statement is enough. There is no need for a verifier to understand the details of the policy, but only to know whether the policy is acceptable for the application. Denis > Michael -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20886 for ietf-pkix-bks; Thu, 10 Sep 1998 05:16:33 -0700 (PDT) Received: from getafix.fcpl.co.in (Getafix.fcpl.co.in [196.1.104.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA20879 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:16:12 -0700 (PDT) Received: from dynamo ([196.1.104.100]) by getafix.fcpl.co.in (post.office MTA v2.0 0613 ID# 291-17719) with SMTP id AAA142 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 17:52:05 +0530 Message-ID: <002b01bddcb6$078be850$646801c4@dynamo.fcpl.co.in> From: "Abhay Kulkarni" <abhay@fcpl.co.in> To: <ietf-pkix@imc.org> Subject: PKIX Certificate Management Protocols Date: Thu, 10 Sep 1998 17:54:53 +0530 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0028_01BDDCE4.1D99E100" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2110.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0028_01BDDCE4.1D99E100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello everybody, Where do we find extra information about how to use HTTP protocol as the = lower layer in the PKI certificate management protocol ? Thanks in advance. Regards. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Abhay Kulkarni Systems Engineer Frontier Computers Pvt. Ltd. EMail: abhay@fcpl.co.in Web: http://www.fcpl.co.in %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ------=_NextPart_000_0028_01BDDCE4.1D99E100 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.2106.6"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#fffbf0> <DIV><FONT color=3D#000000 size=3D2>Hello everybody,</FONT></DIV> <DIV><FONT size=3D2>Where do we find extra information about how to use = HTTP=20 protocol as the lower layer in the PKI certificate management protocol=20 ?</FONT></DIV> <DIV><FONT size=3D2>Thanks in advance.</FONT></DIV> <DIV><FONT size=3D2>Regards.</FONT></DIV> <DIV><FONT color=3D#000000 = size=3D2>%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%<BR>Abhay=20 Kulkarni<BR>Systems Engineer<BR>Frontier Computers Pvt. = Ltd.<BR>EMail: <A=20 href=3D"mailto:abhay@fcpl.co.in">abhay@fcpl.co.in</A><BR>Web: <A=20 href=3D"http://www.fcpl.co.in">http://www.fcpl.co.in</A><BR>%%%%%%%%%%%%%= %%%%%%%%%%%%%%%%%%%%%</FONT></DIV></BODY></HTML> ------=_NextPart_000_0028_01BDDCE4.1D99E100-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA20830 for ietf-pkix-bks; Thu, 10 Sep 1998 05:10:30 -0700 (PDT) Received: from gatekeeper.domus.com ([198.166.58.193]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA20826 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 05:10:28 -0700 (PDT) Received: from dns_int.domus.com by gatekeeper1.domus.com (8.6.13/200.19.1.1) id IAA27690; Thu, 10 Sep 1998 08:07:14 -0400 Received: (from smap@localhost) by dns_int.domus.com (8.6.8/8.6.6) id HAA24702 for <ietf-pkix@imc.org>; Thu, 10 Sep 1998 07:35:30 -0400 Received: from wpgate.domus.com(198.166.59.10) by dns_int.domus.com via smap (V1.3) id sma024700; Thu Sep 10 07:35:22 1998 Received: from DOMUS-Message_Server by wpgate.domus.com with Novell_GroupWise; Thu, 10 Sep 1998 08:07:25 -0400 Message-Id: <s5f788bd.052@wpgate.domus.com> X-Mailer: Novell GroupWise 4.1 Date: Thu, 10 Sep 1998 08:07:16 -0400 From: William Dziadyk <WDziadyk@domus.com> To: ietf-pkix@imc.org Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk --------------------------------------------------------------------------------- William Dziadyk, PEng IT Security Services, DOMUS Software, Ottawa, Ontario, Canada (613) 230-6285 ext 342 ---- WDziadyk@DOMUS.com --------------------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id XAA12866 for ietf-pkix-bks; Wed, 9 Sep 1998 23:54:28 -0700 (PDT) Received: from genius.tisl.soft.net (genius.tisl.soft.net [164.164.20.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id XAA12861; Wed, 9 Sep 1998 23:54:22 -0700 (PDT) Received: from narayan ([32.97.253.98]) by genius.tisl.soft.net (AIX4.3/UCB 8.7/8.7) with ESMTP id MAA20198; Thu, 10 Sep 1998 12:25:52 -0530 (ist) Message-ID: <35F77875.E02C36B8@geocities.com> Date: Thu, 10 Sep 1998 12:27:57 +0530 From: Narayan Raghu <narry@geocities.com> X-Mailer: Mozilla 4.01 [en] (Win95; I) MIME-Version: 1.0 To: Paul Hoffman / IMC <phoffman@imc.org> CC: ietf-pkix@imc.org Subject: Re: New Extension Proposed: Method Of Authentication X-Priority: 3 (Normal) References: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> <199809092353.QAA27581@mail.proper.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hello, Ultimately, it is the verifier of a certificate who decides if a certification authority is to be trusted. Hence, the onus is on him to verify the policies of the CA and decide whether to designate that CA as the trusted root. IF a CA changes it's policy, it could simply generate another keypair, which signes certificates verifed by the new method. That way, the verifier can decide whether to designate the new CA certificate as trusted root or not, depending upon the new policy of the CA. The verifier can thus choose to trust all those certified by the old CA Certificate/Keypair, since the old policy was acceptable. The key here is that we link a new CA policy with a mandatory new CA signing keypair. I dont think it's required to mention the verifying method in the certificate, since it's the certificate verifier's responsibility. narayan ibm bangalore india Paul Hoffman / IMC wrote: > > At 04:20 PM 9/9/98 -0700, Tony Bartoletti wrote: > >There are two significant shortcomings with the existing situation, > >nonetheless. First, as pointed out by Eric Murray, is that this > >"pointer to the certificate policy" is a weak link in a critical > >chain to the foundation of trust. > > Then don't validate certs with CPSs; only validate ones with OIDs that > you > understand. > > Remember, these policies are for CAs who you have already decided you > trust > to sign someone else's key. If you don't trust them not to change > their > CPS, why do you trust that they are even following the CPS you looked > up > once? Any reasonable CA who changes their CPS will keep the old one at > the > original URL and create a new CPS with a new URL, and put the new URL > in > certs that conform to the new policy. > > --Paul Hoffman, Director > --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA27613 for ietf-pkix-bks; Wed, 9 Sep 1998 16:56:28 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA27609 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 16:56:27 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ879>; Wed, 9 Sep 1998 20:00:03 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A6C@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Tony Bartoletti'" <azb@llnl.gov>, Phillip M Hallam-Baker <pbaker@verisign.com>, Santosh Chokhani <chokhani@cygnacom.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com, Eric Murray <ericm@lne.com> Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 20:00:00 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Tony: I think certificate policies are supposed to take care of this. Clients need not read CP or CPS. One may put CPS digest in an already defined extension in the certificate. > -----Original Message----- > From: Tony Bartoletti [SMTP:azb@llnl.gov] > Sent: Wednesday, September 09, 1998 7:20 PM > To: Phillip M Hallam-Baker; Santosh Chokhani; Mike Smith; > william.burr@nist.gov; BJUENEMAN@novell.com; Eric Murray > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > At 03:39 PM 9/9/98 -0400, Phillip M Hallam-Baker wrote: > > > >> The subscriber authentication at the various stages (such as > initial > >> registration, registration after revocation, revocation request, > normal > >> rekey, etc.) is supposed to be described in the certificate policy. > >> Thus, the certificate policy asserted points to the authentication > >> method. > > > >True. What I interpreted the proposal to be however was an abstract > >syntax for describing certificate policy in a form that would allow > >automated evaluation. There is a big difference between putting a > >pointer to the certificate policy into a cert and attempting to > encode > >the certificate policy within the certificate itself. > > > >While such a facility would be 'nice to have' my experience is that > >it is a very hard AI problem, at least as hard as the problem of > >natural language understanding. > > Phill, > > I do understand, and would expect any attempt to address the stated > shortcomings via an extension (or any other method) to be a multi-year > effort:) > > There are two significant shortcomings with the existing situation, > nonetheless. First, as pointed out by Eric Murray, is that this > "pointer to the certificate policy" is a weak link in a critical > chain to the foundation of trust. I recall (two years ago!) this > very subject was debated on this list, with some calls to have the > cert contain a hash of the CPS in effect at the time of certificate > creation, so there could be no subtle (or not so subtle) rewording > of the CPS after the fact. Alas, no such provisions were included. > > Still, suppose the certificate did contain the CPS hash. Imagine > that a client system, in the course of validating certificates, > determines that a particular CPS has changed. That is, some of the > certs point to the older CPS, and some to a brand new CPS. Assume > further that it can (securely) retrieve both the older and newer CPS > at will. It can still validate the older certs, but it can do nothing > with the newer ones until a human steps in to read the new CPS, and > then determine its sufficiency for the purpose(s) at hand. > > In terms of automation, "the bits stop here." > > Its just an observation... > > ___tony___ > > >There is a project in the International Chamber of Commerce called > >ETerms which addresses the problem of providing a CPS repository > >and which has as a long term goal the establishment of a shared > >vocabulary of contract terms. > > > >This enterprise is best described as 'chock full o' lawyers'. Many > >of the issues being delt with involve subtle and obscure points > >of international law - such as the fact that the criteria for > >establishing constructive notice vary according to the jurisdiction. > > > >Significantly the E-Terms project is not attempting to establish a > >taxonomy of trade terms in common use. I don't think such a 'top > >down' approach is feasible. Instead what is being attempted is a > >convergence of the user community towards the use of a common > >vocabulary which is itself a product of the process. This is more > >of a bottom-up, evolutionary approach. > > > > Phill > > > > > > > > > > > > Tony Bartoletti LL > SPI-NET GURU LL LL > Computer Security Technology Center LL LL LL > Lawrence Livermore National Lab LL LL LL > PO Box 808, L - 303 LL LL LLLLLLLL > Livermore, CA 94551-9900 LL LLLLLLLL > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA27585 for ietf-pkix-bks; Wed, 9 Sep 1998 16:53:54 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id QAA27581 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 16:53:53 -0700 (PDT) Message-Id: <199809092353.QAA27581@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 09 Sep 1998 16:58:57 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication In-Reply-To: <3.0.3.32.19980909162025.00a06390@poptop.llnl.gov> References: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 04:20 PM 9/9/98 -0700, Tony Bartoletti wrote: >There are two significant shortcomings with the existing situation, >nonetheless. First, as pointed out by Eric Murray, is that this >"pointer to the certificate policy" is a weak link in a critical >chain to the foundation of trust. Then don't validate certs with CPSs; only validate ones with OIDs that you understand. Remember, these policies are for CAs who you have already decided you trust to sign someone else's key. If you don't trust them not to change their CPS, why do you trust that they are even following the CPS you looked up once? Any reasonable CA who changes their CPS will keep the old one at the original URL and create a new CPS with a new URL, and put the new URL in certs that conform to the new policy. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA27403 for ietf-pkix-bks; Wed, 9 Sep 1998 16:16:15 -0700 (PDT) Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA27399 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 16:16:14 -0700 (PDT) Received: from catalyst (catalyst.llnl.gov [128.115.223.10]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2) with SMTP id QAA10253; Wed, 9 Sep 1998 16:21:14 -0700 (PDT) Message-Id: <3.0.3.32.19980909162025.00a06390@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 09 Sep 1998 16:20:25 -0700 To: "Phillip M Hallam-Baker" <pbaker@verisign.com>, "Santosh Chokhani" <chokhani@cygnacom.com>, "Mike Smith" <mfsmith@zionsbank.com>, <william.burr@nist.gov>, <BJUENEMAN@novell.com>, Eric Murray <ericm@lne.com> From: Tony Bartoletti <azb@llnl.gov> Subject: RE: New Extension Proposed: Method Of Authentication Cc: <ietf-pkix@imc.org> In-Reply-To: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> References: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 03:39 PM 9/9/98 -0400, Phillip M Hallam-Baker wrote: > >> The subscriber authentication at the various stages (such as initial >> registration, registration after revocation, revocation request, normal >> rekey, etc.) is supposed to be described in the certificate policy. >> Thus, the certificate policy asserted points to the authentication >> method. > >True. What I interpreted the proposal to be however was an abstract >syntax for describing certificate policy in a form that would allow >automated evaluation. There is a big difference between putting a >pointer to the certificate policy into a cert and attempting to encode >the certificate policy within the certificate itself. > >While such a facility would be 'nice to have' my experience is that >it is a very hard AI problem, at least as hard as the problem of >natural language understanding. Phill, I do understand, and would expect any attempt to address the stated shortcomings via an extension (or any other method) to be a multi-year effort:) There are two significant shortcomings with the existing situation, nonetheless. First, as pointed out by Eric Murray, is that this "pointer to the certificate policy" is a weak link in a critical chain to the foundation of trust. I recall (two years ago!) this very subject was debated on this list, with some calls to have the cert contain a hash of the CPS in effect at the time of certificate creation, so there could be no subtle (or not so subtle) rewording of the CPS after the fact. Alas, no such provisions were included. Still, suppose the certificate did contain the CPS hash. Imagine that a client system, in the course of validating certificates, determines that a particular CPS has changed. That is, some of the certs point to the older CPS, and some to a brand new CPS. Assume further that it can (securely) retrieve both the older and newer CPS at will. It can still validate the older certs, but it can do nothing with the newer ones until a human steps in to read the new CPS, and then determine its sufficiency for the purpose(s) at hand. In terms of automation, "the bits stop here." Its just an observation... ___tony___ >There is a project in the International Chamber of Commerce called >ETerms which addresses the problem of providing a CPS repository >and which has as a long term goal the establishment of a shared >vocabulary of contract terms. > >This enterprise is best described as 'chock full o' lawyers'. Many >of the issues being delt with involve subtle and obscure points >of international law - such as the fact that the criteria for >establishing constructive notice vary according to the jurisdiction. > >Significantly the E-Terms project is not attempting to establish a >taxonomy of trade terms in common use. I don't think such a 'top >down' approach is feasible. Instead what is being attempted is a >convergence of the user community towards the use of a common >vocabulary which is itself a product of the process. This is more >of a bottom-up, evolutionary approach. > > Phill > > > > > Tony Bartoletti LL SPI-NET GURU LL LL Computer Security Technology Center LL LL LL Lawrence Livermore National Lab LL LL LL PO Box 808, L - 303 LL LL LLLLLLLL Livermore, CA 94551-9900 LL LLLLLLLL email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26368 for ietf-pkix-bks; Wed, 9 Sep 1998 14:15:07 -0700 (PDT) Received: from relay1.eds.com (relay1.eds.com [199.228.142.73]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA26364 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 14:15:05 -0700 (PDT) Received: from nnsa.eds.com (nnsa.eds.com [192.85.154.30] (may be forged)) by relay1.eds.com (8.8.8/8.8.8) with ESMTP id RAA03200 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 17:20:25 -0400 (EDT) Received: from usahm007.exmi01.exch.eds.com ([207.37.138.147]) by nnsa.eds.com (8.8.8/8.8.8) with ESMTP id RAA10704 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 17:19:54 -0400 (EDT) Received: by USAHM007 with Internet Mail Service (5.5.2232.9) id <S1N8LKJ3>; Wed, 9 Sep 1998 17:19:50 -0400 Message-ID: <92D60A12331ED2119F5300A02461F047B20386@USAHM009> From: "Corcoran, Dan" <dan.corcoran@eds.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 9 Sep 1998 17:19:49 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25592 for ietf-pkix-bks; Wed, 9 Sep 1998 12:38:45 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25588 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:38:32 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id PAA20000 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:43:40 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id PAA19994 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:43:39 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id PAA09823 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:42:59 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000265539@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Wed, 09 Sep 1998 15:43:23 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDDC08.BD7E9300@avenger.missi.ncsc.mil>; Wed, 9 Sep 1998 15:44:33 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980909194432Z-33291@avenger.missi.ncsc.mil> From: "Fillingham, David W." <dwfilli@missi.ncsc.mil> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, "'Mike Smith'" <mfsmith@zionsbank.com>, "'william.burr@nist.gov'" <william.burr@nist.gov>, "'BJUENEMAN@novell.com'" <BJUENEMAN@novell.com>, "'Tony Bartoletti'" <azb@llnl.gov> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 15:44:32 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Tony: I agree with Santosh and Phillip on this matter - I don't think an additional extension would help. The method of verifying a subscriber's identity is one element of a certificate policy that factors in the assurance of the binding between an identity and a public key - but only one. It seems we could go down a path of defining another extension for liability limits, which may be more important to many users, and another for technical security mechanisms (e.g., is the private key protected using hardware, or software), and another for "authorized certificate applications" (e.g., only good for Company X applications) and so on. I see no need to automatically read CPS documents - X.509 already specifies how the certificate policy extension should be processed. If a policy, including the subscriber I&A process, is acceptable to a relying party for a specific application, then the certificate processing application can accept the certificate asserting that policy. Some human being reads the policy, and makes this determination, based on the entire policy, and then asserts the policy as one that is "acceptable" for the application. If a public key system implementor wants to define a certificate policy based exclusively on the initial subscriber registration identification mechanism, they could do so. I don't think this would be a good idea, but it's certainly allowed by the standards, including the IETF Certificate Policy and CPS Framework, and to my mind, is preferable to defining another extension. Dave Fillingham >---------- >From: Tony Bartoletti[SMTP:azb@llnl.gov] >Sent: Wednesday, September 09, 1998 3:12 PM >To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; >william.burr@nist.gov; BJUENEMAN@novell.com >Cc: ietf-pkix@imc.org >Subject: RE: New Extension Proposed: Method Of Authentication > >At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: >>The subscriber authentication at the various stages (such as initial >>registration, registration after revocation, revocation request, normal >>rekey, etc.) is supposed to be described in the certificate policy. >>Thus, the certificate policy asserted points to the authentication >>method. > >True, but this certainly places a limit upon the degree of automation >that can be employed in the future, at least until we have software >that can read a CPS and base decisions upon it. No time soon. > >Granted, some 20 bits describing authentication method(s) would be >contentious, but the very exercise would reveal much about where and >how trust is really anchored, and the degree to which automated agents >could evolve. > >>There is NO need for another extension. > >Have enough work already? ;) > >___tony___ > >>> -----Original Message----- >>> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] >>> Sent: Wednesday, September 09, 1998 1:16 PM >>> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com >>> Cc: ietf-pkix@imc.org >>> Subject: RE: New Extension Proposed: Method Of Authentication >>> >>> > In using certificates, it is useful to know what form of >>> > authentication is used by a CA to identify a new certificate >>> > requester. A certificate extension seems the best place to store >>> > this information. >>> >>> This sounds to me like a trip into a quagmire. I don't think that >>> it is possible to charaterize authentication mechanisms usefully >>> in a set of binary flags. >>> >>> For example two CAs may be requiring presentation of a driving >>> license for authentication, only one CA may be using a state of >>> MA license with photo ID and another a UK driving license without >>> photo ID. >>> >>> Even with documents such as passports there is considerable >>> variation between countries in the strictness of their proceedures. >>> >>> Then there are proceedural variations, is the applicant present >>> in person or were the credentials merely faxed... >>> >>> >>> Nor is the mechanism of authentication by itself particularly >>> usefull unless there is an evaluation of the reliability of the >>> party performing it. >>> >>> Of course one can start to characterise these characteristics >>> as well but to do so merely throws up yet more information which >>> might be relevant, factors which become increasingly subjective. >>> >>> >>> This is a hard AI problem - establishing a shared vocabulary of >>> terms which permits exchange of concepts whose semantics are >>> not embedded in the communication mechanism or indeed any >>> mechanism for which a formal description is available. >>> >>> Phill >> >> > >Tony Bartoletti LL >SPI-NET GURU LL LL >Computer Security Technology Center LL LL LL >Lawrence Livermore National Lab LL LL LL >PO Box 808, L - 303 LL LL LLLLLLLL >Livermore, CA 94551-9900 LL LLLLLLLL >email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25538 for ietf-pkix-bks; Wed, 9 Sep 1998 12:34:48 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25534 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:34:47 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id MAA29427; Wed, 9 Sep 1998 12:37:44 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id MAA16381; Wed, 9 Sep 1998 12:39:30 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Santosh Chokhani" <chokhani@cygnacom.com>, "Mike Smith" <mfsmith@zionsbank.com>, <william.burr@nist.gov>, <BJUENEMAN@novell.com> Cc: <ietf-pkix@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 15:39:46 -0400 Message-ID: <000701bddc29$99814e40$9d07a8c0@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 In-Reply-To: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Sender: owner-ietf-pkix@imc.org Precedence: bulk > The subscriber authentication at the various stages (such as initial > registration, registration after revocation, revocation request, normal > rekey, etc.) is supposed to be described in the certificate policy. > Thus, the certificate policy asserted points to the authentication > method. True. What I interpreted the proposal to be however was an abstract syntax for describing certificate policy in a form that would allow automated evaluation. There is a big difference between putting a pointer to the certificate policy into a cert and attempting to encode the certificate policy within the certificate itself. While such a facility would be 'nice to have' my experience is that it is a very hard AI problem, at least as hard as the problem of natural language understanding. There is a project in the International Chamber of Commerce called ETerms which addresses the problem of providing a CPS repository and which has as a long term goal the establishment of a shared vocabulary of contract terms. This enterprise is best described as 'chock full o' lawyers'. Many of the issues being delt with involve subtle and obscure points of international law - such as the fact that the criteria for establishing constructive notice vary according to the jurisdiction. Significantly the E-Terms project is not attempting to establish a taxonomy of trade terms in common use. I don't think such a 'top down' approach is feasible. Instead what is being attempted is a convergence of the user community towards the use of a common vocabulary which is itself a product of the process. This is more of a bottom-up, evolutionary approach. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25446 for ietf-pkix-bks; Wed, 9 Sep 1998 12:20:41 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25442 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:20:40 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ8LG>; Wed, 9 Sep 1998 15:25:49 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A67@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Tony Bartoletti'" <azb@llnl.gov>, Santosh Chokhani <chokhani@cygnacom.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 15:25:47 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk The certificate policy is supposed to the represented in the certificate as an object identifier. The amendment to X.509 defines how the applications process that field to determine if a certificate is acceptable, including certificate policy and associated authentication mechanism. X.509 amendment offer a rich set of capabilities in this area in terms of what goes in a certificate, and how applications perform path validation. > -----Original Message----- > From: Tony Bartoletti [SMTP:azb@llnl.gov] > Sent: Wednesday, September 09, 1998 3:12 PM > To: Santosh Chokhani; 'Phillip M Hallam-Baker'; Mike Smith; > william.burr@nist.gov; BJUENEMAN@novell.com > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: > >The subscriber authentication at the various stages (such as initial > >registration, registration after revocation, revocation request, > normal > >rekey, etc.) is supposed to be described in the certificate policy. > >Thus, the certificate policy asserted points to the authentication > >method. > > True, but this certainly places a limit upon the degree of automation > that can be employed in the future, at least until we have software > that can read a CPS and base decisions upon it. No time soon. > > Granted, some 20 bits describing authentication method(s) would be > contentious, but the very exercise would reveal much about where and > how trust is really anchored, and the degree to which automated agents > could evolve. > > >There is NO need for another extension. > > Have enough work already? ;) > > ___tony___ > > >> -----Original Message----- > >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > >> Sent: Wednesday, September 09, 1998 1:16 PM > >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > >> Cc: ietf-pkix@imc.org > >> Subject: RE: New Extension Proposed: Method Of Authentication > >> > >> > In using certificates, it is useful to know what form of > >> > authentication is used by a CA to identify a new certificate > >> > requester. A certificate extension seems the best place to store > > >> > this information. > >> > >> This sounds to me like a trip into a quagmire. I don't think that > >> it is possible to charaterize authentication mechanisms usefully > >> in a set of binary flags. > >> > >> For example two CAs may be requiring presentation of a driving > >> license for authentication, only one CA may be using a state of > >> MA license with photo ID and another a UK driving license without > >> photo ID. > >> > >> Even with documents such as passports there is considerable > >> variation between countries in the strictness of their proceedures. > >> > >> Then there are proceedural variations, is the applicant present > >> in person or were the credentials merely faxed... > >> > >> > >> Nor is the mechanism of authentication by itself particularly > >> usefull unless there is an evaluation of the reliability of the > >> party performing it. > >> > >> Of course one can start to characterise these characteristics > >> as well but to do so merely throws up yet more information which > >> might be relevant, factors which become increasingly subjective. > >> > >> > >> This is a hard AI problem - establishing a shared vocabulary of > >> terms which permits exchange of concepts whose semantics are > >> not embedded in the communication mechanism or indeed any > >> mechanism for which a formal description is available. > >> > >> Phill > > > > > > Tony Bartoletti LL > SPI-NET GURU LL LL > Computer Security Technology Center LL LL LL > Lawrence Livermore National Lab LL LL LL > PO Box 808, L - 303 LL LL LLLLLLLL > Livermore, CA 94551-9900 LL LLLLLLLL > email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25432 for ietf-pkix-bks; Wed, 9 Sep 1998 12:19:09 -0700 (PDT) Received: from slack.lne.com (NoBody@slack.lne.com [140.174.94.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25428 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:19:07 -0700 (PDT) Received: (from ericm@localhost) by slack.lne.com (8.9.0/8.9.0) id MAA11040; Wed, 9 Sep 1998 12:24:19 -0700 From: Eric Murray <ericm@lne.com> Message-Id: <199809091924.MAA11040@slack.lne.com> Subject: Re: New Extension Proposed: Method Of Authentication To: chokhani@cygnacom.com (Santosh Chokhani) Date: Wed, 9 Sep 1998 12:24:18 -0700 (PDT) Cc: pbaker@verisign.com, mfsmith@zionsbank.com, william.burr@nist.gov, BJUENEMAN@novell.com, ietf-pkix@imc.org In-Reply-To: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> from "Santosh Chokhani" at Sep 9, 98 01:44:32 pm MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Chokhani writes: > > The subscriber authentication at the various stages (such as initial > registration, registration after revocation, revocation request, normal > rekey, etc.) is supposed to be described in the certificate policy. > Thus, the certificate policy asserted points to the authentication > method. > > There is NO need for another extension. I agree that putting the policy into an extension is a quagmire. However, given that most CPSs will be on web sites, and those CPSs can be changed at any time, should there be a way to indicate which CPS is in effect at any given time during the certificate's life? Say Fred is issued a cert by Carl the CA. Carl signs Fred's cert under the then-current CPS 1.2, which required Carl to verify Fred's identity using dental charts. Sometime later, Carl changes his CPS to version 1.3, which no longer requires dental charts as a form of identification, but instead accepts a state driver's license. Fred would like to sign a contract to purchase a house. The lender requires a high-quality signature, and a cert with only a state driver's license as identification isn't good enough. How does Fred indicate that his cert was issued under the older, more rigorous CPS? One way to deal with this is to revoke all certs issued under a given CPS when it is changed. I'm not sure that that provides any assurance that a given cert was issued under the current CPS though- a receiving party would have to depend on the current CPS stating that such is the policy. And it's obviously very undesireable from a CA standpoint. Another way would be to require the CA to sign their CPSs and include version numbers, and to include in the cert extension which points to the CPS, the version number of the CPS which was in effect when the cert was issued. This will prevent CAs from updating CPSs "out from underneath" existing certs. That may or may not be a desired effect. I did a very quick read of the draft and didn't see anything that handles this problem. But I have not been following the discussion very much and have not studied the draft, so I could well have missed it. If there's already something in the draft to deal with this, or this subject has already been discussed on the list, please accept my apologies. -- Eric Murray N*Able Technologies www.nabletech.com (email: ericm at the sites lne.com or nabletech.com) PGP keyid:E03F65E5 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25299 for ietf-pkix-bks; Wed, 9 Sep 1998 12:07:59 -0700 (PDT) Received: from poptop.llnl.gov (poptop.llnl.gov [128.115.18.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25295 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:07:58 -0700 (PDT) Received: from catalyst (catalyst.llnl.gov [128.115.223.10]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2) with SMTP id MAA14051; Wed, 9 Sep 1998 12:13:05 -0700 (PDT) Message-Id: <3.0.3.32.19980909121219.0094d830@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 09 Sep 1998 12:12:19 -0700 To: Santosh Chokhani <chokhani@cygnacom.com>, "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com From: Tony Bartoletti <azb@llnl.gov> Subject: RE: New Extension Proposed: Method Of Authentication Cc: ietf-pkix@imc.org In-Reply-To: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 01:44 PM 9/9/98 -0400, Santosh Chokhani wrote: >The subscriber authentication at the various stages (such as initial >registration, registration after revocation, revocation request, normal >rekey, etc.) is supposed to be described in the certificate policy. >Thus, the certificate policy asserted points to the authentication >method. True, but this certainly places a limit upon the degree of automation that can be employed in the future, at least until we have software that can read a CPS and base decisions upon it. No time soon. Granted, some 20 bits describing authentication method(s) would be contentious, but the very exercise would reveal much about where and how trust is really anchored, and the degree to which automated agents could evolve. >There is NO need for another extension. Have enough work already? ;) ___tony___ >> -----Original Message----- >> From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] >> Sent: Wednesday, September 09, 1998 1:16 PM >> To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com >> Cc: ietf-pkix@imc.org >> Subject: RE: New Extension Proposed: Method Of Authentication >> >> > In using certificates, it is useful to know what form of >> > authentication is used by a CA to identify a new certificate >> > requester. A certificate extension seems the best place to store >> > this information. >> >> This sounds to me like a trip into a quagmire. I don't think that >> it is possible to charaterize authentication mechanisms usefully >> in a set of binary flags. >> >> For example two CAs may be requiring presentation of a driving >> license for authentication, only one CA may be using a state of >> MA license with photo ID and another a UK driving license without >> photo ID. >> >> Even with documents such as passports there is considerable >> variation between countries in the strictness of their proceedures. >> >> Then there are proceedural variations, is the applicant present >> in person or were the credentials merely faxed... >> >> >> Nor is the mechanism of authentication by itself particularly >> usefull unless there is an evaluation of the reliability of the >> party performing it. >> >> Of course one can start to characterise these characteristics >> as well but to do so merely throws up yet more information which >> might be relevant, factors which become increasingly subjective. >> >> >> This is a hard AI problem - establishing a shared vocabulary of >> terms which permits exchange of concepts whose semantics are >> not embedded in the communication mechanism or indeed any >> mechanism for which a formal description is available. >> >> Phill > > Tony Bartoletti LL SPI-NET GURU LL LL Computer Security Technology Center LL LL LL Lawrence Livermore National Lab LL LL LL PO Box 808, L - 303 LL LL LLLLLLLL Livermore, CA 94551-9900 LL LLLLLLLL email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA25087 for ietf-pkix-bks; Wed, 9 Sep 1998 11:49:37 -0700 (PDT) Received: from relay1.eds.com (relay1.eds.com [199.228.142.73]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA25082 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 11:49:36 -0700 (PDT) From: randy.sanovic@gm.com Received: from nnsa.eds.com (nnsa.eds.com [192.85.154.30] (may be forged)) by relay1.eds.com (8.8.8/8.8.8) with ESMTP id OAA19121 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 14:54:51 -0400 (EDT) Received: from usabhmg01.mail.gm.com ([207.37.138.86]) by nnsa.eds.com (8.8.8/8.8.8) with SMTP id OAA04446 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 14:54:20 -0400 (EDT) Received: by usabhmg01.mail.gm.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 0525667A.006D0EAA ; Wed, 9 Sep 1998 14:51:11 -0500 X-Lotus-FromDomain: GM To: ietf-pkix@imc.org Message-ID: <0525667A.006CF616.00@usabhmg01.mail.gm.com> Date: Wed, 9 Sep 1998 14:51:15 -0500 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk For Option 2 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24576 for ietf-pkix-bks; Wed, 9 Sep 1998 10:59:45 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24572 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:59:44 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ8JL>; Wed, 9 Sep 1998 14:04:53 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A65@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Kurn, David'" <david.kurn@compaq.com>, Santosh Chokhani <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 14:04:50 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk You seem to have captured the essence. Please note that the preference could be reversed depending on the application need and/or the environment. You have to try a search to the end. I do not think in graphs like this there is an a priory way of encoding which links will lead to which paths. Depth first (or up to some depth) search is likely to be the PKI path development strategy in combination with judicious use of AKID, SKID, key usage, pathToName, and certificate policy matching rules. > -----Original Message----- > From: Kurn, David [SMTP:david.kurn@compaq.com] > Sent: Wednesday, September 09, 1998 1:51 PM > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Santosh > > Hmm.... I think I see. Perhaps the problem arises because of your use > of > the word domain. Consider your 2nd and 3rd paragraph rewritten to > omit the > word "domain", such as: > > The relying party will start with the assumption that the > subscriber with whom it is trying to form a key management > certificate > path or digital signature certificate verification path is > reachable > by starting with the entries in the caCertificate Attribute. > > If the above search fails, the > relying party will continue with the assumption that the > subscriber > with > whom it is trying to form a key management certificate path or > digital > signature certificate verification path is reachable by using > the > forward element of the crossCertificatePair attribute under > option 1 and forward element of the (crossCertificatePair - > caCertificate) under option 2 first. > > > > Does this capture your intent and avoid the word "domain"? > > Of course, I don't like my algorithm, because it appears to imply a > search > to the end before trying the other branch. > > David Kurn > > > > -----Original Message----- > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > Sent: Wednesday, September 09, 1998 10:32 AM > > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; > 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > > Let us say an application requires more communication within a > domain. > > > > Then the relying party will start with the assumption that the > > subscriber with whom it is trying to form a key management > certificate > > path or digital signature certificate verification path is also in > the > > same domain and hence will follow the caCertificate attribute link > > first. > > > > If the application requires more communication across the domain, > the > > relying party will start with the assumption that the subscriber > with > > whom it is trying to form a key management certificate path or > digital > > signature certificate verification path is in another domain and > hence > > will use forward element of the crossCertificatePair attribute under > > option 1 and forward element of the (crossCertificatePair - > > caCertificate) under option 2 first. > > > > If there is no bias in communication intra or inter domain, the > relying > > party has lost nothing and will always find a trust path, if there > is > > one. > > > <SNIP> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24448 for ietf-pkix-bks; Wed, 9 Sep 1998 10:45:42 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24444 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:45:41 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id KAA01170; Wed, 9 Sep 1998 10:50:49 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04M2FMK>; Wed, 9 Sep 1998 10:50:45 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF568@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 10:50:42 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Hmm.... I think I see. Perhaps the problem arises because of your use of the word domain. Consider your 2nd and 3rd paragraph rewritten to omit the word "domain", such as: The relying party will start with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is reachable by starting with the entries in the caCertificate Attribute. If the above search fails, the relying party will continue with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is reachable by using the forward element of the crossCertificatePair attribute under option 1 and forward element of the (crossCertificatePair - caCertificate) under option 2 first. Does this capture your intent and avoid the word "domain"? Of course, I don't like my algorithm, because it appears to imply a search to the end before trying the other branch. David Kurn > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Wednesday, September 09, 1998 10:32 AM > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Let us say an application requires more communication within a domain. > > Then the relying party will start with the assumption that the > subscriber with whom it is trying to form a key management certificate > path or digital signature certificate verification path is also in the > same domain and hence will follow the caCertificate attribute link > first. > > If the application requires more communication across the domain, the > relying party will start with the assumption that the subscriber with > whom it is trying to form a key management certificate path or digital > signature certificate verification path is in another domain and hence > will use forward element of the crossCertificatePair attribute under > option 1 and forward element of the (crossCertificatePair - > caCertificate) under option 2 first. > > If there is no bias in communication intra or inter domain, the relying > party has lost nothing and will always find a trust path, if there is > one. > <SNIP> Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24302 for ietf-pkix-bks; Wed, 9 Sep 1998 10:39:26 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24298 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:39:24 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ820>; Wed, 9 Sep 1998 13:44:33 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A64@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, Mike Smith <mfsmith@zionsbank.com>, william.burr@nist.gov, BJUENEMAN@novell.com Cc: ietf-pkix@imc.org Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 13:44:32 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk The subscriber authentication at the various stages (such as initial registration, registration after revocation, revocation request, normal rekey, etc.) is supposed to be described in the certificate policy. Thus, the certificate policy asserted points to the authentication method. There is NO need for another extension. > -----Original Message----- > From: Phillip M Hallam-Baker [SMTP:pbaker@verisign.com] > Sent: Wednesday, September 09, 1998 1:16 PM > To: Mike Smith; william.burr@nist.gov; BJUENEMAN@novell.com > Cc: ietf-pkix@imc.org > Subject: RE: New Extension Proposed: Method Of Authentication > > > In using certificates, it is useful to know what form of > > authentication is used by a CA to identify a new certificate > > requester. A certificate extension seems the best place to store > > this information. > > This sounds to me like a trip into a quagmire. I don't think that > it is possible to charaterize authentication mechanisms usefully > in a set of binary flags. > > For example two CAs may be requiring presentation of a driving > license for authentication, only one CA may be using a state of > MA license with photo ID and another a UK driving license without > photo ID. > > Even with documents such as passports there is considerable > variation between countries in the strictness of their proceedures. > > Then there are proceedural variations, is the applicant present > in person or were the credentials merely faxed... > > > Nor is the mechanism of authentication by itself particularly > usefull unless there is an evaluation of the reliability of the > party performing it. > > Of course one can start to characterise these characteristics > as well but to do so merely throws up yet more information which > might be relevant, factors which become increasingly subjective. > > > This is a hard AI problem - establishing a shared vocabulary of > terms which permits exchange of concepts whose semantics are > not embedded in the communication mechanism or indeed any > mechanism for which a formal description is available. > > Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24200 for ietf-pkix-bks; Wed, 9 Sep 1998 10:27:25 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA24196 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:27:22 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ82Z>; Wed, 9 Sep 1998 13:32:31 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A62@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Kurn, David'" <david.kurn@compaq.com>, Santosh Chokhani <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 13:32:28 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Let us say an application requires more communication within a domain. Then the relying party will start with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is also in the same domain and hence will follow the caCertificate attribute link first. If the application requires more communication across the domain, the relying party will start with the assumption that the subscriber with whom it is trying to form a key management certificate path or digital signature certificate verification path is in another domain and hence will use forward element of the crossCertificatePair attribute under option 1 and forward element of the (crossCertificatePair - caCertificate) under option 2 first. If there is no bias in communication intra or inter domain, the relying party has lost nothing and will always find a trust path, if there is one. > -----Original Message----- > From: Kurn, David [SMTP:david.kurn@compaq.com] > Sent: Wednesday, September 09, 1998 1:12 PM > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Santosh > > I seem to sense a circularity of definition. If I interpret your > comment > correctly, you place a cert in the caCertificate attribute if it > belongs to > the same domain, and you can determine that it's in the same domain by > seeing if it's in the caCertificate attribute. Exactly how I would > use this > in a computer program is unclear. Perhaps you could sketch out some > program logic one would use. > > David > > > -----Original Message----- > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > Sent: Wednesday, September 09, 1998 9:53 AM > > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; > 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > > David: > > > > In both options 1 and 2, a relying party can determine which issuing > CAs > > are considered in the domain of the subject CA by looking at > > caCertificate attribute and the forward element of the > > crossCertificatePair attribute. > > > > In option 1, it is straightforward. > > > > In option 2, you have to subtract the caCertificate from the > > crossCertificatePair to get the two sets. > > > > These two domains are from the subject CA's perspective. It may or > may > > not be in the domain of the relying party. > > > > > -----Original Message----- > > > From: Kurn, David [SMTP:david.kurn@compaq.com] > > > Sent: Wednesday, September 09, 1998 12:16 PM > > > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: RE: forward & reverse elements - population > > > > > > Santosh > > > > > > Sorry to ask what must be a very naive question. If, as you > suggest, > > > the > > > "definition of a domain is purely a matter of local policy", then > I > > > think > > > that the term "domain" is undefined for the purposes of a > standard. > > > If so, > > > then I find it difficult to define any algorhithm (not necessarily > > > computer > > > based) or any process by which anyone could determine whether a CA > is > > > in the > > > same or a different domain. > > > > > > Think, for example, of a general purpose application program (like > a > > > mail > > > client) trying to answer the question "is that CA inside or > outside of > > > my > > > domain". > > > > > > Back in my college days, my math professors made it painfully > clear > > > that if > > > you define a set, you must also provide a rule whereby you can > > > determine > > > whether a given element is inside or outside of that set. Without > > > such a > > > rule, the set is undefined. > > > > > > It may be that the definition of "domain" is elsewhere in the > > > document, but > > > I cannot find it. > > > > > > David Kurn > > > Compaq Computer Corp > > > Electronic Commerce Stuff > > > > > > > -----Original Message----- > > > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > > > Sent: Wednesday, September 09, 1998 8:27 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > > Subject: RE: forward & reverse elements - population > > > > > > > > Yes. I agree. The following is the revised text. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. If there are any self-issued certificates > and > > > they > > > > require publication, the caCertificate attribute shall be used > to > > > store > > > > them. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store > certificates > > > > issued to this CA by CAs in other domains. Optionally, the > reverse > > > > element of the crossCertificatePair attribute, held in a > particular > > > CA's > > > > directory entry, may contain a subset of certificates issued by > this > > > CA > > > > to other CAs. When both the forward and the reverse elements > are > > > > present, issuer name in one certificate shall match the subject > name > > > in > > > > the other and vice versa, and the subject public key in one > > > certificate > > > > shall be capable of verifying the digital signature on the other > > > > certificate and vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. If there are any self-issued certificates > and > > > they > > > > require publication, the caCertificate attribute shall be used > to > > > store > > > > them. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store all > > > certificates > > > > issued to this CA. Optionally, the reverse element of the > > > > crossCertificatePair attribute, held in a particular CA's > directory > > > > entry, may contain a subset of certificates issued by this CA to > > > other > > > > CAs. When both the forward and the reverse elements are > present, > > > issuer > > > > name in one certificate shall match the subject name in the > other > > > and > > > > vice versa, and the subject public key in one certificate shall > be > > > > capable of verifying the digital signature on the other > certificate > > > and > > > > vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > -----Original Message----- > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > Sent: Wednesday, September 09, 1998 11:02 AM > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > I agree that the texts below are consistent with the original > > > intent > > > > > of the > > > > > 2 options and I also agree that they are clearer than the > original > > > > > texts > > > > > except, possibly for coverage of self issued certificates. > > > Shouldn't > > > > > we also > > > > > state explicitly that self issued certs are stored only in the > > > > > cACertificate > > > > > attribute for both options? > > > > > > > > > > > > > > > > ---------- > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > Sent: September 9, 1998 9:08 AM > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh > Chokhani > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > Sharon: > > > > > > > > > > > > I can agree to the following text for the two option > instead. > > > > > Please > > > > > > note that I have further clarified cross-certificate by > tying > > > the DN > > > > > and > > > > > > public keys. > > > > > > > > > > > > I think the following texts are consistent with and further > > > > > > clarifications of the two options. > > > > > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > > > > > And I option 2 :-) > > > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > > > > > The cACertificate attribute, held in a particular CA's > directory > > > > > entry, > > > > > > shall be used to store certificates issued to this CA by CAs > in > > > the > > > > > same > > > > > > domain as this CA. > > > > > > > > > > > > The forward element of the crossCertificatePair attribute, > held > > > in a > > > > > > particular CA's directory entry, shall be used to store > > > certificates > > > > > > issued to this CA by CAs in other domains. Optionally, the > > > reverse > > > > > > element of the crossCertificatePair attribute, held in a > > > particular > > > > > CA's > > > > > > directory entry, may contain a subset of certificates issued > by > > > this > > > > > CA > > > > > > to other CAs. When both the forward and the reverse > elements > > > are > > > > > > present, issuer name in one certificate shall match the > subject > > > name > > > > > in > > > > > > the other and vice versa, and the subject public key in one > > > > > certificate > > > > > > shall be capable of verifying the digital signature on the > other > > > > > > certificate and vice versa. > > > > > > > > > > > > In the case of V3 certificates, none of the above CA > > > certificates > > > > > shall > > > > > > include a basicConstraints extension with the cA value set > to > > > FALSE. > > > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > > > > > The cACertificate attribute, held in a particular CA's > directory > > > > > entry, > > > > > > shall be used to store certificates issued to this CA by CAs > in > > > the > > > > > same > > > > > > domain as this CA. > > > > > > > > > > > > The forward element of the crossCertificatePair attribute, > held > > > in a > > > > > > particular CA's directory entry, shall be used to store all > > > > > certificates > > > > > > issued to this CA. Optionally, the reverse element of the > > > > > > crossCertificatePair attribute, held in a particular CA's > > > directory > > > > > > entry, may contain a subset of certificates issued by this > CA to > > > > > other > > > > > > CAs. When both the forward and the reverse elements are > > > present, > > > > > issuer > > > > > > name in one certificate shall match the subject name in the > > > other > > > > > and > > > > > > vice versa, and the subject public key in one certificate > shall > > > be > > > > > > capable of verifying the digital signature on the other > > > certificate > > > > > and > > > > > > vice versa. > > > > > > > > > > > > In the case of V3 certificates, none of the above CA > > > certificates > > > > > shall > > > > > > include a basicConstraints extension with the cA value set > to > > > FALSE. > > > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > > > Subject: RE: forward & reverse elements - > population > > > > > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > > > > > [] I agree. I do not have problem with the > following > > > > > language. > > > > > > > > " A certificate issued to a CA by another shall be > stored > > > either > > > > > in > > > > > > > the > > > > > > > > caCertificate or forward component of > crossCertificatePair > > > > > attribute > > > > > > > of > > > > > > > > the subject CA. Optionally, a subset of certificates > issued > > > by > > > > > a CA > > > > > > > can > > > > > > > > be stored in the reverse component of > crossCertificatePair > > > > > attribute > > > > > > > of > > > > > > > > the issuing CA." > > > > > > > > > > > > > > > > Please note that to me subset includes none, > some, or > > > > > all. If > > > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > > > > > Santosh, the only issue I have with this text is that (at > > > least > > > > > with > > > > > > > the > > > > > > > rationale behind option 2) any cert that appears in the > > > > > cACertificate > > > > > > > attribute of a given CA > > > > > > > entry, should also appear in the crossCertificatePair > > > attribute in > > > > > the > > > > > > > same > > > > > > > CA entry. > > > > > > > What about deleting the reference to the cACertificate > > > attribute > > > > > from > > > > > > > your > > > > > > > text and proposing this as new text just for the > > > > > crossCertificatePair > > > > > > > attribute? > > > > > > > > > > > > > > Both Jan and David have indicated reasons to keep the > "pair" > > > > > together > > > > > > > in the > > > > > > > mutual case, so we should also consider adding the last > > > paragraph > > > > > of > > > > > > > the > > > > > > > text David proposed for that. > > > > > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > > > > > " A certificate issued to a CA by another shall be > stored in > > > the > > > > > > > > forward component of crossCertificatePair attribute of > > > > > > > > the subject CA. Optionally, a subset of certificates > issued > > > by > > > > > a CA > > > > > > > can > > > > > > > > be stored in the reverse component of > crossCertificatePair > > > > > attribute > > > > > > > of > > > > > > > > the issuing CA. When both elements are present in the > same > > > > > value, > > > > > > > the > > > > > > > > value shall represent a mutual cross-certification of > the > > > two > > > > > CAs. " > > > > > > > > > > > > > > > If we can come to consensus on that attribute, then let's > see > > > what > > > > > we > > > > > > > can do > > > > > > > with the cACertificate attribute text. > > > > > > > > > > > > > > I agree with your view on what a subset is and I think > that > > > same > > > > > > > definition > > > > > > > would apply to the contents of the cACertificate attribute > as > > > a > > > > > subset > > > > > > > of > > > > > > > the crossCertificatePair forward elements in option 2. > > > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA23916 for ietf-pkix-bks; Wed, 9 Sep 1998 10:11:15 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA23912 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:11:01 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id KAA26409; Wed, 9 Sep 1998 10:13:52 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id KAA05799; Wed, 9 Sep 1998 10:15:38 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Mike Smith" <mfsmith@zionsbank.com>, <william.burr@nist.gov>, <BJUENEMAN@novell.com> Cc: <ietf-pkix@imc.org> Subject: RE: New Extension Proposed: Method Of Authentication Date: Wed, 9 Sep 1998 13:15:46 -0400 Message-ID: <001f01bddc15$7bf63980$ee0110ac@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <s5f6527f.038@zionsbank.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk > In using certificates, it is useful to know what form of > authentication is used by a CA to identify a new certificate > requester. A certificate extension seems the best place to store > this information. This sounds to me like a trip into a quagmire. I don't think that it is possible to charaterize authentication mechanisms usefully in a set of binary flags. For example two CAs may be requiring presentation of a driving license for authentication, only one CA may be using a state of MA license with photo ID and another a UK driving license without photo ID. Even with documents such as passports there is considerable variation between countries in the strictness of their proceedures. Then there are proceedural variations, is the applicant present in person or were the credentials merely faxed... Nor is the mechanism of authentication by itself particularly usefull unless there is an evaluation of the reliability of the party performing it. Of course one can start to characterise these characteristics as well but to do so merely throws up yet more information which might be relevant, factors which become increasingly subjective. This is a hard AI problem - establishing a shared vocabulary of terms which permits exchange of concepts whose semantics are not embedded in the communication mechanism or indeed any mechanism for which a formal description is available. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA23875 for ietf-pkix-bks; Wed, 9 Sep 1998 10:07:22 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA23871 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 10:07:21 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id KAA25223; Wed, 9 Sep 1998 10:12:27 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04M21Q3>; Wed, 9 Sep 1998 10:12:23 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF566@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 10:12:22 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh I seem to sense a circularity of definition. If I interpret your comment correctly, you place a cert in the caCertificate attribute if it belongs to the same domain, and you can determine that it's in the same domain by seeing if it's in the caCertificate attribute. Exactly how I would use this in a computer program is unclear. Perhaps you could sketch out some program logic one would use. David > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Wednesday, September 09, 1998 9:53 AM > To: Kurn, David; Santosh Chokhani; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > David: > > In both options 1 and 2, a relying party can determine which issuing CAs > are considered in the domain of the subject CA by looking at > caCertificate attribute and the forward element of the > crossCertificatePair attribute. > > In option 1, it is straightforward. > > In option 2, you have to subtract the caCertificate from the > crossCertificatePair to get the two sets. > > These two domains are from the subject CA's perspective. It may or may > not be in the domain of the relying party. > > > -----Original Message----- > > From: Kurn, David [SMTP:david.kurn@compaq.com] > > Sent: Wednesday, September 09, 1998 12:16 PM > > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > > Santosh > > > > Sorry to ask what must be a very naive question. If, as you suggest, > > the > > "definition of a domain is purely a matter of local policy", then I > > think > > that the term "domain" is undefined for the purposes of a standard. > > If so, > > then I find it difficult to define any algorhithm (not necessarily > > computer > > based) or any process by which anyone could determine whether a CA is > > in the > > same or a different domain. > > > > Think, for example, of a general purpose application program (like a > > mail > > client) trying to answer the question "is that CA inside or outside of > > my > > domain". > > > > Back in my college days, my math professors made it painfully clear > > that if > > you define a set, you must also provide a rule whereby you can > > determine > > whether a given element is inside or outside of that set. Without > > such a > > rule, the set is undefined. > > > > It may be that the definition of "domain" is elsewhere in the > > document, but > > I cannot find it. > > > > David Kurn > > Compaq Computer Corp > > Electronic Commerce Stuff > > > > > -----Original Message----- > > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > > Sent: Wednesday, September 09, 1998 8:27 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > Subject: RE: forward & reverse elements - population > > > > > > Yes. I agree. The following is the revised text. > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. If there are any self-issued certificates and > > they > > > require publication, the caCertificate attribute shall be used to > > store > > > them. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store certificates > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > element of the crossCertificatePair attribute, held in a particular > > CA's > > > directory entry, may contain a subset of certificates issued by this > > CA > > > to other CAs. When both the forward and the reverse elements are > > > present, issuer name in one certificate shall match the subject name > > in > > > the other and vice versa, and the subject public key in one > > certificate > > > shall be capable of verifying the digital signature on the other > > > certificate and vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. If there are any self-issued certificates and > > they > > > require publication, the caCertificate attribute shall be used to > > store > > > them. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store all > > certificates > > > issued to this CA. Optionally, the reverse element of the > > > crossCertificatePair attribute, held in a particular CA's directory > > > entry, may contain a subset of certificates issued by this CA to > > other > > > CAs. When both the forward and the reverse elements are present, > > issuer > > > name in one certificate shall match the subject name in the other > > and > > > vice versa, and the subject public key in one certificate shall be > > > capable of verifying the digital signature on the other certificate > > and > > > vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > -----Original Message----- > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > Sent: Wednesday, September 09, 1998 11:02 AM > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > Subject: RE: forward & reverse elements - population > > > > > > > > I agree that the texts below are consistent with the original > > intent > > > > of the > > > > 2 options and I also agree that they are clearer than the original > > > > texts > > > > except, possibly for coverage of self issued certificates. > > Shouldn't > > > > we also > > > > state explicitly that self issued certs are stored only in the > > > > cACertificate > > > > attribute for both options? > > > > > > > > > > > > > ---------- > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > Sent: September 9, 1998 9:08 AM > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > Sharon: > > > > > > > > > > I can agree to the following text for the two option instead. > > > > Please > > > > > note that I have further clarified cross-certificate by tying > > the DN > > > > and > > > > > public keys. > > > > > > > > > > I think the following texts are consistent with and further > > > > > clarifications of the two options. > > > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > > > And I option 2 :-) > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > > entry, > > > > > shall be used to store certificates issued to this CA by CAs in > > the > > > > same > > > > > domain as this CA. > > > > > > > > > > The forward element of the crossCertificatePair attribute, held > > in a > > > > > particular CA's directory entry, shall be used to store > > certificates > > > > > issued to this CA by CAs in other domains. Optionally, the > > reverse > > > > > element of the crossCertificatePair attribute, held in a > > particular > > > > CA's > > > > > directory entry, may contain a subset of certificates issued by > > this > > > > CA > > > > > to other CAs. When both the forward and the reverse elements > > are > > > > > present, issuer name in one certificate shall match the subject > > name > > > > in > > > > > the other and vice versa, and the subject public key in one > > > > certificate > > > > > shall be capable of verifying the digital signature on the other > > > > > certificate and vice versa. > > > > > > > > > > In the case of V3 certificates, none of the above CA > > certificates > > > > shall > > > > > include a basicConstraints extension with the cA value set to > > FALSE. > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > > entry, > > > > > shall be used to store certificates issued to this CA by CAs in > > the > > > > same > > > > > domain as this CA. > > > > > > > > > > The forward element of the crossCertificatePair attribute, held > > in a > > > > > particular CA's directory entry, shall be used to store all > > > > certificates > > > > > issued to this CA. Optionally, the reverse element of the > > > > > crossCertificatePair attribute, held in a particular CA's > > directory > > > > > entry, may contain a subset of certificates issued by this CA to > > > > other > > > > > CAs. When both the forward and the reverse elements are > > present, > > > > issuer > > > > > name in one certificate shall match the subject name in the > > other > > > > and > > > > > vice versa, and the subject public key in one certificate shall > > be > > > > > capable of verifying the digital signature on the other > > certificate > > > > and > > > > > vice versa. > > > > > > > > > > In the case of V3 certificates, none of the above CA > > certificates > > > > shall > > > > > include a basicConstraints extension with the cA value set to > > FALSE. > > > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > > > [] I agree. I do not have problem with the following > > > > language. > > > > > > > " A certificate issued to a CA by another shall be stored > > either > > > > in > > > > > > the > > > > > > > caCertificate or forward component of crossCertificatePair > > > > attribute > > > > > > of > > > > > > > the subject CA. Optionally, a subset of certificates issued > > by > > > > a CA > > > > > > can > > > > > > > be stored in the reverse component of crossCertificatePair > > > > attribute > > > > > > of > > > > > > > the issuing CA." > > > > > > > > > > > > > > Please note that to me subset includes none, some, or > > > > all. If > > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > > > Santosh, the only issue I have with this text is that (at > > least > > > > with > > > > > > the > > > > > > rationale behind option 2) any cert that appears in the > > > > cACertificate > > > > > > attribute of a given CA > > > > > > entry, should also appear in the crossCertificatePair > > attribute in > > > > the > > > > > > same > > > > > > CA entry. > > > > > > What about deleting the reference to the cACertificate > > attribute > > > > from > > > > > > your > > > > > > text and proposing this as new text just for the > > > > crossCertificatePair > > > > > > attribute? > > > > > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > > > together > > > > > > in the > > > > > > mutual case, so we should also consider adding the last > > paragraph > > > > of > > > > > > the > > > > > > text David proposed for that. > > > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > > > " A certificate issued to a CA by another shall be stored in > > the > > > > > > > forward component of crossCertificatePair attribute of > > > > > > > the subject CA. Optionally, a subset of certificates issued > > by > > > > a CA > > > > > > can > > > > > > > be stored in the reverse component of crossCertificatePair > > > > attribute > > > > > > of > > > > > > > the issuing CA. When both elements are present in the same > > > > value, > > > > > > the > > > > > > > value shall represent a mutual cross-certification of the > > two > > > > CAs. " > > > > > > > > > > > > > If we can come to consensus on that attribute, then let's see > > what > > > > we > > > > > > can do > > > > > > with the cACertificate attribute text. > > > > > > > > > > > > I agree with your view on what a subset is and I think that > > same > > > > > > definition > > > > > > would apply to the contents of the cACertificate attribute as > > a > > > > subset > > > > > > of > > > > > > the crossCertificatePair forward elements in option 2. > > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23614 for ietf-pkix-bks; Wed, 9 Sep 1998 09:48:09 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23601 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:48:05 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ81N>; Wed, 9 Sep 1998 12:53:13 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A61@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Kurn, David'" <david.kurn@compaq.com>, Santosh Chokhani <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 12:53:12 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk David: In both options 1 and 2, a relying party can determine which issuing CAs are considered in the domain of the subject CA by looking at caCertificate attribute and the forward element of the crossCertificatePair attribute. In option 1, it is straightforward. In option 2, you have to subtract the caCertificate from the crossCertificatePair to get the two sets. These two domains are from the subject CA's perspective. It may or may not be in the domain of the relying party. > -----Original Message----- > From: Kurn, David [SMTP:david.kurn@compaq.com] > Sent: Wednesday, September 09, 1998 12:16 PM > To: 'Santosh Chokhani'; 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > > Santosh > > Sorry to ask what must be a very naive question. If, as you suggest, > the > "definition of a domain is purely a matter of local policy", then I > think > that the term "domain" is undefined for the purposes of a standard. > If so, > then I find it difficult to define any algorhithm (not necessarily > computer > based) or any process by which anyone could determine whether a CA is > in the > same or a different domain. > > Think, for example, of a general purpose application program (like a > mail > client) trying to answer the question "is that CA inside or outside of > my > domain". > > Back in my college days, my math professors made it painfully clear > that if > you define a set, you must also provide a rule whereby you can > determine > whether a given element is inside or outside of that set. Without > such a > rule, the set is undefined. > > It may be that the definition of "domain" is elsewhere in the > document, but > I cannot find it. > > David Kurn > Compaq Computer Corp > Electronic Commerce Stuff > > > -----Original Message----- > > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > > Sent: Wednesday, September 09, 1998 8:27 AM > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > Subject: RE: forward & reverse elements - population > > > > Yes. I agree. The following is the revised text. > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. If there are any self-issued certificates and > they > > require publication, the caCertificate attribute shall be used to > store > > them. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store certificates > > issued to this CA by CAs in other domains. Optionally, the reverse > > element of the crossCertificatePair attribute, held in a particular > CA's > > directory entry, may contain a subset of certificates issued by this > CA > > to other CAs. When both the forward and the reverse elements are > > present, issuer name in one certificate shall match the subject name > in > > the other and vice versa, and the subject public key in one > certificate > > shall be capable of verifying the digital signature on the other > > certificate and vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. If there are any self-issued certificates and > they > > require publication, the caCertificate attribute shall be used to > store > > them. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store all > certificates > > issued to this CA. Optionally, the reverse element of the > > crossCertificatePair attribute, held in a particular CA's directory > > entry, may contain a subset of certificates issued by this CA to > other > > CAs. When both the forward and the reverse elements are present, > issuer > > name in one certificate shall match the subject name in the other > and > > vice versa, and the subject public key in one certificate shall be > > capable of verifying the digital signature on the other certificate > and > > vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > > -----Original Message----- > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > Sent: Wednesday, September 09, 1998 11:02 AM > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > Subject: RE: forward & reverse elements - population > > > > > > I agree that the texts below are consistent with the original > intent > > > of the > > > 2 options and I also agree that they are clearer than the original > > > texts > > > except, possibly for coverage of self issued certificates. > Shouldn't > > > we also > > > state explicitly that self issued certs are stored only in the > > > cACertificate > > > attribute for both options? > > > > > > > > > > ---------- > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > Sent: September 9, 1998 9:08 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > > Subject: RE: forward & reverse elements - population > > > > > > > > Sharon: > > > > > > > > I can agree to the following text for the two option instead. > > > Please > > > > note that I have further clarified cross-certificate by tying > the DN > > > and > > > > public keys. > > > > > > > > I think the following texts are consistent with and further > > > > clarifications of the two options. > > > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > > > And I option 2 :-) > > > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store > certificates > > > > issued to this CA by CAs in other domains. Optionally, the > reverse > > > > element of the crossCertificatePair attribute, held in a > particular > > > CA's > > > > directory entry, may contain a subset of certificates issued by > this > > > CA > > > > to other CAs. When both the forward and the reverse elements > are > > > > present, issuer name in one certificate shall match the subject > name > > > in > > > > the other and vice versa, and the subject public key in one > > > certificate > > > > shall be capable of verifying the digital signature on the other > > > > certificate and vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > > > The cACertificate attribute, held in a particular CA's directory > > > entry, > > > > shall be used to store certificates issued to this CA by CAs in > the > > > same > > > > domain as this CA. > > > > > > > > The forward element of the crossCertificatePair attribute, held > in a > > > > particular CA's directory entry, shall be used to store all > > > certificates > > > > issued to this CA. Optionally, the reverse element of the > > > > crossCertificatePair attribute, held in a particular CA's > directory > > > > entry, may contain a subset of certificates issued by this CA to > > > other > > > > CAs. When both the forward and the reverse elements are > present, > > > issuer > > > > name in one certificate shall match the subject name in the > other > > > and > > > > vice versa, and the subject public key in one certificate shall > be > > > > capable of verifying the digital signature on the other > certificate > > > and > > > > vice versa. > > > > > > > > In the case of V3 certificates, none of the above CA > certificates > > > shall > > > > include a basicConstraints extension with the cA value set to > FALSE. > > > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > > > > > ---------- > > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > > Sent: September 8, 1998 10:05 AM > > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > --stuff deleted > > > > > > > > > > > > > [] I agree. I do not have problem with the following > > > language. > > > > > > " A certificate issued to a CA by another shall be stored > either > > > in > > > > > the > > > > > > caCertificate or forward component of crossCertificatePair > > > attribute > > > > > of > > > > > > the subject CA. Optionally, a subset of certificates issued > by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA." > > > > > > > > > > > > Please note that to me subset includes none, some, or > > > all. If > > > > > > folks want further clarification, it is ok by me. > > > > > > > > > > > Santosh, the only issue I have with this text is that (at > least > > > with > > > > > the > > > > > rationale behind option 2) any cert that appears in the > > > cACertificate > > > > > attribute of a given CA > > > > > entry, should also appear in the crossCertificatePair > attribute in > > > the > > > > > same > > > > > CA entry. > > > > > What about deleting the reference to the cACertificate > attribute > > > from > > > > > your > > > > > text and proposing this as new text just for the > > > crossCertificatePair > > > > > attribute? > > > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > > together > > > > > in the > > > > > mutual case, so we should also consider adding the last > paragraph > > > of > > > > > the > > > > > text David proposed for that. > > > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > > > " A certificate issued to a CA by another shall be stored in > the > > > > > > forward component of crossCertificatePair attribute of > > > > > > the subject CA. Optionally, a subset of certificates issued > by > > > a CA > > > > > can > > > > > > be stored in the reverse component of crossCertificatePair > > > attribute > > > > > of > > > > > > the issuing CA. When both elements are present in the same > > > value, > > > > > the > > > > > > value shall represent a mutual cross-certification of the > two > > > CAs. " > > > > > > > > > > > If we can come to consensus on that attribute, then let's see > what > > > we > > > > > can do > > > > > with the cACertificate attribute text. > > > > > > > > > > I agree with your view on what a subset is and I think that > same > > > > > definition > > > > > would apply to the contents of the cACertificate attribute as > a > > > subset > > > > > of > > > > > the crossCertificatePair forward elements in option 2. > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23427 for ietf-pkix-bks; Wed, 9 Sep 1998 09:34:54 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23423 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:34:53 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Wed, 9 Sep 1998 17:38:36 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: ietf-pkix@imc.org Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 09 Sep 1998 17:38:35 +0100 Message-ID: <21781.905359115@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23385 for ietf-pkix-bks; Wed, 9 Sep 1998 09:31:49 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23381 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:31:48 -0700 (PDT) Message-Id: <199809091631.JAA23381@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 09 Sep 1998 09:36:53 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: Re: New Extension Proposed: Method Of Authentication In-Reply-To: <s5f6527f.038@zionsbank.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk It seems to me that the certificate policies (section 4.2.1.5) is still the proper place for this. If we create a set of bits that says how the CA is authenticating, unless the statement in the new bits is *exactly* what the CA is using, they should not commit to those bits because someone later can say "but you said you were doing such-and-so". The CPS is under their control. Can you be specific about the advantage of what you are proposing versus the certificate policy? --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23254 for ietf-pkix-bks; Wed, 9 Sep 1998 09:18:59 -0700 (PDT) Received: from hpb.hc-sc.gc.ca (hpb.hc-sc.gc.ca [198.103.237.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23250 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:18:58 -0700 (PDT) From: Alan_Buffett@hc-sc.gc.ca Received: from intdns.hwc.ca (intdns.hc-sc.gc.ca [198.103.172.78]) by hpb.hc-sc.gc.ca (8.8.7/8.7.3) with ESMTP id MAA10130 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:23:46 -0400 (EDT) Received: from smta00.hc-sc.gc.ca (smta00.hc-sc.gc.ca [142.4.1.25]) by intdns.hwc.ca (8.8.5/8.7.3) with SMTP id MAA21732 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 12:23:44 -0400 (EDT) Received: by smta00.hc-sc.gc.ca(Lotus SMTP MTA v1.1 (385.6 5-6-1997)) id 8525667A.005A117D ; Wed, 9 Sep 1998 12:23:47 -0400 X-Lotus-FromDomain: HWC To: ietf-pkix@imc.org Message-ID: <8525667A.005A035D.00@smta00.hc-sc.gc.ca> Date: Wed, 9 Sep 1998 12:23:30 -0400 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan Buffett 09/09/98 12:23 PM Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23155 for ietf-pkix-bks; Wed, 9 Sep 1998 09:10:39 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23151 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:10:38 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id JAA17200; Wed, 9 Sep 1998 09:15:41 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04M2DH3>; Wed, 9 Sep 1998 09:15:37 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF564@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: "'Santosh Chokhani'" <chokhani@cygnacom.com>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 09:15:34 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Sorry to ask what must be a very naive question. If, as you suggest, the "definition of a domain is purely a matter of local policy", then I think that the term "domain" is undefined for the purposes of a standard. If so, then I find it difficult to define any algorhithm (not necessarily computer based) or any process by which anyone could determine whether a CA is in the same or a different domain. Think, for example, of a general purpose application program (like a mail client) trying to answer the question "is that CA inside or outside of my domain". Back in my college days, my math professors made it painfully clear that if you define a set, you must also provide a rule whereby you can determine whether a given element is inside or outside of that set. Without such a rule, the set is undefined. It may be that the definition of "domain" is elsewhere in the document, but I cannot find it. David Kurn Compaq Computer Corp Electronic Commerce Stuff > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Wednesday, September 09, 1998 8:27 AM > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > Subject: RE: forward & reverse elements - population > > Yes. I agree. The following is the revised text. > > NEW PROPOSED TEXT FOR OPTION 1 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. If there are any self-issued certificates and they > require publication, the caCertificate attribute shall be used to store > them. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. Optionally, the reverse > element of the crossCertificatePair attribute, held in a particular CA's > directory entry, may contain a subset of certificates issued by this CA > to other CAs. When both the forward and the reverse elements are > present, issuer name in one certificate shall match the subject name in > the other and vice versa, and the subject public key in one certificate > shall be capable of verifying the digital signature on the other > certificate and vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > NEW PROPOSED TEXT FOR OPTION 2 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. If there are any self-issued certificates and they > require publication, the caCertificate attribute shall be used to store > them. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store all certificates > issued to this CA. Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, may contain a subset of certificates issued by this CA to other > CAs. When both the forward and the reverse elements are present, issuer > name in one certificate shall match the subject name in the other and > vice versa, and the subject public key in one certificate shall be > capable of verifying the digital signature on the other certificate and > vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Wednesday, September 09, 1998 11:02 AM > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > Subject: RE: forward & reverse elements - population > > > > I agree that the texts below are consistent with the original intent > > of the > > 2 options and I also agree that they are clearer than the original > > texts > > except, possibly for coverage of self issued certificates. Shouldn't > > we also > > state explicitly that self issued certs are stored only in the > > cACertificate > > attribute for both options? > > > > > > > ---------- > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > Sent: September 9, 1998 9:08 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > > Subject: RE: forward & reverse elements - population > > > > > > Sharon: > > > > > > I can agree to the following text for the two option instead. > > Please > > > note that I have further clarified cross-certificate by tying the DN > > and > > > public keys. > > > > > > I think the following texts are consistent with and further > > > clarifications of the two options. > > > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > > And I option 2 :-) > > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store certificates > > > issued to this CA by CAs in other domains. Optionally, the reverse > > > element of the crossCertificatePair attribute, held in a particular > > CA's > > > directory entry, may contain a subset of certificates issued by this > > CA > > > to other CAs. When both the forward and the reverse elements are > > > present, issuer name in one certificate shall match the subject name > > in > > > the other and vice versa, and the subject public key in one > > certificate > > > shall be capable of verifying the digital signature on the other > > > certificate and vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > > > The cACertificate attribute, held in a particular CA's directory > > entry, > > > shall be used to store certificates issued to this CA by CAs in the > > same > > > domain as this CA. > > > > > > The forward element of the crossCertificatePair attribute, held in a > > > particular CA's directory entry, shall be used to store all > > certificates > > > issued to this CA. Optionally, the reverse element of the > > > crossCertificatePair attribute, held in a particular CA's directory > > > entry, may contain a subset of certificates issued by this CA to > > other > > > CAs. When both the forward and the reverse elements are present, > > issuer > > > name in one certificate shall match the subject name in the other > > and > > > vice versa, and the subject public key in one certificate shall be > > > capable of verifying the digital signature on the other certificate > > and > > > vice versa. > > > > > > In the case of V3 certificates, none of the above CA certificates > > shall > > > include a basicConstraints extension with the cA value set to FALSE. > > > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > > > > > -----Original Message----- > > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > > > > > ---------- > > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > > Sent: September 8, 1998 10:05 AM > > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > > Subject: RE: forward & reverse elements - population > > > > > > > > > --stuff deleted > > > > > > > > > > > [] I agree. I do not have problem with the following > > language. > > > > > " A certificate issued to a CA by another shall be stored either > > in > > > > the > > > > > caCertificate or forward component of crossCertificatePair > > attribute > > > > of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA." > > > > > > > > > > Please note that to me subset includes none, some, or > > all. If > > > > > folks want further clarification, it is ok by me. > > > > > > > > > Santosh, the only issue I have with this text is that (at least > > with > > > > the > > > > rationale behind option 2) any cert that appears in the > > cACertificate > > > > attribute of a given CA > > > > entry, should also appear in the crossCertificatePair attribute in > > the > > > > same > > > > CA entry. > > > > What about deleting the reference to the cACertificate attribute > > from > > > > your > > > > text and proposing this as new text just for the > > crossCertificatePair > > > > attribute? > > > > > > > > Both Jan and David have indicated reasons to keep the "pair" > > together > > > > in the > > > > mutual case, so we should also consider adding the last paragraph > > of > > > > the > > > > text David proposed for that. > > > > > > > > Here's what the resulting text proposal would look like: > > > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > > forward component of crossCertificatePair attribute of > > > > > the subject CA. Optionally, a subset of certificates issued by > > a CA > > > > can > > > > > be stored in the reverse component of crossCertificatePair > > attribute > > > > of > > > > > the issuing CA. When both elements are present in the same > > value, > > > > the > > > > > value shall represent a mutual cross-certification of the two > > CAs. " > > > > > > > > > If we can come to consensus on that attribute, then let's see what > > we > > > > can do > > > > with the cACertificate attribute text. > > > > > > > > I agree with your view on what a subset is and I think that same > > > > definition > > > > would apply to the contents of the cACertificate attribute as a > > subset > > > > of > > > > the crossCertificatePair forward elements in option 2. > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23089 for ietf-pkix-bks; Wed, 9 Sep 1998 09:03:17 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA23085 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:03:16 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Wed, 09 Sep 1998 10:03:43 -0600 Message-Id: <s5f6527f.038@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Wed, 09 Sep 1998 10:03:36 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: william.burr@nist.gov, BJUENEMAN@novell.com Cc: ietf-pkix@imc.org Subject: New Extension Proposed: Method Of Authentication Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk In using certificates, it is useful to know what form of authentication is used by a CA to identify a new certificate requester. A certificate extension seems the best place to store this information. At one time, Bob Jeuneman prepared a paper proposing this extension and detailing many categories, from anonymous, self-authenticated, self authenticated with data verifired (or with credit account, etc.), authenticated in person, in person with governement-issued picture ID, multiple forms of government picture IDs with current credit reports and corporate D&B, etc. The current practice, I beleive, is to embed the authentication mechanism in a CA operations or policy statement tha may or may not be online for someone to peruse and make their own judgement. Putting a clear indicator in the signed cert would help. Comments? Bob? Michael Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23032 for ietf-pkix-bks; Wed, 9 Sep 1998 09:00:26 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23028 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 09:00:24 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ75P>; Wed, 9 Sep 1998 12:05:31 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A60@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Denis.Pinkas@bull.net'" <Denis.Pinkas@bull.net>, Santosh Chokhani <chokhani@cygnacom.com> Cc: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 12:05:30 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis: I agree with you. Clarification of the text is easy. However, I have a question. Must a certificate issued to a CA appear in the forward element, caCertificate or can it be missing altogether? I think the text in terms of saying that the forward element need not be present in all cases is easy. > -----Original Message----- > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > Sent: Wednesday, September 09, 1998 8:44 PM > To: Santosh Chokhani > Cc: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: Re: forward & reverse elements - population > > Santosh, > > Your new proposed text does not address my concern correctly. > > For a crossCertificatePair Attribute, either the forward element only > MAY be present, or the reverse element only MAY be present, or the > reverse and the forward elements may be both present. > > Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward > element > shall not be mandated to be present in a crossCertificatePair > Attribute. > > Denis > > > Sharon: > > > I can agree to the following text for the two option instead. > Please > > note that I have further clarified cross-certificate by tying the DN > and > > public keys. > > > > I think the following texts are consistent with and further > > clarifications of the two options. > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store certificates > > issued to this CA by CAs in other domains. Optionally, the reverse > > element of the crossCertificatePair attribute, held in a particular > CA's > > directory entry, may contain a subset of certificates issued by this > CA > > to other CAs. When both the forward and the reverse elements are > > present, issuer name in one certificate shall match the subject name > in > > the other and vice versa, and the subject public key in one > certificate > > shall be capable of verifying the digital signature on the other > > certificate and vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store all > certificates > > issued to this CA. Optionally, the reverse element of the > > crossCertificatePair attribute, held in a particular CA's directory > > entry, may contain a subset of certificates issued by this CA to > other > > CAs. When both the forward and the reverse elements are present, > issuer > > name in one certificate shall match the subject name in the other > and > > vice versa, and the subject public key in one certificate shall be > > capable of verifying the digital signature on the other certificate > and > > vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > > -----Original Message----- > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > ---------- > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > Sent: September 8, 1998 10:05 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > Subject: RE: forward & reverse elements - population > > > > > > > --stuff deleted > > > > > > > > > [] I agree. I do not have problem with the following > language. > > > > " A certificate issued to a CA by another shall be stored either > in > > > the > > > > caCertificate or forward component of crossCertificatePair > attribute > > > of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA." > > > > > > > > Please note that to me subset includes none, some, or all. > If > > > > folks want further clarification, it is ok by me. > > > > > > > Santosh, the only issue I have with this text is that (at least > with > > > the > > > rationale behind option 2) any cert that appears in the > cACertificate > > > attribute of a given CA > > > entry, should also appear in the crossCertificatePair attribute in > the > > > same > > > CA entry. > > > What about deleting the reference to the cACertificate attribute > from > > > your > > > text and proposing this as new text just for the > crossCertificatePair > > > attribute? > > > > > > Both Jan and David have indicated reasons to keep the "pair" > together > > > in the > > > mutual case, so we should also consider adding the last paragraph > of > > > the > > > text David proposed for that. > > > > > > Here's what the resulting text proposal would look like: > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > forward component of crossCertificatePair attribute of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA. When both elements are present in the same > value, > > > the > > > > value shall represent a mutual cross-certification of the two > CAs. " > > > > > > > If we can come to consensus on that attribute, then let's see what > we > > > can do > > > with the cACertificate attribute text. > > > > > > I agree with your view on what a subset is and I think that same > > > definition > > > would apply to the contents of the cACertificate attribute as a > subset > > > of > > > the crossCertificatePair forward elements in option 2. > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22846 for ietf-pkix-bks; Wed, 9 Sep 1998 08:41:31 -0700 (PDT) Received: from hpb.hc-sc.gc.ca (hpb.hc-sc.gc.ca [198.103.237.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22842 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:41:28 -0700 (PDT) From: Ross_Smith@hc-sc.gc.ca Received: from intdns.hwc.ca (intdns.hc-sc.gc.ca [198.103.172.78]) by hpb.hc-sc.gc.ca (8.8.7/8.7.3) with ESMTP id LAA05879 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 11:46:15 -0400 (EDT) Received: from smta00.hc-sc.gc.ca (smta00.hc-sc.gc.ca [142.4.1.25]) by intdns.hwc.ca (8.8.5/8.7.3) with SMTP id LAA17566 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 11:46:13 -0400 (EDT) Received: by smta00.hc-sc.gc.ca(Lotus SMTP MTA v1.1 (385.6 5-6-1997)) id 8525667A.0056A364 ; Wed, 9 Sep 1998 11:46:19 -0400 X-Lotus-FromDomain: HWC To: ietf-pkix@imc.org Message-ID: <8525667A.00567CC1.00@smta00.hc-sc.gc.ca> Date: Wed, 9 Sep 1998 11:46:08 -0400 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk 09/09/98 11:46 AM Ross Smith Ross Smith Ross Smith 09/09/98 11:46 AM 09/09/98 11:46 AM Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22806 for ietf-pkix-bks; Wed, 9 Sep 1998 08:38:00 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22800 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:37:57 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id RAA29000; Wed, 9 Sep 1998 17:44:48 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id RAA21158; Wed, 9 Sep 1998 17:44:51 +0200 (DFT) Message-ID: <35F720DC.42B3@bull.net> Date: Wed, 09 Sep 1998 17:44:12 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Santosh Chokhani <chokhani@cygnacom.com> CC: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population References: <51BF55C30B4FD1118B4900207812701E1B1A5C@WUHER> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh, Your new proposed text does not address my concern correctly. For a crossCertificatePair Attribute, either the forward element only MAY be present, or the reverse element only MAY be present, or the reverse and the forward elements may be both present. Whether it is OPTION 1, OPTION 2 or whatever OPTION, the forward element shall not be mandated to be present in a crossCertificatePair Attribute. Denis > Sharon: > I can agree to the following text for the two option instead. Please > note that I have further clarified cross-certificate by tying the DN and > public keys. > > I think the following texts are consistent with and further > clarifications of the two options. > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > NEW PROPOSED TEXT FOR OPTION 1 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. Optionally, the reverse > element of the crossCertificatePair attribute, held in a particular CA's > directory entry, may contain a subset of certificates issued by this CA > to other CAs. When both the forward and the reverse elements are > present, issuer name in one certificate shall match the subject name in > the other and vice versa, and the subject public key in one certificate > shall be capable of verifying the digital signature on the other > certificate and vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > NEW PROPOSED TEXT FOR OPTION 2 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store all certificates > issued to this CA. Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, may contain a subset of certificates issued by this CA to other > CAs. When both the forward and the reverse elements are present, issuer > name in one certificate shall match the subject name in the other and > vice versa, and the subject public key in one certificate shall be > capable of verifying the digital signature on the other certificate and > vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Tuesday, September 08, 1998 5:46 PM > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > Subject: RE: forward & reverse elements - population > > > > > > > > > ---------- > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > Sent: September 8, 1998 10:05 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: RE: forward & reverse elements - population > > > > > --stuff deleted > > > > > > > [] I agree. I do not have problem with the following language. > > > " A certificate issued to a CA by another shall be stored either in > > the > > > caCertificate or forward component of crossCertificatePair attribute > > of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA." > > > > > > Please note that to me subset includes none, some, or all. If > > > folks want further clarification, it is ok by me. > > > > > Santosh, the only issue I have with this text is that (at least with > > the > > rationale behind option 2) any cert that appears in the cACertificate > > attribute of a given CA > > entry, should also appear in the crossCertificatePair attribute in the > > same > > CA entry. > > What about deleting the reference to the cACertificate attribute from > > your > > text and proposing this as new text just for the crossCertificatePair > > attribute? > > > > Both Jan and David have indicated reasons to keep the "pair" together > > in the > > mutual case, so we should also consider adding the last paragraph of > > the > > text David proposed for that. > > > > Here's what the resulting text proposal would look like: > > > > > " A certificate issued to a CA by another shall be stored in the > > > forward component of crossCertificatePair attribute of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA. When both elements are present in the same value, > > the > > > value shall represent a mutual cross-certification of the two CAs. " > > > > > If we can come to consensus on that attribute, then let's see what we > > can do > > with the cACertificate attribute text. > > > > I agree with your view on what a subset is and I think that same > > definition > > would apply to the contents of the cACertificate attribute as a subset > > of > > the crossCertificatePair forward elements in option 2. -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22663 for ietf-pkix-bks; Wed, 9 Sep 1998 08:21:38 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA22659 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:21:36 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ7VA>; Wed, 9 Sep 1998 11:26:44 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A5F@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 11:26:42 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Yes. I agree. The following is the revised text. NEW PROPOSED TEXT FOR OPTION 1 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. NEW PROPOSED TEXT FOR OPTION 2 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. If there are any self-issued certificates and they require publication, the caCertificate attribute shall be used to store them. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued to this CA. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Wednesday, September 09, 1998 11:02 AM > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > Subject: RE: forward & reverse elements - population > > I agree that the texts below are consistent with the original intent > of the > 2 options and I also agree that they are clearer than the original > texts > except, possibly for coverage of self issued certificates. Shouldn't > we also > state explicitly that self issued certs are stored only in the > cACertificate > attribute for both options? > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 9, 1998 9:08 AM > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > > Subject: RE: forward & reverse elements - population > > > > Sharon: > > > > I can agree to the following text for the two option instead. > Please > > note that I have further clarified cross-certificate by tying the DN > and > > public keys. > > > > I think the following texts are consistent with and further > > clarifications of the two options. > > > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > > > And I option 2 :-) > > > NEW PROPOSED TEXT FOR OPTION 1 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store certificates > > issued to this CA by CAs in other domains. Optionally, the reverse > > element of the crossCertificatePair attribute, held in a particular > CA's > > directory entry, may contain a subset of certificates issued by this > CA > > to other CAs. When both the forward and the reverse elements are > > present, issuer name in one certificate shall match the subject name > in > > the other and vice versa, and the subject public key in one > certificate > > shall be capable of verifying the digital signature on the other > > certificate and vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > NEW PROPOSED TEXT FOR OPTION 2 > > > > The cACertificate attribute, held in a particular CA's directory > entry, > > shall be used to store certificates issued to this CA by CAs in the > same > > domain as this CA. > > > > The forward element of the crossCertificatePair attribute, held in a > > particular CA's directory entry, shall be used to store all > certificates > > issued to this CA. Optionally, the reverse element of the > > crossCertificatePair attribute, held in a particular CA's directory > > entry, may contain a subset of certificates issued by this CA to > other > > CAs. When both the forward and the reverse elements are present, > issuer > > name in one certificate shall match the subject name in the other > and > > vice versa, and the subject public key in one certificate shall be > > capable of verifying the digital signature on the other certificate > and > > vice versa. > > > > In the case of V3 certificates, none of the above CA certificates > shall > > include a basicConstraints extension with the cA value set to FALSE. > > > > The definition of domain is purely a matter of local policy. > > > > > > > > > -----Original Message----- > > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > > Sent: Tuesday, September 08, 1998 5:46 PM > > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > > Subject: RE: forward & reverse elements - population > > > > > > > > > > > > > ---------- > > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > > Sent: September 8, 1998 10:05 AM > > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > > Subject: RE: forward & reverse elements - population > > > > > > > --stuff deleted > > > > > > > > > [] I agree. I do not have problem with the following > language. > > > > " A certificate issued to a CA by another shall be stored either > in > > > the > > > > caCertificate or forward component of crossCertificatePair > attribute > > > of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA." > > > > > > > > Please note that to me subset includes none, some, or > all. If > > > > folks want further clarification, it is ok by me. > > > > > > > Santosh, the only issue I have with this text is that (at least > with > > > the > > > rationale behind option 2) any cert that appears in the > cACertificate > > > attribute of a given CA > > > entry, should also appear in the crossCertificatePair attribute in > the > > > same > > > CA entry. > > > What about deleting the reference to the cACertificate attribute > from > > > your > > > text and proposing this as new text just for the > crossCertificatePair > > > attribute? > > > > > > Both Jan and David have indicated reasons to keep the "pair" > together > > > in the > > > mutual case, so we should also consider adding the last paragraph > of > > > the > > > text David proposed for that. > > > > > > Here's what the resulting text proposal would look like: > > > > > > > " A certificate issued to a CA by another shall be stored in the > > > > forward component of crossCertificatePair attribute of > > > > the subject CA. Optionally, a subset of certificates issued by > a CA > > > can > > > > be stored in the reverse component of crossCertificatePair > attribute > > > of > > > > the issuing CA. When both elements are present in the same > value, > > > the > > > > value shall represent a mutual cross-certification of the two > CAs. " > > > > > > > If we can come to consensus on that attribute, then let's see what > we > > > can do > > > with the cACertificate attribute text. > > > > > > I agree with your view on what a subset is and I think that same > > > definition > > > would apply to the contents of the cACertificate attribute as a > subset > > > of > > > the crossCertificatePair forward elements in option 2. > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA22485 for ietf-pkix-bks; Wed, 9 Sep 1998 08:01:33 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA22479 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 08:01:31 -0700 (PDT) Received: id LAA08881; Wed, 9 Sep 1998 11:04:43 -0400 Received: by gateway id <S2S6XZC1>; Wed, 9 Sep 1998 11:01:41 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9752@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 11:01:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree that the texts below are consistent with the original intent of the 2 options and I also agree that they are clearer than the original texts except, possibly for coverage of self issued certificates. Shouldn't we also state explicitly that self issued certs are stored only in the cACertificate attribute for both options? > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 9, 1998 9:08 AM > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org'; Santosh Chokhani > Subject: RE: forward & reverse elements - population > > Sharon: > > I can agree to the following text for the two option instead. Please > note that I have further clarified cross-certificate by tying the DN and > public keys. > > I think the following texts are consistent with and further > clarifications of the two options. > > I STILL AM STRONGLY IN FAVOR OF OPTION 1. > And I option 2 :-) > NEW PROPOSED TEXT FOR OPTION 1 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. Optionally, the reverse > element of the crossCertificatePair attribute, held in a particular CA's > directory entry, may contain a subset of certificates issued by this CA > to other CAs. When both the forward and the reverse elements are > present, issuer name in one certificate shall match the subject name in > the other and vice versa, and the subject public key in one certificate > shall be capable of verifying the digital signature on the other > certificate and vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > NEW PROPOSED TEXT FOR OPTION 2 > > The cACertificate attribute, held in a particular CA's directory entry, > shall be used to store certificates issued to this CA by CAs in the same > domain as this CA. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store all certificates > issued to this CA. Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, may contain a subset of certificates issued by this CA to other > CAs. When both the forward and the reverse elements are present, issuer > name in one certificate shall match the subject name in the other and > vice versa, and the subject public key in one certificate shall be > capable of verifying the digital signature on the other certificate and > vice versa. > > In the case of V3 certificates, none of the above CA certificates shall > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > > > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Tuesday, September 08, 1998 5:46 PM > > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > > Subject: RE: forward & reverse elements - population > > > > > > > > > ---------- > > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > > Sent: September 8, 1998 10:05 AM > > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > > Subject: RE: forward & reverse elements - population > > > > > --stuff deleted > > > > > > > [] I agree. I do not have problem with the following language. > > > " A certificate issued to a CA by another shall be stored either in > > the > > > caCertificate or forward component of crossCertificatePair attribute > > of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA." > > > > > > Please note that to me subset includes none, some, or all. If > > > folks want further clarification, it is ok by me. > > > > > Santosh, the only issue I have with this text is that (at least with > > the > > rationale behind option 2) any cert that appears in the cACertificate > > attribute of a given CA > > entry, should also appear in the crossCertificatePair attribute in the > > same > > CA entry. > > What about deleting the reference to the cACertificate attribute from > > your > > text and proposing this as new text just for the crossCertificatePair > > attribute? > > > > Both Jan and David have indicated reasons to keep the "pair" together > > in the > > mutual case, so we should also consider adding the last paragraph of > > the > > text David proposed for that. > > > > Here's what the resulting text proposal would look like: > > > > > " A certificate issued to a CA by another shall be stored in the > > > forward component of crossCertificatePair attribute of > > > the subject CA. Optionally, a subset of certificates issued by a CA > > can > > > be stored in the reverse component of crossCertificatePair attribute > > of > > > the issuing CA. When both elements are present in the same value, > > the > > > value shall represent a mutual cross-certification of the two CAs. " > > > > > If we can come to consensus on that attribute, then let's see what we > > can do > > with the cACertificate attribute text. > > > > I agree with your view on what a subset is and I think that same > > definition > > would apply to the contents of the cACertificate attribute as a subset > > of > > the crossCertificatePair forward elements in option 2. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21587 for ietf-pkix-bks; Wed, 9 Sep 1998 06:34:38 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21583 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 06:34:36 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id PAA17200 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:41:24 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id PAA20994 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 15:41:28 +0200 (DFT) Message-ID: <35F703F0.53AA@bull.net> Date: Wed, 09 Sep 1998 15:40:49 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: IETF-PXIX <ietf-pkix@imc.org> Subject: For Option none Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk The straw poll is now obsolete since neither of the two original texts is acceptable as it is. Anyway since it was not a "vote", it was interresting to promote discussion on this topic and apparently that discussion has not yet ended ! Denis -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21260 for ietf-pkix-bks; Wed, 9 Sep 1998 06:03:20 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA21256 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 06:03:19 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ7R4>; Wed, 9 Sep 1998 09:08:26 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E1B1A5C@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Wed, 9 Sep 1998 09:08:23 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Sharon: I can agree to the following text for the two option instead. Please note that I have further clarified cross-certificate by tying the DN and public keys. I think the following texts are consistent with and further clarifications of the two options. I STILL AM STRONGLY IN FAVOR OF OPTION 1. NEW PROPOSED TEXT FOR OPTION 1 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. NEW PROPOSED TEXT FOR OPTION 2 The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued to this CA. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain a subset of certificates issued by this CA to other CAs. When both the forward and the reverse elements are present, issuer name in one certificate shall match the subject name in the other and vice versa, and the subject public key in one certificate shall be capable of verifying the digital signature on the other certificate and vice versa. In the case of V3 certificates, none of the above CA certificates shall include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Tuesday, September 08, 1998 5:46 PM > To: 'ietf-pkix@imc.org'; 'Santosh Chokhani' > Subject: RE: forward & reverse elements - population > > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 8, 1998 10:05 AM > > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > > Subject: RE: forward & reverse elements - population > > > --stuff deleted > > > > > [] I agree. I do not have problem with the following language. > > " A certificate issued to a CA by another shall be stored either in > the > > caCertificate or forward component of crossCertificatePair attribute > of > > the subject CA. Optionally, a subset of certificates issued by a CA > can > > be stored in the reverse component of crossCertificatePair attribute > of > > the issuing CA." > > > > Please note that to me subset includes none, some, or all. If > > folks want further clarification, it is ok by me. > > > Santosh, the only issue I have with this text is that (at least with > the > rationale behind option 2) any cert that appears in the cACertificate > attribute of a given CA > entry, should also appear in the crossCertificatePair attribute in the > same > CA entry. > What about deleting the reference to the cACertificate attribute from > your > text and proposing this as new text just for the crossCertificatePair > attribute? > > Both Jan and David have indicated reasons to keep the "pair" together > in the > mutual case, so we should also consider adding the last paragraph of > the > text David proposed for that. > > Here's what the resulting text proposal would look like: > > > " A certificate issued to a CA by another shall be stored in the > > forward component of crossCertificatePair attribute of > > the subject CA. Optionally, a subset of certificates issued by a CA > can > > be stored in the reverse component of crossCertificatePair attribute > of > > the issuing CA. When both elements are present in the same value, > the > > value shall represent a mutual cross-certification of the two CAs. " > > > If we can come to consensus on that attribute, then let's see what we > can do > with the cACertificate attribute text. > > I agree with your view on what a subset is and I think that same > definition > would apply to the contents of the cACertificate attribute as a subset > of > the crossCertificatePair forward elements in option 2. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA18469 for ietf-pkix-bks; Wed, 9 Sep 1998 02:18:24 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA18465 for <ietf-pkix@imc.org>; Wed, 9 Sep 1998 02:18:12 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFPT>; Wed, 9 Sep 1998 19:22:05 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC073861@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Mike Smith '" <mfsmith@zionsbank.com>, "'fod@brd.ie '" <fod@brd.ie>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>, "'Phillip M Hallam-Baker '" <pbaker@verisign.com> Cc: "'dave@chromatix.com '" <dave@chromatix.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: OFF TOPIC ???? RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Date: Wed, 9 Sep 1998 19:22:02 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks for the reply - comments in line. ---------- From: Phillip M Hallam-Baker To: Mike Smith; fod@brd.ie; Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com; ietf-pkix@imc.org Sent: 9/9/98 1:50:46 AM Subject: OFF TOPIC ???? RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Ph: I'm having a lot of trouble following this discussion. It appears to have begun a discussion of the relative merits of X.500 vs LDAP server models. This does not appear to be something which is relevant to PKIX. LDAP is merely a protocol. It does not define a product. Arguments based on the 'scalability' of a client-server protocol are almost without exception irrelevant since scaling depends on server-server communication. The idea that the same protocol should serve both purposes is questionable at best. alan: LDAP is just a protocol! That statement is curious given that features in protocol impact the system services that are conveyed to and available from " the protocol". eg. Replicated/Master certfificates .. How does LDAP get the Master copy of a certficate when it needs that. If the certficate happens to be outside the "domain of interest" how does LDAP control the extent of a search re Chaining.. It can not. If one is trying to build large scale certficate based systems supported by directory services, then "the protocol" used will affect the trust and performance of the system services applied.. LDAP does not deal with distributed systems - it deals with client interfaces to seperate servers. Cert Matching Rules and LDAP (non X.500)servers? - ask the vendors. Ph:I fail to see how improved search capabilities will greatly assist for the purposes of PKIX unless the directories have the ability to break open, readand understand attributes embedded in certificates. If people believe that support for a specific (and specified) search mechanism would lead to an improvement in efficiency that is important to PKIX let us discuss thatspecific extension. alan: See X.500/9 certficate matching rules, see the draft I posted last week. Cert and CRL matching rules can, in fact are intended to assist the management and validation of certificates. They should be applied to this end. As said in my draft, it seems pointless trying to get a client to understand all the information and revocation designs of any CA that might exist on this planet. X.509 is part of X.500 and the application of X.509 to be scaleable depends on the use and features of a directory services. The emphasis to date on CA design has been.. information objects for CA functions that "may" use a directory. OCSP is symptomatic of this approach ie. no directory service is considered. This = special client software and special servers and special CA databases. Hardly an approach for the large scale of the internet, the use of distributed, scaleable EC services and simple clients. To build a generalised, efficient, scaleable certificate infrastructure, X.500 directory systems (not LDAP servers) are fundamental. With added matching rules and common CA information doctrines (as applied to their DIBs) the PKIX problem is very solveable. Ph: We need to remember that we are charterted as an IETF working group and weare not in a position to endorse a particular directory strategy. alan: Well if "we" are chartered to build a car and it wants to be used, by definition should we not be making sure that the roads and wheels are in place. (eg directory systems). ie. when anything is designed, assumptions or statements about underlying (scaleable) services should be made. Ph: If we want to be able to offload client work to a server of some kind we should first consider the requirements that motivate such an architectural approach and the trust implications of doing so before considering protocol extensions. Indeed a critical step would be deciding which protocol to base an implementation on. Alan: X.500 was designed to deal with this issue (see X.500 1993 cert and CRL matching rules). There is no direct extension to the protocol" its the addition of convey service requirements and modified directory matching rule support. As for trust - then there is no trust in multitudes of chaotic CA information designs and complex clients that cannot verify certs for specific application and originator/recipient contexts. Finally - it seems a lot of the work on PKIX has been made so complex because of the limitations in LDAP, LDAP servers and "non directory system" application, eg OCSP, eg, . Taking X.500 infrastructure away from X.509 is like taking the wheels off a car and then trying to fix the car's resulting problems. So IMHO - if the charter of this group is to build a certficate infrastructure for the internet - should we not follow industry trends with directories ie LDAP or DAP access to X.500 that incorporates X.509? And extend this as per dir-cert-stat draft to make it scaleable and efficient. Thoughts are welcome. regards alan Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id WAA02151 for ietf-pkix-bks; Tue, 8 Sep 1998 22:11:59 -0700 (PDT) Received: from atlantic.valicert.com (qmailr@old-atlantic.valicert.com [209.185.6.135]) by mail.proper.com (8.8.8/8.8.5) with SMTP id WAA02147 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 22:11:57 -0700 (PDT) Received: (qmail 8338 invoked from network); 9 Sep 1998 05:17:13 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 9 Sep 1998 05:17:13 -0000 Message-ID: <35F60F60.37C6098E@valicert.com> Date: Tue, 08 Sep 1998 22:17:20 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Ed Posnak <ejp@xetex.com> CC: IETF PKIX <ietf-pkix@imc.org> Subject: Re: OCSP in Chicago References: <35F5A976.E3A03DCE@valicert.com> <35F5D996.DF96F76A@xetex.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Ed, Please take a look at section 4.4.4 (Archive Cutoff). See if that addresses your concerns. 4.4.4 Archive Cutoff An OCSP responder MAY choose to retain revocation information beyond a certificates expiration. The date obtained by subtracting this retention interval value from the producedAt time in a response is defined as the certificates archive cutoff date. OCSP-enabled applications would use an OCSP archive cutoff date to contribute to a proof that a digital signature was (or was not) reliable on the date it was produced even if the certificate needed to validate the signature has long since expired. OCSP servers that provide support for such historical reference SHOULD include an archive cutoff date extension in responses. If included, this value SHALL be provided as an OCSP singleResponse extension identified by id-pkix-ocsp-archive-cutoff and of syntax GeneralizedTime: id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } archiveCutoff ::= GeneralizedTime To illustrate, if a server is operated with a 7-year retention interval policy and status was produced at time t1 then the value for archiveCutoff in the response would be (t1 - 7 years). Regards, Ambarish Ed Posnak wrote: > > Does the following still apply to a "Good" status? > > [from version 05] "... it is quite possible that an OCSP responder > returns the notRevoked state if a certificate was revoked, but has since > expired (equivalent to a serial number being dropped from the CRL). " > > If so, perhaps the above sentence shouldn't have been dropped from the > description? > > ejp -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA29394 for ietf-pkix-bks; Tue, 8 Sep 1998 20:42:56 -0700 (PDT) Received: from 2gn.com (insectivora.unids.com [208.196.212.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA29390 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 20:42:55 -0700 (PDT) Received: from rodney (perm16-180.ij.net [209.4.16.180]) by 2gn.com (8.8.5/8.8.5) with SMTP id WAA25675; Tue, 8 Sep 1998 22:45:09 -0400 Message-Id: <199809090245.WAA25675@2gn.com> X-Sender: rodney@module-one.tillerman.nu X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2 Date: Tue, 08 Sep 1998 23:44:10 -0400 To: Pavel Krylov <versed@elvis.ru> From: Rodney Thayer <rodney@tillerman.nu> Subject: Re: depth Cc: ietf-pkix@imc.org In-Reply-To: <XFMail.980907213528.versed@elvis.ru> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk In researching this for IPSec, I've heard a depth of approximately four being used, and of course a single root, and sporadic use of deeper trees, as far as 8. At 12:35 AM 9/8/98 +0400, you wrote: > >My question: > What depth of certificate tree is exist now?? Average value? > >Sharon, Santosh? > >--------------------------------------- >Pavel V.Krylov versed@elvis.ru > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id SAA28554 for ietf-pkix-bks; Tue, 8 Sep 1998 18:18:59 -0700 (PDT) Received: from ns1.auntmimi.net ([209.19.106.141]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id SAA28550 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 18:18:58 -0700 (PDT) Received: from mail.xetex.com (1Cust101.tnt2.sfo3.da.uu.net [153.37.7.101]) by ns1.auntmimi.net (8.8.6/8.7.3) with SMTP id TAA21059; Tue, 8 Sep 1998 19:55:22 -0700 (PDT) Received: from xetex.com by mail.xetex.com (SMI-8.6/SMI-SVR4) id SAA08850; Tue, 8 Sep 1998 18:20:05 -0700 Message-ID: <35F5D996.DF96F76A@xetex.com> Date: Tue, 08 Sep 1998 18:27:51 -0700 From: Ed Posnak <ejp@xetex.com> Organization: Xetex Corporation X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: Ambarish Malpani <ambarish@valicert.com> CC: IETF PKIX <ietf-pkix@imc.org> Subject: Re: OCSP in Chicago References: <35F5A976.E3A03DCE@valicert.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Does the following still apply to a "Good" status? [from version 05] "... it is quite possible that an OCSP responder returns the notRevoked state if a certificate was revoked, but has since expired (equivalent to a serial number being dropped from the CRL). " If so, perhaps the above sentence shouldn't have been dropped from the description? ejp Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA26952 for ietf-pkix-bks; Tue, 8 Sep 1998 15:01:14 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA26948 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 15:01:13 -0700 (PDT) Received: from rhousley_laptop.spyrus.com ([209.172.119.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id PAA24508 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 15:05:56 -0700 (PDT) Message-Id: <4.1.0.52.19980908180708.009c44a0@mail.spyrus.com> X-Sender: rhousley@mail.spyrus.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.52 (Beta) Date: Tue, 08 Sep 1998 18:07:20 -0400 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Russ Housley <housley@spyrus.com> Subject: For Option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26881 for ietf-pkix-bks; Tue, 8 Sep 1998 14:57:32 -0700 (PDT) Received: from atlantic.valicert.com (atlantic.valicert.com [209.185.6.135] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA26871 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 14:57:31 -0700 (PDT) Received: (qmail 1104 invoked from network); 8 Sep 1998 22:02:24 -0000 Received: from ns.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 8 Sep 1998 22:02:24 -0000 Message-ID: <35F5A976.E3A03DCE@valicert.com> Date: Tue, 08 Sep 1998 15:02:30 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: IETF PKIX <ietf-pkix@imc.org> Subject: OCSP in Chicago Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi All, For the benefit of those who were not in Chicago, it was resolved that the symbol for notRevoked be changed to good. We have put in the following explanation of the good state: The "good" state indicates a positive response to the status inquiry. At a minimum, this positive response indicates that the certificate is not revoked, but does not necessarily mean that the certificate was ever issued or that the producedAt time is within the certificate's validity interval. Response extensions may be used to convey additional information on assertions made by the responder regarding the status of the certificate such as positive statement about issuance, validity, etc.). Regards, Ambarish -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA26782 for ietf-pkix-bks; Tue, 8 Sep 1998 14:46:42 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA26778 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 14:46:40 -0700 (PDT) Received: id RAA25638; Tue, 8 Sep 1998 17:49:05 -0400 Received: by gateway id <S2S6XV8N>; Tue, 8 Sep 1998 17:46:02 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC974B@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 17:46:01 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 8, 1998 10:05 AM > To: 'Sharon Boeyen'; 'ietf-pkix@imc.org' > Subject: RE: forward & reverse elements - population > --stuff deleted > > > [] I agree. I do not have problem with the following language. > " A certificate issued to a CA by another shall be stored either in the > caCertificate or forward component of crossCertificatePair attribute of > the subject CA. Optionally, a subset of certificates issued by a CA can > be stored in the reverse component of crossCertificatePair attribute of > the issuing CA." > > Please note that to me subset includes none, some, or all. If > folks want further clarification, it is ok by me. > Santosh, the only issue I have with this text is that (at least with the rationale behind option 2) any cert that appears in the cACertificate attribute of a given CA entry, should also appear in the crossCertificatePair attribute in the same CA entry. What about deleting the reference to the cACertificate attribute from your text and proposing this as new text just for the crossCertificatePair attribute? Both Jan and David have indicated reasons to keep the "pair" together in the mutual case, so we should also consider adding the last paragraph of the text David proposed for that. Here's what the resulting text proposal would look like: > " A certificate issued to a CA by another shall be stored in the > forward component of crossCertificatePair attribute of > the subject CA. Optionally, a subset of certificates issued by a CA can > be stored in the reverse component of crossCertificatePair attribute of > the issuing CA. When both elements are present in the same value, the > value shall represent a mutual cross-certification of the two CAs. " > If we can come to consensus on that attribute, then let's see what we can do with the cACertificate attribute text. I agree with your view on what a subset is and I think that same definition would apply to the contents of the cACertificate attribute as a subset of the crossCertificatePair forward elements in option 2. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA25829 for ietf-pkix-bks; Tue, 8 Sep 1998 13:02:56 -0700 (PDT) Received: from mailext02.compaq.com (mailext02.compaq.com [207.18.199.33]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA25825 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 13:02:55 -0700 (PDT) Received: from mailext02.compaq.com by mailext02.compaq.com via smail with esmtp id <m0zGRZ9-0007GRC@mailext02.compaq.com> for <ietf-pkix@imc.org>; Tue, 8 Sep 98 12:28:31 -0500 (CDT) (/\##/\ Smail3.1.30.16 #30.9 built 21-jan-98) Received: from mail.compaq.com([207.18.199.32]) by mailext02.compaq.com with SMTP (peer mailint02.compaq.com[207.18.199.35]) id rcv009876; Tue, 8 Sep 1998 12:28:31 -0500 (CDT) Received: from exchou-conn01.im.hou.compaq.com(really [172.18.22.253]) by mail.compaq.com via sendmail with esmtp id <m0zGRYi-0005BsC@mail.compaq.com> for <ietf-pkix@imc.org>; Tue, 8 Sep 98 12:28:04 -0500 (CDT) (/\##/\ Smail3.1.30.16 #30.10 built 18-dec-97) Received: by EXCHOU-CONN01.im.hou.compaq.com with Internet Mail Service (5.5.1960.3) id <SQ38VL6L>; Tue, 8 Sep 1998 12:29:54 -0500 Message-ID: <895FABD47F78D011863400805FBEBA8E0319E7A7@EXCHOU-CA0301.im.hou.compaq.com> From: "Fuerst, Neal" <Neal.Fuerst@COMPAQ.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: FOR Option 2 Date: Tue, 8 Sep 1998 11:05:12 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks. Neal Fuerst Information Security Analyst Compaq Computer Corporation E-Mail: neal.fuerst@compaq.com Phone: 281.518.8072 Pager: 713.509.4586 Entrust validation string: OMCO-KGMF-KQZN "No matter how paranoid you are, you're not paranoid enough." Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25472 for ietf-pkix-bks; Tue, 8 Sep 1998 12:31:56 -0700 (PDT) Received: from docws001.shl.com (docws001.shl.com [159.249.56.252]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25468 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:31:55 -0700 (PDT) Received: from napmsnoc02.shl.com (napmsnoc02.shl.com [159.249.47.179]) by docws001.shl.com (8.7.3/8.7.3) with SMTP id OAA10756 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 14:21:38 -0500 Received: by napmsnoc02.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDDB25.6EC159C0@napmsnoc02.shl.com>; Tue, 8 Sep 1998 12:37:25 -0700 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980908193704Z-53756@napmsnoc02.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'David Boyce'" <D.Boyce@isode.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 12:37:04 -0700 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk in response to: >From: David Boyce[SMTP:D.Boyce@isode.com] >"PACHL, Jan" writes: >>If the forward and the reverse element are never both present in the >>same pair (=either one is present or the other, but never both, in any >>given pair), what is the point of having the attribute defined as >>"pair"? >>In that case it would make better sense to have two separate attributes >>instead -- "forward certificate" and "reverse certificate". > >Well, we are trying to work with the defined X.509 attributes, so >creating new ones which duplicate existing definitions will just muddy >things further. I agree, though, that things might have been >different. > Yes, I agree we should work with the defined attributes. Presumably the crossCertificationPair attribute was defined as a pair (and not as two separate attributes) for a good reason. Jan Pachl >SHL Systemhouse Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25463 for ietf-pkix-bks; Tue, 8 Sep 1998 12:31:26 -0700 (PDT) Received: from mail13.digital.com (mail13.digital.com [192.208.46.30]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25459 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:31:25 -0700 (PDT) Received: from mrohub2.mro.dec.com (mrohub2.mro.dec.com [16.34.192.32]) by mail13.digital.com (8.8.8/8.8.8/WV1.0g) with ESMTP id PAA00906 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 15:36:08 -0400 (EDT) Received: by mrohub2.mro.dec.com with Internet Mail Service (5.5.1960.3) id <SQZT8L16>; Tue, 8 Sep 1998 15:36:09 -0400 Message-ID: <D107B66CF5B9D111BA2A0000F86630AB8D822A@ogoexc1.ogo.dec.com> From: Daya Puls <Daya.Puls@digital.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 8 Sep 1998 15:36:23 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Daya Puls, CISSP Intelligent Infrastructure Security Architect COMPAQ, IM Security 40 Old Bolton Road, OGO1-2/V12, Stow, MA 01775-1299 Fon: 978-496-9560, Fax: 978-496-9191, Eml: daya.puls@digital.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA25403 for ietf-pkix-bks; Tue, 8 Sep 1998 12:22:07 -0700 (PDT) Received: from 2keys.ca (cr318128-a.rchrd1.on.wave.home.com [24.112.92.155]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA25399 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:22:06 -0700 (PDT) From: rpierce@2keys.ca Received: (from rpierce@localhost) by 2keys.ca (8.8.7/8.8.7) id LAA16441 for ietf-pkix@imc.org; Tue, 8 Sep 1998 11:23:54 -0400 Message-Id: <199809081523.LAA16441@2keys.ca> Subject: For Option 2 To: ietf-pkix@imc.org (IETF PKIX) Date: Tue, 8 Sep 1998 15:23:54 +0000 () Content-Type: text Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA24057 for ietf-pkix-bks; Tue, 8 Sep 1998 10:11:58 -0700 (PDT) Received: from lion.harrisbank.com (lion.harrisbank.com [204.148.73.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA24053 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:11:54 -0700 (PDT) From: Dimitri.Vekris@bmo.com Received: by lion.harrisbank.com id AA24091 (SMTP Gateway 3.0 for ietf-pkix@imc.org); Tue, 8 Sep 1998 12:17:07 -0500 Received: by lion.harrisbank.com (Internal Mail Agent-1); Tue, 8 Sep 1998 12:17:07 -0500 To: ietf-pkiximcorg <ietf-pkix@imc.org> Subject: For Option 2 Message-Id: <0056090002874024000002L942*@MHS> Date: Tue, 8 Sep 1998 12:09:50 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA23614 for ietf-pkix-bks; Tue, 8 Sep 1998 09:16:50 -0700 (PDT) Received: from smtp-gw.BayNetworks.COM (ns4.BayNetworks.COM [192.32.253.7]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA23610 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 09:16:49 -0700 (PDT) Received: from mailhost.BayNetworks.COM ([141.251.211.49]) by smtp-gw.BayNetworks.COM (8.8.8/8.8.8) with ESMTP id MAA11637 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:21:27 -0400 (EDT) Received: from ns2.corpeast.Baynetworks.com (ns2.corpeast.baynetworks.com [192.32.72.17]) by mailhost.BayNetworks.COM (8.8.8/8.8.8) with SMTP id SAA01073 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 18:20:50 +0200 (MET DST) Received: from bl-mail2.corpeast.BayNetworks.com (bl-mail2-nf0) by ns2.corpeast.Baynetworks.com (4.1/BNET-97/04/29-S) id AA00939; Tue, 8 Sep 98 12:20:50 EDT for ietf-pkix@imc.org Received: from dgiglio.corpeast.baynetworks.com (bne-cnc-126.corpeast.baynetworks.com [132.245.134.126]) by bl-mail2.corpeast.BayNetworks.com (Post.Office MTA v3.5.1 release 219 ID# 0-51848U14000L14000S0V35) with SMTP id com for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 12:20:46 -0400 Message-Id: <3.0.32.19980908122045.00f2f688@bl-mail2.corpeast.baynetworks.com> X-Sender: dgiglio@bl-mail2.corpeast.baynetworks.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 08 Sep 1998 12:20:47 -0400 To: ietf-pkix@imc.org From: David_Giglio@baynetworks.com (David Giglio) Subject: For option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk ___________________________________________________________________ David Giglio - Senior Product Manager Bay Networks, Inc. Access Server Div. M/S BL8-05 dgiglio@baynetworks.com 5 Federal Street 978-916-4234 Office Billerica, MA 01821 978-916-4782 Fax Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23274 for ietf-pkix-bks; Tue, 8 Sep 1998 08:46:11 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23270 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:46:10 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id IAA04410; Tue, 8 Sep 1998 08:49:02 -0700 (PDT) Received: from pbaker-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id IAA13627; Tue, 8 Sep 1998 08:50:48 -0700 (PDT) From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Mike Smith" <mfsmith@zionsbank.com>, <fod@brd.ie>, <Alan.Lloyd@OpenDirectory.com.au> Cc: <dave@chromatix.com>, <ietf-pkix@imc.org> Subject: OFF TOPIC ???? RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Date: Tue, 8 Sep 1998 11:50:46 -0400 Message-ID: <004d01bddb40$7194a9c0$ee0110ac@pbaker-pc.verisign.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 In-Reply-To: <s5f398ef.030@zionsbank.com> Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk I'm having a lot of trouble following this discussion. It appears to have begun a discussion of the relative merits of X.500 vs LDAP server models. This does not appear to be something which is relevant to PKIX. LDAP is merely a protocol. It does not define a product. Arguments based on the 'scalability' of a client-server protocol are almost without exception irrelevant since scaling depends on server-server communication. The idea that the same protocol should serve both purposes is questionable at best. I fail to see how improved search capabilities will greatly assist for the purposes of PKIX unless the directories have the ability to break open, read and understand attributes embedded in certificates. If people believe that support for a specific (and specified) search mechanism would lead to an improvement in efficiency that is important to PKIX let us discuss that specific extension. We need to remember that we are charterted as an IETF working group and we are not in a position to endorse a particular directory strategy. If we want to be able to offload client work to a server of some kind we should first consider the requirements that motivate such an architectural approach and the trust implications of doing so before considering protocol extensions. Indeed a critical step would be deciding which protocol to base an implementation on. Phill Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23228 for ietf-pkix-bks; Tue, 8 Sep 1998 08:43:19 -0700 (PDT) Received: from lion.harrisbank.com (lion.harrisbank.com [204.148.73.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA23224 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:43:17 -0700 (PDT) From: Dimitri.Vekris@bmo.com Received: by lion.harrisbank.com id AA18645 (SMTP Gateway 3.0 for ietf-pkix@imc.org); Tue, 8 Sep 1998 10:48:27 -0500 Received: by lion.harrisbank.com (Internal Mail Agent-1); Tue, 8 Sep 1998 10:48:27 -0500 To: ietf-pkiximcorg <ietf-pkix@imc.org> Subject: For Option 2 Message-Id: <0056090002871633000002L932*@MHS> Date: Tue, 8 Sep 1998 10:41:10 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23117 for ietf-pkix-bks; Tue, 8 Sep 1998 08:34:16 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23113 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:34:14 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Tue, 8 Sep 1998 16:38:15 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: "PACHL, Jan" <jpachl@shl.com> cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population In-reply-to: Your message of "Tue, 08 Sep 1998 08:58:19 CDT." <c=US%a=MCI%p=SHL%l=DALFW03-980908135819Z-50946@dalmsdoc01.shl.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 08 Sep 1998 16:38:15 +0100 Message-ID: <20698.905269095@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk "PACHL, Jan" writes: >If the forward and the reverse element are never both present in the >same pair (=either one is present or the other, but never both, in any >given pair), what is the point of having the attribute defined as >"pair"? >In that case it would make better sense to have two separate attributes >instead -- "forward certificate" and "reverse certificate". Well, we are trying to work with the defined X.509 attributes, so creating new ones which duplicate existing definitions will just muddy things further. I agree, though, that things might have been different. >I can see some (limited?) use for populating both forward and reverse in >the same pair, to record mutual certification. Not primarily for path >discovery, but for answering other questions about certification >relationships. Yes. What I was trying to do was begin to pin down what it means when both elements are present in the same value, and conscious mutual certification seems an appropriate use. I suppose PKIX could specify that conforming CAs should not populate both elements in a value, but that applications processing the values for path development should not assume only one element is present. I note that the X.509 certificatePairExactMatch matching rule doesn't appear to cater for specifying 'values matching a forward certificate assertion which have no reverse certificate', or vice versa. Consequently, it may not be possible (using that Matching Rule, at least) to obtain ONLY the forward certificates. David. -- David Boyce Tel: +44 181 332 9091 Richmond, Surrey, ENGLAND I'net: d.boyce@isode.com Isode's WWW: http://www.isode.com/ X.400: I=d;S=boyce;P=isode;A=mailnet;C=fi; Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA23093 for ietf-pkix-bks; Tue, 8 Sep 1998 08:32:20 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA23089 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:32:18 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Tue, 8 Sep 1998 16:36:44 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Sharon Boeyen <sharon.boeyen@entrust.com> cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: forward & reverse elements - population In-reply-to: Your message of "Mon, 07 Sep 1998 20:01:30 EDT." <D789F71F24B4D111955D00A0C99B4F50AC9748@sothmxs01.entrust.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 08 Sep 1998 16:36:43 +0100 Message-ID: <20692.905269003@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk Sharon Boeyen writes: >3 - One more issue raised by David Boyce's proposed text was population of >the crossCertificatePair attribute in the case where certification between >two CAs is mutual. The syntax of the crossCertificatePair attribute is such >that a single value of the attribute is one of the following: >- only a forward element >- only a reverse element >- both a forward and reverse. > >I wonder though when one would be interested in retrieving a value that had >both forward and reverse present? Does anyone have an example of a >requirement for this? I can think of one example where population of both elements could be helpful for path development: the case when a strong bind request is received which contains just a signature, so that a certificate path has to be developed locally in order to verify the signature. If during this development, a mutual certificate pair is encountered, it might act as a hint that this is a good way to develop a certification path in the opposite direction for use when responding to the bind (assuming the responder intends to supply a certificate path in its response). Without this hint, building this path would be harder. > When doing path discovery, regardless of the >algorithm, wouldn't you be interested in one of the forward or reverse only >for a given operation? If that is true then wouldn't it be better not to >populate both forward and reverse in a single value but even in the case of >mutual certification, spread these certificates over different values of the >attribute? The reason I'm wondering about this is that the smallest unit of >information that LDAP can return is a whole attribute value (can't pull only >a forward or only a reverse from a single value). I'm trying to come up any >reason for wanting the two together in the mutual case and having trouble >coming up with a requirement. Again, when we get to the point of using >LDAPv3 and more complex filtering capabilities, we may get to a point where >we can retrieve single certs from the crossCertificatePair attribute, but if >both forward and reverse are populated in the same attribute value, you'll >get both certs. Views? I don't think that LDAPv3 will give you any finer-grained control over what is returned either. It would require transporting less than a whole value of an attribute, and it's hard to see how this would be something LDAPv3 would want to define. For path development purposes, I agree it's a pity to have to transport the reverse certificate with the forward, only to discard it because it's of no interest; but there it is. Some may feel that this bandwidth issue is enough to rule out populating both elements. It doesn't actively get in the way of path development, however, and there may be a meaningful population of both elements. David. -- David Boyce Tel: +44 181 332 9091 Richmond, Surrey, ENGLAND I'net: d.boyce@isode.com Isode's WWW: http://www.isode.com/ X.400: I=d;S=boyce;P=isode;A=mailnet;C=fi; Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22703 for ietf-pkix-bks; Tue, 8 Sep 1998 07:57:32 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22699 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:57:31 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.8.5/8.8.7a) with ESMTP id LAA04610; Tue, 8 Sep 1998 11:02:10 -0400 (EDT) Message-Id: <199809081502.LAA04610@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-ipki-part1-10.txt Date: Tue, 08 Sep 1998 11:02:09 -0400 Sender: owner-ietf-pkix@imc.org Precedence: bulk --NextPart Note: This revision reflects comments received during the last call period. A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Certificate and CRL Profile Author(s) : R. Housley, W. Ford, T. Polk, D. Solo Filename : draft-ietf-pkix-ipki-part1-10.txt Pages : 129 Date : 04-Sep-98 This is the tenth draft of the Internet Public Key Infrastructure X.509 Certificate and CRL Profile. This draft is the result of Working Group Last Call, and includes modifications to reflect the group's final comments. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in RFC 2119. Please send comments on this document to the ietf-pkix@tandem.com mail list. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-ipki-part1-10.txt". A URL for the Internet-Draft is: ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-ipki-part1-10.txt Internet-Drafts directories are located at: Africa: ftp.is.co.za Europe: ftp.nordu.net ftp.nis.garr.it Pacific Rim: munnari.oz.au US East Coast: ftp.ietf.org US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-ipki-part1-10.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <19980904152252.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-ipki-part1-10.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-ipki-part1-10.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19980904152252.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22660 for ietf-pkix-bks; Tue, 8 Sep 1998 07:50:40 -0700 (PDT) Received: from hpb.hc-sc.gc.ca (hpb.hc-sc.gc.ca [198.103.237.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22656 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:50:38 -0700 (PDT) From: Jean_Bernatchez@hc-sc.gc.ca Received: from intdns.hwc.ca (intdns.hc-sc.gc.ca [198.103.172.78]) by hpb.hc-sc.gc.ca (8.8.7/8.7.3) with ESMTP id KAA05514 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:55:00 -0400 (EDT) Received: from smta00.hc-sc.gc.ca (smta00.hc-sc.gc.ca [142.4.1.25]) by intdns.hwc.ca (8.8.5/8.7.3) with SMTP id KAA11820 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:54:45 -0400 (EDT) Received: by smta00.hc-sc.gc.ca(Lotus SMTP MTA v1.1 (385.6 5-6-1997)) id 85256679.0051E875 ; Tue, 8 Sep 1998 10:54:39 -0400 X-Lotus-FromDomain: HWC To: ietf-pkix@imc.org Message-ID: <85256679.0051E05C.00@smta00.hc-sc.gc.ca> Date: Tue, 8 Sep 1998 10:55:28 -0400 Subject: For Option 2 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk Jean Bernatchez 09/08/98 10:55 AM Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA22068 for ietf-pkix-bks; Tue, 8 Sep 1998 07:00:36 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA22063 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:00:32 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ5Q8>; Tue, 8 Sep 1998 10:05:31 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D248@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 10:05:30 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk comments in-line. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Monday, September 07, 1998 8:02 PM > To: 'ietf-pkix@imc.org' > Subject: forward & reverse elements - population > > Three related issues: > > 1 - raised by Denis - need to clarify how one way certification of a > CA to > another CA is represented in the crossCertificationPair attribute (as > opposed to bilateral) > > Denis - would adding some text along the lines of that proposed by > David > Boyce (that at least one of the forward or reverse elements must be > present > in a value of the crossCertificatePair attribute) satisfy that? > > 2 - raised by Santosh - population of the reverse element of the > crossCertificatePair attribute not to be mandated. > > Santosh, I tend to agree with this. I'm curious whether you (and > others) > think we can mandate, especially in a schema spec, that the forward > certificates be published by the subject CA either? Is a schema spec > really > the place to dictate CA behaviour? Or should the schema spec provide > the > tools to be used for publishing the certs, should the CA decide to > publish > them. > [] I agree. I do not have problem with the following language. " A certificate issued to a CA by another shall be stored either in the caCertificate or forward component of crossCertificatePair attribute of the subject CA. Optionally, a subset of certificates issued by a CA can be stored in the reverse component of crossCertificatePair attribute of the issuing CA." Please note that to me subset includes none, some, or all. If folks want further clarification, it is ok by me. > In the case of option 2, if we mandate neither, the > crossCertificatePair > attribute would contain all the certificates of the forward and > reverse > types that this CA has decided to publish. The content of the > cACertificate > attribute would still be a subset of the content of the > crossCertificatePair > attribute plus self issued certificates. This would result in a > situation > where some certificates would be published only in the issuing CAs > entry, > some only in the subject CAs entry and others in both. But in all > cases a > relying party would be able to find them in the crossCertificatePair > attribute and if the relying party understood the CAs definition of > domain > they could take advantage of the subset published in that CAs > cACertificate > attribute. > > Do you think this reflects the real business needs or do you think we > need > to mandate that the subject CA publish forward certificates issued for > it? I > lean toward not mandating either, but can go along with either > approach on > this one. > > 3 - One more issue raised by David Boyce's proposed text was > population of > the crossCertificatePair attribute in the case where certification > between > two CAs is mutual. The syntax of the crossCertificatePair attribute is > such > that a single value of the attribute is one of the following: > - only a forward element > - only a reverse element > - both a forward and reverse. > > I wonder though when one would be interested in retrieving a value > that had > both forward and reverse present? Does anyone have an example of a > requirement for this? When doing path discovery, regardless of the > algorithm, wouldn't you be interested in one of the forward or reverse > only > for a given operation? If that is true then wouldn't it be better not > to > populate both forward and reverse in a single value but even in the > case of > mutual certification, spread these certificates over different values > of the > attribute? The reason I'm wondering about this is that the smallest > unit of > information that LDAP can return is a whole attribute value (can't > pull only > a forward or only a reverse from a single value). I'm trying to come > up any > reason for wanting the two together in the mutual case and having > trouble > coming up with a requirement. Again, when we get to the point of using > LDAPv3 and more complex filtering capabilities, we may get to a point > where > we can retrieve single certs from the crossCertificatePair attribute, > but if > both forward and reverse are populated in the same attribute value, > you'll > get both certs. Views? > > > > > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA22025 for ietf-pkix-bks; Tue, 8 Sep 1998 06:55:51 -0700 (PDT) Received: from itsfw.CSE-CST.GC.CA (itsfw.cse.dnd.ca [131.136.196.7]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA22020 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 06:55:50 -0700 (PDT) From: jplachance@cse-cst.gc.ca Received: id JAA06138; Tue, 8 Sep 1998 09:57:04 -0400 Received: by gateway id <NWL91ZG3>; Tue, 8 Sep 1998 09:54:53 -0400 Message-ID: <C3222395B150D11185B300A0C9045CB90C3123@mailserverb.its.cse.dnd.ca> To: ietf-pkix@imc.org Subject: For Option 2 Date: Tue, 8 Sep 1998 10:03:01 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk To whom it may concern, For Option 2. Regards, J.P. Lachance Senior Systems Engineer PMO GOC PKI Communications Security Establishement Tel: 613-991-7504 Fax: 613-991-7455 Internet: jplachance@cse-cst.gc.ca Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA22008 for ietf-pkix-bks; Tue, 8 Sep 1998 06:53:13 -0700 (PDT) Received: from docws001.shl.com (docws001.shl.com [159.249.56.252]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA22004 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 06:53:11 -0700 (PDT) Received: from dalmsdoc01.shl.com (dalmsdoc01.shl.com [159.249.142.247]) by docws001.shl.com (8.7.3/8.7.3) with SMTP id IAA57036 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 08:42:50 -0500 Received: by dalmsdoc01.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDDB06.D7033400@dalmsdoc01.shl.com>; Tue, 8 Sep 1998 08:58:25 -0500 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980908135819Z-50946@dalmsdoc01.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Sharon Boeyen'" <sharon.boeyen@entrust.com> Subject: RE: forward & reverse elements - population Date: Tue, 8 Sep 1998 08:58:19 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk If the forward and the reverse element are never both present in the same pair (=either one is present or the other, but never both, in any given pair), what is the point of having the attribute defined as "pair"? In that case it would make better sense to have two separate attributes instead -- "forward certificate" and "reverse certificate". I can see some (limited?) use for populating both forward and reverse in the same pair, to record mutual certification. Not primarily for path discovery, but for answering other questions about certification relationships. Jan Pachl SHL Systemhouse >From: Sharon Boeyen[SMTP:sharon.boeyen@entrust.com] >[ ... ] > >3 - One more issue raised by David Boyce's proposed text was population of >the crossCertificatePair attribute in the case where certification between >two CAs is mutual. The syntax of the crossCertificatePair attribute is such >that a single value of the attribute is one of the following: >- only a forward element >- only a reverse element >- both a forward and reverse. > >I wonder though when one would be interested in retrieving a value that had >both forward and reverse present? Does anyone have an example of a >requirement for this? When doing path discovery, regardless of the >algorithm, wouldn't you be interested in one of the forward or reverse only >for a given operation? If that is true then wouldn't it be better not to >populate both forward and reverse in a single value but even in the case of >mutual certification, spread these certificates over different values of the >attribute? The reason I'm wondering about this is that the smallest unit of >information that LDAP can return is a whole attribute value (can't pull only >a forward or only a reverse from a single value). I'm trying to come up any >reason for wanting the two together in the mutual case and having trouble >coming up with a requirement. Again, when we get to the point of using >LDAPv3 and more complex filtering capabilities, we may get to a point where >we can retrieve single certs from the crossCertificatePair attribute, but if >both forward and reverse are populated in the same attribute value, you'll >get both certs. Views? > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA21745 for ietf-pkix-bks; Tue, 8 Sep 1998 06:07:58 -0700 (PDT) Received: from itsfw.CSE-CST.GC.CA (itsfw.cse.dnd.ca [131.136.196.7]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA21741 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 06:07:57 -0700 (PDT) From: tjcasar@its.cse.dnd.ca Received: id JAA05475; Tue, 8 Sep 1998 09:09:56 -0400 Received: by gateway id <NWL91ZFR>; Tue, 8 Sep 1998 09:07:45 -0400 Message-ID: <D151573E3DC6CF11AAAD00A0C90428FD296876@mailserver.cse.dnd.ca> To: ietf-pkix@imc.org Subject: For Option 2 Date: Tue, 8 Sep 1998 09:07:44 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA21325 for ietf-pkix-bks; Tue, 8 Sep 1998 05:17:25 -0700 (PDT) Received: from fin.gc.ca (cis-pec.fin.gc.ca [198.103.32.130]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA21321 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 05:17:23 -0700 (PDT) From: DeRosenroll.Michael@tbs-sct.gc.ca Received: from connfax.fin.gc.ca ([172.17.22.10]) by sonic.fin.gc.ca with ESMTP id <19735>; Tue, 8 Sep 1998 08:20:39 -0400 Received: by CONNFAX with Internet Mail Service (5.5.1960.3) id <SQ2M0LBH>; Tue, 8 Sep 1998 08:22:19 -0400 Message-ID: <B103B7FE19C3D011900200805F19428E013BAA37@server5.tbs-sct.gc.ca> To: ietf-pkix@imc.org Subject: For option 2 Date: Mon, 7 Sep 1998 09:34:21 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA20854 for ietf-pkix-bks; Tue, 8 Sep 1998 04:13:26 -0700 (PDT) Received: from apollo.fedworld.gov (apollo.fedworld.gov [192.239.92.203]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA20850 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 04:13:24 -0700 (PDT) Received: from jdiduro.fedworld.gov ([208.232.200.69] (may be forged)) by apollo.fedworld.gov (8.8.6 (PHNE_14041)/8.8.6) with SMTP id HAA01052 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 07:17:43 -0400 (EDT) Message-Id: <4.0.2.19980908072326.0443e530@192.239.92.203> X-Sender: jdiduro@192.239.92.203 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2 Date: Tue, 08 Sep 1998 07:23:34 -0400 To: ietf-pkix@imc.org From: "John A. DiDuro" <jdiduro@apollo.fedworld.gov> Subject: for Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA20761 for ietf-pkix-bks; Tue, 8 Sep 1998 04:07:11 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA20755 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 04:07:09 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZ537>; Tue, 8 Sep 1998 07:12:08 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E186603@WUHER> From: Jeremy Bingham <jbingham@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 8 Sep 1998 07:12:07 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA08715 for ietf-pkix-bks; Tue, 8 Sep 1998 01:20:27 -0700 (PDT) Received: from smtp03.wxs.nl (smtp03.wxs.nl [195.121.6.37]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA08709 for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 01:20:26 -0700 (PDT) Received: from ben ([195.121.86.74]) by smtp03.wxs.nl (Netscape Messaging Server 3.54) with SMTP id AAA16EA for <ietf-pkix@imc.org>; Tue, 8 Sep 1998 10:25:05 +0200 Message-ID: <35F4EA2C.64AC@wxs.nl> Date: Tue, 08 Sep 1998 10:26:20 +0200 From: Ton van Lieshout <ton.van.lieshout@wxs.nl> Reply-To: ton.van.lieshout@wxs.nl Organization: Point Information Systems B.V. X-Mailer: Mozilla 3.01C-WXS-16 (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: FOR OPTION 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk As an Entrust prtner, we vote for option 2. Ton van Lieshout Technical Director Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id XAA29595 for ietf-pkix-bks; Mon, 7 Sep 1998 23:01:20 -0700 (PDT) Received: from security.no ([193.71.64.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id XAA29591 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 23:01:17 -0700 (PDT) Received: by gateway.security.no id <26882>; Tue, 8 Sep 1998 07:01:48 +0100 Message-Id: <98Sep8.070148gmt+0100.26882@gateway.security.no> From: =?iso-8859-1?Q?Svein_L=F8seth?= <slo@security.no> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 8 Sep 1998 07:05:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id XAA29592 Sender: owner-ietf-pkix@imc.org Precedence: bulk --------------------------------------------------------------------------------------------------------------------------- Svein Løseth Tlf.: +47-22 95 86 83 Network Security AS Fax: +47-22 60 44 27 Gaustadalléen 21 Dir. Line: +47-22 95 85 48 N-0371 OSLO GSM: +47-91 77 09 63 NORWAY http://www.security.no Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA26304 for ietf-pkix-bks; Mon, 7 Sep 1998 17:02:27 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id RAA26299 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 17:02:26 -0700 (PDT) Received: id UAA07858; Mon, 7 Sep 1998 20:04:33 -0400 Received: by gateway id <S2S6XSHF>; Mon, 7 Sep 1998 20:01:31 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC9748@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: forward & reverse elements - population Date: Mon, 7 Sep 1998 20:01:30 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Three related issues: 1 - raised by Denis - need to clarify how one way certification of a CA to another CA is represented in the crossCertificationPair attribute (as opposed to bilateral) Denis - would adding some text along the lines of that proposed by David Boyce (that at least one of the forward or reverse elements must be present in a value of the crossCertificatePair attribute) satisfy that? 2 - raised by Santosh - population of the reverse element of the crossCertificatePair attribute not to be mandated. Santosh, I tend to agree with this. I'm curious whether you (and others) think we can mandate, especially in a schema spec, that the forward certificates be published by the subject CA either? Is a schema spec really the place to dictate CA behaviour? Or should the schema spec provide the tools to be used for publishing the certs, should the CA decide to publish them. In the case of option 2, if we mandate neither, the crossCertificatePair attribute would contain all the certificates of the forward and reverse types that this CA has decided to publish. The content of the cACertificate attribute would still be a subset of the content of the crossCertificatePair attribute plus self issued certificates. This would result in a situation where some certificates would be published only in the issuing CAs entry, some only in the subject CAs entry and others in both. But in all cases a relying party would be able to find them in the crossCertificatePair attribute and if the relying party understood the CAs definition of domain they could take advantage of the subset published in that CAs cACertificate attribute. Do you think this reflects the real business needs or do you think we need to mandate that the subject CA publish forward certificates issued for it? I lean toward not mandating either, but can go along with either approach on this one. 3 - One more issue raised by David Boyce's proposed text was population of the crossCertificatePair attribute in the case where certification between two CAs is mutual. The syntax of the crossCertificatePair attribute is such that a single value of the attribute is one of the following: - only a forward element - only a reverse element - both a forward and reverse. I wonder though when one would be interested in retrieving a value that had both forward and reverse present? Does anyone have an example of a requirement for this? When doing path discovery, regardless of the algorithm, wouldn't you be interested in one of the forward or reverse only for a given operation? If that is true then wouldn't it be better not to populate both forward and reverse in a single value but even in the case of mutual certification, spread these certificates over different values of the attribute? The reason I'm wondering about this is that the smallest unit of information that LDAP can return is a whole attribute value (can't pull only a forward or only a reverse from a single value). I'm trying to come up any reason for wanting the two together in the mutual case and having trouble coming up with a requirement. Again, when we get to the point of using LDAPv3 and more complex filtering capabilities, we may get to a point where we can retrieve single certs from the crossCertificatePair attribute, but if both forward and reverse are populated in the same attribute value, you'll get both certs. Views? ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA25807 for ietf-pkix-bks; Mon, 7 Sep 1998 15:26:02 -0700 (PDT) Received: from aum.proper.com (ip200.proper.com [165.227.249.200]) by mail.proper.com (8.8.8/8.8.5) with SMTP id PAA25803 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 15:26:01 -0700 (PDT) Message-Id: <199809072226.PAA25803@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Mon, 07 Sep 1998 15:30:57 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: RE: PKIX freeware library coming soon (fwd) In-Reply-To: <199809072249.AAA24035@cs.pub.ro> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 12:49 AM 9/8/98 +0200, Monica Pietrosanu-Ene wrote: >Any recent news related to that freeware library? >I searched the MIT site and I didn't find anything related to that implementation. It should be available by the end of August, isn't it? There is a new mailing list to discuss the library. Please see <http://www.imc.org/imc-pfl/> for more information on the mailing list and the library. I've been told that the folks making the library are almost-almost ready to release the first version (they can't turn the page on their calendars to September until they do...). At that point, the new mailing list for the library should become active. --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA16002 for ietf-pkix-bks; Mon, 7 Sep 1998 11:55:40 -0700 (PDT) Received: from mail-ewr-3.pilot.net (mail-ewr-3.pilot.net [206.98.230.17]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA15998 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 11:55:39 -0700 (PDT) From: Lynn.Wheeler@firstdata.com Received: from mailgw.FirstData.com ([204.48.27.166]) by mail-ewr-3.pilot.net (Pilot/8.8.8) with ESMTP id PAA27888; Mon, 7 Sep 1998 15:00:41 -0400 (EDT) Received: from lnsunr02.firstdata.com (lnsunr02.firstdata.com [192.168.247.16]) by mailgw.FirstData.com with SMTP id PAA11891; Mon, 7 Sep 1998 15:00:39 -0400 (EDT) Received: by lnsunr02.firstdata.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 85256678.006834C0 ; Mon, 7 Sep 1998 14:58:12 -0400 X-Lotus-FromDomain: FDC To: Mike Smith <mfsmith@zionsbank.com> cc: fod@brd.ie, Alan.Lloyd@OpenDirectory.com.au, dave@chromatix.com, ietf-pkix@imc.org Message-ID: <88256678.0067D844.00@lnsunr02.firstdata.com> Date: Mon, 7 Sep 1998 11:59:43 -0700 Subject: Re: Relational vs Directory Repository Models (was RE: path development complexity s) Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk and with an intelligent repository, along with assumptions about knowing every use to contain risk/liability exposures and provide timely status ... and a nudge in the protocol here & there ... it becomes account authority instead of certification authority client gets even thinner ... and account authority provides enhanced value transaction (most of the certificates are redundant/superfluous). Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA07642 for ietf-pkix-bks; Mon, 7 Sep 1998 10:30:30 -0700 (PDT) Received: from relay2.elvis.ru (ss10.elvis.ru [194.190.192.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA07638 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 10:30:28 -0700 (PDT) Received: by relay2.elvis.ru (8.8.5/1.25) id VAA29408; Mon, 7 Sep 1998 21:35:28 +0400 (MSK DST) Message-ID: <XFMail.980907213528.versed@elvis.ru> X-Mailer: XFMail 1.3 [p0] on Solaris X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 07 Sep 1998 21:35:28 +0400 (MSK DST) From: Pavel Krylov <versed@elvis.ru> To: "ietf-pkix@imc.org" <ietf-pkix@imc.org> Subject: depth Sender: owner-ietf-pkix@imc.org Precedence: bulk My question: What depth of certificate tree is exist now?? Average value? Sharon, Santosh? --------------------------------------- Pavel V.Krylov versed@elvis.ru Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA07055 for ietf-pkix-bks; Mon, 7 Sep 1998 10:23:19 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA07051 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 10:23:18 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Mon, 07 Sep 1998 11:23:47 -0600 Message-Id: <s5f3c243.014@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Sep 1998 11:23:32 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: Alan.Lloyd@OpenDirectory.com.au Cc: ietf-pkix@imc.org Subject: Re: Re relational - and Dirs and all that Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks for the remedial lesson. We also tend towards business objects in design and implmentation. I too, think that these hybrid systems are the direction of the future. michael Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA06891 for ietf-pkix-bks; Mon, 7 Sep 1998 09:57:29 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA06886 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 09:57:20 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFKM>; Tue, 8 Sep 1998 03:01:18 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC07380E@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'mfsmith@zionsbank.com'" <mfsmith@zionsbank.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re relational - and Dirs and all that Date: Tue, 8 Sep 1998 03:01:12 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA06888 Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan: Mike the amazing thing is I am in Charlotte US and working remote to Aus. I had to repaste the text as I got an error? in the long distance server? Comments in line marked Alan. Quick response from so far away, I am still amazed at this Internet technology, even though I've been relying on it daily, since the early '80s. :) Alan: I have been relying on since 9.00 AM this morning :-) Mike: With an X500 model, then one would have to create the directory service agents (DSA) to actually process the requests. My limited understanding of how these work makes it complex indeed to process through multiple layers from one DSA to another (using DAP to cahin to other "directories"). Alan: Directories are distributed, object oriented, named based transaction systems. They operate on distributed naming contexts with objects such as people (that have certs) and CAs that have certs. Directories to us are the foundation for new forms distributed information engineering. (However, LDAP servers (non X.500 ones) do not do distribution - so watch out for the scaling issues with those things). Most think LDAP servers are the only forms of directories and because they have distribution issues - it means that all directories have distribution issues - X.500 (which can have LDAP access) does not have these, therefore the information solution space is wider than LDAP server only systems. Mike: Server side logic, whether stored procedures, external routines or objects from an Application Server, seems less complex for development of client server applications with thin clients, since the variety of tools and supporting technology is so available. My "take" on X500 models is that the directory system was designed for thin servers and thin cleints (thinner clients with the original LDAP, fatter clients (almost DAP) with the current LDAP models). Now, the discussion seems to be on how fat (huge) and intelligent (brilliant) to make the clients. Alan: Thin and fat seems can get mixed up these days. There is the stacks - LDAP is about 230kb and DAP which is about 130kb. LDAP on bigger searches becomes less efficient and DAP has features that deal with master/copy entries and controlling chaining ie. DAP has twice (scaleable) the functionality than LDAP. In terms of "processing" above the stack - LDAP clients do more because they have to chase referrals (no chaining in the servers) and with the LDAP servers (non X.500 ones) if one wants to authenticate users one has to replicate everything to everywhere. ie. what LDAP does not do that X.500 does.. Humans have to. Mike: As you have discovered, a relational DBMS can perform all of the functions of the X.500 requirements and a whole lot more. Alan: But X.500 deals correctly with object oriented engineering, distributed name based systems and scaling. There is a difference. DBMSs deal with data management with integrity (as well as many other things)they (RDBs) do not distribute or scale in the same way- X.500 is about protected distributed object oriented engineering. We have put the both together (RDBs and X.500) - in fact we have made commercial RDBMs extremely fast and distributed object oriented system that is conformant to X.500 (with LDAP access and provides LDAP server interconnectivity). Mike: As a business-focused technologist, I also like the easier integration of an RDBMS-engined repository with the RDBMS' that are used to run the business (I know some Directory schemes output data to RDBMS - some may even allow two-way communication). I like the idea of searching multiple RDBMS sources in one query instead of chaining DSA to DSA - I also think the logic can be more comprehensive. By comprehensive, let's say against a rule set that can contain more than one decision matrix, maybe with some knowledge-based intelligence acquired from yet another DBMS. I can envision a central-responder repository model that "handles" simple requests for path building that get as complex as necessary across hierarchical, cross-certified, policy mapped, Web of trust, personal trust, bilaterally agreed relationships AND others yet to be defined. Alan: I am a very business focussed technologist and believe that OO distributed systems are required and that these will integrate with RDBs where appropriate (eg. Legacy systems or where relational requirements extend beyond those as affored with OO/RDB systems (like our directory). We provide a range of tools for RDBs and LDIF interchange and integration. Mike: Relationship management becomes the central repository's concern, not that of the relying party. The relying party needs a business relationship with the central repository, or their CA (issuer) does. Contracts and agreements amongst the players need to exist for a central system to work, but there are business models that can support highly complex relationship structures. Alan: Some - repeat some of this can be designed with directories and OO structures. Mike: I tend to think of how to incorporate a workable PKI into an electronic commerce scenario that may involve business relationships with thousands of companies, hundreds of financial institutions and their millions of customers. Alan: We do - in fact we scale to these requirements. Mike: In all probability, this means working with many PKI systems and models and their varied implementations. I do not see a system accepting "all" certificates coming into it. Having said that, though, in business, its always risk vs. reward and if someone wishes to reward (and indemnify) me enough to honor self-authenticated or other "weak" certificates, maybe I'll need to incorporate that into my model as well. Mike: I do not see basing a business solely on a directory, no matter its integrity or "globalness". I do not even see basing a directory service business solely on an X.500 directory. Alan: Some do now - the trend is to have distributed systems and basing these on scaleable - mutually authenticated OO - X.500 technologies. However, this does not mean that some centralised RDB applications wont exist - they will in our view become "directory enabled" so they can interwork with WEB/RDB/OO(X.500)business information infrastructures that support a range of authenticated role based people and applications. This is the new approach to business information system modelling - and this also includes multi - distributed CA/PKI functions. I do find business uses for directory-structured systems, but find the duplication of data and differing and costly development environment (ASN.1 vs C++, ProC, SQL, Java, or whatever) annoying. I look towards enterprise services for customers and employees that incorporates PKI - not to PKI as something totally separate. Alan: Absolutely So, that's the origin of my comments on relational "vs." directory. I really think that there should be a synthesis, not an opposition. Since both LDAP and X.500 and X.509 (with version 3) are independent of the directory model and technology, Alan: Dont quite agree - X.509 will not go far without X.500. if we think "outside the X.500 box", then we can use the strengths of the X.500 directory model and add on some strenghts in logic processing from the tools in the RDBMS world. Alan: We did and we have and we do - see Integrated Information Infrastructures. I will send a paper off list. That way, one can support LDAP, DAP, Java Applets, integrated client applications, or whatever development technology becomes available across IP to meet constantly changing business requirements. Alan: Agree Alan: Regards alan Michael Snip.. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA06469 for ietf-pkix-bks; Mon, 7 Sep 1998 09:01:23 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA06465 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 09:01:21 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Mon, 07 Sep 1998 10:01:30 -0600 Message-Id: <s5f3aefa.078@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Sep 1998 10:01:25 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: fod@brd.ie, Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com, ietf-pkix@imc.org Subject: Re: RE: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Quick response from so far away, I am still amazed at this Internet technology, even though I've been relying on it daily, since the early '80s. :) With an X500 model, then one would have to create the directory service agents (DSA) to actually process the requests. My limited understanding of how these work makes it complex indeed to process through multiple layers from one DSA to another (using DAP to cahin to other "directories"). Server side logic, whether stored procedures, external routines or objects from an Application Server, seems less complex for development of client server applications with thin clients, since the variety of tools and supporting technology is so available. My "take" on X500 models is that the directory system was designed for thin servers and thin cleints (thinner clients with the original LDAP, fatter clients (almost DAP) with the current LDAP models). Now, the discussion seems to be on how fat (huge) and intelligent (brilliant) to make the clients. As you have discovered, a relational DBMS can perform all of the functions of the X.500 requirements and a whole lot more. As a business-focused technologist, I also like the easier integration of an RDBMS-engined repository with the RDBMS' that are used to run the business (I know some Directory schemes output data to RDBMS - some may even allow two-way communication). I like the idea of searching multiple RDBMS sources in one query instead of chaining DSA to DSA - I also think the logic can be more comprehensive. By comprehensive, let's say against a rule set that can contain more than one decision matrix, maybe with some knowledge-based intelligence acquired from yet another DBMS. I can envision a central-responder repository model that "handles" simple requests for path building that get as complex as necessary across hierarchical, cross-certified, policy mapped, Web of trust, personal trust, bilaterally agreed relationships AND others yet to be defined. Relationship management becomes the central repository's concern, not that of the relying party. The relying party needs a business relationship with the central repository, or their CA (issuer) does. Contracts and agreements amongst the players need to exist for a central system to work, but there are business models that can support highly complex relationship structures. I tend to think of how to incorporate a workable PKI into an electronic commerce scenario that may involve business relationships with thousands of companies, hundreds of financial institutions and their millions of customers. In all probability, this means working with many PKI systems and models and their varied implementations. I do not see a system accepting "all" certificates coming into it. Having said that, though, in business, its always risk vs. reward and if someone wishes to reward (and indemnify) me enough to honor self-authenticated or other "weak" certificates, maybe I'll need to incorporate that into my model as well. I do not see basing a business solely on a directory, no matter its integrity or "globalness". I do not even see basing a directory service business solely on an X.500 directory. I do find business uses for directory-structured systems, but find the duplication of data and differing and costly development environment (ASN.1 vs C++, ProC, SQL, Java, or whatever) annoying. I look towards enterprise services for customers and employees that incorporates PKI - not to PKI as something totally separate. So, that's the origin of my comments on relational "vs." directory. I really think that there should be a synthesis, not an opposition. Since both LDAP and X.500 and X.509 (with version 3) are independent of the directory model and technology, if we think "outside the X.500 box", then we can use the strengths of the X.500 directory model and add on some strenghts in logic processing from the tools in the RDBMS world. That way, one can support LDAP, DAP, Java Applets, integrated client applications, or whatever development technology becomes available across IP to meet constantly changing business requirements. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 9:15 AM >>> Mike - I am not sure if I understand your response as it mixes technology statements. So comments in line. ---------- From: Mike Smith To: fod@brd.ie; Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com; ietf-pkix@imc.org Sent: 9/8/98 12:27:08 AM Subject: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Some of you have heard this before from me and others, but, maybe it's worth repeating at this time. AL: Its new to me so thanks. Complexity of the problem of path building requires a more robust/intelligent repository. AL: Agree Think out of the directory model and consider a relational database behind the LDAP responder. Per cert request times may be slower, but the ability to work with multiple business (trust) models and supply ALL of the necessary certs (in one query) for the most complex path validation scenario outweighs (and maybe outperforms) a series of client-side processing and LDAP requests. AL: This is an implementation issue - we use a Patented SQL design under our X.500 LDAP product and its fast including distributed (multi server) operations. One always scales the hardware, processing, process and DB and network to do the job anyway. The business logic for multiple trust models would reside on the host. The LDAP request could be parsed, the business (trust) rules selected according to either or both the relying party's and sender's trust requirements. AL: Host - is this a server or a mainframe - this is a sizing issue? Perhaps a view of the system should be: a)A distributed X.500 system with high performance (even though it uses SQL RDBMS ) to give it industry strength and integrity. b) LDAP or DAP (DAP is for the lucky few that want to control the scope of directory chaining to get a cert path and getting Master cert from CA entries:-) ) access by the client software - with the presented cert and the domain in which validation is required information. Note: yet another weakness in LDAP will show up with trust/scope of cert path processing...Somehow LDAP and LDAP servers just dont seem to mix with X.509, certpath processing and CAs... c) A CA that populates its portion of The interconnected DIB with CA certs, CRLs, etc and validation information. d)Trusted CA utilities that run/execute on the CA "server" or "host" to manage the CA's validation "environment". The RDBMS and its server-side business logic can even chain requests to other CA directories if necessary. AL: Yes - there is nothing to stop a directory request to retrieve something with a Search/Matching rule into subordinate objects below the CA entry in question - via alias or cross referencing to other CAs DIBs - but this is a bit messy re Search and Trust management. But very achieveable with a few extensions to Results Correlation processing or CA Utilities. Of course, my perspective is that the business logic and trust requirements come from the CA, not the end-user. If the trust model rule making is placed on the end user, then one would need to design a pretty fat, customer customizable client software piece. AL: Agree and totally agree. The way things were turning out with client cert validation software is like LDAP clients have - more code in them than in a DSA. Simply because they incorporated (lesser) distribution handling functions - eg. referrals, replication management, etc - than X.500 DSAs in fact do. Fat unwieldy clients are symptomatic of what happens if one has no distributed (server) system, information and service based model to work with. regards alan PS - the draft for dir cert stat will be formally circulated next week. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 7:55 AM >>> Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06115 for ietf-pkix-bks; Mon, 7 Sep 1998 08:12:09 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA06109 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 08:12:02 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFKB>; Tue, 8 Sep 1998 01:16:00 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC073803@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'fod@brd.ie '" <fod@brd.ie>, "'Mike Smith '" <mfsmith@zionsbank.com> Cc: "'dave@chromatix.com '" <dave@chromatix.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: Relational vs Directory Repository Models (was RE: pathdevelo pment complexity s) Date: Tue, 8 Sep 1998 01:15:58 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Mike - I am not sure if I understand your response as it mixes technology statements. So comments in line. ---------- From: Mike Smith To: fod@brd.ie; Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com; ietf-pkix@imc.org Sent: 9/8/98 12:27:08 AM Subject: Relational vs Directory Repository Models (was RE: pathdevelopment complexity s) Some of you have heard this before from me and others, but, maybe it's worth repeating at this time. AL: Its new to me so thanks. Complexity of the problem of path building requires a more robust/intelligent repository. AL: Agree Think out of the directory model and consider a relational database behind the LDAP responder. Per cert request times may be slower, but the ability to work with multiple business (trust) models and supply ALL of the necessary certs (in one query) for the most complex path validation scenario outweighs (and maybe outperforms) a series of client-side processing and LDAP requests. AL: This is an implementation issue - we use a Patented SQL design under our X.500 LDAP product and its fast including distributed (multi server) operations. One always scales the hardware, processing, process and DB and network to do the job anyway. The business logic for multiple trust models would reside on the host. The LDAP request could be parsed, the business (trust) rules selected according to either or both the relying party's and sender's trust requirements. AL: Host - is this a server or a mainframe - this is a sizing issue? Perhaps a view of the system should be: a)A distributed X.500 system with high performance (even though it uses SQL RDBMS ) to give it industry strength and integrity. b) LDAP or DAP (DAP is for the lucky few that want to control the scope of directory chaining to get a cert path and getting Master cert from CA entries:-) ) access by the client software - with the presented cert and the domain in which validation is required information. Note: yet another weakness in LDAP will show up with trust/scope of cert path processing...Somehow LDAP and LDAP servers just dont seem to mix with X.509, certpath processing and CAs... c) A CA that populates its portion of The interconnected DIB with CA certs, CRLs, etc and validation information. d)Trusted CA utilities that run/execute on the CA "server" or "host" to manage the CA's validation "environment". The RDBMS and its server-side business logic can even chain requests to other CA directories if necessary. AL: Yes - there is nothing to stop a directory request to retrieve something with a Search/Matching rule into subordinate objects below the CA entry in question - via alias or cross referencing to other CAs DIBs - but this is a bit messy re Search and Trust management. But very achieveable with a few extensions to Results Correlation processing or CA Utilities. Of course, my perspective is that the business logic and trust requirements come from the CA, not the end-user. If the trust model rule making is placed on the end user, then one would need to design a pretty fat, customer customizable client software piece. AL: Agree and totally agree. The way things were turning out with client cert validation software is like LDAP clients have - more code in them than in a DSA. Simply because they incorporated (lesser) distribution handling functions - eg. referrals, replication management, etc - than X.500 DSAs in fact do. Fat unwieldy clients are symptomatic of what happens if one has no distributed (server) system, information and service based model to work with. regards alan PS - the draft for dir cert stat will be formally circulated next week. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 7:55 AM >>> Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA05809 for ietf-pkix-bks; Mon, 7 Sep 1998 07:27:40 -0700 (PDT) Received: from zionsbank.com (mail.zionsbank.com [207.14.144.36]) by mail.proper.com (8.8.8/8.8.5) with SMTP id HAA05805 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 07:27:39 -0700 (PDT) Received: from ZionsData-Message_Server by zionsbank.com with Novell_GroupWise; Mon, 07 Sep 1998 08:27:27 -0600 Message-Id: <s5f398ef.030@zionsbank.com> X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Sep 1998 08:27:08 -0600 From: Mike Smith <mfsmith@zionsbank.com> To: fod@brd.ie, Alan.Lloyd@OpenDirectory.com.au Cc: dave@chromatix.com, ietf-pkix@imc.org Subject: Relational vs Directory Repository Models (was RE: path development complexity s) Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Some of you have heard this before from me and others, but, maybe it's worth repeating at this time. Complexity of the problem of path building requires a more robust/intelligent repository. Think out of the directory model and consider a relational database behind the LDAP responder. Per cert request times may be slower, but the ability to work with multiple business (trust) models and supply ALL of the necessary certs (in one query) for the most complex path validation scenario outweighs (and maybe outperforms) a series of client-side processing and LDAP requests. The business logic for multiple trust models would reside on the host. The LDAP request could be parsed, the business (trust) rules selected according to either or both the relying party's and sender's trust requirements. The RDBMS and its server-side business logic can even chain requests to other CA directories if necessary. Of course, my perspective is that the business logic and trust requirements come from the CA, not the end-user. If the trust model rule making is placed on the end user, then one would need to design a pretty fat, customer customizable client software piece. Michael >>> Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> 09/07 7:55 AM >>> Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05623 for ietf-pkix-bks; Mon, 7 Sep 1998 06:56:10 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05618 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 06:56:06 -0700 (PDT) Received: from d1o65.telia.com (root@d1o65.telia.com [62.20.132.241]) by maild.telia.com (8.8.8/8.8.8) with ESMTP id QAA03923; Mon, 7 Sep 1998 16:01:01 +0200 (CEST) Received: from stefans (t2o65p95.telia.com [62.20.132.215]) by d1o65.telia.com (8.8.8/8.8.5) with SMTP id QAA03606; Mon, 7 Sep 1998 16:00:42 +0200 (CEST) Message-Id: <3.0.32.19980907155744.00a55170@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 07 Sep 1998 15:58:39 +0200 To: "Aram Perez" <aram@apple.com>, bob jueneman <bjueneman@novell.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Digital signature and non-repudiation key usage bits Cc: ietf-pkix@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA05620 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Aram, Some comments follow. At 10:17 AM 9/4/98 -0700, Aram Perez wrote: >Bob and Stefan: > >>At 06:42 PM 9/2/98 -0600, Bob Jueneman wrote: >><snip> >>>>I suggest that we stick to the standardized definitions of the key usage >>>>bits and leave >>>>policy issues out of a common certificate profile. >>> >>>If there were any sense of the community as to what these definitions really >>>mean, or ought to mean, we would probably not be having this discussion. >>>Otherwise I would agree with you. >>>> >>>>non-repudiation is according to standard selected by the NR bit, not NR in >>>>combination with DS bit. Inclusion of the DS bit means that DS mechanisms >>>>other than non-repudiation are allowed for the key. > >Is non-repudiation a mechanism or a service? Sorry for my careless language. Non-repudiation is a service and that service is not defined by the CA. However the CA may indicate that the certificate is aimed to support that service. > >>> >>>I believe that is exactly the issue. Are you suggesting that NR plus DS >>should not >>>be allowed? Why? >> >>No I do not. I do suggest that such decision is up to local policy. But >>there will be some policies where this combination will not be allowed, but >>I think you agree to that. > >My problem with this is that to provide "digital" non-repudiation, you have to >"sign" something with a digital signature. I understand that the key usage field >is very overloaded, so I'll probably have to live with it, but I do not agree or >like it. Yes and no. It is clear that X509 has mixed two levels. The mechanism level and the service level. Looking back in the mirror that might have been a bad mix. What's even worse is that the service bit NR in some cases is used as an alternative to DS. To accomplish this the standard has been forced to define both bits to a combined service/mechanism bit. I.e. NR is selecting use of digital signatures and DS is selecting services other than non-repudiation. This is causing the messy debate and could be used as an argument for a defect report. However considering the standard as it is, can we use it? Yes I think so, even if it's not perfect. > >> >>The important thing is that I suggest that the NR bit and DS bit has >>separate meaning and that they should be set independently to specify DS, >>NR or both. >> >>The vague definition of the NR bit is a problem, I agree to that. > >YES!! > >> >>If I were to define some distinguishing property of the NR bit that would be: >> >> Non repudiation denotes services constructed in such way that: >> 1) The signature provides proof of the integrity and >> origin of data - both in an unforgeable relationship - which can be >> verified by any third party at any time.[X.509 / ISO 9594-8] >> 2) The signature is applied to a message where the signatory is capable >> of, and required to, accept responsibility for the message content >> before signing. > >But NR is set in the certificate (i.e. the public key) and does not tell you >whether the signatory (who is using the private key) actually was capable of >accepting responsibility. Yes you are right, it doesn't. And it shouldn't. Since the CA isn't the provider of that service the certificate will tell nothing about the service in which the certificate is used. The key usage bit is a requirement stated by the CA for staying with it's liabilities, not a promise that the requirements will be met. > >> 3) The signatory's liability for signing the message can be concluded >> from the signed message itself, possibly within a well known and agreed >> context that can be verified by any third party at any time. >> >>This definitions rules out any signed logon ticket or other data >>authentication mechanisms where the signature says "this message wasn't >>changed" instead of "I take full responsibility for the message content". > >You do not need a digital signature to tell you "this message wasn't changed". >CRCs, LRCs, checksums, etc have been used for this longer that I've been alive. >You use digital signature when you want to know "this message wasn't changed" >AND "this message came from the reported sender". > Agreed. I guess my point still stands. >> >>But since this is not defined by the bit (which I regret) the way to go >>will be for the CA to include this in it's published certificate policy. > >I doubt whether a CA is going to take responsibility and liability for something >it has no control over. The CA does not know what applications and crypto APIs >the owner of the private key is using. > The CA will not assume responsibility for services utilizing the certificates. It will only be liable for its issued certificates. Again, the CA is not the provider of the NR service. Still, the CA will in some cases state requirements on supported services. Don't forget the original task for the CA. It is just to provide statements to be used as guidance by certificate users. >> >>I can't see any other way for now when utilizing the existing standard. I >>would not object though to a defect report to get this into the standard. > >And I am willing to help (or lead) in this effort. > >> >>In the new proposed work item, however, regaring a profile for >>non-repudiation certificates supporting legal acceptance of digital >>signatures I will try to get this definition in. >> >>Would you support it? > >I would be glad to help and support it. > >Regard, >Aram Perez >Apple Computer, Inc. > > /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05609 for ietf-pkix-bks; Mon, 7 Sep 1998 06:51:36 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05605 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 06:51:29 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <SMGRLFJX>; Mon, 7 Sep 1998 23:55:10 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC0737F9@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Frank O'Dwyer '" <fod@brd.ie> Cc: "'Dave Horvath '" <dave@chromatix.com>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: path development complexity (was Re: What the straw poll mean s) Date: Mon, 7 Sep 1998 23:55:08 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks Frank - Its nice to see some reality re this issue. My draft submitted re dir cert stat. point one is we all need a scaleable directory infrastructure for any CA system to work and point two is we dont need CA information designs that act as a maze for megabytes of client software to find the "way out".. As said I think CAs must provide a validation service based on the cert presented and the domain of the client requesting validation. We seem to have gone down the track of inventing a X.509 CA model (and directory objects) for the sake of a CA on what it wants to do with certificate management - as the first part of the system design. As opposed to a CA model that provides a simple client with a validation service, which really is the second part of the system design. For chasing cert paths - Names in the certficates should do - plus the context (ie. the requestor) of the validation. And the CA should do the rest. The directory service and its matching rules proposed in the dir cert stat doc are the foundation of this. All thoughts on this area are welcome. regards alan ---------- From: Frank O'Dwyer To: Alan Lloyd Cc: Dave Horvath; ietf-pkix@imc.org Sent: 9/5/98 9:44:06 PM Subject: Re: path development complexity (was Re: What the straw poll mean s) Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA05308 for ietf-pkix-bks; Mon, 7 Sep 1998 05:51:16 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA05304 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 05:50:53 -0700 (PDT) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by maild.telia.com (8.8.8/8.8.8) with ESMTP id OAA00330; Mon, 7 Sep 1998 14:55:39 +0200 (CEST) Received: from stefans (t3o68p29.telia.com [62.20.139.29]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id OAA28463; Mon, 7 Sep 1998 14:55:35 +0200 (CEST) Message-Id: <3.0.32.19980907145238.00a532a0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 07 Sep 1998 14:53:16 +0200 To: Bill Brice <Bill.Brice@idtrust.com>, pkix <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: RE: Defining Non-Repudiation Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA05305 Sender: owner-ietf-pkix@imc.org Precedence: bulk Bill, Thank you for your very clarifying information. This is a very important perspective to have when discussing standardized certificate profiles. As you may have seen I have proposed a new work item for PKIX regarding a specific certificate profile based on PKIX part 1 to be used in the context you describe. The ONLY rationale for this profile is to create a common profile for technical interoperability. Not to achieve a globally harmonized legal framework. The new work item, called profile for Qualified Certificates, addresses some of your issues: <snip> >(2) The certificate is considered trustworthy (i.e., an accurate >binding of a public key to a person's identity) because the certificate >was issued by a certification authority in accordance with standards, >procedures, and other requirements specified by the Secretary of State, >or the trier of fact independently finds that the certificate was issued >in a trustworthy manner by a certification authority that properly >authenticated the subscriber and the subscriber's public key, or >otherwise finds that the material information set forth in the >certificate is true. The qualified certificate will be a certificate which includes a statement by the issuer that it meets all requirements imposed by the governing legal framework, regardless of what that legal framework states, to support "Secure electronic signatures" according to your definition. Further the qualified certificate profile will enhance interoperability in naming and other essential attributes. It would be nice to have your view on this. The work item has primary been raised as an answer to needs arising from the European legal framework development. It is though conducted in a generic approach that should be independent of any legal framework. I hope that I can count on your input to ensure that the profile will be consistent with the American legal approach. /Stefan At 03:22 PM 8/21/98 -0500, Bill Brice wrote: >All, > >There has been considerable discussion and debate on these >lists regarding the proper use of the DS and NR KeyUsage bits >in X.509v3 certificates. > >Lets look at this from a legal perspective for a moment, >since a large part of digital signatures is being able >to place some reliance on the data that is digitally signed. > >In the US, private contract law is governed primarily by the >laws of the various US states. Under the Uniform Commercial Code >(in effect for many years now), as enacted by US state laws, >a signature is defined as "any symbol executed or adopted by >a party with the present intention to authenticate a writing". > >This means that my typed name at the bottom of this message >constitutes a valid "signature" under the law. This is a practice >many people use in their e-mails, and it has a binding effect >today, under present law. Were this e-mail digitally signed, you >"might" be able to consider it a signature, but only if it were >consciously signed by me with the "present intention to authenticate" >this message. > >As a relying party this digital signature carries no more legal >weight that my typed signature below. In a dispute, you as the relier >would have the burden of proof that the signature on this message, >whether typed or digitally signed, was valid. The court and/or jury >would have to decide whether your reliance was "reasonable under >the facts and circumstances" of the matter. It would make no >difference what KeyUsage bit was set. > >In determining "reasonable reliance" there is a broad continuum. >In the case of the typed signature: Do you personally know me? >What other information did you have about me? What other correspondence >have you received from me? Do you know my address and phone >numbers? etc. etc. In the case of the digital signature the same >questions would apply, plus: Do you understand anything about PKI? >Who issued the certificate? What application software did you use to >receive and verify the message? > >In fact, most people outside of this mailing list would quite reasonably >have less comfort with this message were it digitally signed as opposed >to a typed closing signature. > >Woe on the first relying party to litigate a repudiated digital >signature. It will likely cost over US$100,000. > >Fortunately, there is a way out of this messy state of affairs. And >it impacts the DS/NR question. > >The US State of Illinois, after 18 months of study by the Illinois >Commission on Electronic Commerce and Crime, passed a new EC law >(to take effect July 1, 1999) titled the "Electronic Commerce >Security Act". This comprehensive law not only recognizes digital >signatures as being equally valid as a UCC (above) signature, but it >create a new class of signature called a "secure electronic signature" >and a new class of data record called a "secure electronic record". > >To quote from the Commission's report: "Secure electronic records and >secure electronic signatures define categories of records and >signatures that are accorded heightened evidentiary presumptions >because of their enhanced reliability and trustworthiness, >just as notarized documents are accorded heightened evidentiary >presumptions for the same reason. The concept of a secure electronic >record and a secure electronic signature is critical to enabling >electronic commerce. Businesses will be much more willing to enter >into commercial transactions, extend credit, commit resources, >ship goods, or otherwise rely on messages from contracting parties >transmitted over public networks such as the Internet when they can >be assured that such records and signatures will be accorded the >heightened evidentiary presumptions necessary to effectively make >their transactions nonrepudiable." > >The effect of this is that a relying party may presume that a >"secure electronic signature" is valid and in a dispute the burden >of proof shifts to the signer to rebut the presumption. > >This is the quality we would all like in a non-repudiable >digital signature. It will be necessary for other jurisdictions to >follow the Illinois lead in order to give us the PKI world we would >want (at least as far as digisig is concerned). I would urge Petra >to consider this approach in the German legislation. > >In order to achieve this GOLD CARD level of non-repudiation the law >provides as follows: > >----START >Section 10-110. Secure electronic signature. > >(a) If, through the use of a qualified security procedure, >it can be verified that an electronic signature is the signature of a >specific person, then such electronic signature shall be considered to >be a secure electronic signature at the time of verification, if the >relying party establishes that the qualified security procedure was: > > (1) commercially reasonable under the circumstances, > > (2) applied by the relying party in a trustworthy manner, >and > > (3) reasonably and in good faith relied upon by the relying >party. > >(b) A qualified security procedure for purposes of this Section is a > >security procedure for identifying a person that is: > > (1) previously agreed to by the parties, or > > (2) certified by the Secretary of State in accordance with >Section 10-135 as being capable of creating, in a trustworthy manner, >an electronic signature that: > > (A) is unique to the signer within the context in which it >is used; > > (B) can be used to objectively identify the person signing >the >electronic record; > > (C) was reliably created by such identified person, (e.g., >because some aspect of the procedure involves the use of a signature >device or other means or method that is under the sole control of such >person), and that cannot be readily duplicated or compromised, and > > (D) is created, and is linked to the electronic record to >which it relates, in a manner such that if the record or the signature >is intentionally or unintentionally changed after signing the electronic >signature is invalidated. > >----END > >So, what's a qualified security procedure in the case of digital >signatures? >The law provides: > >----START >Section 15-105. Secure electronic signature. A digital signature that >is created using an asymmetric algorithm certified by the Secretary >of State under item (2) of subsection (b) of Section 10-110 shall be >considered to be a qualified security procedure for purposes of >identifying a person under Section 10-110 if: > >(1) The digital signature was created during the operational period >of a valid certificate, was used within the scope of any other >restrictions specified or incorporated by reference in the certificate, >if any, and can be verified by reference to the public key listed in >the certificate; and > >(2) The certificate is considered trustworthy (i.e., an accurate >binding of a public key to a person's identity) because the certificate >was issued by a certification authority in accordance with standards, >procedures, and other requirements specified by the Secretary of State, >or the trier of fact independently finds that the certificate was issued > >in a trustworthy manner by a certification authority that properly >authenticated the subscriber and the subscriber's public key, or >otherwise finds that the material information set forth in the >certificate is true. >----END > >So, what are the implications for the PKIX draft and this debate >about DS/NR keybits? > >I believe the Illinois ECS Act gives us strong guidance on the direction >of the law (at least US law). The key issue for PKIX is expressed in >paragraph 1 of Section 15-105 above. Namely, that the digital signature >"was used within the scope of any other restrictions specified or >incorporated by reference in the certificate, if any...". > >IMHO, this says that it's really up to the CA and what they say in >their CPS and any Certificate Policies adopted by the CA. If a CA >adopts the PKIX profile, which they don't have to, then it would be >up to the CA to further clarify the meaning of the NR bit in their >certificates. To me, the NR bit is a requirement for any CA whose >certificates will be used in an open environment, and whose certs >are intended to establish the kind of non-repudiation contemplated >by the Illinois law. The DS bit is irrelevant in this context. > >Of course it would be great if the application software would pay >any attention at all to the v3 extensions in a certificate. But, >that's another story. > > >Bill Brice, Chief PKI Architect >International DataTrust >PO Box 670789 >Dallas, TX 75367-0789 >+1.214.706.9320 (direct), +1.214.706.9321 (fax) > >P.S. I'm not an attorney. While I participate in the American Bar >Association's Information Security Committee, these opinions are >my own and you should conduct your own investigation and seek >you own legal advice on these matters. :) > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA01907 for ietf-pkix-bks; Mon, 7 Sep 1998 01:23:43 -0700 (PDT) Received: from mailhost.dircon.co.uk (mailhost.dircon.co.uk [194.112.32.65]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA01902 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 01:23:41 -0700 (PDT) Received: from dircon.co.uk (th-en133-079.pool.dircon.co.uk [194.112.53.79]) by mailhost.dircon.co.uk (8.9.1/8.8.7) with ESMTP id JAA13359 for <ietf-pkix@imc.org>; Mon, 7 Sep 1998 09:28:29 +0100 (BST) Message-ID: <35F39AD8.82DEC733@dircon.co.uk> Date: Mon, 07 Sep 1998 09:35:36 +0100 From: Jorgen Moller <jmoller@dircon.co.uk> Reply-To: jmoller@dircon.co.uk X-Mailer: Mozilla 4.02 [en] (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA27936 for ietf-pkix-bks; Sun, 6 Sep 1998 09:51:13 -0700 (PDT) Received: from out5.ibm.net (out5.ibm.net [165.87.194.243]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA27932 for <ietf-pkix@imc.org>; Sun, 6 Sep 1998 09:51:11 -0700 (PDT) Received: from 730xcdt (slip139-92-24-251.por.uk.ibm.net [139.92.24.251]) by out5.ibm.net (8.8.5/8.6.9) with SMTP id QAA26578 for <ietf-pkix@imc.org>; Sun, 6 Sep 1998 16:56:09 GMT From: "CliveBetteridge" <cbetter@ibm.net> To: <ietf-pkix@imc.org> Subject: Internet Directory Consortium call for participation in DirConnect3 Date: Sun, 6 Sep 1998 17:48:12 +0100 Message-ID: <01bdd9b6$22a8b940$LocalHost@730xcdt> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D9_01BDD9BE.846D2140" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-Mimeole: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_00D9_01BDD9BE.846D2140 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear all,=20 The interest in LDAP, especially V3 and extensions remains strong. With = this increase in popularity of the technology come even greater = requirements for interoperability of different suppliers' = implementations. To enable cooperative LDAP testing in an engineers-only = environment the Internet Directory Consortium proposes to hold a = Dirconnect3 Interoperability Testing event.=20 If you are implementing LDAP clients or servers you are urged to = consider this opportunity of meeting your peers in other organizations = for some serious testing. The location will be in the San Jose area.=20 The program will be as below:=20 Day 1 8:30 - 9:30 Set up, get acquainted, muffins, fruit, coffee, sodas 9:30 - 12:00 Testing 12:00 - 1:00 Lunch (buffet, served away from the work room) 1:00 - 5:00 Testing 5:00 - 5:30 Recap and plan for Day 2=20 8:30 - 12:00 Testing (muffins, fruit, coffee, sodas at 8:30) 12:00 - 1:00 Lunch (buffet, served away from the work room) 1:00 - 4:00 Testing 4:00 - 5:00 Review and prepare preliminary report 5:00 - 6:00 Tear down A quick straw-poll suggests most favored dates to be in the week = commencing Monday 26th October. Please can you give me the answers to the following questions: Are you likely to attend?=20 What date(s) would you prefer? What would you like to test? Basic LDAP V2? Basic LDAP V3? LDAP V3 Extensions? (please list) I look forward to hearing from you. Best regards Clive Clive Betteridge, Operations Manager - Internet Directory Consortium The Open Group Apex Plaza, Forbury Road, Reading RG1 1AX, UK Mailto:c.betteridge@opengroup.org Ph: +44 1344 642153 http://www.opengroup.org/idc/ Fx: +44 118 950 0110=20 ------=_NextPart_000_00D9_01BDD9BE.846D2140 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.71.1712.3"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> <DIV><FONT color=3D#000000 face=3DArial> <P>Dear all,</FONT><FONT face=3DArial> </P></FONT><FONT = color=3D#000000=20 face=3DArial> <P>The interest in LDAP, especially V3 and extensions remains strong. = With this=20 increase in popularity of the technology come even greater requirements = for=20 interoperability of different suppliers' implementations. To enable = cooperative=20 LDAP testing in an engineers-only environment the Internet Directory = Consortium=20 proposes to hold a Dirconnect3 Interoperability Testing = event.</FONT><FONT=20 face=3DArial> </P> <P>If you are implementing LDAP clients or servers you are urged to = consider=20 this opportunity of meeting your peers in other organizations for some = serious=20 testing.</P></FONT><FONT color=3D#000000 face=3DArial> <P>The location will be in the San Jose area.</FONT><FONT=20 face=3DArial> </P></FONT><FONT color=3D#000000 face=3DArial> <P>The program will be as below:</FONT><FONT = face=3DArial> </P></FONT><FONT=20 color=3D#000000 face=3DArial> <P>Day 1</P> <P>8:30 - 9:30 Set up, get acquainted, muffins, fruit, coffee, sodas</P> <P>9:30 - 12:00 Testing</P> <P>12:00 - 1:00 Lunch (buffet, served away from the work room)</P> <P>1:00 - 5:00 Testing</P> <P>5:00 - 5:30 Recap and plan for Day 2 </P> <P>8:30 - 12:00 Testing (muffins, fruit, coffee, sodas at 8:30)</P> <P>12:00 - 1:00 Lunch (buffet, served away from the work room)</P> <P>1:00 - 4:00 Testing</P> <P>4:00 - 5:00 Review and prepare preliminary report</P> <P>5:00 - 6:00 Tear down</P> <P></P> <P></P> <P>A quick straw-poll suggests most favored dates to be in the week = commencing=20 Monday 26th October.</P> <P></P> <P>Please can you give me the answers to the following questions:</P> <P>Are you likely to attend? </P> <P>What date(s) would you prefer?</P> <P></P> <P>What would you like to test?</P> <P>Basic LDAP V2?</P> <P>Basic LDAP V3?</P> <P>LDAP V3 Extensions? (please list)</P> <P></P> <P></P> <P>I look forward to hearing from you.</P> <P></P> <P>Best regards</P> <P></P> <P>Clive</P> <P></P> <P>Clive Betteridge, Operations Manager - Internet Directory = Consortium</P> <P>The Open Group</P> <P>Apex Plaza, Forbury Road, Reading RG1 1AX, UK</P></FONT><U><FONT=20 color=3D#0000ff face=3DArial> <P>Mailto:c.betteridge@opengroup.org</U></FONT><FONT color=3D#000000=20 face=3DArial> Ph: +44 1344 642153</P></FONT><U><FONT = color=3D#0000ff=20 face=3DArial> <P>http://www.opengroup.org/idc/</U></FONT><FONT color=3D#000000=20 face=3DArial> Fx: +44 118 950 0110 = </FONT></P></DIV></DIV></BODY></HTML> ------=_NextPart_000_00D9_01BDD9BE.846D2140-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA22327 for ietf-pkix-bks; Sat, 5 Sep 1998 13:17:35 -0700 (PDT) Received: from post.mail.demon.net (post-20.mail.demon.net [194.217.242.27]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA22323 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 13:17:33 -0700 (PDT) Received: from [158.152.104.114] (helo=brd.ie) by post.mail.demon.net with esmtp (Exim 2.02 #1) id 0zFOqt-0007Cf-00 for ietf-pkix@imc.org; Sat, 5 Sep 1998 20:22:31 +0000 Message-ID: <35F19D00.DE9A4F4A@brd.ie> Date: Sat, 05 Sep 1998 21:20:16 +0100 From: "Frank O'Dwyer" <fod@brd.ie> X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: path development complexity References: <001201bdd8d7$6a2f60a0$010ed180@klerer.basit.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Robert Klerer wrote: > As a believer in the thinner client, a (local and possibly trusted) network > based resource can perform this task more efficiently than locating it on > the client. That sounds like it would help a lot (and it would be useful) but I would still be concerned that it wouldn't be enough. For example, people expected a lot of HTTP proxy caches (a similar solution to a similar kind of problem), but I think those turned out not to deliver as much as was expected. You also have the problem of arbitrary/roaming users connecting to ISPs -- there is not much reason to suppose that a responder located at an ISP would do a very good job of caching paths, since the users could be connecting to just about anything. (Caching would still help I guess.) Lastly, you have the problem that certificates themselves run fairly big, and that will doubtless get worse as people stuff more extensions in there (mpegs of cats spring to mind:). So if cross-certificates really take off, one of these responders could potentially wind up like a backbone IP router, holding paths to everywhere, and needing ridiculous quantities of main memory just to avoid thrashing. (The router problem is also a similar problem with similar causes.) Another analogy is an internet search engine - take a look at the spec of machine that altavista runs on. So, if it is possible (and I don't know if it is), it would be much better to design the PKI structure so that path discovery was easy in the first place. > And we can argue whether it is more vulnerable to denial of > service attacks or not. But since the validation of the discovered path > will always remain a client function, we would only be vulnerable to denial > attacks. Well if the responder was out of service the client could always fall back on searching for itself. It could keep a local cache of discovered paths also, and search there first (again like the HTTP/proxy scenario). Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA21055 for ietf-pkix-bks; Sat, 5 Sep 1998 07:09:49 -0700 (PDT) Received: from mailsvr.basit.com (mailsvr.basit.com [128.209.2.13]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA21051 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 07:09:43 -0700 (PDT) Received: from klerer.basit.com (shiva119 [128.209.144.119]) by mailsvr.basit.com (Guess_again/1.8) with SMTP id KAA28073 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 10:13:15 -0400 (EDT) Message-ID: <001201bdd8d7$6a2f60a0$010ed180@klerer.basit.com> From: "Robert Klerer" <klerer@xhair.com> Cc: <ietf-pkix@imc.org> Subject: Re: path development complexity Date: Sat, 5 Sep 1998 10:13:36 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Frank, You have identified the problem. By design the cross-certification arrangements are driven by the business (and social) rules rather than the design of pkix. We have put in some generic restrictions that can be applied, like name constraints and path length limitations, but I would expect application specific extensions to proliferate. To make the problem of path discovery harder, a cross certification arrangement may be valid for one application but not another. For example, Citibank may decide that their employees can exchange signed and encrypted email with employees of IBM. The cross certification arrangement between their CA's may be constructed to lack the critical extension to be valid for exchanging financial trading information, while the arrangement with BoA does and allows the trust relationship to be used for both email and trading. As a believer in the thinner client, a (local and possibly trusted) network based resource can perform this task more efficiently than locating it on the client. And we can argue whether it is more vulnerable to denial of service attacks or not. But since the validation of the discovered path will always remain a client function, we would only be vulnerable to denial attacks. -----Original Message----- From: Frank O'Dwyer <fod@brd.ie> To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> Cc: Dave Horvath <dave@chromatix.com>; ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Saturday, September 05, 1998 9:12 AM Subject: Re: path development complexity (was Re: What the straw poll mean s) >Alan Lloyd wrote: >> I have a few views in that certs must be supported by mutually >> authenticated distributed X.500 directory systems otherwise 509 based >> systems just wont scale and provide the commercial utilitity as >> demanded by global EC directed organisations. Not having this foundation >> - one just drops into all sorts of operational cost, scaling and >> efficiency holes. > >What I am talking about is not the underlying retrieval efficiency, >but rather the cost of total wrong-turns in the overall search, e.g: > > 10:15 Developing a path to verify certificate for "Joe's Server, >NY" > 10:15 Retrieving cross-certificates for "Keys R Us" > 10:16 Retrieving cross-certificates for "Keys R Us Too" > 10:17 Retrieving cross-certificates for "Barcelona CA" > 10:18 Retrieving cross-certificates for "Spanish Bank" > CARRIER LOST > >Users just love that browser "stop" button, and so any verification >process that can't complete in a second or so is broken (my >opinion). > >Throwing a meatier directory and/or caches (as someone else >suggested) at it doesn't help if finding just one path involves >trawling the world for hundreds of names. That is why I think it >would be better if the certificates themselves contained positive >guidance as to where to go next, or if cross-cert scenarios that >lead to vague searches could be identified and discouraged. For >example, maybe name constraints could be used as clues to guide path >building. As things stand, content like basic constraints just tells >you where *not* to search. That seems to leave building in >heuristics, and hoping that working down from your trusted root(s) >and/or up from the end-entity cert(s), you somehow meet in the >middle and terminate in some reasonable time -- something that is by >no means guaranteed. > >Maybe I have missed something obvious here - but I think this could, >given time, turn out to be a showstopper scalability issue if it is >not addressed early. > >Cheers, >Frank O'Dwyer. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA17401 for ietf-pkix-bks; Sat, 5 Sep 1998 04:41:03 -0700 (PDT) Received: from post.mail.demon.net (post-12.mail.demon.net [194.217.242.41]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA17397 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 04:41:02 -0700 (PDT) Received: from [158.152.104.114] (helo=brd.ie) by post.mail.demon.net with esmtp (Exim 2.02 #1) id 0zFGmh-0007jD-00; Sat, 5 Sep 1998 11:45:40 +0000 Message-ID: <35F12406.8006C3D@brd.ie> Date: Sat, 05 Sep 1998 12:44:06 +0100 From: "Frank O'Dwyer" <fod@brd.ie> X-Mailer: Mozilla 4.06 [en] (Win95; I) MIME-Version: 1.0 To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> CC: Dave Horvath <dave@chromatix.com>, ietf-pkix@imc.org Subject: Re: path development complexity (was Re: What the straw poll mean s) References: <D1A949D4508DD1119C8100400533BEDC05D489@DSG1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Alan Lloyd wrote: > I have a few views in that certs must be supported by mutually > authenticated distributed X.500 directory systems otherwise 509 based > systems just wont scale and provide the commercial utilitity as > demanded by global EC directed organisations. Not having this foundation > - one just drops into all sorts of operational cost, scaling and > efficiency holes. What I am talking about is not the underlying retrieval efficiency, but rather the cost of total wrong-turns in the overall search, e.g: 10:15 Developing a path to verify certificate for "Joe's Server, NY" 10:15 Retrieving cross-certificates for "Keys R Us" 10:16 Retrieving cross-certificates for "Keys R Us Too" 10:17 Retrieving cross-certificates for "Barcelona CA" 10:18 Retrieving cross-certificates for "Spanish Bank" CARRIER LOST Users just love that browser "stop" button, and so any verification process that can't complete in a second or so is broken (my opinion). Throwing a meatier directory and/or caches (as someone else suggested) at it doesn't help if finding just one path involves trawling the world for hundreds of names. That is why I think it would be better if the certificates themselves contained positive guidance as to where to go next, or if cross-cert scenarios that lead to vague searches could be identified and discouraged. For example, maybe name constraints could be used as clues to guide path building. As things stand, content like basic constraints just tells you where *not* to search. That seems to leave building in heuristics, and hoping that working down from your trusted root(s) and/or up from the end-entity cert(s), you somehow meet in the middle and terminate in some reasonable time -- something that is by no means guaranteed. Maybe I have missed something obvious here - but I think this could, given time, turn out to be a showstopper scalability issue if it is not addressed early. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA16384 for ietf-pkix-bks; Sat, 5 Sep 1998 04:27:42 -0700 (PDT) Received: from mb05.swip.net (mb05.swip.net [193.12.122.209]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA16371 for <ietf-pkix@imc.org>; Sat, 5 Sep 1998 04:27:35 -0700 (PDT) Received: from patrik (dialup185-1-22.swipnet.se [130.244.185.22]) by mb05.swip.net (8.8.8/8.8.8) with SMTP id NAA10743; Sat, 5 Sep 1998 13:32:17 +0200 (MET DST) Message-Id: <199809051132.NAA10743@mb05.swip.net> X-Sender: Patrik Nilsson@mail.henrik.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.44 (Beta) Date: Sat, 05 Sep 1998 13:32:45 +0200 To: WHenry <WHenry@pec.com> From: Patrik Nilsson <patrik@patrik.com> Subject: RE: Heads Up - Historic digital signing ceremony Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> In-Reply-To: <3C7EABA3F6F1D1118FD90008C7F450FD5360A8@exchang-fairfax.pec .com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-ietf-pkix@imc.org Precedence: bulk The signed communiqué, the certificates, etc, are available at: http://www.baltimore.ie/clintonvisit98/communique.html Seems like there's a mime type problem on the web server though. The certs are typed as ca-certs, leading to strange results when installing them in Communicator. Patrik At 07:48 PM 98-09-04 , WHenry wrote: > I wonder what President Clinton did with the smartcard afterwards... >Can anyone add info on the nature of this PKI? Was there cross >certification, or a single CA? > > Bill Henry >> -----Original Message----- >> From: Kurn, David >> Sent: Friday, September 04, 1998 12:43 PM >> To: ietf-pkix@imc.org >> Subject: RE: Heads Up - Historic digital signing ceremony >> >> I wonder if the President obtained an export license for this technology. >> I >> think crypto devices (such as smart cards) could be subject to ITAR. >> >> David Kurn >> Compaq Computers >> >> > -----Original Message----- >> > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] >> > Sent: Friday, September 04, 1998 9:12 AM >> > To: ietf-pkix@imc.org >> > Subject: Heads Up - Historic digital signing ceremony >> > >> > While the bits are flying on the LDAP debate, I >> > thought the list should know that a historic >> > milestone took place today (Friday 9/4) in the >> > E-commerce/X.509 world. >> > >> > President Clinton and the Irish Prime Minister >> > signed a joint communiqué on E-commerce in Dublin. >> > What was significant was not the communiqué but the >> > fact that both heads of state signed the document >> > digitally using X.509 technology. The private keys >> > were held on smartcards issued to each head of >> > state. This is the first instance of an >> > international agreement being digitally signed. >> > >> > It's nice to see that this work >> > is actually showing up in the real >> > world in a significant way. >> > >> > OK - keep voting! >> > >> > Bill Brice, Chief PKI Architect >> > International DataTrust >> > >> > P.S. Congratulations to Baltimore Technologies for >> > pulling this off. It will move the PKIX world forward. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA11433 for ietf-pkix-bks; Fri, 4 Sep 1998 17:15:01 -0700 (PDT) Received: from nick.arc.nasa.gov (nick.arc.nasa.gov [143.232.48.121]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA11426 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 17:15:00 -0700 (PDT) Received: from [128.102.131.45] (hotdog.arc.nasa.gov [128.102.131.45]) by nick.arc.nasa.gov (8.8.7/8.8.7) with ESMTP id RAA16856 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 17:19:49 -0700 (PDT) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-Id: <v04011726b216213153a7@[128.102.131.45]> Date: Fri, 4 Sep 1998 17:21:49 -0800 To: ietf-pkix@imc.org From: Paul Ma <pma@mail.arc.nasa.gov> Subject: FOR Option2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, I would put my 2 cents in for choosing option 2 in the latest straw poll on certificate attributes used to store CA certificate. Paul Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA10422 for ietf-pkix-bks; Fri, 4 Sep 1998 14:44:40 -0700 (PDT) Received: from inet16.us.oracle.com (inet16.us.oracle.com [192.86.155.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA10418 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:44:39 -0700 (PDT) Received: from mailtst1 (mailtst1.us.oracle.com [144.25.88.179]) by inet16.us.oracle.com (8.8.5/8.8.5) with SMTP id OAA16968 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:49:32 -0700 (PDT) Received: from inferno by mailtst1 with SMTP (SMI-8.6/37.9) id OAA09210; Fri, 4 Sep 1998 14:47:47 -0700 From: "Surendra Reddy" <skreddy@us.oracle.com> To: <ietf-pkix@imc.org> Subject: For option 2 Date: Fri, 4 Sep 1998 14:49:11 +0100 Message-ID: <001101bdd80a$cb797850$96171990@inferno.us.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA10255 for ietf-pkix-bks; Fri, 4 Sep 1998 14:17:50 -0700 (PDT) Received: from docws007.shl.com (docws007.shl.com [159.249.56.7]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA10251 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:17:49 -0700 (PDT) Received: from dalmsdoc01.shl.com (dalmsdoc01.shl.com [159.249.142.247]) by docws007.shl.com (8.9.1/8.9.1) with SMTP id QAA03170 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 16:28:37 -0500 Received: by dalmsdoc01.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDD820.3C0DEAA0@dalmsdoc01.shl.com>; Fri, 4 Sep 1998 16:22:39 -0500 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980904212233Z-48747@dalmsdoc01.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'WHenry'" <WHenry@pec.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 16:22:33 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id OAA10252 Sender: owner-ietf-pkix@imc.org Precedence: bulk The press release about the event and the system used is at http://www.baltimore.ie/news/press/pr980904.html Jan Pachl >---------- >From: WHenry[SMTP:WHenry@pec.com] >Sent: Friday, September 04, 1998 1:48 PM >To: 'Kurn, David' >Cc: 'ietf-pkix@imc.org' >Subject: RE: Heads Up - Historic digital signing ceremony > > I wonder what President Clinton did with the smartcard afterwards... >Can anyone add info on the nature of this PKI? Was there cross >certification, or a single CA? > > Bill Henry >> -----Original Message----- >> From: Kurn, David >> Sent: Friday, September 04, 1998 12:43 PM >> To: ietf-pkix@imc.org >> Subject: RE: Heads Up - Historic digital signing ceremony >> >> I wonder if the President obtained an export license for this technology. >> I >> think crypto devices (such as smart cards) could be subject to ITAR. >> >> David Kurn >> Compaq Computers >> >> > -----Original Message----- >> > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] >> > Sent: Friday, September 04, 1998 9:12 AM >> > To: ietf-pkix@imc.org >> > Subject: Heads Up - Historic digital signing ceremony >> > >> > While the bits are flying on the LDAP debate, I >> > thought the list should know that a historic >> > milestone took place today (Friday 9/4) in the >> > E-commerce/X.509 world. >> > >> > President Clinton and the Irish Prime Minister >> > signed a joint communiqué on E-commerce in Dublin. >> > What was significant was not the communiqué but the >> > fact that both heads of state signed the document >> > digitally using X.509 technology. The private keys >> > were held on smartcards issued to each head of >> > state. This is the first instance of an >> > international agreement being digitally signed. >> > >> > It's nice to see that this work >> > is actually showing up in the real >> > world in a significant way. >> > >> > OK - keep voting! >> > >> > Bill Brice, Chief PKI Architect >> > International DataTrust >> > >> > P.S. Congratulations to Baltimore Technologies for >> > pulling this off. It will move the PKIX world forward. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA10107 for ietf-pkix-bks; Fri, 4 Sep 1998 13:58:54 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA10103 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 13:58:54 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id OAA23121 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 14:03:48 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04MGZZ7>; Fri, 4 Sep 1998 14:03:01 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DAC8650@exccup-25006.mis.tandem.com> From: "Salmond, Kent" <kent.salmond@compaq.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 14:02:57 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA10021 for ietf-pkix-bks; Fri, 4 Sep 1998 13:52:28 -0700 (PDT) Received: from portal.visa.com (portal.visa.com [198.80.42.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA10017 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 13:52:26 -0700 (PDT) Received: by portal.visa.com id NAA11445 (InterLock SMTP Gateway 3.0 for ietf-pkix@imc.org); Fri, 4 Sep 1998 13:57:19 -0700 Received: by portal.visa.com (Protected-side Proxy Mail Agent-1); Fri, 4 Sep 1998 13:57:19 -0700 Message-Id: <95288CC7E7F7D111883B0001FAF85C03147267@sw720x014.visa.com> From: "Smith, David" <david@visa.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 13:56:51 -0700 Mime-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA08871 for ietf-pkix-bks; Fri, 4 Sep 1998 12:18:09 -0700 (PDT) Received: from tungsten.btinternet.com (tungsten.btinternet.com [194.73.73.81]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA08867 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 12:18:07 -0700 (PDT) Received: from m5pqp [195.99.53.190] by tungsten.btinternet.com with smtp (Exim 1.70 #1) id 0zF1Ox-0001O7-00; Fri, 4 Sep 1998 20:20:07 +0100 Message-Id: <3.0.32.19980904202338.00bb08a0@mail.btinternet.com> X-Sender: j.o.hughes@mail.btinternet.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 04 Sep 1998 20:24:15 +0100 To: "ietf-pkix@TANDEM.COM" <ietf-pkix@imc.org> From: John Hughes <j.o.hughes@btinternet.com> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------------------------------------------------------- | John Hughes j.o.hughes@btinternet.com | | ENTEGRITY Solutions Home Office Tel: +44(0)1525 380160 | | Home Fax No: +44(0)1525 380161 | | Main Office Tel: +44(0)181 876 8666 | | www.entegrity.com Mobile: +44(0)468 055070 | ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA08796 for ietf-pkix-bks; Fri, 4 Sep 1998 12:10:32 -0700 (PDT) Received: from zeus.planetworld.com (smtp.planetworld.com [38.234.12.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA08791 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 12:10:30 -0700 (PDT) Received: by smtp.planetworld.com with Internet Mail Service (5.5.1960.3) id <RDRTQCTS>; Fri, 4 Sep 1998 14:16:49 -0500 Message-ID: <410E16F6AD02D011A9A6080009F89C760B412A@smtp.planetworld.com> From: Bill Brice <Bill.Brice@idtrust.com> To: "'Kurn, David'" <david.kurn@compaq.com> Cc: ietf-pkix@imc.org Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 14:16:44 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk That's very interesting. Being familiar with the product used, I'd bet the keys were RSA-1024 bit implemented with all non-US strong crypto technology (other than RSA). Hmmm. Interesting precedent! > -----Original Message----- > From: Kurn, David [mailto:david.kurn@compaq.com] > Sent: Friday, September 04, 1998 11:43 AM > To: ietf-pkix@imc.org > Subject: RE: Heads Up - Historic digital signing ceremony > > > I wonder if the President obtained an export license for this > technology. I > think crypto devices (such as smart cards) could be subject to ITAR. > > David Kurn > Compaq Computers Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA08431 for ietf-pkix-bks; Fri, 4 Sep 1998 11:27:08 -0700 (PDT) Received: from labcalserver.labcal.qc.ca (labcal.qc.ca [199.45.69.189]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA08423 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 11:26:57 -0700 (PDT) Received: from jfsauriol (ott-on3-07.netcom.ca [207.181.90.135]) by labcalserver.labcal.qc.ca with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id S1MV02KP; Fri, 4 Sep 1998 14:37:38 -0400 Reply-To: <jfsauriol@labcal.qc.ca> From: "JF Sauriol" <jfsauriol@labcal.qc.ca> To: <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 14:31:02 -0400 Message-ID: <001101bdd832$2bb357a0$0500a8c0@jfsauriol> MIME-Version: 1.0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2232.26 X-MS-TNEF-Correlator: 00000000EE66A839D9EFBB118ED2727702A12BC664302300 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk eJ8+IgISAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAAM4HCQAEAA4AHgAAAAUAEwEB A5AGAAAEAAAmAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADADYAAAAAAB4AcAAB AAAADQAAAEZvciBPcHRpb24gMgAAAAACAXEAAQAAABYAAAABvdgyJWrd9tAMRAAR0qKdAAAAAADe AAACAR0MAQAAABwAAABTTVRQOkpGU0FVUklPTEBMQUJDQUwuUUMuQ0EACwABDgAAAABAAAYOAMQv BjLYvQECAQoOAQAAABgAAAAAAAAA7maoOdnvuxGO0nJ3AqErxsKAAAALAB8OAQAAAAMABhAAAAAA AwAHEAAAAAAeAAgQAQAAAAUAAADYIwR4AAAAAAMAEBAAAgAAAwAREDERAHgLAACACCAGAAAAAADA AAAAAAAARgAAAAADhQAAAAAAAAMAAoAIIAYAAAAAAMAAAAAAAABGAAAAABCFAAAAAAAAAwAFgAgg BgAAAAAAwAAAAAAAAEYAAAAAUoUAAPATAAAeACWACCAGAAAAAADAAAAAAAAARgAAAABUhQAAAQAA AAQAAAA4LjUAAwAmgAggBgAAAAAAwAAAAAAAAEYAAAAAAYUAAAAAAAALAC+ACCAGAAAAAADAAAAA AAAARgAAAAAOhQAAAAAAAAMAMIAIIAYAAAAAAMAAAAAAAABGAAAAABGFAAAAAAAAAwAygAggBgAA AAAAwAAAAAAAAEYAAAAAGIUAAAAAAAAeAEGACCAGAAAAAADAAAAAAAAARgAAAAA2hQAAAQAAAAEA AAAAAAAAHgBCgAggBgAAAAAAwAAAAAAAAEYAAAAAN4UAAAEAAAABAAAAAAAAAB4AQ4AIIAYAAAAA AMAAAAAAAABGAAAAADiFAAABAAAAAQAAAAAAAAALAMaACyAGAAAAAADAAAAAAAAARgAAAAAAiAAA AAAAAAsAyIALIAYAAAAAAMAAAAAAAABGAAAAAAWIAAAAAAAACwDugAggBgAAAAAAwAAAAAAAAEYA AAAABoUAAAAAAAALAPKACCAGAAAAAADAAAAAAAAARgAAAACChQAAAQAAAAIB+A8BAAAAEAAAAO5m qDnZ77sRjtJydwKhK8YCAfoPAQAAABAAAADuZqg52e+7EY7ScncCoSvGAgH7DwEAAABkAAAAAAAA ADihuxAF5RAaobsIACsqVsIAAFBTVFBSWC5ETEwAAAAAAAAAAE5JVEH5v7gBAKoAN9luAAAARDpc V09SS1xPdXRsb29rIEZpbGVzXGpmc2F1cmlvbC1sYWJjYWwucHN0AAMA/g8FAAAAAwANNP03AAAC AX8AAQAAADEAAAAwMDAwMDAwMEVFNjZBODM5RDlFRkJCMTE4RUQyNzI3NzAyQTEyQkM2NjQzMDIz MDAAAAAAXJI= Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA08215 for ietf-pkix-bks; Fri, 4 Sep 1998 10:58:33 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA08211 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:58:32 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZX7Z>; Fri, 4 Sep 1998 14:02:54 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E0D95CF@WUHER> From: Larry Shomo <lshomo@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 14:02:52 -0400 X-Priority: 1 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Lawrence P. Shomo Vice President ******************************** CygnaCom Solutions, Inc. Suite 100 West 7927 Jones Branch Drive McLean, Virginia, 22102-3305 (703) 848-0883, x202 (Phone) (703) 848-0960 (Fax) lshomo@cygnacom.com (Email) ******************************** Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA08085 for ietf-pkix-bks; Fri, 4 Sep 1998 10:41:07 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA08080 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:41:06 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQffkh26911; Fri, 4 Sep 1998 13:45:50 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRBN14>; Fri, 4 Sep 1998 13:48:02 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD5360A8@exchang-fairfax.pec.com> From: WHenry <WHenry@pec.com> To: "'Kurn, David'" <david.kurn@compaq.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 13:48:00 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id KAA08082 Sender: owner-ietf-pkix@imc.org Precedence: bulk I wonder what President Clinton did with the smartcard afterwards... Can anyone add info on the nature of this PKI? Was there cross certification, or a single CA? Bill Henry > -----Original Message----- > From: Kurn, David > Sent: Friday, September 04, 1998 12:43 PM > To: ietf-pkix@imc.org > Subject: RE: Heads Up - Historic digital signing ceremony > > I wonder if the President obtained an export license for this technology. > I > think crypto devices (such as smart cards) could be subject to ITAR. > > David Kurn > Compaq Computers > > > -----Original Message----- > > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] > > Sent: Friday, September 04, 1998 9:12 AM > > To: ietf-pkix@imc.org > > Subject: Heads Up - Historic digital signing ceremony > > > > While the bits are flying on the LDAP debate, I > > thought the list should know that a historic > > milestone took place today (Friday 9/4) in the > > E-commerce/X.509 world. > > > > President Clinton and the Irish Prime Minister > > signed a joint communiqué on E-commerce in Dublin. > > What was significant was not the communiqué but the > > fact that both heads of state signed the document > > digitally using X.509 technology. The private keys > > were held on smartcards issued to each head of > > state. This is the first instance of an > > international agreement being digitally signed. > > > > It's nice to see that this work > > is actually showing up in the real > > world in a significant way. > > > > OK - keep voting! > > > > Bill Brice, Chief PKI Architect > > International DataTrust > > > > P.S. Congratulations to Baltimore Technologies for > > pulling this off. It will move the PKIX world forward. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA07931 for ietf-pkix-bks; Fri, 4 Sep 1998 10:27:06 -0700 (PDT) Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA07927 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:27:05 -0700 (PDT) Received: from mailgate.apple.com (A17-128-100-225.apple.com [17.128.100.225]) by mail-out1.apple.com (8.8.5/8.8.5) with ESMTP id KAA19928 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:19:27 -0700 Received: from scv1.apple.com (scv1.apple.com [17.128.100.139]) by mailgate.apple.com (mailgate.apple.com2.0.15) with ESMTP id <B0002095521@mailgate.apple.com>; Fri, 04 Sep 1998 10:17:29 -0700 Received: from [17.205.41.166] (aram1.apple.com [17.205.41.166]) by scv1.apple.com (8.8.5/8.8.5) with ESMTP id KAA43944; Fri, 4 Sep 1998 10:17:28 -0700 Message-Id: <199809041717.KAA43944@scv1.apple.com> X-Mailer: Microsoft Outlook Express for Macintosh - 4.01 (295) Date: Fri, 04 Sep 1998 10:17:26 -0700 Subject: Re: Digital signature and non-repudiation key usage bits From: "Aram Perez" <aram@apple.com> To: Stefan Santesson <stefan@accurata.se>, bob jueneman <bjueneman@novell.com> Cc: ietf-pkix@imc.org MIME-Version: 1.0 X-Priority: 3 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Bob and Stefan: >At 06:42 PM 9/2/98 -0600, Bob Jueneman wrote: ><snip> >>>I suggest that we stick to the standardized definitions of the key usage >>>bits and leave >>>policy issues out of a common certificate profile. >> >>If there were any sense of the community as to what these definitions really >>mean, or ought to mean, we would probably not be having this discussion. >>Otherwise I would agree with you. >>> >>>non-repudiation is according to standard selected by the NR bit, not NR in >>>combination with DS bit. Inclusion of the DS bit means that DS mechanisms >>>other than non-repudiation are allowed for the key. Is non-repudiation a mechanism or a service? >> >>I believe that is exactly the issue. Are you suggesting that NR plus DS >should not >>be allowed? Why? > >No I do not. I do suggest that such decision is up to local policy. But >there will be some policies where this combination will not be allowed, but >I think you agree to that. My problem with this is that to provide "digital" non-repudiation, you have to "sign" something with a digital signature. I understand that the key usage field is very overloaded, so I'll probably have to live with it, but I do not agree or like it. > >The important thing is that I suggest that the NR bit and DS bit has >separate meaning and that they should be set independently to specify DS, >NR or both. > >The vague definition of the NR bit is a problem, I agree to that. YES!! > >If I were to define some distinguishing property of the NR bit that would be: > > Non repudiation denotes services constructed in such way that: > 1) The signature provides proof of the integrity and > origin of data - both in an unforgeable relationship - which can be > verified by any third party at any time.[X.509 / ISO 9594-8] > 2) The signature is applied to a message where the signatory is capable > of, and required to, accept responsibility for the message content > before signing. But NR is set in the certificate (i.e. the public key) and does not tell you whether the signatory (who is using the private key) actually was capable of accepting responsibility. > 3) The signatory's liability for signing the message can be concluded > from the signed message itself, possibly within a well known and agreed > context that can be verified by any third party at any time. > >This definitions rules out any signed logon ticket or other data >authentication mechanisms where the signature says "this message wasn't >changed" instead of "I take full responsibility for the message content". You do not need a digital signature to tell you "this message wasn't changed". CRCs, LRCs, checksums, etc have been used for this longer that I've been alive. You use digital signature when you want to know "this message wasn't changed" AND "this message came from the reported sender". > >But since this is not defined by the bit (which I regret) the way to go >will be for the CA to include this in it's published certificate policy. I doubt whether a CA is going to take responsibility and liability for something it has no control over. The CA does not know what applications and crypto APIs the owner of the private key is using. > >I can't see any other way for now when utilizing the existing standard. I >would not object though to a defect report to get this into the standard. And I am willing to help (or lead) in this effort. > >In the new proposed work item, however, regaring a profile for >non-repudiation certificates supporting legal acceptance of digital >signatures I will try to get this definition in. > >Would you support it? I would be glad to help and support it. Regard, Aram Perez Apple Computer, Inc. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07483 for ietf-pkix-bks; Fri, 4 Sep 1998 09:39:19 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07479 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:39:17 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id JAA18402 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:44:09 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04MG4T0>; Fri, 4 Sep 1998 09:43:22 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFFF550@exccup-25006.mis.tandem.com> From: "Kurn, David" <david.kurn@compaq.com> To: ietf-pkix@imc.org Subject: RE: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 09:43:21 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA07480 Sender: owner-ietf-pkix@imc.org Precedence: bulk I wonder if the President obtained an export license for this technology. I think crypto devices (such as smart cards) could be subject to ITAR. David Kurn Compaq Computers > -----Original Message----- > From: Bill Brice [SMTP:Bill.Brice@idtrust.com] > Sent: Friday, September 04, 1998 9:12 AM > To: ietf-pkix@imc.org > Subject: Heads Up - Historic digital signing ceremony > > While the bits are flying on the LDAP debate, I > thought the list should know that a historic > milestone took place today (Friday 9/4) in the > E-commerce/X.509 world. > > President Clinton and the Irish Prime Minister > signed a joint communiqué on E-commerce in Dublin. > What was significant was not the communiqué but the > fact that both heads of state signed the document > digitally using X.509 technology. The private keys > were held on smartcards issued to each head of > state. This is the first instance of an > international agreement being digitally signed. > > It's nice to see that this work > is actually showing up in the real > world in a significant way. > > OK - keep voting! > > Bill Brice, Chief PKI Architect > International DataTrust > > P.S. Congratulations to Baltimore Technologies for > pulling this off. It will move the PKIX world forward. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07475 for ietf-pkix-bks; Fri, 4 Sep 1998 09:38:56 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07471 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:38:55 -0700 (PDT) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr with ESMTP id SAA19894; Fri, 4 Sep 1998 18:43:31 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.6.10/8.6.6) with ESMTP id SAA00279; Fri, 4 Sep 1998 18:43:30 +0200 From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.6.10/8.6.6) id SAA12254; Fri, 4 Sep 1998 18:43:29 +0200 Date: Fri, 4 Sep 1998 18:43:29 +0200 Message-Id: <199809041643.SAA12254@emeriau.edelweb.fr> To: william.burr@nist.gov, chokhani@cygnacom.com, sharon.boeyen@entrust.com Subject: RE: What the straw poll means Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@imc.org Precedence: bulk I have some problem to decrpyt the following. Is the following picture a correct description? - A CA1 creates a certificate for another CA2. - To publish this information, CA1 puts something in its publishing service, e.g.; its directory entry. - CA1 can inform by whatever means CA2 that this had happened. - If CA2 is convinced that CA1 is really CA1 or maybe even if not, CA2 then can put something it its publishing service, e.g.; its directory entry. It seems to me that first the requirement of a path resolver vs a publication service should be defined in a neutral way. What does a path resolver need from the publication service of one CA, and in which way can a publication service help a resolver. > Do you mean though that if CA1 issues a certificate to CA2 that rather > than requiring that same certificate to be present in the reverse > element of the crossCertificatePair attribute of CA1's directory as well > as requiring that same certificate to be present in the forward element > of the crossCertificatePair attribute of CA2's directory entry, you want > to require that it be present in the directory entry of CA2, the subject > CA as a forward value of the crossCertificatePair and optionally allow > CA1 to populate its reverse element with the same certificate? > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07312 for ietf-pkix-bks; Fri, 4 Sep 1998 09:17:45 -0700 (PDT) Received: from ewa-canada.com (ewa-canada.com [209.146.131.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07308 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:17:41 -0700 (PDT) Received: by ewa-canada.com from localhost (router,SLMail V2.6); Fri, 04 Sep 1998 12:21:59 -0400 Received: by ewa-canada.com from def23.ewa-canada.com (209.146.131.23::mail daemon,SLMail V2.6); Fri, 04 Sep 1998 12:21:58 -0400 Message-Id: <3.0.5.32.19980904121806.00820950@ewa-canada.com> X-Sender: "Erin Connor" <econnor@ewa-canada.com> X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 04 Sep 1998 12:18:06 -0400 To: ietf-pkix@imc.org From: "Erin Connor" <econnor@ewa-canada.com> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk -------------------------------------------------------------------------- Erin Connor EWA-Canada Ltd. Voice: +1 (613) 230-6067 Ext 234 Suite 1600 - 275 Slater Street Fax: +1 (613) 230-4933 Ottawa, Ontario, Canada K1P 5H9 mailto:econnor@ewa-canada.com http://www.ewa-canada.com ** Visit the CanCERT website at http://cancert.ca *** -------------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA07186 for ietf-pkix-bks; Fri, 4 Sep 1998 09:05:35 -0700 (PDT) Received: from zeus.planetworld.com (smtp.planetworld.com [38.234.12.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA07182 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 09:05:33 -0700 (PDT) Received: by smtp.planetworld.com with Internet Mail Service (5.5.1960.3) id <RDRTQCSX>; Fri, 4 Sep 1998 11:11:53 -0500 Message-ID: <410E16F6AD02D011A9A6080009F89C760B4127@smtp.planetworld.com> From: Bill Brice <Bill.Brice@idtrust.com> To: ietf-pkix@imc.org Subject: Heads Up - Historic digital signing ceremony Date: Fri, 4 Sep 1998 11:11:44 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA07183 Sender: owner-ietf-pkix@imc.org Precedence: bulk While the bits are flying on the LDAP debate, I thought the list should know that a historic milestone took place today (Friday 9/4) in the E-commerce/X.509 world. President Clinton and the Irish Prime Minister signed a joint communiqué on E-commerce in Dublin. What was significant was not the communiqué but the fact that both heads of state signed the document digitally using X.509 technology. The private keys were held on smartcards issued to each head of state. This is the first instance of an international agreement being digitally signed. It's nice to see that this work is actually showing up in the real world in a significant way. OK - keep voting! Bill Brice, Chief PKI Architect International DataTrust P.S. Congratulations to Baltimore Technologies for pulling this off. It will move the PKIX world forward. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA07000 for ietf-pkix-bks; Fri, 4 Sep 1998 08:48:15 -0700 (PDT) Received: from mailsvr.basit.com (mailsvr.basit.com [128.209.2.13]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA06996 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:48:13 -0700 (PDT) Received: from klerer.basit.com (shiva118 [128.209.144.118]) by mailsvr.basit.com (Guess_again/1.8) with SMTP id LAA18007 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 11:51:49 -0400 (EDT) Message-ID: <008c01bdd81b$faa3d740$010ed180@klerer.basit.com> From: "Robert Klerer" <klerer@xhair.com> Cc: <ietf-pkix@imc.org> Subject: Re: path development complexity (was Re: What the straw poll means) Date: Fri, 4 Sep 1998 11:52:02 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk As pkix evolves and is implemented, the task of finding an appropriate trust path must be addressed. As Dave has stated, it is not going to be easy if the trust islands of today start to cross certify for some applications. It is my belief that putting such processing on the client will cause problems from both then network, processor and application development perspective. A (shared) trusted responder that will be a repository and cache of certificates that has the capability to do path discovery would make such a process more efficient and manageable. But the client must always validate any path provided by the responder. The path discovery process as so described in the drafts will require knowledge of application specific extensions. This is the big problem and should be a topic of discussion. -----Original Message----- From: Frank O'Dwyer <fod@brd.ie> To: Dave Horvath <dave@chromatix.com> Cc: ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Thursday, September 03, 1998 11:57 PM Subject: path development complexity (was Re: What the straw poll means) >Dave Horvath wrote: >> We are back the problem we raised earlier. Clients that attempt to >> efficiently develop a path from the end entity to the trusted root must >> explore 'n' paths (worst case scenario) prior to finding the correct >> one with option 2. > >This is not on the topic of the straw poll, but I was wondering if >anyone has really looked into how difficult path development can get in >a full-blown and well-connected global PKI? It seems to me that the real >worst case scenario has you following cross-certificates until you have >downloaded all the cross-certificates in the world. It would not have to >get that bad before it was a serious problem. > >A few things would help prune the search (like the depth you are willing >to search to, constraints within the certificates themselves), but still >in general it has the potential to get truly nasty. Unless I have missed >something, there are no positive hints in the certificates that would >guide path development (perhaps there should be? There is a resemblance >to the "travelling salesman" problem here, and it would certainly be >ironic if building a path turned out to be as hard as factoring.:) > >Anyone looked at this? If it is a problem, then it might be reasonable >to give recommendations on using constraints (or something else) in >order to encourage the creation of cross-certificates that are >"path-development friendly", and in order to discourage scenarios that >lead to directory search explosions. > >Apologies if I am re-hashing something that has already been discussed >here. > >Cheers, >Frank O'Dwyer. > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06761 for ietf-pkix-bks; Fri, 4 Sep 1998 08:25:50 -0700 (PDT) Received: from nad.ic.gc.ca (nad.ic.gc.ca [192.197.184.235]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA06757 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:25:47 -0700 (PDT) Message-Id: <199809041525.IAA06757@mail.proper.com> Received: by nad.ic.gc.ca with Internet Mail Service (5.5.1960.3) id <SGCYYQ51>; Fri, 4 Sep 1998 11:26:42 -0400 From: "Power, Michael: LEG" <Power.Michael@ic.gc.ca> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 11:24:33 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06565 for ietf-pkix-bks; Fri, 4 Sep 1998 08:10:35 -0700 (PDT) Received: from gatekeeper.domus.com (gatekeeper.domus.com [198.166.58.193]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA06561 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:10:32 -0700 (PDT) Received: from dns_int.domus.com by gatekeeper1.domus.com (8.6.13/200.19.1.1) id LAA13793; Fri, 4 Sep 1998 11:03:44 -0400 Received: (from smap@localhost) by dns_int.domus.com (8.6.8/8.6.6) id KAA05253 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:31:52 -0400 Received: from wpgate.domus.com(198.166.59.10) by dns_int.domus.com via smap (V1.3) id sma005251; Fri Sep 4 10:31:44 1998 Received: from DOMUS-Message_Server by wpgate.domus.com with Novell_GroupWise; Fri, 04 Sep 1998 11:03:54 -0400 Message-Id: <s5efc91a.074@wpgate.domus.com> X-Mailer: Novell GroupWise 4.1 Date: Fri, 04 Sep 1998 11:03:15 -0400 From: Pamela Grannum <PGrannum@domus.com> To: ietf-pkix@imc.org Subject: For Option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA06518 for ietf-pkix-bks; Fri, 4 Sep 1998 08:07:16 -0700 (PDT) Received: from itsfw.CSE-CST.GC.CA (itsfw.cse.dnd.ca [131.136.196.7]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA06514 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:07:14 -0700 (PDT) From: Edmond.vanHees@CSE-CST.GC.CA Received: id LAA03483; Fri, 4 Sep 1998 11:08:05 -0400 Received: by gateway id <NWL91YVT>; Fri, 4 Sep 1998 11:05:15 -0400 Message-ID: <C3222395B150D11185B300A0C9045CB90B7851@mailserverb.its.cse.dnd.ca> To: ietf-pkix@imc.org Subject: For Option 2 Date: Fri, 4 Sep 1998 11:13:27 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk My vote is for Option 2 of the LDAP schema companion paper. Edmond P. van Hees GOC PKI Security Engineer telephone: 613-991-7413 Fax: 613-991-7455 E-Mail: Edmond.vanHees@cse-cst.gc.ca Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06435 for ietf-pkix-bks; Fri, 4 Sep 1998 07:55:22 -0700 (PDT) Received: from us.checkpoint.com (oak.us.checkpoint.com [206.86.35.94]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06431 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:55:21 -0700 (PDT) Received: from 101.101.101.103 ([207.245.220.71]) by us.checkpoint.com (8.9.1/8.9.1/CPoak/1.3.3) with SMTP id IAA06119 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:00:05 -0700 (PDT) Message-Id: <Version.32.19980904103735.00dcb920@mailhost.us.checkpoint.com> X-Sender: soneil@mailhost.us.checkpoint.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Fri, 04 Sep 1998 10:37:54 -0700 To: ietf-pkix@imc.org From: "Steve O'Neil" <soneil@us.checkpoint.com> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06318 for ietf-pkix-bks; Fri, 4 Sep 1998 07:32:22 -0700 (PDT) Received: from mail.storm.ca (root@storm.ca [207.245.225.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06314 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:32:20 -0700 (PDT) Received: from treebeard (dial02p48.ottawa.storm.ca [207.245.246.112]) by mail.storm.ca (8.8.8/8.8.8) with SMTP id KAA04568 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:36:18 -0400 (EDT) Message-ID: <00cf01bdd811$0b0a25e0$70f6f5cf@treebeard> Reply-To: "Mark Scherling" <marks@m3p.ca> From: "Mark Scherling" <marks@m3p.ca> To: <ietf-pkix@imc.org> Subject: option 2 Date: Fri, 4 Sep 1998 10:33:53 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06293 for ietf-pkix-bks; Fri, 4 Sep 1998 07:30:01 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06286 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:29:59 -0700 (PDT) Received: by gateway.r3.ch id <6806>; Fri, 4 Sep 1998 16:36:05 +0100 Message-Id: <98Sep4.163605gmt+0100.6806@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Denis.Pinkas@bull.net'" <Denis.Pinkas@bull.net>, Sharon Boeyen <sharon.boeyen@entrust.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 15:30:00 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh re this comment to Denis message: The argument was made very clear in terms of the original X.509 standard requiring the attribute to be populated whereas croosCertificatePair need not be. In addition, a technical argument was made why the current text goes against the original X.509 and a poor technical solution. ------ I hope we don't go far down this road. At best I think X.509 is unclear and ambiguous on this issue. Those present at the January meeting of the X.509 group that discussed the defect report (including at least 4 of us who have participated directly in that standard activity since at least 1988) had a long discussion of exactly this point and agreed that additional text was required to resolve the ambiguity around the use of these attributes. The result of that discussion was the draft resolution of the defect report prepared for ballot (with which the current Internet Draft is aligned), the content which is of course still subject to change as described earlier. There are so many arguments on both sides of this that I believe no one can clearly claim conformance as a differentiator in the options for the straw poll. Yes the crossCertificatePair attribute was optional and still is in the pkiCA object class, but the reason for that is that a CA can exist without ever having certified another CA or being certified by another CA therefore it MUST be an optional attribute, however if present, its contents must be clearly defined. You could use the same argument to say that cACertificate was never intended to hold certs issued from one CA to another - again because a CA can exist legitimately without ever having a relationship with another CA and the cACertificate attribute was mandatory. Also, if you read the 2nd paragraph following the asn.1 for the EXTENSION in clause 8 of X.509, you see use of forward and reverse certificates being discussed in path development and there is no precise definition of what goes where in the directory entries. That text has been there since 1988 as well. and the list of references that can be used for both sides of the argument go on and on and on. The outcome from PKIX discussion will hopefully be available to feed into the 509 process to clarify the standard. > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06081 for ietf-pkix-bks; Fri, 4 Sep 1998 07:03:55 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06075 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:03:52 -0700 (PDT) Received: by gateway.r3.ch id <6813>; Fri, 4 Sep 1998 16:10:03 +0100 Message-Id: <98Sep4.161003gmt+0100.6813@gateway.r3.ch> From: Rene Eberhard <eberhard@r3.ch> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Fri, 4 Sep 1998 15:06:27 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Best regards Rene Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA06072 for ietf-pkix-bks; Fri, 4 Sep 1998 07:02:43 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA06068 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 07:02:41 -0700 (PDT) Received: by gateway.r3.ch id <6814>; Fri, 4 Sep 1998 16:08:52 +0100 Message-Id: <98Sep4.160852gmt+0100.6814@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Bill Burr'" <william.burr@nist.gov>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 15:02:50 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh, a question for clarification - tied to Denis' message also: I definitely agree that unilateral certification is valid and I don't think any of us have been saying that bilateral certification between a pair of CAs is mandatory. If that needs clarification, we can certainly add text along those lines to option 2 - Stefan had some good proposals. Do you mean though that if CA1 issues a certificate to CA2 that rather than requiring that same certificate to be present in the reverse element of the crossCertificatePair attribute of CA1's directory as well as requiring that same certificate to be present in the forward element of the crossCertificatePair attribute of CA2's directory entry, you want to require that it be present in the directory entry of CA2, the subject CA as a forward value of the crossCertificatePair and optionally allow CA1 to populate its reverse element with the same certificate? If that's what you mean, I can accept that position as well. > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 4, 1998 9:19 AM > To: 'Bill Burr'; Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > I agree that option 2 is compromise. Actually, as you know I had > proposed it. > > I would change one thing in it. I would not mandate the population of > reverse component of the crossCertificatePair. > > > > > Bill Burr > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05948 for ietf-pkix-bks; Fri, 4 Sep 1998 06:41:14 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05944 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:41:12 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZXT1>; Fri, 4 Sep 1998 09:45:37 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D230@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Denis.Pinkas@bull.net'" <Denis.Pinkas@bull.net>, Sharon Boeyen <sharon.boeyen@entrust.com> Cc: ietf-pkix@imc.org, Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 09:45:36 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Comments in line. > -----Original Message----- > From: Denis Pinkas [SMTP:Denis.Pinkas@bull.net] > Sent: Friday, September 04, 1998 1:03 PM > To: Sharon Boeyen > Cc: ietf-pkix@imc.org; 'Santosh Chokhani' > Subject: Re: What the straw poll means > > Sharon, > > > The "two buckets" is exactly what I was trying to avoid in the > > earlier debate on this topic, however I believe that the single > > bucket option was rejected in the Chicago meeting. > > It was a pity that you could not attend the Chicago meeting. > "rejected" may be a strong word. During the straw poll, I did not > raised my hand for any of the three options for the following good > reasons: > > 1) I had three weeks of holidays one week ahead of the meeting, :-) > 2) When I came back, I had 470 E-mails waiting for me, > 3) I completely skipped the thread on the LDAP schema, :-( > > As a result I could not understand from the discussion what the topic > was and so I abstained. I would guess that I was not the single one in > that position. There was some support for it anyway, so I do not > understand why the straw poll is not on the three options but instead > only on two options. > > > The single bucket option is the > > text which is currently in the Internet Draft. With that text, > > all self signed (or self issued certificates) were to be placed > > in the cACertificate attribute and all certificates issued by > > one CA to a different CA were put in the crossCertificatePair > > attribute. > > This was pretty nice and simple ! If I were to open the bunch of > messages, maybe I could understand why this is not acceptable. > The argument was made very clear in terms of the original X.509 standard requiring the attribute to be populated whereas croosCertificatePair need not be. In addition, a technical argument was made why the current text goes against the original X.509 and a poor technical solution. > > Depending on the particular path development algorithm being > > used by a relying party, directory search tools, especially > > when we evolve to LDAPv3 could be used to filter the content > > of the forward and or reverse elements of that SINGLE attribute > > and provide the relying party with the set of certificates of > > interest to that particular relying party. > > Indeed. [] Again the approach is consistent with the text, spirit > and intent of X.509 and never hurts, but may help path development. > > > I still believe that this is the best solution because the relying > > party systems are the ones that know which certs are of interest > > to them, > > I agree with you. > > > not the CA that happened to issue the certs, especially in the > > post PEM world where any CA could legitimately have certs issued > > for it by several CAs. > > > My strong support for Option 2 in the straw poll is because > > the above was rejected by the meeting and I see Option 2 as > > a workable compromise ONLY because there is a complete set of > > certs in a single attribute and relying parties can do what is > > of interest to them without knowing the definition of domain > > which each individual CA happens to use. For self contained > > environments wanting to make use of a CA or set of CAs certs > > issued within some locally defined domain, this is still possible. > > Let me take a look at option 1 and say why it is not acceptable ... > because it imposes a model of trust that is too specific. > > General comment: The notion of "domain" has never been introduced > before and since the understanding of a domain is "purely a matter > of local policy" there is no chance that the requester understands > what it means - unless we are in a close environment. > > I believe that this feature is being introduced to be used in close > environments for some "good" reasons. The text should explain these > "good" reasons otherwise readers of the document will ignore for ever > the rational. > > PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: > OPTION 1: > ---------------- > The cACertificate attribute, held in a particular CA's directory > entry, shall be used to store certificates issued to this CA by CAs > in the same domain as this CA. > > When the notion of domain does not exists, then this will > be empty. > [] Agreed. > In addition, the cACertificate attribute shall be used to > store self-issued certificates. > > This is fine. > > The forward element of the crossCertificatePair attribute, held in a > particular CA's directory entry, shall be used to store certificates > issued to this CA by CAs in other domains. > > I have a problem here. Cross certification does not mean mutual > cross certification. A CA can cross-certify another CA without > any knowledge from the CA being cross certified. Even if the CA > got the knowledge of it, that CA would not like to place that > certificate in that entry. Let us pick an example: a CA from > the Banana Republic of Baracuda is providing a certificate for > the NIST. I do not think that the NIST will necessarilly place > that certificate in his entry. > []Denis: THIS IS NOT AN OPTION 1 ISSUE. THE CURRENT TEXT, OPTION 1 and OPTION 2 ALL HAVE THE SAME DRAWBACK. > Optionally, the reverse element of the crossCertificatePair attribute, > > held in a particular CA's directory entry, may contain certificates > issued by this CA to CAs in other domains. > > I have a problem here with the word "Optionally" : if the > previous element is not there, then I cannot place an element > here. This means that if CA 1 wants to recognize CA 2, > then CA 2 MUST also recognize CA 1. This mandates mutual cross > certification. I do not think that we have ever mandated > *mutual* cross certification in PKIX-1. > ]My interpretation is different. You can always populate the reverse attribute even if the forward is absent. I will be glad to clarify the text. Please also note that this is an issue for current ldapv2 text, Option 1 and for option 2. > Thus OPTION 1 is NOT acceptable and this has nothing to do with > performance or path development. > > In the case of V3 certificates, none of the above CA certificates may > include a basicConstraints extension with the cA value set to FALSE. > > The definition of domain is purely a matter of local policy. > > OPTION 2: > ------------- > The crossCertificatePair attribute, held in a particular CA's > directory entry, shall be used to store all certificates issued > by this CA to other CAs, as well as certificates issued > for this CA by other CAs. Values held in the forward element are > certificates issued for this CA by other CAs, while values > in the reverse element are certificates issued by this CA for > other CAs. > > I would interpret the text as mandating to store the reverse > element and optionally the forward element. I would instead > allow to store only the forward element, only the reverse > element or both. > > Hence the OPTION 2 is NOT acceptable either and this has > nothing to do with performance or path development. > > The text should be corrected and be something like: > > The crossCertificatePair attribute, held in a particular > CA's > directory entry, may be used to store certificates issued by > this > CA to other CAs, as well as certificates issued for this CA > by > other CAs. Values held in the forward element are > certificates > issued for this CA by other CAs, while values in the reverse > ele- > ment are certificates issued by this CA for other CAs. Either > cer- > tificate, if present, may be used in building certificate > paths > for validation and may be published in the directory entries > of > either CA or both. > [] This is an acceptable compromise to me between option 1 and option 2. It does not mandate, but permits population of the crossCertificatePair attribute components. > ... which is exactly what is in the original text ! > > The cACertificate attribute, held in a particular CA's directory > entry, shall be used to store certificates issued to this CA by CAs > in the same domain as this CA. This set of certificates is a subset > of the values of the forward element of the crossCertificatePair > attribute in the same CA entry. > > In addition, the cACertificate attribute shall beused to store > self-issued certificates. > > When there are no domains, and IF the text was corrected as > indicated hereabove (i.e. back to the text of the original > version) then we would be "compatible" with the previous > text, but this is not the case. Did I understood correctly ? > > I believe that there are "good" resons to introduce the > notion of "domain". Are these "good reasons" technical or > commercial ? If they are technical then they SHALL be > written in the document. But what about if they are > "commercial" ? > > For the time being, I can only vote for OPTION 0 (i.e. the original > text) ! > > Denis > > -- > Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net > Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 > 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05674 for ietf-pkix-bks; Fri, 4 Sep 1998 06:18:54 -0700 (PDT) Received: from att.com (kcgw2.att.com [192.128.133.152]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA05670 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:18:53 -0700 (PDT) Received: from kcig2.fw.att.com by kcgw2.att.com (AT&T/IPNS/UPAS-1.0) for imc.org!ietf-pkix sender att.com!jayhawk (att.com!jayhawk); Fri Sep 4 08:02 CDT 1998 Received: from qsun.ho.att.com (qsunn.ho.att.com [135.16.30.2]) by kcig2.fw.att.com (AT&T/IPNS/GW-1.0) with SMTP id IAA12147 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:23:37 -0500 (CDT) Received: from sloop.local.windrose.omaha.ne.us by qsun.ho.att.com (SMI-8.6/EMS-1.2 sol2) id JAA18228; Fri, 4 Sep 1998 09:23:33 -0400 From: "Ryan Moats" <jayhawk@att.com> To: "Carlisle Adams" <carlisle.adams@entrust.com> Cc: <ietf-pkix@imc.org> Subject: RE: Let's try to understand the real issue (was... RE: What the straw poll means) Date: Fri, 4 Sep 1998 08:26:03 -0500 Message-ID: <002201bdd807$903c8d20$c8c8090a@sloop.local.windrose.omaha.ne.us> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 In-Reply-To: <98Sep4.001130gmt+0100.6814@gateway.r3.ch> Importance: Normal Sender: owner-ietf-pkix@imc.org Precedence: bulk > > Hi Ryan, > > > | If this CA's definition of domain and my definition of domain do not > > | coincide exactly (and why should they, since in general this CA and > > I > > | have no pre-established relationship?), then this sorting performed > > by > > | the CA is not merely useless to me, it is actually an explicit > > | disadvantage (because the proponents of option 1 are recommending > > that > > | all the intra-domain certificates be examined *before* the > > inter-domain > > | certificates are examined, leading to worst-case path-construction > > times > > | for what may turn out to be a common scenario). > > > > I don't see that falling out of the Option 1 text as I read the > > straw poll message. If such is the case, then I would say that text > > should be present. > > > Dave Horvath's message to Bob Jueneman earlier today said the following: > > "I feel that the definition of domain is a local policy and that CAs > should be free to define it as they wish. Clients that search/read > CAs entries and obtain the values from both the cACertificate and > crossCertificatePair attributes can explore the values in the > cACertficate attribute first. If a path to the trusted root is found, processing > stops. If not, they can explore the crossCertificatePair attribute. Using this > algorithm CAs can define their domain and post each of their CA > certificates to one attribute or the other. The only adverse affect will be > efficiency in path development on the client side if the CA does not carefully > select intra or inter domain." > > This was also mentioned at the meeting in Chicago. Hmm. I was at the meeting in Chicago (both sessions) and I don't remember hearing that. However, I claim that the whole argument is implementation and therefore out of scope for this discussion. > > | Note that there will be special circumstances in which one > > definition of > > | domain will be understood throughout a given environment (e.g., the > > | strict hierarchy of CAs has been cited in previous posts on this > > topic). > > | In such cases there is a clear efficiency advantage to be gained in > > path > > | construction. This is why option 2 is the perfect compromise: for > > such > > | environments relying parties need only retrieve the n1 < n > > certificates > > | that they *know* will be useful to them. Option 2 therefore meets > > the > > | needs of the general case as well as the special case, while > > | simultaneously guaranteeing interoperability of two installed bases > > | which would otherwise have no hope of interoperating today. > > > > Stop. Here's where I really fall off the wagon. How does the relying > > party > > retrieve ONLY the n1 certificates that they know will be useful to > > them for > > a CA? > > > If the relying party knows that its definition of domain matches that of > the CA exactly, then it can simply retrieve all certificates in the > cACertificate attribute (rather than all certificates in the > crossCertificatePair attribute) in option 2. This is n1 rather than n. > > Carlisle. So what your saying then is that Option 2 is better because of the interopability issue (I can apply all the rest of the arguments to both cases since I don't see any difference in the use of cACertificate in both options) Ryan Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05652 for ietf-pkix-bks; Fri, 4 Sep 1998 06:15:08 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA05648 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:15:06 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZXSN>; Fri, 4 Sep 1998 09:19:30 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D22E@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Bill Burr'" <william.burr@nist.gov>, Santosh Chokhani <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 09:19:29 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA05649 Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree that option 2 is compromise. Actually, as you know I had proposed it. I would change one thing in it. I would not mandate the population of reverse component of the crossCertificatePair. > -----Original Message----- > From: Bill Burr [SMTP:william.burr@nist.gov] > Sent: Friday, September 04, 1998 9:21 AM > To: Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > At 08:11 AM 9/4/98 -0400, you wrote: > > Santosh, > > Are you saying that you agree that option 2 is the "perfect > compromise?" > > >Stefan: > > > >I agree with every thing you say in this mail message, > > > >> -----Original Message----- > >> From: Stefan Santesson [SMTP:stefan@accurata.se] > >> Sent: Friday, September 04, 1998 7:20 AM > >> To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org > >> Cc: Santosh Chokhani > >> Subject: RE: What the straw poll means > > <snip> > > >>And since > >> this > >> guidance by the CA may be useful in many situations, I consider > option > >> 2 as > >> the perfect compromise. > >> > >> /Stefan > >> > >> > >> > >> > >> > >> ------------------------------------------------------------------- > >> Stefan Santesson <stefan@accurata.se> > >> Accurata Systemsäkerhet AB > >> Lotsgatan 27 D Tel. +46-40 152211 > >> 216 42 Malmö Fax. +46-40 150790 > >> Sweden Mobile +46-70 5247799 > >> > >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > >> ------------------------------------------------------------------- > > > > > Regards, > > Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA05612 for ietf-pkix-bks; Fri, 4 Sep 1998 06:12:19 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA05608 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 06:12:17 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id JAA11951; Fri, 4 Sep 1998 09:16:57 -0400 Message-Id: <3.0.5.32.19980904092036.00b9ca80@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 04 Sep 1998 09:20:36 -0400 To: Santosh Chokhani <chokhani@cygnacom.com> From: Bill Burr <william.burr@nist.gov> Subject: RE: What the straw poll means Cc: ietf-pkix@imc.org In-Reply-To: <51BF55C30B4FD1118B4900207812701E16D22D@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA05609 Sender: owner-ietf-pkix@imc.org Precedence: bulk At 08:11 AM 9/4/98 -0400, you wrote: Santosh, Are you saying that you agree that option 2 is the "perfect compromise?" >Stefan: > >I agree with every thing you say in this mail message, > >> -----Original Message----- >> From: Stefan Santesson [SMTP:stefan@accurata.se] >> Sent: Friday, September 04, 1998 7:20 AM >> To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org >> Cc: Santosh Chokhani >> Subject: RE: What the straw poll means <snip> >>And since >> this >> guidance by the CA may be useful in many situations, I consider option >> 2 as >> the perfect compromise. >> >> /Stefan >> >> >> >> >> >> ------------------------------------------------------------------- >> Stefan Santesson <stefan@accurata.se> >> Accurata Systemsäkerhet AB >> Lotsgatan 27 D Tel. +46-40 152211 >> 216 42 Malmö Fax. +46-40 150790 >> Sweden Mobile +46-70 5247799 >> >> PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 >> ------------------------------------------------------------------- > > Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA05206 for ietf-pkix-bks; Fri, 4 Sep 1998 05:53:27 -0700 (PDT) Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA05201 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 05:53:26 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id IAA12341 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:58:18 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id IAA12333 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:58:17 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id IAA14842 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:57:41 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000260773@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Fri, 04 Sep 1998 08:58:32 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDD7E2.2D8E8EA0@avenger.missi.ncsc.mil>; Fri, 4 Sep 1998 08:58:26 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980904125825Z-31610@avenger.missi.ncsc.mil> From: "Miklos, Sue A." <samiklo@missi.ncsc.mil> To: "'Carlisle Adams'" <carlisle.adams@entrust.com>, "'Ambarish Malpani'" <ambarish@valicert.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Let's try to understand the real issue (was... RE: What the straw poll means) Date: Fri, 4 Sep 1998 08:58:25 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I work in an environment where although the entire 'world' won't need/want/have access to my directory system, I will be required to make information available to a geographical disbursed, multinational, large group of users. Sandi >---------- >From: Ambarish Malpani[SMTP:ambarish@valicert.com] >Sent: Thursday, September 03, 1998 4:41 PM >To: Carlisle Adams >Cc: ietf-pkix@imc.org >Subject: Re: Let's try to understand the real issue (was... RE: What the >straw poll means) > >Hi Carlisle, > Is the expectation that everybody is directly accessing their >CA's LDAP directory? I always thought that each orginazation would >actually maintain its own LDAP directory and, therefore, be able >to specify which CAs are preferred over others. > > Are we really expecting people to share their directories with >everyone in the world? > >Ambarish > > >Carlisle Adams wrote: >> >> Hi all, >> >> I propose that we try (once again) to understand what the real issue is >> here. >> >> > ---------- >> > From: Ryan Moats[SMTP:jayhawk@att.com] >> > Sent: Thursday, September 03, 1998 12:14 PM >> > To: John_Wray@iris.com >> > Cc: ietf-pkix@imc.org >> > Subject: Retrieval efficiency herring? (was... RE: What the straw >> > poll means) >> > >> > As somebody coming to the party late from the LDAP world, I don't see >> > why >> > the certificates need to be retrieved from two places. An LDAP lookup >> > of an >> > object with a fairly simple filter (objectclass="*") will return all >> > of the >> > attributes associated with that object. Therefore a single lookup >> > will return >> > both attributes, so I don't understand how retrieval efficiency is >> > gained. >> > >> O.K., so we see that a single LDAP lookup can retrieve all certificates >> (which, after careful enumeration, was found to be "n") in either option >> 1 or option 2. >> >> The claimed advantage of option 1 is that this retrieval gets me >> certificates that are sorted into "intra-domain" and "inter-domain", >> which can help in efficient path construction. Let's think about this >> for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY >> TRUSTED BY ME (because if it was directly trusted by me, I would >> already have a trusted copy of its public key and would not need >> certificates in which it was the subject). If it is not directly >> trusted by me, then why would I necessarily trust it to do this sorting >> in a way that is beneficial to my path construction needs? How does it >> know what *my* definition of "domain" is? How does it know whether most >> of my certificate validations will be "intra" its definition of domain >> or "inter" its definition of domain? >> >> If this CA's definition of domain and my definition of domain do not >> coincide exactly (and why should they, since in general this CA and I >> have no pre-established relationship?), then this sorting performed by >> the CA is not merely useless to me, it is actually an explicit >> disadvantage (because the proponents of option 1 are recommending that >> all the intra-domain certificates be examined *before* the inter-domain >> certificates are examined, leading to worst-case path-construction times >> for what may turn out to be a common scenario). >> >> Relying parties know what certificates they will be validating most >> often, depending upon what particular activity they are engaged in at >> the moment. THAT defines the relying parties' "intra" and "inter" >> domains. CAs in the middle of a cert. path cannot possibly know this, >> in general, so having THEM define a domain and sort certificates >> according to that definition is really meaningless. >> >> Note that there will be special circumstances in which one definition of >> domain will be understood throughout a given environment (e.g., the >> strict hierarchy of CAs has been cited in previous posts on this topic). >> In such cases there is a clear efficiency advantage to be gained in path >> construction. This is why option 2 is the perfect compromise: for such >> environments relying parties need only retrieve the n1 < n certificates >> that they *know* will be useful to them. Option 2 therefore meets the >> needs of the general case as well as the special case, while >> simultaneously guaranteeing interoperability of two installed bases >> which would otherwise have no hope of interoperating today. >> >> The price of this panacea? A few redundant certificates in the >> Directory. Is it really worth sacrificing the general- (and perhaps >> common-) case scenario, as well as interoperability, in order to save a >> few certificates and satisfy a particular special-case? I haven't yet >> heard any convincing arguments... >> >> Carlisle. > >-- >--------------------------------------------------------------------- >Ambarish Malpani >Architect 650.567.5457 >ValiCert, Inc. ambarish@valicert.com >1215 Terra Bella Ave. http://www.valicert.com >Mountain View, CA 94043-1833 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA04409 for ietf-pkix-bks; Fri, 4 Sep 1998 05:07:00 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA04405 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 05:06:58 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZXQV>; Fri, 4 Sep 1998 08:11:21 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D22D@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Stefan Santesson'" <stefan@accurata.se>, Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Cc: Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 08:11:19 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA04406 Sender: owner-ietf-pkix@imc.org Precedence: bulk Stefan: I agree with every thing you say in this mail message, > -----Original Message----- > From: Stefan Santesson [SMTP:stefan@accurata.se] > Sent: Friday, September 04, 1998 7:20 AM > To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org > Cc: Santosh Chokhani > Subject: RE: What the straw poll means > > At 08:48 PM 9/2/98 -0400, Santosh Chokhani wrote: > <snip> > >The way I look at the difference between the two options is that if > >n=n1+n2 certificates are issued to a CA, option 1 says CA puts n1 in > one > >bucket and n2 in another. Option 2 says put n in one bucket and n1 > in > >another. When you retrieve the two buckets (which you must for path > >development efficiency), option 2 gives you n+n1 certificates and > option > >1 gives you exactly all n. > > I tried to point out before that this is not the whole picture. > > The CA is dealing with n CA certificates n=n1+n2+n3+n4 of the form: > n1 = intra domain issued to other CA:s > n2 = intra domain issued by other CA:s to this CA > n3 = inter domain issued to other CA:s > n4 = inter domain issued by other CA:s to this CA > > Option 1 stores only n2+n3+n4 > (n2 in one bucket and n3+n4 in the other.) > > Option 2 stores n1+2(n2)+n3+n4 > (n2 in one bucket and n1+n2+n3+n4) in the other) > > As you see, n1 is left out of option 1 (according to text) > You said then that it is not forbidden to store n1 (in option 1) > in the cross certificate pair. I guess then that option 1 should > changed- > > from: > Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, > may contain certificates issued by this CA to CAs in other domains. > > to: > Optionally, the reverse element of the > crossCertificatePair attribute, held in a particular CA's directory > entry, > may contain certificates issued by this CA to other CAs. > > So if this is correct then what we are fighting about is only whether > we > should duplicate n2 (out of n1,n2,n3 and n4). To me it sounds > reasonable to > have the complete set of n1+n2+n3+n4 in one bucket and the n2 in the > cACertificate attribute as a specific information for those who wants > to > have the CA:s guidance to define the inter domain subgroup. And since > this > guidance by the CA may be useful in many situations, I consider option > 2 as > the perfect compromise. > > /Stefan > > > > > > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systemsäkerhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malmö Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA04107 for ietf-pkix-bks; Fri, 4 Sep 1998 04:21:09 -0700 (PDT) Received: from woozle.isode.com (woozle.isode.com [193.133.227.19]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA04103 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 04:21:07 -0700 (PDT) Received: from isode.com (actually dougal.isode.com) by woozle.isode.com (local) with ESMTP; Fri, 4 Sep 1998 12:24:48 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Denis.Pinkas@bull.net cc: Sharon Boeyen <sharon.boeyen@entrust.com>, ietf-pkix@imc.org, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: Re: What the straw poll means In-reply-to: Your message of "Fri, 04 Sep 1998 10:03:20 PDT." <35F01D58.786A@bull.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 04 Sep 1998 12:24:47 +0100 Message-ID: <18589.904908287@isode.com> From: David Boyce <D.Boyce@isode.com> Sender: owner-ietf-pkix@imc.org Precedence: bulk Denis, Your comments are helpful in pointing out flaws in the expression of the two options, although these aren't at the heart of the debate. I have included a suggested text for the relevant part of Option 1 below. It seems to me that similar adjustments would need to be made to the Option 2 text. As for the relative merits of options 1 and 2 from a functional point of view, I am still taking time to listen and consider. I wish there was more information about the installed base requiring option 2. Denis Pinkas writes: >Let me take a look at option 1 and say why it is not acceptable ... >because it imposes a model of trust that is too specific. Would you say that the modified text I suggest below imposes the same constraint? In other words, is your concern simply a matter of the expression of option 1? >PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: >OPTION 1: >---------------- [snip] >The forward element of the crossCertificatePair attribute, held in a >particular CA's directory entry, shall be used to store certificates >issued to this CA by CAs in other domains. > > I have a problem here. Cross certification does not mean mutual > cross certification. A CA can cross-certify another CA without > any knowledge from the CA being cross certified. Even if the CA > got the knowledge of it, that CA would not like to place that > certificate in that entry. Let us pick an example: a CA from > the Banana Republic of Baracuda is providing a certificate for > the NIST. I do not think that the NIST will necessarilly place > that certificate in his entry. >Optionally, the reverse element of the crossCertificatePair attribute, >held in a particular CA's directory entry, may contain certificates >issued by this CA to CAs in other domains. > > I have a problem here with the word "Optionally" : if the > previous element is not there, then I cannot place an element > here. This means that if CA 1 wants to recognize CA 2, > then CA 2 MUST also recognize CA 1. This mandates mutual cross > certification. I do not think that we have ever mandated > *mutual* cross certification in PKIX-1. I think your concern might be better directed towards the absence of the word 'optionally' in the 'forward element' description, rather than its presence here. X.509 allows both the forward and reverse elements of crossCertificatePair to be OPTIONAL, the stipulation being that at least one is present. A suggested text for this part of OPTION 1 might be: "Values of the Attribute type crossCertificatePair, if present in a particular CA's directory entry, shall have at least one of the optional forward and reverse elements present. When the forward element is present, it shall contain a certificate issued to this CA by a different CA in another domain. When the reverse element is present, it shall contain a certificate issued by this CA to a different CA in another domain. When both elements are present in the same value, the value shall represent a mutual cross-certification of the two CAs. [perhaps add further statements about compatibility of cross certification here? (e.g. key usage; should the certificates mutually verify each other (probably shouldn't be required)?)]" The statement about mutual cross-certification is the primary addition here. It is an attempt to clarify the meaning when both elements are present, while leaving room for certificates which, although apparently representing a mutual cross-certification, represent certificates in opposite directions which have different policies, key usages, etc. Does it need to state explicitly that crossCertificatePair is a multi-valued attribute? This text could of course be adapted for OPTION 2. > > Thus OPTION 1 is NOT acceptable and this has nothing to do with > performance or path development. I think this is not a fundamental flaw of OPTION 1, just an imprecision of expression. > >In the case of V3 certificates, none of the above CA certificates may >include a basicConstraints extension with the cA value set to FALSE. > >The definition of domain is purely a matter of local policy. David -- David Boyce Tel: +44 181 332 9091 Richmond, Surrey, ENGLAND I'net: d.boyce@isode.com Isode's WWW: http://www.isode.com/ X.400: I=d;S=boyce;P=isode;A=mailnet;C=fi; Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA04089 for ietf-pkix-bks; Fri, 4 Sep 1998 04:17:27 -0700 (PDT) Received: from maila.telia.com (root@maila.telia.com [194.236.189.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA04085 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 04:17:24 -0700 (PDT) Received: from stefans (t3o68p109.telia.com [62.20.139.109]) by maila.telia.com (8.8.8/8.8.8) with SMTP id NAA11442; Fri, 4 Sep 1998 13:22:05 +0200 (CEST) Message-Id: <3.0.32.19980904131911.0096c830@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 04 Sep 1998 13:19:51 +0200 To: Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org From: Stefan Santesson <stefan@accurata.se> Subject: RE: What the straw poll means Cc: Santosh Chokhani <chokhani@cygnacom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA04086 Sender: owner-ietf-pkix@imc.org Precedence: bulk At 08:48 PM 9/2/98 -0400, Santosh Chokhani wrote: <snip> >The way I look at the difference between the two options is that if >n=n1+n2 certificates are issued to a CA, option 1 says CA puts n1 in one >bucket and n2 in another. Option 2 says put n in one bucket and n1 in >another. When you retrieve the two buckets (which you must for path >development efficiency), option 2 gives you n+n1 certificates and option >1 gives you exactly all n. I tried to point out before that this is not the whole picture. The CA is dealing with n CA certificates n=n1+n2+n3+n4 of the form: n1 = intra domain issued to other CA:s n2 = intra domain issued by other CA:s to this CA n3 = inter domain issued to other CA:s n4 = inter domain issued by other CA:s to this CA Option 1 stores only n2+n3+n4 (n2 in one bucket and n3+n4 in the other.) Option 2 stores n1+2(n2)+n3+n4 (n2 in one bucket and n1+n2+n3+n4) in the other) As you see, n1 is left out of option 1 (according to text) You said then that it is not forbidden to store n1 (in option 1) in the cross certificate pair. I guess then that option 1 should changed- from: Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to CAs in other domains. to: Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to other CAs. So if this is correct then what we are fighting about is only whether we should duplicate n2 (out of n1,n2,n3 and n4). To me it sounds reasonable to have the complete set of n1+n2+n3+n4 in one bucket and the n2 in the cACertificate attribute as a specific information for those who wants to have the CA:s guidance to define the inter domain subgroup. And since this guidance by the CA may be useful in many situations, I consider option 2 as the perfect compromise. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA02805 for ietf-pkix-bks; Fri, 4 Sep 1998 03:18:52 -0700 (PDT) Received: from maila.telia.com (root@maila.telia.com [194.236.189.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA02801 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 03:18:50 -0700 (PDT) Received: from stefans (t4o68p88.telia.com [62.20.139.208]) by maila.telia.com (8.8.8/8.8.8) with SMTP id MAA14602; Fri, 4 Sep 1998 12:22:18 +0200 (CEST) Message-Id: <3.0.32.19980904120824.00a06300@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 04 Sep 1998 12:20:04 +0200 To: "Bob Jueneman" <BJUENEMAN@novell.com>, <aram@apple.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Digital signature and non-repudiation key usage bits Cc: <ietf-pkix@imc.org> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id DAA02802 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Bob, At 06:42 PM 9/2/98 -0600, Bob Jueneman wrote: <snip> >>I suggest that we stick to the standardized definitions of the key usage >>bits and leave >>policy issues out of a common certificate profile. > >If there were any sense of the community as to what these definitions really >mean, or ought to mean, we would probably not be having this discussion. >Otherwise I would agree with you. >> >>non-repudiation is according to standard selected by the NR bit, not NR in >>combination with DS bit. Inclusion of the DS bit means that DS mechanisms >>other than non-repudiation are allowed for the key. > >I believe that is exactly the issue. Are you suggesting that NR plus DS should not >be allowed? Why? No I do not. I do suggest that such decision is up to local policy. But there will be some policies where this combination will not be allowed, but I think you agree to that. The important thing is that I suggest that the NR bit and DS bit has separate meaning and that they should be set independently to specify DS, NR or both. The vague definition of the NR bit is a problem, I agree to that. If I were to define some distinguishing property of the NR bit that would be: Non repudiation denotes services constructed in such way that: 1) The signature provides proof of the integrity and origin of data - both in an unforgeable relationship - which can be verified by any third party at any time.[X.509 / ISO 9594-8] 2) The signature is applied to a message where the signatory is capable of, and required to, accept responsibility for the message content before signing. 3) The signatory's liability for signing the message can be concluded from the signed message itself, possibly within a well known and agreed context that can be verified by any third party at any time. This definitions rules out any signed logon ticket or other data authentication mechanisms where the signature says "this message wasn't changed" instead of "I take full responsibility for the message content". But since this is not defined by the bit (which I regret) the way to go will be for the CA to include this in it's published certificate policy. I can't see any other way for now when utilizing the existing standard. I would not object though to a defect report to get this into the standard. In the new proposed work item, however, regaring a profile for non-repudiation certificates supporting legal acceptance of digital signatures I will try to get this definition in. Would you support it? /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA29009 for ietf-pkix-bks; Fri, 4 Sep 1998 02:49:39 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA29005 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 02:49:37 -0700 (PDT) From: John_Wray@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090405534560:1457 for <ietf-pkix@imc.org> ; Fri, 4 Sep 1998 05:53:45 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090405534560:1457 for <ietf-pkix@imc.org> ; Fri, 4 Sep 1998 05:53:45 -0400 X-Lotus-FromDomain: IRIS Message-ID: <85256675.00368158.00@arista.iris.com> Date: Fri, 4 Sep 1998 05:56:52 -0400 Mime-Version: 1.0 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Content-type: multipart/mixed; Boundary="0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5" Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk --0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Dave Horvath <dave@chromatix.com> writes: >> The difference between the two options is primarily storage efficiency vs. >> retrieval efficiency. Both options divide a CAs certs into two piles. >> Option 1 has pile A containing only intra-domain certs, and pile B >> containing only inter-domain certs; option 2 has pile A containing only >> intra-domain certs and pite B containing all certs. Which option is >> superior depends on two things: >> >>... >> >> Having the target CA divide its certificates between two places within the >> directory is no help to this verifier. All it does it force the verifier >> to make two retrieval operations instead of the one that would be required >> by option 2. The verifier isn't really interested in whether a particular >> certificate comes from another CA from the same "domain" as the target's CA >> - if it cares about "domains" at all, what it would be interested in is if >> any certs come from the same domain as the verifier (or one of its trusted >> roots), not the target (and of course that's verifier-specific). > > John, the verifier does NOT have to invoke two retrieval operations. >The verifier simply reads the CA entry requesting both the cACertificate >attribute and the crossCertificatePair attribute in the same search/read >operation. All certificates are returned. The verifier can then decide >whether to explore inter-domain, intra-domain, both , none, whatever. >The verifier can lump them all together in the client application if >they like! The main advantage to option 1 is we don't store the >certificates twice which is a fundamental goal in all database >applications. IMHO it applies to repositories and public key >infrastructures also. There may not be two protocol actions across the wire, but it's definitely less work for the client to receive a single set of objects all of the same type, compared to the two sets of differently typed objects that option 1 requires it to retrieve. Under option 2, verifiers that don't care about the CAs ideas about domains can simply retrieve all the CAs certificates. Having the CA divide its certificates into two piles only adds complexity to the client's task. The only place where verifiers will care about which domain the CA thinks it's in, is if they think they (or one of their roots) are in the same domain. Only in that case is a verifier likely to decide to look first at the CAs intra-domain certs, and option 2 allows for this choice just as simply as does option 1. The cost of this in option 2 is the duplication of some certificates in the directory (we already have duplication in this area, unless the directory has some intelligence that will enable it to store cross-cert pairs only once and somehow place a reference to the shared object from both CA entries). But this duplication is at the discretion of the CA - if it doesn't think the benefits of storing hints for local verifiers are worthwhile, option 2 allows it to use _only_ the crossCertificate entry for all its certs. > The general algorithm we envision is for clients to first explore the >cACertificate attribute, then explore the crossCertificatePair >attribute. That way nothing will get missed. It's not an all or >nothing choice. It's an attempt to store the certificates once and to >group them to make logical decisions when exploring possibly complex >paths. But you can only make logical decisions when you have some data to work with. A CA has no idea when it's placing its certs in the directory about who is going to come look for them. Without knowing what domain the verifier is in, the CA can't hope to help it out. It can make a special-case optimization under either option for the case where the verifier is in the same domain as the CA (which is really the only time that either option offers any advantage over simply having a single entry into which all certs are placed). In summary, my contention is that very few verifiers will ever want to be bothered with "domains" (or at least, not with some foreign CA's idea of what a domain is). Of the two options under discussion, option 2 allows most verifiers to simply ignore the fact that a CA has chosen to issue unwanted hints, and just retrieve the certs it wants from a single place. The few verifiers that want to do something with a CA's hints can choose to do so under either option, but option 1 would force all client software to increase in complexity to gain that choice. Option 2 burdens only those clients that wish to exploit the hints. John --0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5 Content-type: application/octet-stream; name="$RFC822.eml" Content-Disposition: attachment; filename="$RFC822.eml" Content-transfer-encoding: base64 UmVjZWl2ZWQ6IGZyb20gYXJpc3RhLmlyaXMuY29tIChbOS45NS42NS4xNV0pDQogICAgICAgICAg YnkgZXBpYy5pcmlzLmNvbSAoTG90dXMgRG9taW5vIEJ1aWxkIDE2MSAoQmV0YSkpDQogICAgICAg ICAgd2l0aCBTTVRQIGlkIDE5OTgwOTAzMjIwMDAxNTk6MTQyOCANCiAgICAgICAgICBmb3IgPGRh dmVAY2hyb21hdGl4LmNvbT4gLA0KICAgICAgICAgICAgICA8aWV0Zi1wa2ljQGltYy5vcmc+IDsN CiAgICAgICAgICBUaHUsIDMgU2VwIDE5OTggMjI6MDA6MDEgLTA0MDAgDQpSZWNlaXZlZDogZnJv bSBhcmlzdGEuaXJpcy5jb20gKFs5Ljk1LjY1LjE1XSkNCiAgICAgICAgICBieSBlcGljLmlyaXMu Y29tIChMb3R1cyBEb21pbm8gQnVpbGQgMTYxIChCZXRhKSkNCiAgICAgICAgICB3aXRoIFNNVFAg aWQgMTk5ODA5MDMyMjAwMDE1OToxNDI4IA0KICAgICAgICAgIGZvciA8ZGF2ZUBjaHJvbWF0aXgu Y29tPiAsDQogICAgICAgICAgICAgIDxpZXRmLXBraWNAaW1jLm9yZz4gOw0KICAgICAgICAgIFRo dSwgMyBTZXAgMTk5OCAyMjowMDowMSAtMDQwMCANClgtTG90dXMtRnJvbURvbWFpbjogSVJJUw0K RnJvbTogSm9obl9XcmF5QGlyaXMuY29tDQpUbzogRGF2ZSBIb3J2YXRoIDxkYXZlQGNocm9tYXRp eC5jb20+DQpjYzogaWV0Zi1wa2ljQGltYy5vcmcNCk1lc3NhZ2UtSUQ6IDw4NTI1NjY3NS4wMDBC MjM1Ny4wMEBhcmlzdGEuaXJpcy5jb20+DQpEYXRlOiBUaHUsIDMgU2VwIDE5OTggMTk6NTY6MTQg LTA0MDANClN1YmplY3Q6IFJlOiBXaGF0IHRoZSBzdHJhdyBwb2xsIG1lYW5zDQpNaW1lLVZlcnNp b246IDEuMA0KeC1ub3Rlcy0kMjROb3RlSGFzTmF0aXZlTUlNRTogMQ0KeC1ub3Rlcy1TTVRQT3Jp Z2luYXRvcjogSm9obl9XcmF5QGlyaXMuY29tDQp4LW5vdGVzLSQyNFVwZGF0ZWRCeTogQ049RXBp Yy9PPUlyaXMNCngtbm90ZXMtUm91dGVTZXJ2ZXJzOiBDTj1FcGljL089SXJpcw0KeC1ub3Rlcy1N YWlsU2F2ZWRGb3JtOiBNZW1vDQp4LW5vdGVzLUZvcm06IE5vbkRlbGl2ZXJ5IFJlcG9ydA0KeC1u b3Rlcy1GYWlsdXJlUmVhc29uOiBFcnJvciB0cmFuc2ZlcnJpbmcgdG8gaW1jLm9yZzsgU01UUCBQ cm90b2NvbCBSZXR1cm5lZCBhIFBlcm1hbmVudCBFcnJvciA1NTAgPGlldGYtcGtpY0BpbWMub3Jn Pi4uLiBVc2VyIHVua25vd24NCngtbm90ZXMtSW50ZW5kZWRSZWNpcGllbnQ6IGlldGYtcGtpY0Bp bWMub3JnDQpDb250ZW50LXR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXMtYXNjaWkNCkNvbnRl bnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpEYXZlIEhvcnZhdGggPGRhdmVAY2hyb21hdGl4LmNv bT4gd3JpdGVzOg0KDQoNCj4+IFRoZSBkaWZmZXJlbmNlIGJldHdlZW4gdGhlIHR3byBvcHRpb25z IGlzIHByaW1hcmlseSBzdG9yYWdlIGVmZmljaWVuY3kNCnZzLg0KPj4gcmV0cmlldmFsIGVmZmlj aWVuY3kuICBCb3RoIG9wdGlvbnMgZGl2aWRlIGEgQ0FzIGNlcnRzIGludG8gdHdvIHBpbGVzLg0K Pj4gT3B0aW9uIDEgaGFzIHBpbGUgQSBjb250YWluaW5nIG9ubHkgaW50cmEtZG9tYWluIGNlcnRz LCBhbmQgcGlsZSBCDQo+PiBjb250YWluaW5nIG9ubHkgaW50ZXItZG9tYWluIGNlcnRzOyBvcHRp b24gMiBoYXMgcGlsZSBBIGNvbnRhaW5pbmcgb25seQ0KPj4gaW50cmEtZG9tYWluIGNlcnRzIGFu ZCBwaXRlIEIgY29udGFpbmluZyBhbGwgY2VydHMuICBXaGljaCBvcHRpb24gaXMNCj4+IHN1cGVy aW9yIGRlcGVuZHMgb24gdHdvIHRoaW5nczoNCj4+DQo+Pi4uLg0KPj4NCj4+IEhhdmluZyB0aGUg dGFyZ2V0IENBIGRpdmlkZSBpdHMgY2VydGlmaWNhdGVzIGJldHdlZW4gdHdvIHBsYWNlcyB3aXRo aW4NCnRoZQ0KPj4gZGlyZWN0b3J5IGlzIG5vIGhlbHAgdG8gdGhpcyB2ZXJpZmllci4gIEFsbCBp dCBkb2VzIGl0IGZvcmNlIHRoZQ0KdmVyaWZpZXINCj4+IHRvIG1ha2UgdHdvIHJldHJpZXZhbCBv cGVyYXRpb25zIGluc3RlYWQgb2YgdGhlIG9uZSB0aGF0IHdvdWxkIGJlDQpyZXF1aXJlZA0KPj4g Ynkgb3B0aW9uIDIuICBUaGUgdmVyaWZpZXIgaXNuJ3QgcmVhbGx5IGludGVyZXN0ZWQgaW4gd2hl dGhlciBhDQpwYXJ0aWN1bGFyDQo+PiBjZXJ0aWZpY2F0ZSBjb21lcyBmcm9tIGFub3RoZXIgQ0Eg ZnJvbSB0aGUgc2FtZSAiZG9tYWluIiBhcyB0aGUgdGFyZ2V0J3MNCkNBDQo+PiAtIGlmIGl0IGNh cmVzIGFib3V0ICJkb21haW5zIiBhdCBhbGwsIHdoYXQgaXQgd291bGQgYmUgaW50ZXJlc3RlZCBp biBpcw0KaWYNCj4+IGFueSBjZXJ0cyBjb21lIGZyb20gdGhlIHNhbWUgZG9tYWluIGFzIHRoZSB2 ZXJpZmllciAob3Igb25lIG9mIGl0cw0KdHJ1c3RlZA0KPj4gcm9vdHMpLCBub3QgdGhlIHRhcmdl dCAoYW5kIG9mIGNvdXJzZSB0aGF0J3MgdmVyaWZpZXItc3BlY2lmaWMpLg0KPg0KPiAgICBKb2hu LCAgdGhlIHZlcmlmaWVyIGRvZXMgTk9UIGhhdmUgdG8gaW52b2tlIHR3byByZXRyaWV2YWwgb3Bl cmF0aW9ucy4NCj5UaGUgdmVyaWZpZXIgc2ltcGx5IHJlYWRzIHRoZSBDQSBlbnRyeSByZXF1ZXN0 aW5nIGJvdGggdGhlIGNBQ2VydGlmaWNhdGUNCj5hdHRyaWJ1dGUgYW5kIHRoZSBjcm9zc0NlcnRp ZmljYXRlUGFpciBhdHRyaWJ1dGUgaW4gdGhlIHNhbWUgc2VhcmNoL3JlYWQNCj5vcGVyYXRpb24u ICBBbGwgY2VydGlmaWNhdGVzIGFyZSByZXR1cm5lZC4gIFRoZSB2ZXJpZmllciBjYW4gdGhlbiBk ZWNpZGUNCj53aGV0aGVyIHRvIGV4cGxvcmUgaW50ZXItZG9tYWluLCBpbnRyYS1kb21haW4sIGJv dGggLCBub25lLCB3aGF0ZXZlci4NCj5UaGUgdmVyaWZpZXIgY2FuIGx1bXAgdGhlbSBhbGwgdG9n ZXRoZXIgaW4gdGhlIGNsaWVudCBhcHBsaWNhdGlvbiBpZg0KPnRoZXkgbGlrZSEgIFRoZSBtYWlu IGFkdmFudGFnZSB0byBvcHRpb24gMSBpcyB3ZSBkb24ndCBzdG9yZSB0aGUNCj5jZXJ0aWZpY2F0 ZXMgdHdpY2Ugd2hpY2ggaXMgIGEgZnVuZGFtZW50YWwgZ29hbCBpbiBhbGwgZGF0YWJhc2UNCj5h cHBsaWNhdGlvbnMuICAgSU1ITyBpdCBhcHBsaWVzIHRvIHJlcG9zaXRvcmllcyBhbmQgcHVibGlj IGtleQ0KPmluZnJhc3RydWN0dXJlcyBhbHNvLg0KDQpUaGVyZSBtYXkgbm90IGJlIHR3byBwcm90 b2NvbCBhY3Rpb25zIGFjcm9zcyB0aGUgd2lyZSwgYnV0IGl0J3MgZGVmaW5pdGVseQ0KbGVzcyB3 b3JrIGZvciB0aGUgY2xpZW50IHRvIHJlY2VpdmUgYSBzaW5nbGUgc2V0IG9mIG9iamVjdHMgYWxs IG9mIHRoZSBzYW1lDQp0eXBlLCBjb21wYXJlZCB0byB0aGUgdHdvIHNldHMgb2YgZGlmZmVyZW50 bHkgdHlwZWQgb2JqZWN0cyB0aGF0IG9wdGlvbiAxDQpyZXF1aXJlcyBpdCB0byByZXRyaWV2ZS4g IFVuZGVyIG9wdGlvbiAyLCB2ZXJpZmllcnMgdGhhdCBkb24ndCBjYXJlIGFib3V0DQp0aGUgQ0Fz IGlkZWFzIGFib3V0IGRvbWFpbnMgY2FuIHNpbXBseSByZXRyaWV2ZSBhbGwgdGhlIENBcyBjZXJ0 aWZpY2F0ZXMuDQpIYXZpbmcgdGhlIENBIGRpdmlkZSBpdHMgY2VydGlmaWNhdGVzIGludG8gdHdv IHBpbGVzIG9ubHkgYWRkcyBjb21wbGV4aXR5DQp0byB0aGUgY2xpZW50J3MgdGFzay4NCg0KVGhl IG9ubHkgcGxhY2Ugd2hlcmUgdmVyaWZpZXJzIHdpbGwgY2FyZSBhYm91dCB3aGljaCBkb21haW4g dGhlIENBIHRoaW5rcw0KaXQncyBpbiwgaXMgaWYgdGhleSB0aGluayB0aGV5IChvciBvbmUgb2Yg dGhlaXIgcm9vdHMpIGFyZSBpbiB0aGUgc2FtZQ0KZG9tYWluLiAgT25seSBpbiB0aGF0IGNhc2Ug aXMgYSB2ZXJpZmllciBsaWtlbHkgdG8gZGVjaWRlIHRvIGxvb2sgZmlyc3QgYXQNCnRoZSBDQXMg aW50cmEtZG9tYWluIGNlcnRzLCBhbmQgb3B0aW9uIDIgYWxsb3dzIGZvciB0aGlzIGNob2ljZSBq dXN0IGFzDQpzaW1wbHkgYXMgZG9lcyBvcHRpb24gMS4NCg0KVGhlIGNvc3Qgb2YgdGhpcyBpbiBv cHRpb24gMiBpcyB0aGUgZHVwbGljYXRpb24gb2Ygc29tZSBjZXJ0aWZpY2F0ZXMgaW4gdGhlDQpk aXJlY3RvcnkgKHdlIGFscmVhZHkgaGF2ZSBkdXBsaWNhdGlvbiBpbiB0aGlzIGFyZWEsIHVubGVz cyB0aGUgZGlyZWN0b3J5DQpoYXMgc29tZSBpbnRlbGxpZ2VuY2UgdGhhdCB3aWxsIGVuYWJsZSBp dCB0byBzdG9yZSBjcm9zcy1jZXJ0IHBhaXJzIG9ubHkNCm9uY2UgYW5kIHNvbWVob3cgcGxhY2Ug YSByZWZlcmVuY2UgdG8gdGhlIHNoYXJlZCBvYmplY3QgZnJvbSBib3RoIENBDQplbnRyaWVzKS4g IEJ1dCB0aGlzIGR1cGxpY2F0aW9uIGlzIGF0IHRoZSBkaXNjcmV0aW9uIG9mIHRoZSBDQSAtIGlm IGl0DQpkb2Vzbid0IHRoaW5rIHRoZSBiZW5lZml0cyBvZiBzdG9yaW5nIGhpbnRzIGZvciBsb2Nh bCB2ZXJpZmllcnMgYXJlDQp3b3J0aHdoaWxlLCBvcHRpb24gMiBhbGxvd3MgaXQgdG8gdXNlIF9v bmx5XyB0aGUgY3Jvc3NDZXJ0aWZpY2F0ZSBlbnRyeSBmb3INCmFsbCBpdHMgY2VydHMuDQoNCj4g ICAgVGhlIGdlbmVyYWwgYWxnb3JpdGhtIHdlIGVudmlzaW9uIGlzIGZvciBjbGllbnRzIHRvIGZp cnN0IGV4cGxvcmUgdGhlDQo+Y0FDZXJ0aWZpY2F0ZSBhdHRyaWJ1dGUsIHRoZW4gZXhwbG9yZSB0 aGUgY3Jvc3NDZXJ0aWZpY2F0ZVBhaXINCj5hdHRyaWJ1dGUuICAgVGhhdCB3YXkgbm90aGluZyB3 aWxsIGdldCBtaXNzZWQuICBJdCdzIG5vdCBhbiBhbGwgb3INCj5ub3RoaW5nIGNob2ljZS4gIEl0 J3MgYW4gYXR0ZW1wdCB0byBzdG9yZSB0aGUgY2VydGlmaWNhdGVzIG9uY2UgYW5kIHRvDQo+Z3Jv dXAgdGhlbSB0byBtYWtlIGxvZ2ljYWwgZGVjaXNpb25zIHdoZW4gZXhwbG9yaW5nIHBvc3NpYmx5 IGNvbXBsZXgNCj5wYXRocy4NCg0KQnV0IHlvdSBjYW4gb25seSBtYWtlIGxvZ2ljYWwgZGVjaXNp b25zIHdoZW4geW91IGhhdmUgc29tZSBkYXRhIHRvIHdvcmsNCndpdGguICBBIENBIGhhcyBubyBp ZGVhIHdoZW4gaXQncyBwbGFjaW5nIGl0cyBjZXJ0cyBpbiB0aGUgZGlyZWN0b3J5IGFib3V0DQp3 aG8gaXMgZ29pbmcgdG8gY29tZSBsb29rIGZvciB0aGVtLiAgV2l0aG91dCBrbm93aW5nIHdoYXQg ZG9tYWluIHRoZQ0KdmVyaWZpZXIgaXMgaW4sIHRoZSBDQSBjYW4ndCBob3BlIHRvIGhlbHAgaXQg b3V0LiAgSXQgY2FuIG1ha2UgYQ0Kc3BlY2lhbC1jYXNlIG9wdGltaXphdGlvbiB1bmRlciBlaXRo ZXIgb3B0aW9uIGZvciB0aGUgY2FzZSB3aGVyZSB0aGUNCnZlcmlmaWVyIGlzIGluIHRoZSBzYW1l IGRvbWFpbiBhcyB0aGUgQ0EgICh3aGljaCBpcyByZWFsbHkgdGhlIG9ubHkgdGltZQ0KdGhhdCBl aXRoZXIgb3B0aW9uIG9mZmVycyBhbnkgYWR2YW50YWdlIG92ZXIgc2ltcGx5IGhhdmluZyBhIHNp bmdsZSBlbnRyeQ0KaW50byB3aGljaCBhbGwgY2VydHMgYXJlIHBsYWNlZCkuDQoNCg0KDQpJbiBz dW1tYXJ5LCBteSBjb250ZW50aW9uIGlzIHRoYXQgdmVyeSBmZXcgdmVyaWZpZXJzIHdpbGwgZXZl ciB3YW50IHRvIGJlDQpib3RoZXJlZCB3aXRoICJkb21haW5zIiAob3IgYXQgbGVhc3QsIG5vdCB3 aXRoIHNvbWUgZm9yZWlnbiBDQSdzIGlkZWEgb2YNCndoYXQgYSBkb21haW4gaXMpLiAgT2YgdGhl IHR3byBvcHRpb25zIHVuZGVyIGRpc2N1c3Npb24sIG9wdGlvbiAyIGFsbG93cw0KbW9zdCB2ZXJp ZmllcnMgdG8gc2ltcGx5IGlnbm9yZSB0aGUgZmFjdCB0aGF0IGEgQ0EgaGFzIGNob3NlbiB0byBp c3N1ZQ0KdW53YW50ZWQgaGludHMsIGFuZCBqdXN0IHJldHJpZXZlIHRoZSBjZXJ0cyBpdCB3YW50 cyBmcm9tIGEgc2luZ2xlIHBsYWNlLg0KVGhlIGZldyB2ZXJpZmllcnMgdGhhdCB3YW50IHRvIGRv IHNvbWV0aGluZyB3aXRoIGEgQ0EncyBoaW50cyBjYW4gY2hvb3NlIHRvDQpkbyBzbyB1bmRlciBl aXRoZXIgb3B0aW9uLCBidXQgb3B0aW9uIDEgd291bGQgZm9yY2UgYWxsIGNsaWVudCBzb2Z0d2Fy ZSB0bw0KaW5jcmVhc2UgaW4gY29tcGxleGl0eSB0byBnYWluIHRoYXQgY2hvaWNlLiAgT3B0aW9u IDIgYnVyZGVucyBvbmx5IHRob3NlDQpjbGllbnRzIHRoYXQgd2lzaCB0byBleHBsb2l0IHRoZSBo aW50cy4NCg0KDQpKb2huDQoNCg0KDQo= --0__=A7IrhvJHO6YHC08EJcBLPZrtEp3yZTZgRtvF2nXuh7jtqQezTMfX2cl5-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA23308 for ietf-pkix-bks; Fri, 4 Sep 1998 01:26:28 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA23296 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 01:26:25 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA25196; Fri, 4 Sep 1998 10:32:57 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id KAA16302; Fri, 4 Sep 1998 10:32:58 +0200 (DFT) Message-ID: <35F02427.289B@bull.net> Date: Fri, 04 Sep 1998 10:32:23 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Robert Zuccherato <robertz@entrust.com>, IETF-PXIX <ietf-pkix@imc.org> Subject: TemporalData (Time Stamp Protocol) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Robert, In order to facilitate the implementation (and therefore acceptance) of the Time Stamp Protocol draft, (draft-adams-time-stamp-02.txt) I think we should provide the ASN.1 material in the 1988 syntax [since only a few implementers have access to an updated 1994 ASN.1 compiler]. [Stephen Farrell just made the same request yesterday]. NB: [CCP] provides both 1988 and 1994 syntaxes and states that 1988 syntax takes precedence in case of conflict. Only one adjustment need to be made for that draft : the TemporalData definition should be changed from : TemporalData ::= SEQUENCE { format TEMPORALDATACLASS.&id, --objid rawdata TEMPORALDATACLASS.&Type --open type } TEMPORALDATACLASS ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Type } WITH SYNTAX { &Type IDENTIFIED BY &id } to : TemporalData ::= SEQUENCE { format OBJECT IDENTIFIER, rawdata ANY DEFINED BY format } (Please forgive me if I translated the 1994 ASN.1 syntax in a wrong way since I'm not an ASN.1 fan or expert. :-) Denis -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA22177 for ietf-pkix-bks; Fri, 4 Sep 1998 01:17:11 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA22167 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 01:17:09 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA13628; Fri, 4 Sep 1998 10:23:38 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id KAA05764; Fri, 4 Sep 1998 10:23:39 +0200 (DFT) Message-ID: <35F021F7.1FDE@bull.net> Date: Fri, 04 Sep 1998 10:23:03 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Carlisle Adams <carlisle.adams@entrust.com> CC: ietf-pkix@imc.org Subject: Re: Let's try to understand the real issue (was... RE: What the straw poll means) References: <98Sep3.203112gmt+0100.6799@gateway.r3.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Carlisle, (...) I follow and fully support your argumentation. I came to the same conclusions. IN ADDITION, neither of OPTION 1 or OPTION 2, as written, is acceptable for reasons which have nothing to do with duplication or location of information. These reasons are indicated in a separate E-mail and are related to mandating *mutual* cross certification (OPTION 1) or forbiding the forward element of a certificate pair (i.e. certificates issued for this CA by other CAs), if the reverse element is not present (OPTION 2). This is why the only acceptable choice for the time is OPTION 0, i.e. the original text. I would ask the chairs to : 1) look at the arguments raised about *mutual* cross certification and unilateral cross certification, 2) reconsider the vote and extend it to OPTION 0, i.e. the current text. A straw poll is not a coin toss, otherwise I would have already answered. :-) > The claimed advantage of option 1 is that this retrieval gets me > certificates that are sorted into "intra-domain" and "inter-domain", > which can help in efficient path construction. Let's think about this > for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY > TRUSTED BY ME (because if it was directly trusted by me, I would > already have a trusted copy of its public key and would not need > certificates in which it was the subject). If it is not directly > trusted by me, then why would I necessarily trust it to do this sorting > in a way that is beneficial to my path construction needs? How does it > know what *my* definition of "domain" is? How does it know whether most > of my certificate validations will be "intra" its definition of domain > or "inter" its definition of domain? > If this CA's definition of domain and my definition of domain do not > coincide exactly (and why should they, since in general this CA and I > have no pre-established relationship?), then this sorting performed by > the CA is not merely useless to me, it is actually an explicit > disadvantage (because the proponents of option 1 are recommending that > all the intra-domain certificates be examined *before* the inter-domain > certificates are examined, leading to worst-case path-construction times > for what may turn out to be a common scenario). > Relying parties know what certificates they will be validating most > often, depending upon what particular activity they are engaged in at > the moment. THAT defines the relying parties' "intra" and "inter" > domains. CAs in the middle of a cert. path cannot possibly know this, > in general, so having THEM define a domain and sort certificates > according to that definition is really meaningless. > Note that there will be special circumstances in which one definition of > domain will be understood throughout a given environment (e.g., the > strict hierarchy of CAs has been cited in previous posts on this topic). > In such cases there is a clear efficiency advantage to be gained in path > construction. This is why option 2 is the perfect compromise: for such > environments relying parties need only retrieve the n1 < n certificates > that they *know* will be useful to them. Option 2 therefore meets the > needs of the general case as well as the special case, while > simultaneously guaranteeing interoperability of two installed bases > which would otherwise have no hope of interoperating today. > The price of this panacea? A few redundant certificates in the > Directory. Is it really worth sacrificing the general- (and perhaps > common-) case scenario, as well as interoperability, in order to save a > few certificates and satisfy a particular special-case? I haven't yet > heard any convincing arguments... Neither do I ... Denis > Carlisle. -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA21703 for ietf-pkix-bks; Fri, 4 Sep 1998 01:05:24 -0700 (PDT) Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.1.20]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id AAA21551 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 00:59:48 -0700 (PDT) Received: from k2.frcl.bull.fr (k2.frcl.bull.fr [129.182.100.2]) by clbull.frcl.bull.fr (8.8.2/8.8.2) with ESMTP id KAA12425; Fri, 4 Sep 1998 10:03:56 +0200 Received: from dese22.frcl.bull.fr (cloe198.frcl.bull.fr [129.182.109.213]) by k2.frcl.bull.fr (AIX4.2/UCB 8.7/8.7) with SMTP id KAA22052; Fri, 4 Sep 1998 10:03:56 +0200 (DFT) Message-ID: <35F01D58.786A@bull.net> Date: Fri, 04 Sep 1998 10:03:20 -0700 From: Denis Pinkas <Denis.Pinkas@bull.net> Reply-To: Denis.Pinkas@bull.net Organization: Bull X-Mailer: Mozilla 3.01 [fr] (Win16; I) MIME-Version: 1.0 To: Sharon Boeyen <sharon.boeyen@entrust.com> CC: ietf-pkix@imc.org, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: Re: What the straw poll means References: <98Sep3.134059gmt+0100.6803@gateway.r3.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Sharon, > The "two buckets" is exactly what I was trying to avoid in the > earlier debate on this topic, however I believe that the single > bucket option was rejected in the Chicago meeting. It was a pity that you could not attend the Chicago meeting. "rejected" may be a strong word. During the straw poll, I did not raised my hand for any of the three options for the following good reasons: 1) I had three weeks of holidays one week ahead of the meeting, :-) 2) When I came back, I had 470 E-mails waiting for me, 3) I completely skipped the thread on the LDAP schema, :-( As a result I could not understand from the discussion what the topic was and so I abstained. I would guess that I was not the single one in that position. There was some support for it anyway, so I do not understand why the straw poll is not on the three options but instead only on two options. > The single bucket option is the > text which is currently in the Internet Draft. With that text, > all self signed (or self issued certificates) were to be placed > in the cACertificate attribute and all certificates issued by > one CA to a different CA were put in the crossCertificatePair > attribute. This was pretty nice and simple ! If I were to open the bunch of messages, maybe I could understand why this is not acceptable. > Depending on the particular path development algorithm being > used by a relying party, directory search tools, especially > when we evolve to LDAPv3 could be used to filter the content > of the forward and or reverse elements of that SINGLE attribute > and provide the relying party with the set of certificates of > interest to that particular relying party. Indeed. > I still believe that this is the best solution because the relying > party systems are the ones that know which certs are of interest > to them, I agree with you. > not the CA that happened to issue the certs, especially in the > post PEM world where any CA could legitimately have certs issued > for it by several CAs. > My strong support for Option 2 in the straw poll is because > the above was rejected by the meeting and I see Option 2 as > a workable compromise ONLY because there is a complete set of > certs in a single attribute and relying parties can do what is > of interest to them without knowing the definition of domain > which each individual CA happens to use. For self contained > environments wanting to make use of a CA or set of CAs certs > issued within some locally defined domain, this is still possible. Let me take a look at option 1 and say why it is not acceptable ... because it imposes a model of trust that is too specific. General comment: The notion of "domain" has never been introduced before and since the understanding of a domain is "purely a matter of local policy" there is no chance that the requester understands what it means - unless we are in a close environment. I believe that this feature is being introduced to be used in close environments for some "good" reasons. The text should explain these "good" reasons otherwise readers of the document will ignore for ever the rational. PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: OPTION 1: ---------------- The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. When the notion of domain does not exists, then this will be empty. In addition, the cACertificate attribute shall be used to store self-issued certificates. This is fine. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. I have a problem here. Cross certification does not mean mutual cross certification. A CA can cross-certify another CA without any knowledge from the CA being cross certified. Even if the CA got the knowledge of it, that CA would not like to place that certificate in that entry. Let us pick an example: a CA from the Banana Republic of Baracuda is providing a certificate for the NIST. I do not think that the NIST will necessarilly place that certificate in his entry. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to CAs in other domains. I have a problem here with the word "Optionally" : if the previous element is not there, then I cannot place an element here. This means that if CA 1 wants to recognize CA 2, then CA 2 MUST also recognize CA 1. This mandates mutual cross certification. I do not think that we have ever mandated *mutual* cross certification in PKIX-1. Thus OPTION 1 is NOT acceptable and this has nothing to do with performance or path development. In the case of V3 certificates, none of the above CA certificates may include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. OPTION 2: ------------- The crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued by this CA to other CAs, as well as certificates issued for this CA by other CAs. Values held in the forward element are certificates issued for this CA by other CAs, while values in the reverse element are certificates issued by this CA for other CAs. I would interpret the text as mandating to store the reverse element and optionally the forward element. I would instead allow to store only the forward element, only the reverse element or both. Hence the OPTION 2 is NOT acceptable either and this has nothing to do with performance or path development. The text should be corrected and be something like: The crossCertificatePair attribute, held in a particular CA's directory entry, may be used to store certificates issued by this CA to other CAs, as well as certificates issued for this CA by other CAs. Values held in the forward element are certificates issued for this CA by other CAs, while values in the reverse ele- ment are certificates issued by this CA for other CAs. Either cer- tificate, if present, may be used in building certificate paths for validation and may be published in the directory entries of either CA or both. ... which is exactly what is in the original text ! The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. This set of certificates is a subset of the values of the forward element of the crossCertificatePair attribute in the same CA entry. In addition, the cACertificate attribute shall beused to store self-issued certificates. When there are no domains, and IF the text was corrected as indicated hereabove (i.e. back to the text of the original version) then we would be "compatible" with the previous text, but this is not the case. Did I understood correctly ? I believe that there are "good" resons to introduce the notion of "domain". Are these "good reasons" technical or commercial ? If they are technical then they SHALL be written in the document. But what about if they are "commercial" ? For the time being, I can only vote for OPTION 0 (i.e. the original text) ! Denis -- Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87 78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id XAA12924 for ietf-pkix-bks; Thu, 3 Sep 1998 23:12:31 -0700 (PDT) Received: from fw.ssb.it (fw.ssb.it [192.106.128.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id XAA12918 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 23:12:29 -0700 (PDT) Received: from notesmail.ssb.it (domino.ssb.it [192.168.19.5]) by ns.ssb.it (8.8.5/8.7.3) with SMTP id KAA02099 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 10:14:03 +0200 (CEST) Received: by notesmail.ssb.it(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id C1256675.00231CDF ; Fri, 4 Sep 1998 08:23:31 +0200 X-Lotus-FromDomain: SSB From: "Andrea Sansone" <Sansone@ssb.it> To: ietf-pkix@imc.org Message-ID: <C1256675.0022D4B0.00@notesmail.ssb.it> Date: Fri, 4 Sep 1998 08:21:29 +0200 Subject: for option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA12415 for ietf-pkix-bks; Thu, 3 Sep 1998 21:21:59 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA12411 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 21:21:52 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <R8ZDT79L>; Fri, 4 Sep 1998 14:22:19 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC05D489@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Frank O'Dwyer'" <fod@brd.ie>, Dave Horvath <dave@chromatix.com> Cc: ietf-pkix@imc.org Subject: RE: path development complexity (was Re: What the straw poll mean s) Date: Fri, 4 Sep 1998 14:22:16 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I have a few views in that certs must be supported by mutually authenticated distributed X.500 directory systems otherwise 509 based systems just wont scale and provide the commercial utilitity as demanded by global EC directed organisations. Not having this foundation - one just drops into all sorts of operational cost, scaling and efficiency holes. The draft I put out attempts to put the onus on a CA to gets its directory act in order with a common information architecture (DIB) and not just a set of agreed object classes with multitudes of extensions and options - and that the CAs and their supporting directories provide a "sensible" set of validation services, starting at a very base level - for simple to implement client applications. One aspect of the cross cert issue is for the CA/directory system to know what the originating and verifying domain is so that it can select the necessary path information sets. there is some of this detail in my draft. To me its all in the information management design of a CA and its processing utilities and how that is effectively applied into a mutually authenticated (cert matching ruled) distributed directory system... Hence my previous comments about single server LDAP servers - they just cannot do the job. regards alan > -----Original Message----- > From: Frank O'Dwyer [SMTP:fod@brd.ie] > Sent: Friday, 4 September 1998 12:36 > To: Dave Horvath > Cc: ietf-pkix@imc.org > Subject: path development complexity (was Re: What the straw poll > means) > > Dave Horvath wrote: > > We are back the problem we raised earlier. Clients that > attempt to > > efficiently develop a path from the end entity to the trusted root > must > > explore 'n' paths (worst case scenario) prior to finding the > correct > > one with option 2. > > This is not on the topic of the straw poll, but I was wondering if > anyone has really looked into how difficult path development can get > in > a full-blown and well-connected global PKI? It seems to me that the > real > worst case scenario has you following cross-certificates until you > have > downloaded all the cross-certificates in the world. It would not have > to > get that bad before it was a serious problem. > > A few things would help prune the search (like the depth you are > willing > to search to, constraints within the certificates themselves), but > still > in general it has the potential to get truly nasty. Unless I have > missed > something, there are no positive hints in the certificates that would > guide path development (perhaps there should be? There is a > resemblance > to the "travelling salesman" problem here, and it would certainly be > ironic if building a path turned out to be as hard as factoring.:) > > Anyone looked at this? If it is a problem, then it might be reasonable > to give recommendations on using constraints (or something else) in > order to encourage the creation of cross-certificates that are > "path-development friendly", and in order to discourage scenarios that > lead to directory search explosions. > > Apologies if I am re-hashing something that has already been discussed > here. > > Cheers, > Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id UAA12101 for ietf-pkix-bks; Thu, 3 Sep 1998 20:30:18 -0700 (PDT) Received: from mail1.toronto.istar.net (mail1.toronto.istar.net [209.89.75.17]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id UAA12097 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 20:30:11 -0700 (PDT) Received: from ts55-02.tor.istar.ca ([204.191.148.33] helo=2keys.ca) by mail1.toronto.istar.net with esmtp (Exim 2.02 #1) id 0zEmeE-0007PK-00 for ietf-pkix@imc.org; Thu, 3 Sep 1998 23:34:54 -0400 Message-ID: <35EF5EF5.5806405F@2keys.ca> Date: Thu, 03 Sep 1998 23:31:01 -0400 From: Tony Bates <tbates@2keys.ca> X-Mailer: Mozilla 4.05 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA11572 for ietf-pkix-bks; Thu, 3 Sep 1998 19:33:51 -0700 (PDT) Received: from post.mail.demon.net (post-12.mail.demon.net [194.217.242.41]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA11568 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 19:33:50 -0700 (PDT) Received: from [158.152.104.114] (helo=brd.ie) by post.mail.demon.net with esmtp (Exim 2.02 #1) id 0zEllm-00049c-00; Fri, 4 Sep 1998 02:38:39 +0000 Message-ID: <35EF51F2.C02A4011@brd.ie> Date: Fri, 04 Sep 1998 03:35:30 +0100 From: "Frank O'Dwyer" <fod@brd.ie> X-Mailer: Mozilla 4.06 [en] (Win95; I) MIME-Version: 1.0 To: Dave Horvath <dave@chromatix.com> CC: ietf-pkix@imc.org Subject: path development complexity (was Re: What the straw poll means) References: <3.0.3.32.19980903110239.018aa560@mail.cost.se> <35EE913F.4F724E31@chromatix.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Dave Horvath wrote: > We are back the problem we raised earlier. Clients that attempt to > efficiently develop a path from the end entity to the trusted root must > explore 'n' paths (worst case scenario) prior to finding the correct > one with option 2. This is not on the topic of the straw poll, but I was wondering if anyone has really looked into how difficult path development can get in a full-blown and well-connected global PKI? It seems to me that the real worst case scenario has you following cross-certificates until you have downloaded all the cross-certificates in the world. It would not have to get that bad before it was a serious problem. A few things would help prune the search (like the depth you are willing to search to, constraints within the certificates themselves), but still in general it has the potential to get truly nasty. Unless I have missed something, there are no positive hints in the certificates that would guide path development (perhaps there should be? There is a resemblance to the "travelling salesman" problem here, and it would certainly be ironic if building a path turned out to be as hard as factoring.:) Anyone looked at this? If it is a problem, then it might be reasonable to give recommendations on using constraints (or something else) in order to encourage the creation of cross-certificates that are "path-development friendly", and in order to discourage scenarios that lead to directory search explosions. Apologies if I am re-hashing something that has already been discussed here. Cheers, Frank O'Dwyer. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA11432 for ietf-pkix-bks; Thu, 3 Sep 1998 19:01:53 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA11427 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 19:01:45 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <R8ZDT787>; Fri, 4 Sep 1998 12:02:05 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC05D484@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Where to store CA certificates Date: Fri, 4 Sep 1998 12:02:04 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Agree with this - but in particular - if the directory system does not correctly support distributed operations (as per X.500 DSP) and does not implement certificate based matching rules and the client software does not provide under what guise or domain they are validating from, then it (cert path processing and validation) is inefficient, may be fragile and will be difficult to manage and therefore operationllay risky. With no dir matching/filter rules and accessing a CAs entry could bring back CRLs, a bunch of CA cross certs and the client may be none the wiser. As per my other comments - dealing with 509 paths in a distributed way without efficient distributed directories and cert based features seems odd situation to discuss. Views on my draft re dir - cert stat could progress the issue re "complexity" and "efficiency" of validation actions. regards alan > -----Original Message----- > From: Santosh Chokhani [SMTP:chokhani@cygnacom.com] > Sent: Friday, 4 September 1998 10:11 > To: 'Ambarish Malpani'; 'ietf-pkix@imc.org' > Subject: RE: Where to store CA certificates > > Ambarish: > > We should explore your point further. But, I am assuming that > features > such as subject public key identifier and authority public key > identifier, name constraints (in conjunction with pathToName matching > rule), key usage are available for proper digital signature > certificate. > The question becomes of these which one will lead to the trust anchor > of > the relying party from the current CA (assuming you are developing a > path from subject to the relying party trust anchor). > > I am afraid that the CA may not help much except say which > certificates > issued to it are from its domain/family/partners/preferred or whatever > and which are from others. > > I also see all of us doing rapid fire on this one without considering > all the ramifications. I am probably the worst culprit. I will be > the > first one to admit that I am the worst offender. > > I do not claim to have the solutions, full knowledge or the final word > on the path development, but to use the PKI technology efficiently, > lot > may have to fall in place. I am not sure directory products and > client > products are stepping up to offering the potential need for > efficiency. > > Let me give you simple example in which option 2 may choke the network > and/or client if there are no matching rules implemented both in the > directory and the client. Let us assume that a CA has issued 30 > certificates to other CAs but has been issued very few certificates > itself. Under option 2, the CA must populate the reverse component of > the crossCertificatePair attribute 30 times, and these will be > returned > on a query, if both the client and the directory do not implement > matching rules. > > I have thought long and hard and find that option 1 gives us the best > hope for path development efficiency. > > > > -----Original Message----- > > From: Ambarish Malpani [SMTP:ambarish@valicert.com] > > Sent: Thursday, September 03, 1998 12:54 PM > > To: 'ietf-pkix@imc.org' > > Subject: Where to store CA certificates > > > > Hi Guys, > > Given the huge amount of passion that the topic of where one > > stores CA certificates has generated, it seems to me that path > > building is both a complicated and important thing ;-) > > > > If the premise above is true, wouldn't one want to prioritize > > path building more precisely than just lumping CA certs into > > one of two categories (intra-domain/inter-domain)? > > > > Would it make sense to have another attribute attached to > > CA certificates - something like a "priority" field, with say > > an integer value, where, during path building you first try to > > build paths with the CA cert with the highest priority? > > > > Or is this a BAD idea, because it doesn't work with any of > > the current implementations? > > > > Comments? Sharon, Santosh? > > > > Regards, > > Ambarish > > > > -- > > > --------------------------------------------------------------------- > > Ambarish Malpani > > Architect 650.567.5457 > > ValiCert, Inc. > > ambarish@valicert.com > > 1215 Terra Bella Ave. > http://www.valicert.com > > Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id SAA10891 for ietf-pkix-bks; Thu, 3 Sep 1998 18:29:34 -0700 (PDT) Received: from dsg1.OpenDirectory.com.au ([203.108.249.145]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id SAA10887 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 18:29:29 -0700 (PDT) Received: by DSG1 with Internet Mail Service (5.0.1458.49) id <R8ZDT78T>; Fri, 4 Sep 1998 11:29:45 +1000 Message-ID: <D1A949D4508DD1119C8100400533BEDC05D483@DSG1> From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au> To: "'Ambarish Malpani'" <ambarish@valicert.com>, Carlisle Adams <carlisle.adams@entrust.com> Cc: ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Fri, 4 Sep 1998 11:29:45 +1000 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk comments in line > -----Original Message----- > From: Ambarish Malpani [SMTP:ambarish@valicert.com] > Sent: Friday, 4 September 1998 6:41 > To: Carlisle Adams > Cc: ietf-pkix@imc.org > Subject: Re: Let's try to understand the real issue (was... RE: > What the straw poll means) > > Hi Carlisle, > Is the expectation that everybody is directly accessing their > CA's LDAP directory? I always thought that each orginazation would > actually maintain its own LDAP directory and, therefore, be able > to specify which CAs are preferred over others. > > Are we really expecting people to share their directories with > everyone in the world? [Alan Lloyd] I think so - May be not quite share everything with everyone but I think there will be vertical market sector directory systems such as Defence, Finance, Transport, Health, Police, Postal, Telecomms, etc and that little old me with my directory entry will have certificates in - issued by them, so I can deal with these areas. And I will interconnect my directory system so I can use the services and privileges offered by these sectors. Just like my wallet contents allow me today with a range of plastic card services. The main distraction today is that LDAP servers are pointless devices (no distribution) for wide scale EC or cert path processing. And it seems that most systems being developed for CAs seem to grab an LDAP server (not an LDAP accessed X.500 server) and from that point on simply limit their scope of what a business does. In most cases all the business can do is do business with its self and its own CA. Its only when one realises that one has to connect ones Org directory system to other Orgs and multiple CAs that one hits the distribution issue - and throws the LDAP server in the bin. As for domains - I just see that as "the sphere of influence" or if qualified like Management Domain or Directory Management Domain (see X.501) it relates to the management influence and implied ownership of a directory or directory system. No Protocol or technical boundary is enforced unless for example with directories by Name containment - its usually an operational or business issue ie. with certs its how the certs are applied with a management and business related policy. My usual thoughts regards alan > Ambarish > > > Carlisle Adams wrote: > > > > Hi all, > > > > I propose that we try (once again) to understand what the real issue > is > > here. > > > > > ---------- > > > From: Ryan Moats[SMTP:jayhawk@att.com] > > > Sent: Thursday, September 03, 1998 12:14 PM > > > To: John_Wray@iris.com > > > Cc: ietf-pkix@imc.org > > > Subject: Retrieval efficiency herring? (was... RE: What the > straw > > > poll means) > > > > > > As somebody coming to the party late from the LDAP world, I don't > see > > > why > > > the certificates need to be retrieved from two places. An LDAP > lookup > > > of an > > > object with a fairly simple filter (objectclass="*") will return > all > > > of the > > > attributes associated with that object. Therefore a single lookup > > > will return > > > both attributes, so I don't understand how retrieval efficiency is > > > gained. > > > > > O.K., so we see that a single LDAP lookup can retrieve all > certificates > > (which, after careful enumeration, was found to be "n") in either > option > > 1 or option 2. > > > > The claimed advantage of option 1 is that this retrieval gets me > > certificates that are sorted into "intra-domain" and "inter-domain", > > which can help in efficient path construction. Let's think about > this > > for a moment. The CA doing this sorting is, by definition, NOT > DIRECTLY > > TRUSTED BY ME (because if it was directly trusted by me, I would > > already have a trusted copy of its public key and would not need > > certificates in which it was the subject). If it is not directly > > trusted by me, then why would I necessarily trust it to do this > sorting > > in a way that is beneficial to my path construction needs? How does > it > > know what *my* definition of "domain" is? How does it know whether > most > > of my certificate validations will be "intra" its definition of > domain > > or "inter" its definition of domain? > > > > If this CA's definition of domain and my definition of domain do not > > coincide exactly (and why should they, since in general this CA and > I > > have no pre-established relationship?), then this sorting performed > by > > the CA is not merely useless to me, it is actually an explicit > > disadvantage (because the proponents of option 1 are recommending > that > > all the intra-domain certificates be examined *before* the > inter-domain > > certificates are examined, leading to worst-case path-construction > times > > for what may turn out to be a common scenario). > > > > Relying parties know what certificates they will be validating most > > often, depending upon what particular activity they are engaged in > at > > the moment. THAT defines the relying parties' "intra" and "inter" > > domains. CAs in the middle of a cert. path cannot possibly know > this, > > in general, so having THEM define a domain and sort certificates > > according to that definition is really meaningless. > > > > Note that there will be special circumstances in which one > definition of > > domain will be understood throughout a given environment (e.g., the > > strict hierarchy of CAs has been cited in previous posts on this > topic). > > In such cases there is a clear efficiency advantage to be gained in > path > > construction. This is why option 2 is the perfect compromise: for > such > > environments relying parties need only retrieve the n1 < n > certificates > > that they *know* will be useful to them. Option 2 therefore meets > the > > needs of the general case as well as the special case, while > > simultaneously guaranteeing interoperability of two installed bases > > which would otherwise have no hope of interoperating today. > > > > The price of this panacea? A few redundant certificates in the > > Directory. Is it really worth sacrificing the general- (and perhaps > > common-) case scenario, as well as interoperability, in order to > save a > > few certificates and satisfy a particular special-case? I haven't > yet > > heard any convincing arguments... > > > > Carlisle. > > -- > --------------------------------------------------------------------- > Ambarish Malpani > Architect 650.567.5457 > ValiCert, Inc. > ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA10579 for ietf-pkix-bks; Thu, 3 Sep 1998 17:29:36 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA10575 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:29:35 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZW17>; Thu, 3 Sep 1998 20:33:56 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D22B@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, "'John_Wray@iris.com'" <John_Wray@iris.com>, Santosh Chokhani <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 20:33:53 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Thursday, September 03, 1998 8:19 PM > To: 'John_Wray@iris.com'; 'Santosh Chokhani' > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 3, 1998 7:50 PM > > To: 'John_Wray@iris.com'; Santosh Chokhani > > Cc: ietf-pkix@imc.org > > Subject: RE: What the straw poll means > > > > John: > > > > As Dave Horvath has replied, retrieval efficiency is the same. > > > > Option 2 also retrieves all multiple certificates and hence > introduces > > communication delays and unnecessary bandwidth usage > This is dependent on the query. > > For relying parties that have the same understanding of 'domain' as > the > CA, they could either > a) send an LDAP search request which retrieves ONLY the values of the > cACertificate attribute and then after exhausting them, send another > request that would retrieve the crossCertificatePair attribute values > or > [] In a), another bind and access to directory may cause delays > b) send a single LDAP search request that would retrieve both > attributes. In b) yes they woud retrieve the multiples. > In a) they would retrieve multiples only if they were unsuccessful > with > the 'domain' certs. In b) they would receive multiples. > > Relying parties that ignore the 'domain' specifics would send a single > LDAP search request that would retrieve only the crossCertificatePair > attribute and would never receive multiples. > > . > > > > Using option 2, if a client only retrieves crossCertificatePair > > attribute only, it loses potential for efficiency. > > > > Your last paragraph is precisely my point. Dividing the > certificates > > in > > two buckets has potential for help and never hurts. > > > > By the way, a class of application may choose to prefer exploring > > inter-domain certificates first, if so deemed. > > > > > -----Original Message----- > > > From: John_Wray@iris.com [SMTP:John_Wray@iris.com] > > > Sent: Thursday, September 03, 1998 8:51 AM > > > To: Santosh Chokhani > > > Cc: ietf-pkix@imc.org > > > Subject: RE: What the straw poll means > > > > > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > > > > > >The basic difference between the two approaches is the under > option > > 1 > > > >you store a certificate only one time under a CA's entry. Which > > > >certifying CA is in its domain is upto a subject CA to decide. > > > > > > > >In all honesty, I do not see a benefit to option 2 except for the > > > >argument that some installed base already does it this way. > > > > > > The difference between the two options is primarily storage > > efficiency > > > vs. > > > retrieval efficiency. Both options divide a CAs certs into two > > piles. > > > Option 1 has pile A containing only intra-domain certs, and pile B > > > containing only inter-domain certs; option 2 has pile A containing > > > only > > > intra-domain certs and pite B containing all certs. Which option > is > > > superior depends on two things: > > > > > > whether you care more about storage efficiency in the directory > > > (option > > > 2 stores intra-domain certificates twice) or retrieval > efficiency > > > for > > > the verifier (option 1 require a verifier that wants all a > target > > > CA's > > > certificates to retrieve them from two places). > > > typical usage scenarios by verifiers - i.e. the percentage of > > > clients > > > that are going to want to locate just inter-domain certs, > > compared > > > to > > > clients that either don't care about the difference or are only > > > interested in intra-domain certs. Retrieval of _just_ > > inter-domain > > > certs is easier under option 1, retrieval of _all_ certs is > > easier > > > under > > > option 2, and retrieval of _just_ intra-domain certs is the > same > > > under > > > both options. > > > > > > > > > Consider a fairly randomly structured PKI, where the verifier has > a > > > set of > > > trusted roots loaded into it (assume they've been loaded under > user > > > control, with no particular order to them), and is trying to > verify > > > the key > > > of some server that it hasn't spoken to before. It has no idea of > > > which > > > "domain" the target's CA thinks it belongs to; it just wants to > pull > > > all > > > the certs that have that CA as a subject, and see if it can > > construct > > > a > > > valid chain starting at one of its trusted roots. > > > > > > Having the target CA divide its certificates between two places > > within > > > the > > > directory is no help to this verifier. All it does it force the > > > verifier > > > to make two retrieval operations instead of the one that would be > > > required > > > by option 2. The verifier isn't really interested in whether a > > > particular > > > certificate comes from another CA from the same "domain" as the > > > target's CA > > > - if it cares about "domains" at all, what it would be interested > in > > > is if > > > any certs come from the same domain as the verifier (or one of its > > > trusted > > > roots), not the target (and of course that's verifier-specific). > > > > > > For the special (and probably quite common) case where the > verifier > > > and > > > target happen to be in the same domain, the distinction probably > is > > > useful. > > > Option 2 supports this case just as well as does option 1, by > > allowing > > > the > > > CA to place intra-domain certs in a separate place so that clients > > in > > > that > > > domain can retrieve them first (or possibly even _instead_of_ > going > > to > > > the > > > all-certs list). > > > > > > John > > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA10535 for ietf-pkix-bks; Thu, 3 Sep 1998 17:19:11 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA10529 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:19:09 -0700 (PDT) Received: by gateway.r3.ch id <6801>; Fri, 4 Sep 1998 02:25:16 +0100 Message-Id: <98Sep4.022516gmt+0100.6801@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'John_Wray@iris.com'" <John_Wray@iris.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 01:19:16 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 3, 1998 7:50 PM > To: 'John_Wray@iris.com'; Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > John: > > As Dave Horvath has replied, retrieval efficiency is the same. > > Option 2 also retrieves all multiple certificates and hence introduces > communication delays and unnecessary bandwidth usage This is dependent on the query. For relying parties that have the same understanding of 'domain' as the CA, they could either a) send an LDAP search request which retrieves ONLY the values of the cACertificate attribute and then after exhausting them, send another request that would retrieve the crossCertificatePair attribute values or b) send a single LDAP search request that would retrieve both attributes. In b) yes they woud retrieve the multiples. In a) they would retrieve multiples only if they were unsuccessful with the 'domain' certs. In b) they would receive multiples. Relying parties that ignore the 'domain' specifics would send a single LDAP search request that would retrieve only the crossCertificatePair attribute and would never receive multiples. > . > > Using option 2, if a client only retrieves crossCertificatePair > attribute only, it loses potential for efficiency. > > Your last paragraph is precisely my point. Dividing the certificates > in > two buckets has potential for help and never hurts. > > By the way, a class of application may choose to prefer exploring > inter-domain certificates first, if so deemed. > > > -----Original Message----- > > From: John_Wray@iris.com [SMTP:John_Wray@iris.com] > > Sent: Thursday, September 03, 1998 8:51 AM > > To: Santosh Chokhani > > Cc: ietf-pkix@imc.org > > Subject: RE: What the straw poll means > > > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > > > >The basic difference between the two approaches is the under option > 1 > > >you store a certificate only one time under a CA's entry. Which > > >certifying CA is in its domain is upto a subject CA to decide. > > > > > >In all honesty, I do not see a benefit to option 2 except for the > > >argument that some installed base already does it this way. > > > > The difference between the two options is primarily storage > efficiency > > vs. > > retrieval efficiency. Both options divide a CAs certs into two > piles. > > Option 1 has pile A containing only intra-domain certs, and pile B > > containing only inter-domain certs; option 2 has pile A containing > > only > > intra-domain certs and pite B containing all certs. Which option is > > superior depends on two things: > > > > whether you care more about storage efficiency in the directory > > (option > > 2 stores intra-domain certificates twice) or retrieval efficiency > > for > > the verifier (option 1 require a verifier that wants all a target > > CA's > > certificates to retrieve them from two places). > > typical usage scenarios by verifiers - i.e. the percentage of > > clients > > that are going to want to locate just inter-domain certs, > compared > > to > > clients that either don't care about the difference or are only > > interested in intra-domain certs. Retrieval of _just_ > inter-domain > > certs is easier under option 1, retrieval of _all_ certs is > easier > > under > > option 2, and retrieval of _just_ intra-domain certs is the same > > under > > both options. > > > > > > Consider a fairly randomly structured PKI, where the verifier has a > > set of > > trusted roots loaded into it (assume they've been loaded under user > > control, with no particular order to them), and is trying to verify > > the key > > of some server that it hasn't spoken to before. It has no idea of > > which > > "domain" the target's CA thinks it belongs to; it just wants to pull > > all > > the certs that have that CA as a subject, and see if it can > construct > > a > > valid chain starting at one of its trusted roots. > > > > Having the target CA divide its certificates between two places > within > > the > > directory is no help to this verifier. All it does it force the > > verifier > > to make two retrieval operations instead of the one that would be > > required > > by option 2. The verifier isn't really interested in whether a > > particular > > certificate comes from another CA from the same "domain" as the > > target's CA > > - if it cares about "domains" at all, what it would be interested in > > is if > > any certs come from the same domain as the verifier (or one of its > > trusted > > roots), not the target (and of course that's verifier-specific). > > > > For the special (and probably quite common) case where the verifier > > and > > target happen to be in the same domain, the distinction probably is > > useful. > > Option 2 supports this case just as well as does option 1, by > allowing > > the > > CA to place intra-domain certs in a separate place so that clients > in > > that > > domain can retrieve them first (or possibly even _instead_of_ going > to > > the > > all-certs list). > > > > John > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA10465 for ietf-pkix-bks; Thu, 3 Sep 1998 17:06:35 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA10461 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:06:34 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZWAW>; Thu, 3 Sep 1998 20:10:55 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D229@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Ambarish Malpani'" <ambarish@valicert.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Where to store CA certificates Date: Thu, 3 Sep 1998 20:10:53 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Ambarish: We should explore your point further. But, I am assuming that features such as subject public key identifier and authority public key identifier, name constraints (in conjunction with pathToName matching rule), key usage are available for proper digital signature certificate. The question becomes of these which one will lead to the trust anchor of the relying party from the current CA (assuming you are developing a path from subject to the relying party trust anchor). I am afraid that the CA may not help much except say which certificates issued to it are from its domain/family/partners/preferred or whatever and which are from others. I also see all of us doing rapid fire on this one without considering all the ramifications. I am probably the worst culprit. I will be the first one to admit that I am the worst offender. I do not claim to have the solutions, full knowledge or the final word on the path development, but to use the PKI technology efficiently, lot may have to fall in place. I am not sure directory products and client products are stepping up to offering the potential need for efficiency. Let me give you simple example in which option 2 may choke the network and/or client if there are no matching rules implemented both in the directory and the client. Let us assume that a CA has issued 30 certificates to other CAs but has been issued very few certificates itself. Under option 2, the CA must populate the reverse component of the crossCertificatePair attribute 30 times, and these will be returned on a query, if both the client and the directory do not implement matching rules. I have thought long and hard and find that option 1 gives us the best hope for path development efficiency. > -----Original Message----- > From: Ambarish Malpani [SMTP:ambarish@valicert.com] > Sent: Thursday, September 03, 1998 12:54 PM > To: 'ietf-pkix@imc.org' > Subject: Where to store CA certificates > > Hi Guys, > Given the huge amount of passion that the topic of where one > stores CA certificates has generated, it seems to me that path > building is both a complicated and important thing ;-) > > If the premise above is true, wouldn't one want to prioritize > path building more precisely than just lumping CA certs into > one of two categories (intra-domain/inter-domain)? > > Would it make sense to have another attribute attached to > CA certificates - something like a "priority" field, with say > an integer value, where, during path building you first try to > build paths with the CA cert with the highest priority? > > Or is this a BAD idea, because it doesn't work with any of > the current implementations? > > Comments? Sharon, Santosh? > > Regards, > Ambarish > > -- > --------------------------------------------------------------------- > Ambarish Malpani > Architect 650.567.5457 > ValiCert, Inc. > ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10394 for ietf-pkix-bks; Thu, 3 Sep 1998 16:59:54 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10390 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:59:52 -0700 (PDT) Received: by gateway.r3.ch id <6804>; Fri, 4 Sep 1998 02:05:54 +0100 Message-Id: <98Sep4.020554gmt+0100.6804@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: chokhani@cygnacom.com, John_Wray@iris.com, "'John Everson'" <John.Everson@mail.sprint.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 00:59:48 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: John Everson[SMTP:John.Everson@mail.sprint.com] > Sent: September 3, 1998 10:52 AM > To: chokhani@cygnacom.com; John_Wray@iris.com > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > > Does this mean there will be a new option (3): > > container/pile of intra-domain certs > container/pile of inter-domain certs > container/pile of all certs > > Or do we throw everything into one container and offer a different > mechanism for distinction? > > The 'one container' option is the solution as per the current text in the internet draft. > -----Original Message----- > From: John.Wray [mailto:John_Wray@iris.com] > Sent: Thursday, September 03, 1998 7:51 AM > To: chokhani > Cc: John.Wray; ietf-pkix > Subject: RE: What the straw poll means > > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency > > vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing > only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory > (option > 2 stores intra-domain certificates twice) or retrieval efficiency > for > the verifier (option 1 require a verifier that wants all a target > CA's > certificates to retrieve them from two places). > typical usage scenarios by verifiers - i.e. the percentage of > clients > that are going to want to locate just inter-domain certs, compared > to > clients that either don't care about the difference or are only > interested in intra-domain certs. Retrieval of _just_ inter-domain > certs is easier under option 1, retrieval of _all_ certs is easier > under > option 2, and retrieval of _just_ intra-domain certs is the same > under > both options. > > > Consider a fairly randomly structured PKI, where the verifier has a > set > of > trusted roots loaded into it (assume they've been loaded under user > control, with no particular order to them), and is trying to verify > the > key > of some server that it hasn't spoken to before. It has no idea of > which > "domain" the target's CA thinks it belongs to; it just wants to pull > all > the certs that have that CA as a subject, and see if it can construct > a > valid chain starting at one of its trusted roots. > > Having the target CA divide its certificates between two places within > > the > directory is no help to this verifier. All it does it force the > verifier > to make two retrieval operations instead of the one that would be > required > by option 2. The verifier isn't really interested in whether a > particular > certificate comes from another CA from the same "domain" as the > target's CA > - if it cares about "domains" at all, what it would be interested in > is > if > any certs come from the same domain as the verifier (or one of its > trusted > roots), not the target (and of course that's verifier-specific). > > For the special (and probably quite common) case where the verifier > and > target happen to be in the same domain, the distinction probably is > useful. > Option 2 supports this case just as well as does option 1, by allowing > > the > CA to place intra-domain certs in a separate place so that clients in > that > domain can retrieve them first (or possibly even _instead_of_ going to > > the > all-certs list). > > John > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10378 for ietf-pkix-bks; Thu, 3 Sep 1998 16:59:19 -0700 (PDT) Received: from portalcp.chevron.com (firewall-user@portalcp.chevron.com [207.24.17.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10374 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:59:18 -0700 (PDT) Received: (from uucp@localhost) by portalcp.chevron.com (8.9.1a/8.9.1) id RAA23158 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:03:51 -0700 (PDT) Received: from orbitcity.sr.chevron.com(146.27.94.253) by portalcp.chevron.com via smap (4.1) id xma023027; Thu, 3 Sep 98 17:03:40 -0700 Received: from chvpk-msxb1.sr.chevron.com (chvpk-msxb1.sr.chevron.com [146.27.94.102]) by orbitcity.chevron.com (8.9.1a/8.9.1) with ESMTP id RAA21084 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:03:35 -0700 (PDT) Received: by chvpk-msxb1.sr.chevron.com with Internet Mail Service (5.5.1960.3) id <SG6CMP1Q>; Thu, 3 Sep 1998 17:03:35 -0700 Message-ID: <F937986CEE1CD211A66100805FFE9870645B@VA1050-MSX1.vn1050.chevron.com> From: "Eaton, James (EATO)" <EATO@chevron.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Thu, 3 Sep 1998 17:01:52 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mail.proper.com id QAA10375 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10349 for ietf-pkix-bks; Thu, 3 Sep 1998 16:53:54 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10345 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:53:51 -0700 (PDT) Received: by gateway.r3.ch id <6806>; Fri, 4 Sep 1998 01:59:55 +0100 Message-Id: <98Sep4.015955gmt+0100.6806@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Bill Burr'" <william.burr@nist.gov>, Dave Horvath <David.Horvath@chromatix.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 00:53:58 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 3, 1998 7:41 PM > To: 'Bill Burr'; Dave Horvath > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > Bill, > > But under option 1 also all certificates are there since LAP gives you > all the attributes. > > All option 1 does is reduce the communication load, Disagree - this is dependent on the query placed by the client system > processing load, Disagree - this is dependent on the certificate and path discovery algorithm and mechanism used by the client system > storage load Agree - in those cases where the local definition of "domain" results in duplication > and provide you a potential for efficiency. Possibly in a closed specific environment to tthe detriment of other clients > With very, > very little software complexity Implementation specific > , you have a potential for gaining a lot > on the computational complexity. Algorithm and process specific > > -----Original Message----- > > From: Bill Burr [SMTP:william.burr@nist.gov] > > Sent: Thursday, September 03, 1998 12:48 PM > > To: Dave Horvath > > Cc: ietf-pkix@imc.org > > Subject: Re: What the straw poll means > > > > But what is a root here? Does it imply that a domain is PKI > > hierarchy? I > > can think of 3 plausible constructions of root, all of which I > believe > > I've > > seen used: > > > > (1) any CA whose key you choose to trust and therefore can start a > > certification path, but which may not imply any other organization > or > > structure; > > > > (2) a CA whose key everybody in the domain (what's a domain?) trusts > > and > > which sits on top of a hierarchical unidirectional certification > tree > > (as > > in MISSI or PEM); > > > > (3) a CA that exists to cross-certify with other CAs, but issues few > > or no > > end entity certificates, and starts few or no certification paths; > it > > simply exists to connect other CAs. Examples would be the ANX > > "supervisory > > CA," the Gov. of Canada "Level 0" CA operated by the Canadian > Central > > Facility, or the proposed Federal PKI "Bridge CA." Such a CA is > often > > depicted at the hub of a mesh, or the top of a hierarchy, and > operated > > in > > conjunction with the overall domain policy management authority. > > > > > > I suppose a "trusted root" can be either 1 or 2 above. > > > > But "root" to me doesn't necessarily say much about path > development, > > or > > PKI certification path structure. > > > > How about domain? What does it mean? I claim that the term makes > most > > sense to mean a part of a PKI that operates under the direction of a > > policy > > management entity. Which wouldn't necessarily mean that domain > > boundaries > > coincide with distinctions that are meaningful for certification > path > > building. > > > > Option 1 is probably useful if you think that a domain is > everything > > subordinate to the same root CA, where a root is any CA that > somebody > > uses > > to start a trust path. So in a cross-certified mesh PKI, every CA > is > > a > > domain onto itself, and all CA certificates wind up only, I think, > in > > the > > crossCertificatePair attribute. But in a hierarchical PKI most > > certificates wind up in the cACertificate Attribute. > > > > I have the feeling that Bob is right at least for option 1, unless > we > > know > > what a domain is we hardly know what we are getting. With option 2, > I > > suppose we are guaranteed that all certificates wind up in > > crossCertificatePair, whatever domain means. > > > > At 11:14 AM 9/3/98 -0400, you wrote: > > >Bob, > > > > > > I feel that the definition of domain is a local policy and that > > CAs > > >should be free to define it as they wish. Clients that > search/read > > CAs > > >entries and obtain the values from both the cACertificate and > > >crossCertificatePair attributes can explore the values in the > > cACertficate > > >attribute first. If a path to the trusted root is found, > processing > > stops. > > >If not, they can explore the crossCertificatePair attribute. Using > > this > > >algorithm CAs can define their domain and post each of their CA > > certificates > > >to one attribute or the other. The only adverse affect will be > > efficiency > > >in path development on the client side if the CA does not > carefully > > select > > >intra or inter domain. WIth option 1, the certificates are not > > duplicated. > > >With option 2, they are. > > > > > >But if we have an installed base that only looks in the > > crossCertificatePair > > >attribute, then we have a problem. In that case option 2 will help > > at the > > >expense of duplicating the data. I suggest we avoid duplication > if > > >possible, but we certainly must evaluate the installed base. > > > > > >Dave Horvath > > > > > > > > > > > > > > >-----Original Message----- > > >From: Bob Jueneman <BJUENEMAN@novell.com> > > >To: chokhani@cygnacom.com <chokhani@cygnacom.com>; > ietf-pkix@imc.org > > ><ietf-pkix@imc.org> > > >Date: Wednesday, September 02, 1998 10:21 PM > > >Subject: RE: What the straw poll means > > > > > > > > >>Santosh doesn't seem to have answered the questions I've raised > > >>regarding the definition of the domain, but he seems to believe > that > > >>option 2 doesn't solve that problem either. > > >> > > >>If so, I am increasingly beginning to lean towards "NONE OF THE > > >>ABOVE". > > >> > > >>Rebuttal, Sharon/Carlisle? > > >> > > >>Bob > > >> > > >>>Yes Bob. I hate to say this, but you have misinterpreted. > > >>> > > >>>The basic difference between the two approaches is the under > option > > 1 > > >>>you store a certificate only one time under a CA's entry. Which > > >>>certifying CA is in its domain is upto a subject CA to decide. > > >>> > > >>>In all honesty, I do not see a benefit to option 2 except for the > > >>>argument that some installed base already does it this way. > > >>> > > >>>Option 1 achieves everything option 2 and with efficiency. > > >>> > > >>>I do not understand how option 2 solves your problems either. We > > need > > >>>to have a discussion on computational complexity of path > > development to > > >>>allay your concerns. > > >>> > > >>>The way I look at the difference between the two options is that > if > > >>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 > in > > one > > >>>bucket and n2 in another. Option 2 says put n in one bucket and > n1 > > in > > >>>another. When you retrieve the two buckets (which you must for > > path > > >>>development efficiency), option 2 gives you n+n1 certificates and > > option > > >>>1 gives you exactly all n. > > >>> > > >>>> -----Original Message----- > > >>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > > >>>> Sent: Wednesday, September 02, 1998 8:33 PM > > >>>> To: ietf-pkix@imc.org > > >>>> Cc: chokhani@cygnacom.com > > >>>> Subject: What the straw poll means > > >>>> > > >>>> This is almost as exciting as watching a horse race! > > >>>> > > >>>> But what are we to make of the situation if the vote is as > > >>>> close as it appears to be at present -- does that truly > indicate > > >>>> a "rough consensus"? > > >>>> > > >>>> As of earlier this morning, Chromatix was ahead, with > > >>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes > > >>>> cast; and MISSI some others are clustered around third place. > > >>>> > > >>>> So far, with the exception of a split between MISSI and NIST > > >>>> as two US Government factions, the voting seems to be > > >>>> strictly by company. > > >>>> > > >>>> Now, the polite fiction within the IETF is that memberships are > > by > > >>>> individual, and that there are no "votes" per se, and certainly > > not > > >>>> on a company by company basis. That's the fiction, at least.. > > >>>> Whether this convention shall long endure now that the IETF has > > >>>> apparently lost some or all of its government funding and has > > >>>> to become more self-sufficient will be interesting to see. > > >>>> > > >>>> But unless one side or the other starts to make some > significant > > >>>> in-roads by the dint of more persuasive technical argument, > then > > I > > >>>> think > > >>>> it's effectively a draw, and we may be counting companies and > > their > > >>>> installed base at least as much, and perhaps more, than > > >>>> balancing the technical alternatives. > > >>>> > > >>>> Now, if we are truly at a technical impasse and the vote has to > > be > > >>>> binary, i.e., only one way or the other, then maybe counting > > installed > > >>>> clients and minimizing the pain is really the way to go, but > > frankly > > >>>> that approach makes me uncomfortable. I want both > > interoperability > > >>>> AND efficiency, and I would hate to see us don't want to be > > >>>> pressured into a less than satisfactory decision, whatever that > > is, > > >>>> just because we are in a rush to get over the next hurdle in > the > > >>>> standards progression. > > >>>> > > >>>> I originally said that I was inclined to go with option 1, > > because > > >>>> it at least appeared to be simpler. However, I also said that > I > > was > > >>>> concerned about the "local" definition of a domain by a CA, > > >>>> and the more I think about it, the more concerned I get. > > >>>> > > >>>> That approach might be viable for an organization such as > MISSI, > > >>>> where everyone presumably knows what community of interest > > >>>> they fall into, but how would it apply to a public CA such as > > >>>> VeriSign? > > >>>> > > >>>> Would they view all of their certificates as falling into one > > domain, > > >>>> including any certificates issued by subordinate CAs, as in the > > case > > >>>> of the old RSA Commercial hierarchy? > > >>>> > > >>>> What about GTE CyberTrust, considering their presumed affinity > > >>>> with their ISP business. Would all of those certificates fall > > into > > >>>> one domain? > > >>>> > > >>>> Now suppose I want to validate a certificate from Erols. Do I > > decide > > >>>> that > > >>>> because Erols is in the top half of the alphabet that they > > probably > > >>>> use GTE, whereas Xerox would probably use VeriSign? Or do we > do > > an > > >>>> East Coast/West Coast split, like radio and TV stations use W > or > > K in > > >>>> their call sign? > > >>>> > > >>>> What if Novell and Microsoft were to become CAs and issue > > certificates > > >>>> > > >>>> to their customers directly, at least their larger accounts. > > Would > > >>>> the relying > > >>>> party have to try to divine whether a subscriber was running > > NetWare > > >>>> or > > >>>> NT in order to decide what domain they would be likely to be > in? > > >>>> > > >>>> Santosh, have I misrepresented the issue here? Feel free to > > correct > > >>>> me, if so. > > >>>> Maybe I just don't understand. > > >>>> > > >>>> Now, if the definition of "domain" were amended somewhat, > perhaps > > some > > >>>> of these difficulties might go away. > > >>>> > > >>>> In particular, it seems to me that "domain" probably ought to > > have a > > >>>> lot to do > > >>>> with name subordination, or at least the possibility of doing > > name > > >>>> subordination, > > >>>> so that it would be deterministic. That might not solve all of > > the > > >>>> concerns that those > > >>>> who are inclined to vote for option 2 might have in mind, but > it > > might > > >>>> help. > > >>>> > > >>>> So if I am a Novell employee, and I receive an S/MIME message > > that > > >>>> contains > > >>>> a certificate that begins with c=US, o=Novell, I can probably > > make an > > >>>> excellent > > >>>> good guess of what CA to go to, assuming that Novell operates a > > CA in > > >>>> its > > >>>> own name. But where do I go for a certificate from Acme > > >>>> Manufacturing? > > >>>> > > >>>> I don't mean to beat up on the option 1 folks exclusively -- > > maybe > > >>>> there are > > >>>> some things that could be done within the options 2 that would > > come > > >>>> closer to a > > >>>> compromise without breaking those existing clients. But I need > > to > > >>>> think about that > > >>>> some more. maybe someone else could volunteer some > suggestions. > > >>>> > > >>>> Bob > > >>>> > > >>>> Robert R. Jueneman > > >>>> Novell, Inc. > > >>>> 122 E. 1700 South > > >>>> Provo, UT 84606 > > >>>> bjueneman@novell.com > > >>>> 1-801-861-7387 > > >> > > >> > > > > > > > > Regards, > > > > Bill Burr > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10339 for ietf-pkix-bks; Thu, 3 Sep 1998 16:52:58 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10335 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:52:57 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV9J>; Thu, 3 Sep 1998 19:57:18 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D227@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Carlisle Adams'" <carlisle.adams@entrust.com>, ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Thu, 3 Sep 1998 19:57:16 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > -----Original Message----- > From: Carlisle Adams [SMTP:carlisle.adams@entrust.com] > Sent: Thursday, September 03, 1998 2:25 PM > To: ietf-pkix@imc.org > Subject: Let's try to understand the real issue (was... RE: What > the straw poll means) > > Hi all, > > I propose that we try (once again) to understand what the real issue > is > here. > > > ---------- > > From: Ryan Moats[SMTP:jayhawk@att.com] > > Sent: Thursday, September 03, 1998 12:14 PM > > To: John_Wray@iris.com > > Cc: ietf-pkix@imc.org > > Subject: Retrieval efficiency herring? (was... RE: What the straw > > poll means) > > > > As somebody coming to the party late from the LDAP world, I don't > see > > why > > the certificates need to be retrieved from two places. An LDAP > lookup > > of an > > object with a fairly simple filter (objectclass="*") will return all > > of the > > attributes associated with that object. Therefore a single lookup > > will return > > both attributes, so I don't understand how retrieval efficiency is > > gained. > > > O.K., so we see that a single LDAP lookup can retrieve all > certificates > (which, after careful enumeration, was found to be "n") in either > option > 1 or option 2. > [] If you only retrieve crossCertificatePair attribute under option 2, you view the certificates of a single type and you lose path development efficiency. > The claimed advantage of option 1 is that this retrieval gets me > certificates that are sorted into "intra-domain" and "inter-domain", > which can help in efficient path construction. Let's think about this > for a moment. The CA doing this sorting is, by definition, NOT > DIRECTLY > TRUSTED BY ME (because if it was directly trusted by me, I would > already have a trusted copy of its public key and would not need > certificates in which it was the subject). If it is not directly > trusted by me, then why would I necessarily trust it to do this > sorting > in a way that is beneficial to my path construction needs? How does > it > know what *my* definition of "domain" is? How does it know whether > most > of my certificate validations will be "intra" its definition of domain > or "inter" its definition of domain? > > If this CA's definition of domain and my definition of domain do not > coincide exactly (and why should they, since in general this CA and I > have no pre-established relationship?), then this sorting performed by > the CA is not merely useless to me, it is actually an explicit > disadvantage (because the proponents of option 1 are recommending that > all the intra-domain certificates be examined *before* the > inter-domain > certificates are examined, leading to worst-case path-construction > times > for what may turn out to be a common scenario). > [] In these situations, you are no worse off than throwing the certificates in one bucket. > Relying parties know what certificates they will be validating most > often, depending upon what particular activity they are engaged in at > the moment. THAT defines the relying parties' "intra" and "inter" > domains. CAs in the middle of a cert. path cannot possibly know this, > in general, so having THEM define a domain and sort certificates > according to that definition is really meaningless. > [] This can be easily achieved using certificate and/or certificate path caching. > Note that there will be special circumstances in which one definition > of > domain will be understood throughout a given environment (e.g., the > strict hierarchy of CAs has been cited in previous posts on this > topic). > In such cases there is a clear efficiency advantage to be gained in > path > construction. This is why option 2 is the perfect compromise: for > such > environments relying parties need only retrieve the n1 < n > certificates > that they *know* will be useful to them. Option 2 therefore meets the > needs of the general case as well as the special case, while > simultaneously guaranteeing interoperability of two installed bases > which would otherwise have no hope of interoperating today. > > The price of this panacea? A few redundant certificates in the > Directory. Is it really worth sacrificing the general- (and perhaps > common-) case scenario, as well as interoperability, in order to save > a > few certificates and satisfy a particular special-case? I haven't yet > heard any convincing arguments... > > Carlisle. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10316 for ietf-pkix-bks; Thu, 3 Sep 1998 16:48:45 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10312 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:48:43 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV8R>; Thu, 3 Sep 1998 19:53:03 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D226@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Nada Kapidzic Cicovic'" <nada@cost.se>, Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Cc: Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 19:53:00 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk > -----Original Message----- > From: Nada Kapidzic Cicovic [SMTP:nada@cost.se] > Sent: Thursday, September 03, 1998 5:03 AM > To: Santosh Chokhani; 'Bob Jueneman'; ietf-pkix@imc.org > Cc: Santosh Chokhani > Subject: RE: What the straw poll means > > At 20:48 9/2/98 -0400, Santosh Chokhani wrote: > >Yes Bob. I hate to say this, but you have misinterpreted. > > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > > >Option 1 achieves everything option 2 and with efficiency. > > > >I do not understand how option 2 solves your problems either. We > need > >to have a discussion on computational complexity of path development > to > >allay your concerns. > > > >The way I look at the difference between the two options is that if > >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > one > >bucket and n2 in another. Option 2 says put n in one bucket and n1 > in > >another. When you retrieve the two buckets (which you must for path > >development efficiency), option 2 gives you n+n1 certificates and > option > >1 gives you exactly all n. > > With option 2 you do not have to look at n1 certificates > (cACertificate > attribute) at all. The n ones (from crossCertificatePair) are > sufficient > for your path building. > [] In that case you have potential for inefficiency in path development. > Nada > > > > >> -----Original Message----- > >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >> Sent: Wednesday, September 02, 1998 8:33 PM > >> To: ietf-pkix@imc.org > >> Cc: chokhani@cygnacom.com > >> Subject: What the straw poll means > >> > >> This is almost as exciting as watching a horse race! > >> > >> But what are we to make of the situation if the vote is as > >> close as it appears to be at present -- does that truly indicate > >> a "rough consensus"? > >> > >> As of earlier this morning, Chromatix was ahead, with > >> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >> cast; and MISSI some others are clustered around third place. > >> > >> So far, with the exception of a split between MISSI and NIST > >> as two US Government factions, the voting seems to be > >> strictly by company. > >> > >> Now, the polite fiction within the IETF is that memberships are by > >> individual, and that there are no "votes" per se, and certainly not > > >> on a company by company basis. That's the fiction, at least.. > >> Whether this convention shall long endure now that the IETF has > >> apparently lost some or all of its government funding and has > >> to become more self-sufficient will be interesting to see. > >> > >> But unless one side or the other starts to make some significant > >> in-roads by the dint of more persuasive technical argument, then I > >> think > >> it's effectively a draw, and we may be counting companies and their > > >> installed base at least as much, and perhaps more, than > >> balancing the technical alternatives. > >> > >> Now, if we are truly at a technical impasse and the vote has to be > >> binary, i.e., only one way or the other, then maybe counting > installed > >> clients and minimizing the pain is really the way to go, but > frankly > >> that approach makes me uncomfortable. I want both interoperability > >> AND efficiency, and I would hate to see us don't want to be > >> pressured into a less than satisfactory decision, whatever that is, > >> just because we are in a rush to get over the next hurdle in the > >> standards progression. > >> > >> I originally said that I was inclined to go with option 1, because > >> it at least appeared to be simpler. However, I also said that I > was > >> concerned about the "local" definition of a domain by a CA, > >> and the more I think about it, the more concerned I get. > >> > >> That approach might be viable for an organization such as MISSI, > >> where everyone presumably knows what community of interest > >> they fall into, but how would it apply to a public CA such as > >> VeriSign? > >> > >> Would they view all of their certificates as falling into one > domain, > >> including any certificates issued by subordinate CAs, as in the > case > >> of the old RSA Commercial hierarchy? > >> > >> What about GTE CyberTrust, considering their presumed affinity > >> with their ISP business. Would all of those certificates fall into > >> one domain? > >> > >> Now suppose I want to validate a certificate from Erols. Do I > decide > >> that > >> because Erols is in the top half of the alphabet that they probably > > >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an > > >> East Coast/West Coast split, like radio and TV stations use W or K > in > >> their call sign? > >> > >> What if Novell and Microsoft were to become CAs and issue > certificates > >> > >> to their customers directly, at least their larger accounts. Would > >> the relying > >> party have to try to divine whether a subscriber was running > NetWare > >> or > >> NT in order to decide what domain they would be likely to be in? > >> > >> Santosh, have I misrepresented the issue here? Feel free to > correct > >> me, if so. > >> Maybe I just don't understand. > >> > >> Now, if the definition of "domain" were amended somewhat, perhaps > some > >> of these difficulties might go away. > >> > >> In particular, it seems to me that "domain" probably ought to have > a > >> lot to do > >> with name subordination, or at least the possibility of doing name > >> subordination, > >> so that it would be deterministic. That might not solve all of the > >> concerns that those > >> who are inclined to vote for option 2 might have in mind, but it > might > >> help. > >> > >> So if I am a Novell employee, and I receive an S/MIME message that > >> contains > >> a certificate that begins with c=US, o=Novell, I can probably make > an > >> excellent > >> good guess of what CA to go to, assuming that Novell operates a CA > in > >> its > >> own name. But where do I go for a certificate from Acme > >> Manufacturing? > >> > >> I don't mean to beat up on the option 1 folks exclusively -- maybe > >> there are > >> some things that could be done within the options 2 that would come > >> closer to a > >> compromise without breaking those existing clients. But I need to > >> think about that > >> some more. maybe someone else could volunteer some suggestions. > >> > >> Bob > >> > >> Robert R. Jueneman > >> Novell, Inc. > >> 122 E. 1700 South > >> Provo, UT 84606 > >> bjueneman@novell.com > >> 1-801-861-7387 > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10300 for ietf-pkix-bks; Thu, 3 Sep 1998 16:46:40 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10296 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:46:38 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV8D>; Thu, 3 Sep 1998 19:50:59 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D225@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'John_Wray@iris.com'" <John_Wray@iris.com>, Santosh Chokhani <chokhani@cygnacom.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 19:50:58 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk John: As Dave Horvath has replied, retrieval efficiency is the same. Option 2 also retrieves all multiple certificates and hence introduces communication delays and unnecessary bandwidth usage. Using option 2, if a client only retrieves crossCertificatePair attribute only, it loses potential for efficiency. Your last paragraph is precisely my point. Dividing the certificates in two buckets has potential for help and never hurts. By the way, a class of application may choose to prefer exploring inter-domain certificates first, if so deemed. > -----Original Message----- > From: John_Wray@iris.com [SMTP:John_Wray@iris.com] > Sent: Thursday, September 03, 1998 8:51 AM > To: Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: What the straw poll means > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency > vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing > only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory > (option > 2 stores intra-domain certificates twice) or retrieval efficiency > for > the verifier (option 1 require a verifier that wants all a target > CA's > certificates to retrieve them from two places). > typical usage scenarios by verifiers - i.e. the percentage of > clients > that are going to want to locate just inter-domain certs, compared > to > clients that either don't care about the difference or are only > interested in intra-domain certs. Retrieval of _just_ inter-domain > certs is easier under option 1, retrieval of _all_ certs is easier > under > option 2, and retrieval of _just_ intra-domain certs is the same > under > both options. > > > Consider a fairly randomly structured PKI, where the verifier has a > set of > trusted roots loaded into it (assume they've been loaded under user > control, with no particular order to them), and is trying to verify > the key > of some server that it hasn't spoken to before. It has no idea of > which > "domain" the target's CA thinks it belongs to; it just wants to pull > all > the certs that have that CA as a subject, and see if it can construct > a > valid chain starting at one of its trusted roots. > > Having the target CA divide its certificates between two places within > the > directory is no help to this verifier. All it does it force the > verifier > to make two retrieval operations instead of the one that would be > required > by option 2. The verifier isn't really interested in whether a > particular > certificate comes from another CA from the same "domain" as the > target's CA > - if it cares about "domains" at all, what it would be interested in > is if > any certs come from the same domain as the verifier (or one of its > trusted > roots), not the target (and of course that's verifier-specific). > > For the special (and probably quite common) case where the verifier > and > target happen to be in the same domain, the distinction probably is > useful. > Option 2 supports this case just as well as does option 1, by allowing > the > CA to place intra-domain certs in a separate place so that clients in > that > domain can retrieve them first (or possibly even _instead_of_ going to > the > all-certs list). > > John > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10264 for ietf-pkix-bks; Thu, 3 Sep 1998 16:41:27 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10259 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:41:25 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <117939>; Thu, 3 Sep 1998 09:57:08 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Thu, 3 Sep 1998 09:51:37 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id JAA13959; Thu, 3 Sep 1998 09:52:30 -0500 (CDT) From: John Everson <John.Everson@mail.sprint.com> X-OpenMail-Hops: 1 Date: Thu, 3 Sep 1998 09:52:26 -0500 Message-Id: <H0001a0e0314a456@MHS> Subject: RE: What the straw poll means TO: chokhani@cygnacom.com, John_Wray@iris.com CC: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="openmail-part-0ef743e1-00000001" Sender: owner-ietf-pkix@imc.org Precedence: bulk --openmail-part-0ef743e1-00000001 Content-Type: text/plain; charset=US-ASCII; name="BDY.TXT" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="BDY.TXT" Does this mean there will be a new option (3): container/pile of intra-domain certs container/pile of inter-domain certs container/pile of all certs Or do we throw everything into one container and offer a different mechanism for distinction? -----Original Message----- From: John.Wray [mailto:John_Wray@iris.com] Sent: Thursday, September 03, 1998 7:51 AM To: chokhani Cc: John.Wray; ietf-pkix Subject: RE: What the straw poll means Santosh Chokhani <chockani@cyqnacom.com> writes: >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. The difference between the two options is primarily storage efficiency vs. retrieval efficiency. Both options divide a CAs certs into two piles. Option 1 has pile A containing only intra-domain certs, and pile B containing only inter-domain certs; option 2 has pile A containing only intra-domain certs and pite B containing all certs. Which option is superior depends on two things: whether you care more about storage efficiency in the directory (option 2 stores intra-domain certificates twice) or retrieval efficiency for the verifier (option 1 require a verifier that wants all a target CA's certificates to retrieve them from two places). typical usage scenarios by verifiers - i.e. the percentage of clients that are going to want to locate just inter-domain certs, compared to clients that either don't care about the difference or are only interested in intra-domain certs. Retrieval of _just_ inter-domain certs is easier under option 1, retrieval of _all_ certs is easier under option 2, and retrieval of _just_ intra-domain certs is the same under both options. Consider a fairly randomly structured PKI, where the verifier has a set of trusted roots loaded into it (assume they've been loaded under user control, with no particular order to them), and is trying to verify the key of some server that it hasn't spoken to before. It has no idea of which "domain" the target's CA thinks it belongs to; it just wants to pull all the certs that have that CA as a subject, and see if it can construct a valid chain starting at one of its trusted roots. Having the target CA divide its certificates between two places within the directory is no help to this verifier. All it does it force the verifier to make two retrieval operations instead of the one that would be required by option 2. The verifier isn't really interested in whether a particular certificate comes from another CA from the same "domain" as the target's CA - if it cares about "domains" at all, what it would be interested in is if any certs come from the same domain as the verifier (or one of its trusted roots), not the target (and of course that's verifier-specific). For the special (and probably quite common) case where the verifier and target happen to be in the same domain, the distinction probably is useful. Option 2 supports this case just as well as does option 1, by allowing the CA to place intra-domain certs in a separate place so that clients in that domain can retrieve them first (or possibly even _instead_of_ going to the all-certs list). John --openmail-part-0ef743e1-00000001-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10263 for ietf-pkix-bks; Thu, 3 Sep 1998 16:41:26 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10255 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:41:25 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <116352>; Thu, 3 Sep 1998 11:26:02 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Thu, 3 Sep 1998 11:26:45 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id LAA08023; Thu, 3 Sep 1998 11:27:38 -0500 (CDT) X-OpenMail-Hops: 1 Date: Thu, 3 Sep 1998 11:27:34 -0500 Message-Id: <H00017cc03153bdb@MHS> Subject: Option 2 FROM: GIUBILEO/unix////////RFC-822/GIUBILEO#a#SPRINTSEC#f#COM@kcopmp01.corp.sprint.com TO: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="openmail-part-0ef92b5d-00000001" Sender: owner-ietf-pkix@imc.org Precedence: bulk --openmail-part-0ef92b5d-00000001 Content-Type: text/plain; charset=ISO-8859-1; name="BDY.RTF" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="BDY.RTF" +++++++++++++++++++++++++++++++++++++++++++ John P. Giubileo Director IP Security Services Sprint Corporate Security Phone: 913.624.4796 giubileo@sprintsec.com [PICTURE] --openmail-part-0ef92b5d-00000001-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10254 for ietf-pkix-bks; Thu, 3 Sep 1998 16:41:24 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10250 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:41:23 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <119676>; Thu, 3 Sep 1998 11:21:53 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Thu, 3 Sep 1998 11:19:38 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id LAA06624 for ietf-pkix@imc.org; Thu, 3 Sep 1998 11:20:03 -0500 (CDT) From: John Everson <John.Everson@mail.sprint.com> X-OpenMail-Hops: 1 Date: Thu, 3 Sep 1998 11:20:00 -0500 Message-Id: <H0001a0e03154315@MHS> Subject: Voting Question TO: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="openmail-part-0ef90993-00000001" Sender: owner-ietf-pkix@imc.org Precedence: bulk --openmail-part-0ef90993-00000001 Content-Type: text/plain; charset=US-ASCII; name="BDY.TXT" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="BDY.TXT" Are the votes being compared against the "team member list"? --openmail-part-0ef90993-00000001-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10227 for ietf-pkix-bks; Thu, 3 Sep 1998 16:38:00 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10223 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:37:57 -0700 (PDT) Received: by gateway.r3.ch id <6804>; Fri, 4 Sep 1998 01:44:05 +0100 Message-Id: <98Sep4.014405gmt+0100.6804@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: Bill Burr <william.burr@nist.gov>, "'Dave Horvath'" <David.Horvath@chromatix.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Fri, 4 Sep 1998 00:38:06 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk I believe we already have the compromise solution on the table. Option 1 in this straw poll is one end of the spectrum and the text currently in the Internet Draft is the other end of the spectrum. Option 2 in this straw poll is the compromise that : a) provides a single place to find all certificates that a CA has issued to other CAs and that have been issued to that CA b) allows the use of a locally defined 'domain' specific set of certificates to be easily retrieved by any relying parties that happen to understand and prefer that set of certificates c) enables existing client systems which implement option 1 as well as those that implement the current Internet Draft to continue without change d) provides interoperability by allowing the directory entries of CAs which use the proposal in option 1 AND entries of CAs which use the interpretation as per the current Internet Draft text to be used by client systems of either type > ---------- > From: Dave Horvath[SMTP:David.Horvath@chromatix.com] > Sent: September 3, 1998 2:14 PM > To: Bill Burr > Cc: ietf-pkix@imc.org > Subject: Re: What the straw poll means > > > > I understand the problems Bill is having with the definitions of > roots > and domains. I think we are all having those problems. It seems > that > roughly half of the people I communicated with are concerned with the > definitions and feel that population of all the cACertificates in one > attribute may help. I personally do not feel this helps, however we > should > all be interested in a compromise to keep things moving and to keep > both > sides happy. > > I must admit that I like the idea of being able to go to one place > in > the directory to find all certificates that a CA has issued (I believe > Stefan pointed this out). It appears that populating all CA > certificates in > the reverse component of the crossCertificatePair attribute solves > this > requirement and does not duplicate certs in a single CAs entry. This > gives > clients that work in a forward direction the ability to determine all > of the > certificates that a CA has issued. This type of population is clearly > mandated by option 2 and only allowed by option 1. Option 1 does not > mandate it. This type of population avoids duplication of > certificates in > a single CA entry (they are duplicated in subordinate, mesh, cross > whatever), but seems to be advantageous from a clients point of view. > > Would populating the reverse component with all issued CA > certificates > provide a compromise that supports a single attribute to retrieve all > certs? > Would this help with the installed base issue? > > Dave Horvath > > > -----Original Message----- > From: Bill Burr <william.burr@nist.gov> > To: Dave Horvath <David.Horvath@chromatix.com> > Cc: ietf-pkix@imc.org <ietf-pkix@imc.org> > Date: Thursday, September 03, 1998 12:44 PM > Subject: Re: What the straw poll means > > > >But what is a root here? Does it imply that a domain is PKI > hierarchy? I > >can think of 3 plausible constructions of root, all of which I > believe I've > >seen used: > > > >(1) any CA whose key you choose to trust and therefore can start a > >certification path, but which may not imply any other organization or > >structure; > > > >(2) a CA whose key everybody in the domain (what's a domain?) trusts > and > >which sits on top of a hierarchical unidirectional certification tree > (as > >in MISSI or PEM); > > > >(3) a CA that exists to cross-certify with other CAs, but issues few > or no > >end entity certificates, and starts few or no certification paths; it > >simply exists to connect other CAs. Examples would be the ANX > "supervisory > >CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central > >Facility, or the proposed Federal PKI "Bridge CA." Such a CA is > often > >depicted at the hub of a mesh, or the top of a hierarchy, and > operated in > >conjunction with the overall domain policy management authority. > > > > > >I suppose a "trusted root" can be either 1 or 2 above. > > > >But "root" to me doesn't necessarily say much about path development, > or > >PKI certification path structure. > > > >How about domain? What does it mean? I claim that the term makes > most > >sense to mean a part of a PKI that operates under the direction of a > policy > >management entity. Which wouldn't necessarily mean that domain > boundaries > >coincide with distinctions that are meaningful for certification path > >building. > > > >Option 1 is probably useful if you think that a domain is everything > >subordinate to the same root CA, where a root is any CA that somebody > uses > >to start a trust path. So in a cross-certified mesh PKI, every CA is > a > >domain onto itself, and all CA certificates wind up only, I think, in > the > >crossCertificatePair attribute. But in a hierarchical PKI most > >certificates wind up in the cACertificate Attribute. > > > >I have the feeling that Bob is right at least for option 1, unless we > know > >what a domain is we hardly know what we are getting. With option 2, > I > >suppose we are guaranteed that all certificates wind up in > >crossCertificatePair, whatever domain means. > > > >At 11:14 AM 9/3/98 -0400, you wrote: > >>Bob, > >> > >> I feel that the definition of domain is a local policy and that > CAs > >>should be free to define it as they wish. Clients that > search/read CAs > >>entries and obtain the values from both the cACertificate and > >>crossCertificatePair attributes can explore the values in the > cACertficate > >>attribute first. If a path to the trusted root is found, processing > stops. > >>If not, they can explore the crossCertificatePair attribute. Using > this > >>algorithm CAs can define their domain and post each of their CA > certificates > >>to one attribute or the other. The only adverse affect will be > efficiency > >>in path development on the client side if the CA does not carefully > select > >>intra or inter domain. WIth option 1, the certificates are not > duplicated. > >>With option 2, they are. > >> > >>But if we have an installed base that only looks in the > crossCertificatePair > >>attribute, then we have a problem. In that case option 2 will help > at the > >>expense of duplicating the data. I suggest we avoid duplication if > >>possible, but we certainly must evaluate the installed base. > >> > >>Dave Horvath > >> > >> > >> > >> > >>-----Original Message----- > >>From: Bob Jueneman <BJUENEMAN@novell.com> > >>To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org > >><ietf-pkix@imc.org> > >>Date: Wednesday, September 02, 1998 10:21 PM > >>Subject: RE: What the straw poll means > >> > >> > >>>Santosh doesn't seem to have answered the questions I've raised > >>>regarding the definition of the domain, but he seems to believe > that > >>>option 2 doesn't solve that problem either. > >>> > >>>If so, I am increasingly beginning to lean towards "NONE OF THE > >>>ABOVE". > >>> > >>>Rebuttal, Sharon/Carlisle? > >>> > >>>Bob > >>> > >>>>Yes Bob. I hate to say this, but you have misinterpreted. > >>>> > >>>>The basic difference between the two approaches is the under > option 1 > >>>>you store a certificate only one time under a CA's entry. Which > >>>>certifying CA is in its domain is upto a subject CA to decide. > >>>> > >>>>In all honesty, I do not see a benefit to option 2 except for the > >>>>argument that some installed base already does it this way. > >>>> > >>>>Option 1 achieves everything option 2 and with efficiency. > >>>> > >>>>I do not understand how option 2 solves your problems either. We > need > >>>>to have a discussion on computational complexity of path > development to > >>>>allay your concerns. > >>>> > >>>>The way I look at the difference between the two options is that > if > >>>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 > in one > >>>>bucket and n2 in another. Option 2 says put n in one bucket and > n1 in > >>>>another. When you retrieve the two buckets (which you must for > path > >>>>development efficiency), option 2 gives you n+n1 certificates and > option > >>>>1 gives you exactly all n. > >>>> > >>>>> -----Original Message----- > >>>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >>>>> Sent: Wednesday, September 02, 1998 8:33 PM > >>>>> To: ietf-pkix@imc.org > >>>>> Cc: chokhani@cygnacom.com > >>>>> Subject: What the straw poll means > >>>>> > >>>>> This is almost as exciting as watching a horse race! > >>>>> > >>>>> But what are we to make of the situation if the vote is as > >>>>> close as it appears to be at present -- does that truly indicate > >>>>> a "rough consensus"? > >>>>> > >>>>> As of earlier this morning, Chromatix was ahead, with > >>>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >>>>> cast; and MISSI some others are clustered around third place. > >>>>> > >>>>> So far, with the exception of a split between MISSI and NIST > >>>>> as two US Government factions, the voting seems to be > >>>>> strictly by company. > >>>>> > >>>>> Now, the polite fiction within the IETF is that memberships are > by > >>>>> individual, and that there are no "votes" per se, and certainly > not > >>>>> on a company by company basis. That's the fiction, at least.. > >>>>> Whether this convention shall long endure now that the IETF has > >>>>> apparently lost some or all of its government funding and has > >>>>> to become more self-sufficient will be interesting to see. > >>>>> > >>>>> But unless one side or the other starts to make some significant > >>>>> in-roads by the dint of more persuasive technical argument, then > I > >>>>> think > >>>>> it's effectively a draw, and we may be counting companies and > their > >>>>> installed base at least as much, and perhaps more, than > >>>>> balancing the technical alternatives. > >>>>> > >>>>> Now, if we are truly at a technical impasse and the vote has to > be > >>>>> binary, i.e., only one way or the other, then maybe counting > installed > >>>>> clients and minimizing the pain is really the way to go, but > frankly > >>>>> that approach makes me uncomfortable. I want both > interoperability > >>>>> AND efficiency, and I would hate to see us don't want to be > >>>>> pressured into a less than satisfactory decision, whatever that > is, > >>>>> just because we are in a rush to get over the next hurdle in > the > >>>>> standards progression. > >>>>> > >>>>> I originally said that I was inclined to go with option 1, > because > >>>>> it at least appeared to be simpler. However, I also said that I > was > >>>>> concerned about the "local" definition of a domain by a CA, > >>>>> and the more I think about it, the more concerned I get. > >>>>> > >>>>> That approach might be viable for an organization such as MISSI, > >>>>> where everyone presumably knows what community of interest > >>>>> they fall into, but how would it apply to a public CA such as > >>>>> VeriSign? > >>>>> > >>>>> Would they view all of their certificates as falling into one > domain, > >>>>> including any certificates issued by subordinate CAs, as in the > case > >>>>> of the old RSA Commercial hierarchy? > >>>>> > >>>>> What about GTE CyberTrust, considering their presumed affinity > >>>>> with their ISP business. Would all of those certificates fall > into > >>>>> one domain? > >>>>> > >>>>> Now suppose I want to validate a certificate from Erols. Do I > decide > >>>>> that > >>>>> because Erols is in the top half of the alphabet that they > probably > >>>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do > an > >>>>> East Coast/West Coast split, like radio and TV stations use W or > K in > >>>>> their call sign? > >>>>> > >>>>> What if Novell and Microsoft were to become CAs and issue > certificates > >>>>> > >>>>> to their customers directly, at least their larger accounts. > Would > >>>>> the relying > >>>>> party have to try to divine whether a subscriber was running > NetWare > >>>>> or > >>>>> NT in order to decide what domain they would be likely to be in? > >>>>> > >>>>> Santosh, have I misrepresented the issue here? Feel free to > correct > >>>>> me, if so. > >>>>> Maybe I just don't understand. > >>>>> > >>>>> Now, if the definition of "domain" were amended somewhat, > perhaps some > >>>>> of these difficulties might go away. > >>>>> > >>>>> In particular, it seems to me that "domain" probably ought to > have a > >>>>> lot to do > >>>>> with name subordination, or at least the possibility of doing > name > >>>>> subordination, > >>>>> so that it would be deterministic. That might not solve all of > the > >>>>> concerns that those > >>>>> who are inclined to vote for option 2 might have in mind, but it > might > >>>>> help. > >>>>> > >>>>> So if I am a Novell employee, and I receive an S/MIME message > that > >>>>> contains > >>>>> a certificate that begins with c=US, o=Novell, I can probably > make an > >>>>> excellent > >>>>> good guess of what CA to go to, assuming that Novell operates a > CA in > >>>>> its > >>>>> own name. But where do I go for a certificate from Acme > >>>>> Manufacturing? > >>>>> > >>>>> I don't mean to beat up on the option 1 folks exclusively -- > maybe > >>>>> there are > >>>>> some things that could be done within the options 2 that would > come > >>>>> closer to a > >>>>> compromise without breaking those existing clients. But I need > to > >>>>> think about that > >>>>> some more. maybe someone else could volunteer some suggestions. > >>>>> > >>>>> Bob > >>>>> > >>>>> Robert R. Jueneman > >>>>> Novell, Inc. > >>>>> 122 E. 1700 South > >>>>> Provo, UT 84606 > >>>>> bjueneman@novell.com > >>>>> 1-801-861-7387 > >>> > >>> > >> > >> > >Regards, > > > >Bill Burr > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10215 for ietf-pkix-bks; Thu, 3 Sep 1998 16:37:21 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10211 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:37:18 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZV6T>; Thu, 3 Sep 1998 19:41:38 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D224@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Bill Burr'" <william.burr@nist.gov>, Dave Horvath <David.Horvath@chromatix.com> Cc: ietf-pkix@imc.org Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 19:41:37 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Bill, But under option 1 also all certificates are there since LAP gives you all the attributes. All option 1 does is reduce the communication load, processing load, storage load and provide you a potential for efficiency. With very, very little software complexity, you have a potential for gaining a lot on the computational complexity. > -----Original Message----- > From: Bill Burr [SMTP:william.burr@nist.gov] > Sent: Thursday, September 03, 1998 12:48 PM > To: Dave Horvath > Cc: ietf-pkix@imc.org > Subject: Re: What the straw poll means > > But what is a root here? Does it imply that a domain is PKI > hierarchy? I > can think of 3 plausible constructions of root, all of which I believe > I've > seen used: > > (1) any CA whose key you choose to trust and therefore can start a > certification path, but which may not imply any other organization or > structure; > > (2) a CA whose key everybody in the domain (what's a domain?) trusts > and > which sits on top of a hierarchical unidirectional certification tree > (as > in MISSI or PEM); > > (3) a CA that exists to cross-certify with other CAs, but issues few > or no > end entity certificates, and starts few or no certification paths; it > simply exists to connect other CAs. Examples would be the ANX > "supervisory > CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central > Facility, or the proposed Federal PKI "Bridge CA." Such a CA is often > depicted at the hub of a mesh, or the top of a hierarchy, and operated > in > conjunction with the overall domain policy management authority. > > > I suppose a "trusted root" can be either 1 or 2 above. > > But "root" to me doesn't necessarily say much about path development, > or > PKI certification path structure. > > How about domain? What does it mean? I claim that the term makes most > sense to mean a part of a PKI that operates under the direction of a > policy > management entity. Which wouldn't necessarily mean that domain > boundaries > coincide with distinctions that are meaningful for certification path > building. > > Option 1 is probably useful if you think that a domain is everything > subordinate to the same root CA, where a root is any CA that somebody > uses > to start a trust path. So in a cross-certified mesh PKI, every CA is > a > domain onto itself, and all CA certificates wind up only, I think, in > the > crossCertificatePair attribute. But in a hierarchical PKI most > certificates wind up in the cACertificate Attribute. > > I have the feeling that Bob is right at least for option 1, unless we > know > what a domain is we hardly know what we are getting. With option 2, I > suppose we are guaranteed that all certificates wind up in > crossCertificatePair, whatever domain means. > > At 11:14 AM 9/3/98 -0400, you wrote: > >Bob, > > > > I feel that the definition of domain is a local policy and that > CAs > >should be free to define it as they wish. Clients that search/read > CAs > >entries and obtain the values from both the cACertificate and > >crossCertificatePair attributes can explore the values in the > cACertficate > >attribute first. If a path to the trusted root is found, processing > stops. > >If not, they can explore the crossCertificatePair attribute. Using > this > >algorithm CAs can define their domain and post each of their CA > certificates > >to one attribute or the other. The only adverse affect will be > efficiency > >in path development on the client side if the CA does not carefully > select > >intra or inter domain. WIth option 1, the certificates are not > duplicated. > >With option 2, they are. > > > >But if we have an installed base that only looks in the > crossCertificatePair > >attribute, then we have a problem. In that case option 2 will help > at the > >expense of duplicating the data. I suggest we avoid duplication if > >possible, but we certainly must evaluate the installed base. > > > >Dave Horvath > > > > > > > > > >-----Original Message----- > >From: Bob Jueneman <BJUENEMAN@novell.com> > >To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org > ><ietf-pkix@imc.org> > >Date: Wednesday, September 02, 1998 10:21 PM > >Subject: RE: What the straw poll means > > > > > >>Santosh doesn't seem to have answered the questions I've raised > >>regarding the definition of the domain, but he seems to believe that > >>option 2 doesn't solve that problem either. > >> > >>If so, I am increasingly beginning to lean towards "NONE OF THE > >>ABOVE". > >> > >>Rebuttal, Sharon/Carlisle? > >> > >>Bob > >> > >>>Yes Bob. I hate to say this, but you have misinterpreted. > >>> > >>>The basic difference between the two approaches is the under option > 1 > >>>you store a certificate only one time under a CA's entry. Which > >>>certifying CA is in its domain is upto a subject CA to decide. > >>> > >>>In all honesty, I do not see a benefit to option 2 except for the > >>>argument that some installed base already does it this way. > >>> > >>>Option 1 achieves everything option 2 and with efficiency. > >>> > >>>I do not understand how option 2 solves your problems either. We > need > >>>to have a discussion on computational complexity of path > development to > >>>allay your concerns. > >>> > >>>The way I look at the difference between the two options is that if > >>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > one > >>>bucket and n2 in another. Option 2 says put n in one bucket and n1 > in > >>>another. When you retrieve the two buckets (which you must for > path > >>>development efficiency), option 2 gives you n+n1 certificates and > option > >>>1 gives you exactly all n. > >>> > >>>> -----Original Message----- > >>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >>>> Sent: Wednesday, September 02, 1998 8:33 PM > >>>> To: ietf-pkix@imc.org > >>>> Cc: chokhani@cygnacom.com > >>>> Subject: What the straw poll means > >>>> > >>>> This is almost as exciting as watching a horse race! > >>>> > >>>> But what are we to make of the situation if the vote is as > >>>> close as it appears to be at present -- does that truly indicate > >>>> a "rough consensus"? > >>>> > >>>> As of earlier this morning, Chromatix was ahead, with > >>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >>>> cast; and MISSI some others are clustered around third place. > >>>> > >>>> So far, with the exception of a split between MISSI and NIST > >>>> as two US Government factions, the voting seems to be > >>>> strictly by company. > >>>> > >>>> Now, the polite fiction within the IETF is that memberships are > by > >>>> individual, and that there are no "votes" per se, and certainly > not > >>>> on a company by company basis. That's the fiction, at least.. > >>>> Whether this convention shall long endure now that the IETF has > >>>> apparently lost some or all of its government funding and has > >>>> to become more self-sufficient will be interesting to see. > >>>> > >>>> But unless one side or the other starts to make some significant > >>>> in-roads by the dint of more persuasive technical argument, then > I > >>>> think > >>>> it's effectively a draw, and we may be counting companies and > their > >>>> installed base at least as much, and perhaps more, than > >>>> balancing the technical alternatives. > >>>> > >>>> Now, if we are truly at a technical impasse and the vote has to > be > >>>> binary, i.e., only one way or the other, then maybe counting > installed > >>>> clients and minimizing the pain is really the way to go, but > frankly > >>>> that approach makes me uncomfortable. I want both > interoperability > >>>> AND efficiency, and I would hate to see us don't want to be > >>>> pressured into a less than satisfactory decision, whatever that > is, > >>>> just because we are in a rush to get over the next hurdle in the > >>>> standards progression. > >>>> > >>>> I originally said that I was inclined to go with option 1, > because > >>>> it at least appeared to be simpler. However, I also said that I > was > >>>> concerned about the "local" definition of a domain by a CA, > >>>> and the more I think about it, the more concerned I get. > >>>> > >>>> That approach might be viable for an organization such as MISSI, > >>>> where everyone presumably knows what community of interest > >>>> they fall into, but how would it apply to a public CA such as > >>>> VeriSign? > >>>> > >>>> Would they view all of their certificates as falling into one > domain, > >>>> including any certificates issued by subordinate CAs, as in the > case > >>>> of the old RSA Commercial hierarchy? > >>>> > >>>> What about GTE CyberTrust, considering their presumed affinity > >>>> with their ISP business. Would all of those certificates fall > into > >>>> one domain? > >>>> > >>>> Now suppose I want to validate a certificate from Erols. Do I > decide > >>>> that > >>>> because Erols is in the top half of the alphabet that they > probably > >>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do > an > >>>> East Coast/West Coast split, like radio and TV stations use W or > K in > >>>> their call sign? > >>>> > >>>> What if Novell and Microsoft were to become CAs and issue > certificates > >>>> > >>>> to their customers directly, at least their larger accounts. > Would > >>>> the relying > >>>> party have to try to divine whether a subscriber was running > NetWare > >>>> or > >>>> NT in order to decide what domain they would be likely to be in? > >>>> > >>>> Santosh, have I misrepresented the issue here? Feel free to > correct > >>>> me, if so. > >>>> Maybe I just don't understand. > >>>> > >>>> Now, if the definition of "domain" were amended somewhat, perhaps > some > >>>> of these difficulties might go away. > >>>> > >>>> In particular, it seems to me that "domain" probably ought to > have a > >>>> lot to do > >>>> with name subordination, or at least the possibility of doing > name > >>>> subordination, > >>>> so that it would be deterministic. That might not solve all of > the > >>>> concerns that those > >>>> who are inclined to vote for option 2 might have in mind, but it > might > >>>> help. > >>>> > >>>> So if I am a Novell employee, and I receive an S/MIME message > that > >>>> contains > >>>> a certificate that begins with c=US, o=Novell, I can probably > make an > >>>> excellent > >>>> good guess of what CA to go to, assuming that Novell operates a > CA in > >>>> its > >>>> own name. But where do I go for a certificate from Acme > >>>> Manufacturing? > >>>> > >>>> I don't mean to beat up on the option 1 folks exclusively -- > maybe > >>>> there are > >>>> some things that could be done within the options 2 that would > come > >>>> closer to a > >>>> compromise without breaking those existing clients. But I need > to > >>>> think about that > >>>> some more. maybe someone else could volunteer some suggestions. > >>>> > >>>> Bob > >>>> > >>>> Robert R. Jueneman > >>>> Novell, Inc. > >>>> 122 E. 1700 South > >>>> Provo, UT 84606 > >>>> bjueneman@novell.com > >>>> 1-801-861-7387 > >> > >> > > > > > Regards, > > Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10138 for ietf-pkix-bks; Thu, 3 Sep 1998 16:24:42 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10134 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:24:41 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SF7TZVZ4>; Thu, 3 Sep 1998 19:29:01 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D222@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'jayhawk@qsun.ho.att.com'" <jayhawk@qsun.ho.att.com>, Carlisle Adams <carlisle.adams@entrust.com>, ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Thu, 3 Sep 1998 19:28:59 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Actually your arguments heavily favor option 1. You state that since the request will retrieve all the certificates, there is no need to retrieve n1+n2+n1 certificates when n1 will do. So, that is the first point of efficiency. Now, the second point of efficiency is that these certificate come as different type (let us call them red and green) in option 1. In option 2, these have to be separated. The third point of efficiency is that an application can select which type of link to pursue red or green. At the risk of being redundant, CA does not preordain that. It is up to the application. For a given relying party, this could vary from application type to application type. > -----Original Message----- > From: jayhawk@qsun.ho.att.com [SMTP:jayhawk@qsun.ho.att.com] > Sent: Thursday, September 03, 1998 5:09 PM > To: Carlisle Adams; ietf-pkix@imc.org > Subject: Re: Let's try to understand the real issue (was... RE: > What the straw poll means) > > Call me slow, but I don't follow the argument the whole way... > > | Hi all, > | > | I propose that we try (once again) to understand what the real issue > is > | here. > | > | > As somebody coming to the party late from the LDAP world, I don't > see > | > why > | > the certificates need to be retrieved from two places. An LDAP > lookup > | > of an > | > object with a fairly simple filter (objectclass="*") will return > all > | > of the > | > attributes associated with that object. Therefore a single lookup > | > will return > | > both attributes, so I don't understand how retrieval efficiency is > | > gained. > | > > | O.K., so we see that a single LDAP lookup can retrieve all > certificates > | (which, after careful enumeration, was found to be "n") in either > option > | 1 or option 2. > | > | The claimed advantage of option 1 is that this retrieval gets me > | certificates that are sorted into "intra-domain" and "inter-domain", > | which can help in efficient path construction. Let's think about > this > | for a moment. The CA doing this sorting is, by definition, NOT > DIRECTLY > | TRUSTED BY ME (because if it was directly trusted by me, I would > | already have a trusted copy of its public key and would not need > | certificates in which it was the subject). If it is not directly > | trusted by me, then why would I necessarily trust it to do this > sorting > | in a way that is beneficial to my path construction needs? How does > it > | know what *my* definition of "domain" is? How does it know whether > most > | of my certificate validations will be "intra" its definition of > domain > | or "inter" its definition of domain? > > I follow this portion of the argument... > > | If this CA's definition of domain and my definition of domain do not > | coincide exactly (and why should they, since in general this CA and > I > | have no pre-established relationship?), then this sorting performed > by > | the CA is not merely useless to me, it is actually an explicit > | disadvantage (because the proponents of option 1 are recommending > that > | all the intra-domain certificates be examined *before* the > inter-domain > | certificates are examined, leading to worst-case path-construction > times > | for what may turn out to be a common scenario). > > I don't see that falling out of the Option 1 text as I read the > straw poll message. If such is the case, then I would say that text > should be present. > > | Relying parties know what certificates they will be validating most > | often, depending upon what particular activity they are engaged in > at > | the moment. THAT defines the relying parties' "intra" and "inter" > | domains. CAs in the middle of a cert. path cannot possibly know > this, > | in general, so having THEM define a domain and sort certificates > | according to that definition is really meaningless. > > Agreed. > > | Note that there will be special circumstances in which one > definition of > | domain will be understood throughout a given environment (e.g., the > | strict hierarchy of CAs has been cited in previous posts on this > topic). > | In such cases there is a clear efficiency advantage to be gained in > path > | construction. This is why option 2 is the perfect compromise: for > such > | environments relying parties need only retrieve the n1 < n > certificates > | that they *know* will be useful to them. Option 2 therefore meets > the > | needs of the general case as well as the special case, while > | simultaneously guaranteeing interoperability of two installed bases > | which would otherwise have no hope of interoperating today. > > Stop. Here's where I really fall off the wagon. How does the relying > party > retrieve ONLY the n1 certificates that they know will be useful to > them for > a CA? I can see retrieving the CA object from the directory (which > unless > you do something real clever will have ALL certificates independent of > which > option is chosen) and then doing your own sorting, but I don't see how > CA > "presorting" is going to make a difference, because ALL certificates > will > be there. > > | The price of this panacea? A few redundant certificates in the > | Directory. Is it really worth sacrificing the general- (and perhaps > | common-) case scenario, as well as interoperability, in order to > save a > | few certificates and satisfy a particular special-case? I haven't > yet > | heard any convincing arguments... > > Well, I'm not convinced of your argument here the other way (other > than > the interoperability consideration), but that's what e-mail is for :-) > > My current reasoning is that given that a single LDAP lookup is going > to > return ALL of the certificates independent of the option chosen, the > client > is going to have to process those certificates to build its path. > Since > this begins to look like a wash in terms of client complexity (yes, > yes, this is where interoperability shows up), why not argue for > the choice that conserves directory space? > > Ryan > > P.S. I'm really beginning to like the original text, given that the > concept of a "domain" is looking more and more useless (causing > confusion > and concern without appreciable positive points) in this discussion. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA10018 for ietf-pkix-bks; Thu, 3 Sep 1998 16:08:07 -0700 (PDT) Received: from tac-nt-excom1.russell.com (mailgate1.russell.com [208.152.45.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA10014 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:08:06 -0700 (PDT) Received: by tac-nt-excom1.russell.com with Internet Mail Service (5.5.2232.9) id <S17JTY5D>; Thu, 3 Sep 1998 16:10:21 -0700 Message-ID: <0B71FBC08925D11197DB00805F157C720101F930@tac-nt-exch1.russell.com> From: "Tuttle, Kimberly (OSSC)" <KTUTTLE@russell.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2. Date: Thu, 3 Sep 1998 16:10:29 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09871 for ietf-pkix-bks; Thu, 3 Sep 1998 15:50:23 -0700 (PDT) Received: from tac-nt-excom1.russell.com (mailgate1.russell.com [208.152.45.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09867 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 15:50:22 -0700 (PDT) Received: by tac-nt-excom1.russell.com with Internet Mail Service (5.5.2232.9) id <S17JTYV0>; Thu, 3 Sep 1998 15:52:36 -0700 Message-ID: <0B71FBC08925D11197DB00805F157C72C901E3@tac-nt-exch1.russell.com> From: "Evans, Jim (OSSC)" <JEVANS@russell.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Thu, 3 Sep 1998 15:52:45 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jim Evans Frank Russell Company Security is what YOU Practice ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09496 for ietf-pkix-bks; Thu, 3 Sep 1998 15:05:28 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09492 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 15:05:26 -0700 (PDT) Received: by gateway.r3.ch id <6814>; Fri, 4 Sep 1998 00:11:30 +0100 Message-Id: <98Sep4.001130gmt+0100.6814@gateway.r3.ch> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'jayhawk@qsun.ho.att.com'" <jayhawk@qsun.ho.att.com> Cc: ietf-pkix@imc.org Subject: RE: Let's try to understand the real issue (was... RE: What the s traw poll means) Date: Thu, 3 Sep 1998 23:05:31 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Ryan, > ---------- > From: jayhawk@qsun.ho.att.com[SMTP:jayhawk@qsun.ho.att.com] > Sent: Thursday, September 03, 1998 5:09 PM > To: Carlisle Adams; ietf-pkix@imc.org > Subject: Re: Let's try to understand the real issue (was... RE: > What the straw poll means) > > Call me slow, but I don't follow the argument the whole way... > > | If this CA's definition of domain and my definition of domain do not > | coincide exactly (and why should they, since in general this CA and > I > | have no pre-established relationship?), then this sorting performed > by > | the CA is not merely useless to me, it is actually an explicit > | disadvantage (because the proponents of option 1 are recommending > that > | all the intra-domain certificates be examined *before* the > inter-domain > | certificates are examined, leading to worst-case path-construction > times > | for what may turn out to be a common scenario). > > I don't see that falling out of the Option 1 text as I read the > straw poll message. If such is the case, then I would say that text > should be present. > Dave Horvath's message to Bob Jueneman earlier today said the following: "I feel that the definition of domain is a local policy and that CAs should be free to define it as they wish. Clients that search/read CAs entries and obtain the values from both the cACertificate and crossCertificatePair attributes can explore the values in the cACertficate attribute first. If a path to the trusted root is found, processing stops. If not, they can explore the crossCertificatePair attribute. Using this algorithm CAs can define their domain and post each of their CA certificates to one attribute or the other. The only adverse affect will be efficiency in path development on the client side if the CA does not carefully select intra or inter domain." This was also mentioned at the meeting in Chicago. > | Note that there will be special circumstances in which one > definition of > | domain will be understood throughout a given environment (e.g., the > | strict hierarchy of CAs has been cited in previous posts on this > topic). > | In such cases there is a clear efficiency advantage to be gained in > path > | construction. This is why option 2 is the perfect compromise: for > such > | environments relying parties need only retrieve the n1 < n > certificates > | that they *know* will be useful to them. Option 2 therefore meets > the > | needs of the general case as well as the special case, while > | simultaneously guaranteeing interoperability of two installed bases > | which would otherwise have no hope of interoperating today. > > Stop. Here's where I really fall off the wagon. How does the relying > party > retrieve ONLY the n1 certificates that they know will be useful to > them for > a CA? > If the relying party knows that its definition of domain matches that of the CA exactly, then it can simply retrieve all certificates in the cACertificate attribute (rather than all certificates in the crossCertificatePair attribute) in option 2. This is n1 rather than n. > Ryan > > P.S. I'm really beginning to like the original text, given that the > concept of a "domain" is looking more and more useless (causing > confusion > and concern without appreciable positive points) in this discussion. > Me too... :-) Carlisle. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA09480 for ietf-pkix-bks; Thu, 3 Sep 1998 15:04:31 -0700 (PDT) Received: from fep2.mail.ozemail.net (fep2.mail.ozemail.net [203.2.192.122]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA09476 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 15:04:29 -0700 (PDT) Received: from lesm95 (slcan52p02.ozemail.com.au [203.108.176.130]) by fep2.mail.ozemail.net (8.9.0/8.6.12) with SMTP id IAA11167 for <ietf-pkix@imc.org>; Fri, 4 Sep 1998 08:09:16 +1000 (EST) Message-ID: <000b01bdd787$498d5d80$82b06ccb@lesm95> From: "Les Mitchell" <condorlm@ozemail.com.au> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Fri, 4 Sep 1998 08:07:40 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA09198 for ietf-pkix-bks; Thu, 3 Sep 1998 14:30:43 -0700 (PDT) Received: from att.com (cagw2.att.com [192.128.52.90]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA09194 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 14:30:41 -0700 (PDT) Received: from caig1.fw.att.com by cagw2.att.com (AT&T/IPNS/UPAS-1.0) for imc.org!ietf-pkix sender qsun.ho.att.com!jayhawk (qsun.ho.att.com!jayhawk); Thu Sep 3 17:05 EDT 1998 Received: from qsun.ho.att.com (qsunn.ho.att.com [135.16.30.2]) by caig1.fw.att.com (AT&T/IPNS/GW-1.0) with SMTP id RAA02720 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:09:04 -0400 (EDT) Received: by qsun.ho.att.com (SMI-8.6/EMS-1.2 sol2) id RAA27748; Thu, 3 Sep 1998 17:09:01 -0400 Date: Thu, 3 Sep 1998 17:09:01 -0400 Message-Id: <199809032109.RAA27748@qsun.ho.att.com> From: jayhawk@qsun.ho.att.com (Ryan Moats) To: Carlisle Adams <carlisle.adams@entrust.com>, ietf-pkix@imc.org Subject: Re: Let's try to understand the real issue (was... RE: What the straw poll means) Content-Type: text Sender: owner-ietf-pkix@imc.org Precedence: bulk Call me slow, but I don't follow the argument the whole way... | Hi all, | | I propose that we try (once again) to understand what the real issue is | here. | | > As somebody coming to the party late from the LDAP world, I don't see | > why | > the certificates need to be retrieved from two places. An LDAP lookup | > of an | > object with a fairly simple filter (objectclass="*") will return all | > of the | > attributes associated with that object. Therefore a single lookup | > will return | > both attributes, so I don't understand how retrieval efficiency is | > gained. | > | O.K., so we see that a single LDAP lookup can retrieve all certificates | (which, after careful enumeration, was found to be "n") in either option | 1 or option 2. | | The claimed advantage of option 1 is that this retrieval gets me | certificates that are sorted into "intra-domain" and "inter-domain", | which can help in efficient path construction. Let's think about this | for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY | TRUSTED BY ME (because if it was directly trusted by me, I would | already have a trusted copy of its public key and would not need | certificates in which it was the subject). If it is not directly | trusted by me, then why would I necessarily trust it to do this sorting | in a way that is beneficial to my path construction needs? How does it | know what *my* definition of "domain" is? How does it know whether most | of my certificate validations will be "intra" its definition of domain | or "inter" its definition of domain? I follow this portion of the argument... | If this CA's definition of domain and my definition of domain do not | coincide exactly (and why should they, since in general this CA and I | have no pre-established relationship?), then this sorting performed by | the CA is not merely useless to me, it is actually an explicit | disadvantage (because the proponents of option 1 are recommending that | all the intra-domain certificates be examined *before* the inter-domain | certificates are examined, leading to worst-case path-construction times | for what may turn out to be a common scenario). I don't see that falling out of the Option 1 text as I read the straw poll message. If such is the case, then I would say that text should be present. | Relying parties know what certificates they will be validating most | often, depending upon what particular activity they are engaged in at | the moment. THAT defines the relying parties' "intra" and "inter" | domains. CAs in the middle of a cert. path cannot possibly know this, | in general, so having THEM define a domain and sort certificates | according to that definition is really meaningless. Agreed. | Note that there will be special circumstances in which one definition of | domain will be understood throughout a given environment (e.g., the | strict hierarchy of CAs has been cited in previous posts on this topic). | In such cases there is a clear efficiency advantage to be gained in path | construction. This is why option 2 is the perfect compromise: for such | environments relying parties need only retrieve the n1 < n certificates | that they *know* will be useful to them. Option 2 therefore meets the | needs of the general case as well as the special case, while | simultaneously guaranteeing interoperability of two installed bases | which would otherwise have no hope of interoperating today. Stop. Here's where I really fall off the wagon. How does the relying party retrieve ONLY the n1 certificates that they know will be useful to them for a CA? I can see retrieving the CA object from the directory (which unless you do something real clever will have ALL certificates independent of which option is chosen) and then doing your own sorting, but I don't see how CA "presorting" is going to make a difference, because ALL certificates will be there. | The price of this panacea? A few redundant certificates in the | Directory. Is it really worth sacrificing the general- (and perhaps | common-) case scenario, as well as interoperability, in order to save a | few certificates and satisfy a particular special-case? I haven't yet | heard any convincing arguments... Well, I'm not convinced of your argument here the other way (other than the interoperability consideration), but that's what e-mail is for :-) My current reasoning is that given that a single LDAP lookup is going to return ALL of the certificates independent of the option chosen, the client is going to have to process those certificates to build its path. Since this begins to look like a wash in terms of client complexity (yes, yes, this is where interoperability shows up), why not argue for the choice that conserves directory space? Ryan P.S. I'm really beginning to like the original text, given that the concept of a "domain" is looking more and more useless (causing confusion and concern without appreciable positive points) in this discussion. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA08976 for ietf-pkix-bks; Thu, 3 Sep 1998 14:05:48 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA08972 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 14:05:47 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id RAA08361 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:10:25 -0400 Message-Id: <3.0.5.32.19980903171402.00a9aa10@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 03 Sep 1998 17:14:02 -0400 To: ietf-pkix@imc.org From: Bill Burr <william.burr@nist.gov> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08900 for ietf-pkix-bks; Thu, 3 Sep 1998 13:58:53 -0700 (PDT) Received: from dtol.com (root@dtol.dtol.com [206.51.1.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA08895 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:58:52 -0700 (PDT) Received: from dtol.com (cyborg.dilkie.com [206.51.1.171]) by dtol.com (8.6.12/8.6.9) with ESMTP id RAA03433 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 17:07:44 GMT Message-ID: <35EF03CE.E1AA9F7C@dtol.com> Date: Thu, 03 Sep 1998 17:02:06 -0400 From: Susan Lang <susanl@dtol.com> X-Mailer: Mozilla 4.04 [en] (WinNT; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08759 for ietf-pkix-bks; Thu, 3 Sep 1998 13:48:36 -0700 (PDT) Received: from egate2.citicorp.com (egate2.citicorp.com [192.193.196.194]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA08755 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:48:35 -0700 (PDT) Received: by egate2.citicorp.com id QAA00653 (InterLock SMTP Gateway 3.0 for ietf-pkix@imc.org); Thu, 3 Sep 1998 16:53:15 -0400 Message-Id: <199809032053.QAA00653@egate2.citicorp.com> Received: by egate2.citicorp.com (Protected-side Proxy Mail Agent-1); Thu, 3 Sep 1998 16:53:15 -0400 Date: Thu, 03 Sep 1998 16:52:36 -0400 From: David Solo <david.solo@citicorp.com> Reply-To: david.solo@citicorp.com Organization: Citicorp X-Sender: "David Solo" <dsolo@pop3.citicorp.com> X-Mailer: Mozilla 4.04 [en]C-Citicorp (WinNT; U) Mime-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08394 for ietf-pkix-bks; Thu, 3 Sep 1998 13:36:31 -0700 (PDT) Received: from atlantic.valicert.com (atlantic.valicert.com [209.185.6.135] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA08390 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:36:30 -0700 (PDT) Received: (qmail 27414 invoked from network); 3 Sep 1998 20:41:06 -0000 Received: from amazon.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 3 Sep 1998 20:41:06 -0000 Message-ID: <35EEFEDC.ACD403FB@valicert.com> Date: Thu, 03 Sep 1998 13:41:00 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Carlisle Adams <carlisle.adams@entrust.com> CC: ietf-pkix@imc.org Subject: Re: Let's try to understand the real issue (was... RE: What the straw poll means) References: <98Sep3.203112gmt+0100.6799@gateway.r3.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Carlisle, Is the expectation that everybody is directly accessing their CA's LDAP directory? I always thought that each orginazation would actually maintain its own LDAP directory and, therefore, be able to specify which CAs are preferred over others. Are we really expecting people to share their directories with everyone in the world? Ambarish Carlisle Adams wrote: > > Hi all, > > I propose that we try (once again) to understand what the real issue is > here. > > > ---------- > > From: Ryan Moats[SMTP:jayhawk@att.com] > > Sent: Thursday, September 03, 1998 12:14 PM > > To: John_Wray@iris.com > > Cc: ietf-pkix@imc.org > > Subject: Retrieval efficiency herring? (was... RE: What the straw > > poll means) > > > > As somebody coming to the party late from the LDAP world, I don't see > > why > > the certificates need to be retrieved from two places. An LDAP lookup > > of an > > object with a fairly simple filter (objectclass="*") will return all > > of the > > attributes associated with that object. Therefore a single lookup > > will return > > both attributes, so I don't understand how retrieval efficiency is > > gained. > > > O.K., so we see that a single LDAP lookup can retrieve all certificates > (which, after careful enumeration, was found to be "n") in either option > 1 or option 2. > > The claimed advantage of option 1 is that this retrieval gets me > certificates that are sorted into "intra-domain" and "inter-domain", > which can help in efficient path construction. Let's think about this > for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY > TRUSTED BY ME (because if it was directly trusted by me, I would > already have a trusted copy of its public key and would not need > certificates in which it was the subject). If it is not directly > trusted by me, then why would I necessarily trust it to do this sorting > in a way that is beneficial to my path construction needs? How does it > know what *my* definition of "domain" is? How does it know whether most > of my certificate validations will be "intra" its definition of domain > or "inter" its definition of domain? > > If this CA's definition of domain and my definition of domain do not > coincide exactly (and why should they, since in general this CA and I > have no pre-established relationship?), then this sorting performed by > the CA is not merely useless to me, it is actually an explicit > disadvantage (because the proponents of option 1 are recommending that > all the intra-domain certificates be examined *before* the inter-domain > certificates are examined, leading to worst-case path-construction times > for what may turn out to be a common scenario). > > Relying parties know what certificates they will be validating most > often, depending upon what particular activity they are engaged in at > the moment. THAT defines the relying parties' "intra" and "inter" > domains. CAs in the middle of a cert. path cannot possibly know this, > in general, so having THEM define a domain and sort certificates > according to that definition is really meaningless. > > Note that there will be special circumstances in which one definition of > domain will be understood throughout a given environment (e.g., the > strict hierarchy of CAs has been cited in previous posts on this topic). > In such cases there is a clear efficiency advantage to be gained in path > construction. This is why option 2 is the perfect compromise: for such > environments relying parties need only retrieve the n1 < n certificates > that they *know* will be useful to them. Option 2 therefore meets the > needs of the general case as well as the special case, while > simultaneously guaranteeing interoperability of two installed bases > which would otherwise have no hope of interoperating today. > > The price of this panacea? A few redundant certificates in the > Directory. Is it really worth sacrificing the general- (and perhaps > common-) case scenario, as well as interoperability, in order to save a > few certificates and satisfy a particular special-case? I haven't yet > heard any convincing arguments... > > Carlisle. -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA08321 for ietf-pkix-bks; Thu, 3 Sep 1998 13:34:47 -0700 (PDT) Received: from host.ott.igs.net (host.ott.igs.net [206.248.16.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA08313 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 13:34:42 -0700 (PDT) Received: from igs.net (ttyE0a.ott.igs.net [207.210.11.12]) by host.ott.igs.net (8.8.5/8.6.12) with ESMTP id QAA04133 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 16:39:22 -0400 (EDT) Message-ID: <35EEFD09.58A89449@igs.net> Date: Thu, 03 Sep 1998 16:33:13 -0400 From: Robert Sabourin <rsabourin@igs.net> Organization: TBS TechWatch X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA06917 for ietf-pkix-bks; Thu, 3 Sep 1998 11:55:53 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA06913 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:55:52 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQffgu13666; Thu, 3 Sep 1998 15:00:39 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRBJKA>; Thu, 3 Sep 1998 15:02:21 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD04E4FC@exchang-fairfax.pec.com> From: GMurphy <GMurphy@pec.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Option 2 Date: Thu, 3 Sep 1998 15:02:18 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA06657 for ietf-pkix-bks; Thu, 3 Sep 1998 11:25:03 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA06653 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:25:01 -0700 (PDT) Received: by gateway.r3.ch id <6799>; Thu, 3 Sep 1998 20:31:12 +0100 Message-Id: <98Sep3.203112gmt+0100.6799@gateway.r3.ch> From: Carlisle Adams <carlisle.adams@entrust.com> To: ietf-pkix@imc.org Subject: Let's try to understand the real issue (was... RE: What the straw poll means) Date: Thu, 3 Sep 1998 19:25:07 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi all, I propose that we try (once again) to understand what the real issue is here. > ---------- > From: Ryan Moats[SMTP:jayhawk@att.com] > Sent: Thursday, September 03, 1998 12:14 PM > To: John_Wray@iris.com > Cc: ietf-pkix@imc.org > Subject: Retrieval efficiency herring? (was... RE: What the straw > poll means) > > As somebody coming to the party late from the LDAP world, I don't see > why > the certificates need to be retrieved from two places. An LDAP lookup > of an > object with a fairly simple filter (objectclass="*") will return all > of the > attributes associated with that object. Therefore a single lookup > will return > both attributes, so I don't understand how retrieval efficiency is > gained. > O.K., so we see that a single LDAP lookup can retrieve all certificates (which, after careful enumeration, was found to be "n") in either option 1 or option 2. The claimed advantage of option 1 is that this retrieval gets me certificates that are sorted into "intra-domain" and "inter-domain", which can help in efficient path construction. Let's think about this for a moment. The CA doing this sorting is, by definition, NOT DIRECTLY TRUSTED BY ME (because if it was directly trusted by me, I would already have a trusted copy of its public key and would not need certificates in which it was the subject). If it is not directly trusted by me, then why would I necessarily trust it to do this sorting in a way that is beneficial to my path construction needs? How does it know what *my* definition of "domain" is? How does it know whether most of my certificate validations will be "intra" its definition of domain or "inter" its definition of domain? If this CA's definition of domain and my definition of domain do not coincide exactly (and why should they, since in general this CA and I have no pre-established relationship?), then this sorting performed by the CA is not merely useless to me, it is actually an explicit disadvantage (because the proponents of option 1 are recommending that all the intra-domain certificates be examined *before* the inter-domain certificates are examined, leading to worst-case path-construction times for what may turn out to be a common scenario). Relying parties know what certificates they will be validating most often, depending upon what particular activity they are engaged in at the moment. THAT defines the relying parties' "intra" and "inter" domains. CAs in the middle of a cert. path cannot possibly know this, in general, so having THEM define a domain and sort certificates according to that definition is really meaningless. Note that there will be special circumstances in which one definition of domain will be understood throughout a given environment (e.g., the strict hierarchy of CAs has been cited in previous posts on this topic). In such cases there is a clear efficiency advantage to be gained in path construction. This is why option 2 is the perfect compromise: for such environments relying parties need only retrieve the n1 < n certificates that they *know* will be useful to them. Option 2 therefore meets the needs of the general case as well as the special case, while simultaneously guaranteeing interoperability of two installed bases which would otherwise have no hope of interoperating today. The price of this panacea? A few redundant certificates in the Directory. Is it really worth sacrificing the general- (and perhaps common-) case scenario, as well as interoperability, in order to save a few certificates and satisfy a particular special-case? I haven't yet heard any convincing arguments... Carlisle. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA06580 for ietf-pkix-bks; Thu, 3 Sep 1998 11:19:46 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA06576 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:19:44 -0700 (PDT) Received: from ash (ash.chromatix.com [207.97.115.9]) by chromatix.com (8.8.8/8.8.8) with SMTP id OAA21961; Thu, 3 Sep 1998 14:23:52 -0400 (EDT) (envelope-from David.Horvath@chromatix.com) Message-ID: <00f701bdd766$a98bcf30$097361cf@ash.chromatix.com> From: "Dave Horvath" <David.Horvath@chromatix.com> To: "Bill Burr" <william.burr@nist.gov> Cc: <ietf-pkix@imc.org> Subject: Re: What the straw poll means Date: Thu, 3 Sep 1998 14:14:16 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk I understand the problems Bill is having with the definitions of roots and domains. I think we are all having those problems. It seems that roughly half of the people I communicated with are concerned with the definitions and feel that population of all the cACertificates in one attribute may help. I personally do not feel this helps, however we should all be interested in a compromise to keep things moving and to keep both sides happy. I must admit that I like the idea of being able to go to one place in the directory to find all certificates that a CA has issued (I believe Stefan pointed this out). It appears that populating all CA certificates in the reverse component of the crossCertificatePair attribute solves this requirement and does not duplicate certs in a single CAs entry. This gives clients that work in a forward direction the ability to determine all of the certificates that a CA has issued. This type of population is clearly mandated by option 2 and only allowed by option 1. Option 1 does not mandate it. This type of population avoids duplication of certificates in a single CA entry (they are duplicated in subordinate, mesh, cross whatever), but seems to be advantageous from a clients point of view. Would populating the reverse component with all issued CA certificates provide a compromise that supports a single attribute to retrieve all certs? Would this help with the installed base issue? Dave Horvath -----Original Message----- From: Bill Burr <william.burr@nist.gov> To: Dave Horvath <David.Horvath@chromatix.com> Cc: ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Thursday, September 03, 1998 12:44 PM Subject: Re: What the straw poll means >But what is a root here? Does it imply that a domain is PKI hierarchy? I >can think of 3 plausible constructions of root, all of which I believe I've >seen used: > >(1) any CA whose key you choose to trust and therefore can start a >certification path, but which may not imply any other organization or >structure; > >(2) a CA whose key everybody in the domain (what's a domain?) trusts and >which sits on top of a hierarchical unidirectional certification tree (as >in MISSI or PEM); > >(3) a CA that exists to cross-certify with other CAs, but issues few or no >end entity certificates, and starts few or no certification paths; it >simply exists to connect other CAs. Examples would be the ANX "supervisory >CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central >Facility, or the proposed Federal PKI "Bridge CA." Such a CA is often >depicted at the hub of a mesh, or the top of a hierarchy, and operated in >conjunction with the overall domain policy management authority. > > >I suppose a "trusted root" can be either 1 or 2 above. > >But "root" to me doesn't necessarily say much about path development, or >PKI certification path structure. > >How about domain? What does it mean? I claim that the term makes most >sense to mean a part of a PKI that operates under the direction of a policy >management entity. Which wouldn't necessarily mean that domain boundaries >coincide with distinctions that are meaningful for certification path >building. > >Option 1 is probably useful if you think that a domain is everything >subordinate to the same root CA, where a root is any CA that somebody uses >to start a trust path. So in a cross-certified mesh PKI, every CA is a >domain onto itself, and all CA certificates wind up only, I think, in the >crossCertificatePair attribute. But in a hierarchical PKI most >certificates wind up in the cACertificate Attribute. > >I have the feeling that Bob is right at least for option 1, unless we know >what a domain is we hardly know what we are getting. With option 2, I >suppose we are guaranteed that all certificates wind up in >crossCertificatePair, whatever domain means. > >At 11:14 AM 9/3/98 -0400, you wrote: >>Bob, >> >> I feel that the definition of domain is a local policy and that CAs >>should be free to define it as they wish. Clients that search/read CAs >>entries and obtain the values from both the cACertificate and >>crossCertificatePair attributes can explore the values in the cACertficate >>attribute first. If a path to the trusted root is found, processing stops. >>If not, they can explore the crossCertificatePair attribute. Using this >>algorithm CAs can define their domain and post each of their CA certificates >>to one attribute or the other. The only adverse affect will be efficiency >>in path development on the client side if the CA does not carefully select >>intra or inter domain. WIth option 1, the certificates are not duplicated. >>With option 2, they are. >> >>But if we have an installed base that only looks in the crossCertificatePair >>attribute, then we have a problem. In that case option 2 will help at the >>expense of duplicating the data. I suggest we avoid duplication if >>possible, but we certainly must evaluate the installed base. >> >>Dave Horvath >> >> >> >> >>-----Original Message----- >>From: Bob Jueneman <BJUENEMAN@novell.com> >>To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org >><ietf-pkix@imc.org> >>Date: Wednesday, September 02, 1998 10:21 PM >>Subject: RE: What the straw poll means >> >> >>>Santosh doesn't seem to have answered the questions I've raised >>>regarding the definition of the domain, but he seems to believe that >>>option 2 doesn't solve that problem either. >>> >>>If so, I am increasingly beginning to lean towards "NONE OF THE >>>ABOVE". >>> >>>Rebuttal, Sharon/Carlisle? >>> >>>Bob >>> >>>>Yes Bob. I hate to say this, but you have misinterpreted. >>>> >>>>The basic difference between the two approaches is the under option 1 >>>>you store a certificate only one time under a CA's entry. Which >>>>certifying CA is in its domain is upto a subject CA to decide. >>>> >>>>In all honesty, I do not see a benefit to option 2 except for the >>>>argument that some installed base already does it this way. >>>> >>>>Option 1 achieves everything option 2 and with efficiency. >>>> >>>>I do not understand how option 2 solves your problems either. We need >>>>to have a discussion on computational complexity of path development to >>>>allay your concerns. >>>> >>>>The way I look at the difference between the two options is that if >>>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >>>>bucket and n2 in another. Option 2 says put n in one bucket and n1 in >>>>another. When you retrieve the two buckets (which you must for path >>>>development efficiency), option 2 gives you n+n1 certificates and option >>>>1 gives you exactly all n. >>>> >>>>> -----Original Message----- >>>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >>>>> Sent: Wednesday, September 02, 1998 8:33 PM >>>>> To: ietf-pkix@imc.org >>>>> Cc: chokhani@cygnacom.com >>>>> Subject: What the straw poll means >>>>> >>>>> This is almost as exciting as watching a horse race! >>>>> >>>>> But what are we to make of the situation if the vote is as >>>>> close as it appears to be at present -- does that truly indicate >>>>> a "rough consensus"? >>>>> >>>>> As of earlier this morning, Chromatix was ahead, with >>>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes >>>>> cast; and MISSI some others are clustered around third place. >>>>> >>>>> So far, with the exception of a split between MISSI and NIST >>>>> as two US Government factions, the voting seems to be >>>>> strictly by company. >>>>> >>>>> Now, the polite fiction within the IETF is that memberships are by >>>>> individual, and that there are no "votes" per se, and certainly not >>>>> on a company by company basis. That's the fiction, at least.. >>>>> Whether this convention shall long endure now that the IETF has >>>>> apparently lost some or all of its government funding and has >>>>> to become more self-sufficient will be interesting to see. >>>>> >>>>> But unless one side or the other starts to make some significant >>>>> in-roads by the dint of more persuasive technical argument, then I >>>>> think >>>>> it's effectively a draw, and we may be counting companies and their >>>>> installed base at least as much, and perhaps more, than >>>>> balancing the technical alternatives. >>>>> >>>>> Now, if we are truly at a technical impasse and the vote has to be >>>>> binary, i.e., only one way or the other, then maybe counting installed >>>>> clients and minimizing the pain is really the way to go, but frankly >>>>> that approach makes me uncomfortable. I want both interoperability >>>>> AND efficiency, and I would hate to see us don't want to be >>>>> pressured into a less than satisfactory decision, whatever that is, >>>>> just because we are in a rush to get over the next hurdle in the >>>>> standards progression. >>>>> >>>>> I originally said that I was inclined to go with option 1, because >>>>> it at least appeared to be simpler. However, I also said that I was >>>>> concerned about the "local" definition of a domain by a CA, >>>>> and the more I think about it, the more concerned I get. >>>>> >>>>> That approach might be viable for an organization such as MISSI, >>>>> where everyone presumably knows what community of interest >>>>> they fall into, but how would it apply to a public CA such as >>>>> VeriSign? >>>>> >>>>> Would they view all of their certificates as falling into one domain, >>>>> including any certificates issued by subordinate CAs, as in the case >>>>> of the old RSA Commercial hierarchy? >>>>> >>>>> What about GTE CyberTrust, considering their presumed affinity >>>>> with their ISP business. Would all of those certificates fall into >>>>> one domain? >>>>> >>>>> Now suppose I want to validate a certificate from Erols. Do I decide >>>>> that >>>>> because Erols is in the top half of the alphabet that they probably >>>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >>>>> East Coast/West Coast split, like radio and TV stations use W or K in >>>>> their call sign? >>>>> >>>>> What if Novell and Microsoft were to become CAs and issue certificates >>>>> >>>>> to their customers directly, at least their larger accounts. Would >>>>> the relying >>>>> party have to try to divine whether a subscriber was running NetWare >>>>> or >>>>> NT in order to decide what domain they would be likely to be in? >>>>> >>>>> Santosh, have I misrepresented the issue here? Feel free to correct >>>>> me, if so. >>>>> Maybe I just don't understand. >>>>> >>>>> Now, if the definition of "domain" were amended somewhat, perhaps some >>>>> of these difficulties might go away. >>>>> >>>>> In particular, it seems to me that "domain" probably ought to have a >>>>> lot to do >>>>> with name subordination, or at least the possibility of doing name >>>>> subordination, >>>>> so that it would be deterministic. That might not solve all of the >>>>> concerns that those >>>>> who are inclined to vote for option 2 might have in mind, but it might >>>>> help. >>>>> >>>>> So if I am a Novell employee, and I receive an S/MIME message that >>>>> contains >>>>> a certificate that begins with c=US, o=Novell, I can probably make an >>>>> excellent >>>>> good guess of what CA to go to, assuming that Novell operates a CA in >>>>> its >>>>> own name. But where do I go for a certificate from Acme >>>>> Manufacturing? >>>>> >>>>> I don't mean to beat up on the option 1 folks exclusively -- maybe >>>>> there are >>>>> some things that could be done within the options 2 that would come >>>>> closer to a >>>>> compromise without breaking those existing clients. But I need to >>>>> think about that >>>>> some more. maybe someone else could volunteer some suggestions. >>>>> >>>>> Bob >>>>> >>>>> Robert R. Jueneman >>>>> Novell, Inc. >>>>> 122 E. 1700 South >>>>> Provo, UT 84606 >>>>> bjueneman@novell.com >>>>> 1-801-861-7387 >>> >>> >> >> >Regards, > >Bill Burr > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA06389 for ietf-pkix-bks; Thu, 3 Sep 1998 10:59:08 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA06385 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 10:59:06 -0700 (PDT) Received: by gateway.r3.ch id <6807>; Thu, 3 Sep 1998 20:05:15 +0100 Message-Id: <98Sep3.200515gmt+0100.6807@gateway.r3.ch> From: Rainer Rueppel <rueppel@r3.ch> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Thu, 3 Sep 1998 19:01:41 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA06098 for ietf-pkix-bks; Thu, 3 Sep 1998 10:26:28 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA06094 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 10:26:25 -0700 (PDT) Received: by gateway.r3.ch id <6804>; Thu, 3 Sep 1998 19:32:13 +0100 Message-Id: <98Sep3.193213gmt+0100.6804@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Ambarish Malpani'" <ambarish@valicert.com> Subject: RE: Where to store CA certificates Date: Thu, 3 Sep 1998 18:26:10 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Ambarish It is the relying party, not the CA, which knows the priority for identifying the most efficient set of certificates for path building for a specific certificate validation. Further, the priority for a single relying party can change from operation to operation depending on the particular environment in which they are operating. For that primary reason, I don't think the CA's domain (whatever they define it to be) is a very useful split, but rather allowing client systems to perform flexible filtering of the contents of the directory with matching rules that allow them to match on particular elements of the certificates is the most generic and flexible approach. While a CA could provide some helpful hints to relying parties (e.g. through the use of cACertificate attribute or other attributes and prioritization tags) this can only help a subset of relying parties who understand that CAs definition of domain and/or prioritization criteria. Other relying parties may have completely opposite priorities and relying parties for which the CA hints are useless should be equally supported. As we migrate to LDAPv3, the extensible match capability of that protocol, combined with the matching rules currently in X.509 (or some evolution of them) should enable ONLY the certificates of interest to a particular relying party and for a particular validation instance to be retrieved. While it is true that an extensible match can be applied to more than one attribute on a single directory protocol exchange, this does require extra processing on the directory side, provides no additional value, and is obviously more work for the directory than to filter on a single attribute rather than always on two. There would be nothing to prevent the use of additional attributes (either locally defined or standardized), or some other technologies (e.g. the use of directory contexts to flag particular values of a single attribute) but at this point I believe those would be more locally contained than standardized so I see them as additional helpful hints potentially. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Ambarish Malpani[SMTP:ambarish@valicert.com] > Sent: September 3, 1998 12:54 PM > To: 'ietf-pkix@imc.org' > Subject: Where to store CA certificates > > Hi Guys, > Given the huge amount of passion that the topic of where one > stores CA certificates has generated, it seems to me that path > building is both a complicated and important thing ;-) > > If the premise above is true, wouldn't one want to prioritize > path building more precisely than just lumping CA certs into > one of two categories (intra-domain/inter-domain)? > > Would it make sense to have another attribute attached to > CA certificates - something like a "priority" field, with say > an integer value, where, during path building you first try to > build paths with the CA cert with the highest priority? > > Or is this a BAD idea, because it doesn't work with any of > the current implementations? > > Comments? Sharon, Santosh? > > Regards, > Ambarish > > -- > --------------------------------------------------------------------- > Ambarish Malpani > Architect 650.567.5457 > ValiCert, Inc. > ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043-1833 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05571 for ietf-pkix-bks; Thu, 3 Sep 1998 09:49:59 -0700 (PDT) Received: from atlantic.valicert.com (atlantic.valicert.com [209.185.6.135] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA05566 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:49:58 -0700 (PDT) Received: (qmail 24860 invoked from network); 3 Sep 1998 16:54:25 -0000 Received: from amazon.valicert.com (HELO valicert.com) (209.185.6.1) by mail.valicert.com with SMTP; 3 Sep 1998 16:54:25 -0000 Message-ID: <35EEC9BB.3F7B9C44@valicert.com> Date: Thu, 03 Sep 1998 09:54:19 -0700 From: Ambarish Malpani <ambarish@valicert.com> Organization: ValiCert, Inc. X-Mailer: Mozilla 4.5b1 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Where to store CA certificates References: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Guys, Given the huge amount of passion that the topic of where one stores CA certificates has generated, it seems to me that path building is both a complicated and important thing ;-) If the premise above is true, wouldn't one want to prioritize path building more precisely than just lumping CA certs into one of two categories (intra-domain/inter-domain)? Would it make sense to have another attribute attached to CA certificates - something like a "priority" field, with say an integer value, where, during path building you first try to build paths with the CA cert with the highest priority? Or is this a BAD idea, because it doesn't work with any of the current implementations? Comments? Sharon, Santosh? Regards, Ambarish -- --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043-1833 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05522 for ietf-pkix-bks; Thu, 3 Sep 1998 09:46:08 -0700 (PDT) Received: from chopin.digsigtrust.com (chopin.digsigtrust.com [208.30.64.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA05518 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:46:07 -0700 (PDT) Received: from digsigtrust.com (rfwdesktop.digsigtrust.com [208.30.64.114]) by chopin.digsigtrust.com (8.9.1/8.9.1) with ESMTP id KAA12051 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 10:50:13 -0600 (MDT) Message-ID: <35EECE85.85DD213F@digsigtrust.com> Date: Thu, 03 Sep 1998 11:14:45 -0600 From: "Russel F. Weiser" <rweiser@digsigtrust.com> X-Mailer: Mozilla 4.05 [en] (WinNT; U) MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: What the straw poll means References: <98Sep3.134059gmt+0100.6803@gateway.r3.ch> Content-Type: multipart/mixed; boundary="------------4DB9C958A073A47F89771625" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------4DB9C958A073A47F89771625 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I'm a new to the PKIX in general and am more familiar with LDAP v3 then the CA environment. I did understand the orignal draft and would have voted for it. That is if I would have been able to attend the wg meeting, but alas; I was in the LDAPEXT wg instead. I have voted for option 1, because it sounds like it minimizes storage as well as providing consistent knowledge of what goes in which attribute without duplicating storage. Now I would like to know the reason the orignal text was voted down since I couldn't be there. I know Bob keeps bringing up the DOMAIN issue and I do think that this is an issue since no one has of yet given it a definition. . Sharon Boeyen wrote: > The "two buckets" is exactly what I was trying to avoid in the earlier > debate on this topic, however I believe that the single bucket option > was rejected in the Chicago meeting. The single bucket option is the > text which is currently in the Internet Draft. With that text, all self > signed (or self issued certificates) were to be placed in the > cACertificate attribute and all certificates issued by one CA to a > different CA were put in the crossCertificatePair attribute. Depending > on the particular path development algorithm being used by a relying > party, directory search tools, especially when we evolve to LDAPv3 could > be used to filter the content of the forward and or reverse elements of > that SINGLE attribute and provide the relying party with the set of > certificates of interest to that particular relying party. > > I still believe that this is the best solution because the relying party > systems are the ones that know which certs are of interest to them, not > the CA that happened to issue the certs, especially in the post PEM > world where any CA could legitimately have certs issued for it by > several CAs. > > My strong support for Option 2 in the straw poll is because the above > was rejected by the meeting and I see Option 2 as a workable compromise > ONLY because there is a complete set of certs in a single attribute and > relying parties can do what is of interest to them without knowing the > definition of domain which each individual CA happens to use. For self > contained environments wanting to make use of a CA or set of CAs certs > issued within some locally defined domain, this is still possible. > > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > > > > ---------- > > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > > Sent: September 2, 1998 8:48 PM > > To: 'Bob Jueneman'; ietf-pkix@imc.org > > Cc: Santosh Chokhani > > Subject: RE: What the straw poll means > > > > Yes Bob. I hate to say this, but you have misinterpreted. > > > > The basic difference between the two approaches is the under option 1 > > you store a certificate only one time under a CA's entry. Which > > certifying CA is in its domain is upto a subject CA to decide. > > > > In all honesty, I do not see a benefit to option 2 except for the > > argument that some installed base already does it this way. > > > > Option 1 achieves everything option 2 and with efficiency. > > > > I do not understand how option 2 solves your problems either. We need > > to have a discussion on computational complexity of path development > > to > > allay your concerns. > > > > The way I look at the difference between the two options is that if > > n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > > one > > bucket and n2 in another. Option 2 says put n in one bucket and n1 in > > another. When you retrieve the two buckets (which you must for path > > development efficiency), option 2 gives you n+n1 certificates and > > option > > 1 gives you exactly all n. > > > > > -----Original Message----- > > > From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > > > Sent: Wednesday, September 02, 1998 8:33 PM > > > To: ietf-pkix@imc.org > > > Cc: chokhani@cygnacom.com > > > Subject: What the straw poll means > > > > > > This is almost as exciting as watching a horse race! > > > > > > But what are we to make of the situation if the vote is as > > > close as it appears to be at present -- does that truly indicate > > > a "rough consensus"? > > > > > > As of earlier this morning, Chromatix was ahead, with > > > 8 votes cast; Entrust was tied with Microsoft with 4 votes > > > cast; and MISSI some others are clustered around third place. > > > > > > So far, with the exception of a split between MISSI and NIST > > > as two US Government factions, the voting seems to be > > > strictly by company. > > > > > > Now, the polite fiction within the IETF is that memberships are by > > > individual, and that there are no "votes" per se, and certainly not > > > on a company by company basis. That's the fiction, at least.. > > > Whether this convention shall long endure now that the IETF has > > > apparently lost some or all of its government funding and has > > > to become more self-sufficient will be interesting to see. > > > > > > But unless one side or the other starts to make some significant > > > in-roads by the dint of more persuasive technical argument, then I > > > think > > > it's effectively a draw, and we may be counting companies and their > > > installed base at least as much, and perhaps more, than > > > balancing the technical alternatives. > > > > > > Now, if we are truly at a technical impasse and the vote has to be > > > binary, i.e., only one way or the other, then maybe counting > > installed > > > clients and minimizing the pain is really the way to go, but frankly > > > > > that approach makes me uncomfortable. I want both interoperability > > > AND efficiency, and I would hate to see us don't want to be > > > pressured into a less than satisfactory decision, whatever that is, > > > just because we are in a rush to get over the next hurdle in the > > > standards progression. > > > > > > I originally said that I was inclined to go with option 1, because > > > it at least appeared to be simpler. However, I also said that I was > > > > > concerned about the "local" definition of a domain by a CA, > > > and the more I think about it, the more concerned I get. > > > > > > That approach might be viable for an organization such as MISSI, > > > where everyone presumably knows what community of interest > > > they fall into, but how would it apply to a public CA such as > > > VeriSign? > > > > > > Would they view all of their certificates as falling into one > > domain, > > > including any certificates issued by subordinate CAs, as in the case > > > of the old RSA Commercial hierarchy? > > > > > > What about GTE CyberTrust, considering their presumed affinity > > > with their ISP business. Would all of those certificates fall into > > > one domain? > > > > > > Now suppose I want to validate a certificate from Erols. Do I > > decide > > > that > > > because Erols is in the top half of the alphabet that they probably > > > use GTE, whereas Xerox would probably use VeriSign? Or do we do an > > > East Coast/West Coast split, like radio and TV stations use W or K > > in > > > their call sign? > > > > > > What if Novell and Microsoft were to become CAs and issue > > certificates > > > > > > to their customers directly, at least their larger accounts. Would > > > the relying > > > party have to try to divine whether a subscriber was running NetWare > > > or > > > NT in order to decide what domain they would be likely to be in? > > > > > > Santosh, have I misrepresented the issue here? Feel free to correct > > > me, if so. > > > Maybe I just don't understand. > > > > > > Now, if the definition of "domain" were amended somewhat, perhaps > > some > > > of these difficulties might go away. > > > > > > In particular, it seems to me that "domain" probably ought to have a > > > lot to do > > > with name subordination, or at least the possibility of doing name > > > subordination, > > > so that it would be deterministic. That might not solve all of the > > > concerns that those > > > who are inclined to vote for option 2 might have in mind, but it > > might > > > help. > > > > > > So if I am a Novell employee, and I receive an S/MIME message that > > > contains > > > a certificate that begins with c=US, o=Novell, I can probably make > > an > > > excellent > > > good guess of what CA to go to, assuming that Novell operates a CA > > in > > > its > > > own name. But where do I go for a certificate from Acme > > > Manufacturing? > > > > > > I don't mean to beat up on the option 1 folks exclusively -- maybe > > > there are > > > some things that could be done within the options 2 that would come > > > closer to a > > > compromise without breaking those existing clients. But I need to > > > think about that > > > some more. maybe someone else could volunteer some suggestions. > > > > > > Bob > > > > > > Robert R. Jueneman > > > Novell, Inc. > > > 122 E. 1700 South > > > Provo, UT 84606 > > > bjueneman@novell.com > > > 1-801-861-7387 > > --------------4DB9C958A073A47F89771625 Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Russel Weiser Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Russel Weiser n: Weiser;Russel org: DST email;internet: rweiser@DigSigTrust.COm x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------4DB9C958A073A47F89771625-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05452 for ietf-pkix-bks; Thu, 3 Sep 1998 09:40:08 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA05448 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:40:07 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id MAA05240; Thu, 3 Sep 1998 12:44:14 -0400 Message-Id: <3.0.5.32.19980903124753.0085d5f0@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 03 Sep 1998 12:47:53 -0400 To: "Dave Horvath" <David.Horvath@chromatix.com> From: Bill Burr <william.burr@nist.gov> Subject: Re: What the straw poll means Cc: ietf-pkix@imc.org In-Reply-To: <008001bdd74d$95b14bc0$097361cf@ash.chromatix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk But what is a root here? Does it imply that a domain is PKI hierarchy? I can think of 3 plausible constructions of root, all of which I believe I've seen used: (1) any CA whose key you choose to trust and therefore can start a certification path, but which may not imply any other organization or structure; (2) a CA whose key everybody in the domain (what's a domain?) trusts and which sits on top of a hierarchical unidirectional certification tree (as in MISSI or PEM); (3) a CA that exists to cross-certify with other CAs, but issues few or no end entity certificates, and starts few or no certification paths; it simply exists to connect other CAs. Examples would be the ANX "supervisory CA," the Gov. of Canada "Level 0" CA operated by the Canadian Central Facility, or the proposed Federal PKI "Bridge CA." Such a CA is often depicted at the hub of a mesh, or the top of a hierarchy, and operated in conjunction with the overall domain policy management authority. I suppose a "trusted root" can be either 1 or 2 above. But "root" to me doesn't necessarily say much about path development, or PKI certification path structure. How about domain? What does it mean? I claim that the term makes most sense to mean a part of a PKI that operates under the direction of a policy management entity. Which wouldn't necessarily mean that domain boundaries coincide with distinctions that are meaningful for certification path building. Option 1 is probably useful if you think that a domain is everything subordinate to the same root CA, where a root is any CA that somebody uses to start a trust path. So in a cross-certified mesh PKI, every CA is a domain onto itself, and all CA certificates wind up only, I think, in the crossCertificatePair attribute. But in a hierarchical PKI most certificates wind up in the cACertificate Attribute. I have the feeling that Bob is right at least for option 1, unless we know what a domain is we hardly know what we are getting. With option 2, I suppose we are guaranteed that all certificates wind up in crossCertificatePair, whatever domain means. At 11:14 AM 9/3/98 -0400, you wrote: >Bob, > > I feel that the definition of domain is a local policy and that CAs >should be free to define it as they wish. Clients that search/read CAs >entries and obtain the values from both the cACertificate and >crossCertificatePair attributes can explore the values in the cACertficate >attribute first. If a path to the trusted root is found, processing stops. >If not, they can explore the crossCertificatePair attribute. Using this >algorithm CAs can define their domain and post each of their CA certificates >to one attribute or the other. The only adverse affect will be efficiency >in path development on the client side if the CA does not carefully select >intra or inter domain. WIth option 1, the certificates are not duplicated. >With option 2, they are. > >But if we have an installed base that only looks in the crossCertificatePair >attribute, then we have a problem. In that case option 2 will help at the >expense of duplicating the data. I suggest we avoid duplication if >possible, but we certainly must evaluate the installed base. > >Dave Horvath > > > > >-----Original Message----- >From: Bob Jueneman <BJUENEMAN@novell.com> >To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org ><ietf-pkix@imc.org> >Date: Wednesday, September 02, 1998 10:21 PM >Subject: RE: What the straw poll means > > >>Santosh doesn't seem to have answered the questions I've raised >>regarding the definition of the domain, but he seems to believe that >>option 2 doesn't solve that problem either. >> >>If so, I am increasingly beginning to lean towards "NONE OF THE >>ABOVE". >> >>Rebuttal, Sharon/Carlisle? >> >>Bob >> >>>Yes Bob. I hate to say this, but you have misinterpreted. >>> >>>The basic difference between the two approaches is the under option 1 >>>you store a certificate only one time under a CA's entry. Which >>>certifying CA is in its domain is upto a subject CA to decide. >>> >>>In all honesty, I do not see a benefit to option 2 except for the >>>argument that some installed base already does it this way. >>> >>>Option 1 achieves everything option 2 and with efficiency. >>> >>>I do not understand how option 2 solves your problems either. We need >>>to have a discussion on computational complexity of path development to >>>allay your concerns. >>> >>>The way I look at the difference between the two options is that if >>>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >>>bucket and n2 in another. Option 2 says put n in one bucket and n1 in >>>another. When you retrieve the two buckets (which you must for path >>>development efficiency), option 2 gives you n+n1 certificates and option >>>1 gives you exactly all n. >>> >>>> -----Original Message----- >>>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >>>> Sent: Wednesday, September 02, 1998 8:33 PM >>>> To: ietf-pkix@imc.org >>>> Cc: chokhani@cygnacom.com >>>> Subject: What the straw poll means >>>> >>>> This is almost as exciting as watching a horse race! >>>> >>>> But what are we to make of the situation if the vote is as >>>> close as it appears to be at present -- does that truly indicate >>>> a "rough consensus"? >>>> >>>> As of earlier this morning, Chromatix was ahead, with >>>> 8 votes cast; Entrust was tied with Microsoft with 4 votes >>>> cast; and MISSI some others are clustered around third place. >>>> >>>> So far, with the exception of a split between MISSI and NIST >>>> as two US Government factions, the voting seems to be >>>> strictly by company. >>>> >>>> Now, the polite fiction within the IETF is that memberships are by >>>> individual, and that there are no "votes" per se, and certainly not >>>> on a company by company basis. That's the fiction, at least.. >>>> Whether this convention shall long endure now that the IETF has >>>> apparently lost some or all of its government funding and has >>>> to become more self-sufficient will be interesting to see. >>>> >>>> But unless one side or the other starts to make some significant >>>> in-roads by the dint of more persuasive technical argument, then I >>>> think >>>> it's effectively a draw, and we may be counting companies and their >>>> installed base at least as much, and perhaps more, than >>>> balancing the technical alternatives. >>>> >>>> Now, if we are truly at a technical impasse and the vote has to be >>>> binary, i.e., only one way or the other, then maybe counting installed >>>> clients and minimizing the pain is really the way to go, but frankly >>>> that approach makes me uncomfortable. I want both interoperability >>>> AND efficiency, and I would hate to see us don't want to be >>>> pressured into a less than satisfactory decision, whatever that is, >>>> just because we are in a rush to get over the next hurdle in the >>>> standards progression. >>>> >>>> I originally said that I was inclined to go with option 1, because >>>> it at least appeared to be simpler. However, I also said that I was >>>> concerned about the "local" definition of a domain by a CA, >>>> and the more I think about it, the more concerned I get. >>>> >>>> That approach might be viable for an organization such as MISSI, >>>> where everyone presumably knows what community of interest >>>> they fall into, but how would it apply to a public CA such as >>>> VeriSign? >>>> >>>> Would they view all of their certificates as falling into one domain, >>>> including any certificates issued by subordinate CAs, as in the case >>>> of the old RSA Commercial hierarchy? >>>> >>>> What about GTE CyberTrust, considering their presumed affinity >>>> with their ISP business. Would all of those certificates fall into >>>> one domain? >>>> >>>> Now suppose I want to validate a certificate from Erols. Do I decide >>>> that >>>> because Erols is in the top half of the alphabet that they probably >>>> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >>>> East Coast/West Coast split, like radio and TV stations use W or K in >>>> their call sign? >>>> >>>> What if Novell and Microsoft were to become CAs and issue certificates >>>> >>>> to their customers directly, at least their larger accounts. Would >>>> the relying >>>> party have to try to divine whether a subscriber was running NetWare >>>> or >>>> NT in order to decide what domain they would be likely to be in? >>>> >>>> Santosh, have I misrepresented the issue here? Feel free to correct >>>> me, if so. >>>> Maybe I just don't understand. >>>> >>>> Now, if the definition of "domain" were amended somewhat, perhaps some >>>> of these difficulties might go away. >>>> >>>> In particular, it seems to me that "domain" probably ought to have a >>>> lot to do >>>> with name subordination, or at least the possibility of doing name >>>> subordination, >>>> so that it would be deterministic. That might not solve all of the >>>> concerns that those >>>> who are inclined to vote for option 2 might have in mind, but it might >>>> help. >>>> >>>> So if I am a Novell employee, and I receive an S/MIME message that >>>> contains >>>> a certificate that begins with c=US, o=Novell, I can probably make an >>>> excellent >>>> good guess of what CA to go to, assuming that Novell operates a CA in >>>> its >>>> own name. But where do I go for a certificate from Acme >>>> Manufacturing? >>>> >>>> I don't mean to beat up on the option 1 folks exclusively -- maybe >>>> there are >>>> some things that could be done within the options 2 that would come >>>> closer to a >>>> compromise without breaking those existing clients. But I need to >>>> think about that >>>> some more. maybe someone else could volunteer some suggestions. >>>> >>>> Bob >>>> >>>> Robert R. Jueneman >>>> Novell, Inc. >>>> 122 E. 1700 South >>>> Provo, UT 84606 >>>> bjueneman@novell.com >>>> 1-801-861-7387 >> >> > > Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05420 for ietf-pkix-bks; Thu, 3 Sep 1998 09:37:57 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA05416 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:37:56 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Thu, 03 Sep 1998 10:42:00 -0600 Message-Id: <s5ee7278.091@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Thu, 03 Sep 1998 10:41:47 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <william.burr@nist.gov> Cc: <ietf-pkix@imc.org> Subject: Re: What the straw poll means Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id JAA05417 Sender: owner-ietf-pkix@imc.org Precedence: bulk Bill, I was only gently tweaking the USG -- anyone who has ever dealt with NIST, NSA, or the FBI on issues like export controls knows that each agency has its one separate agenda and priorities. I for one would hate to have to be the President or Vice President who has to knock heads and try to get the Administration to speak with one voice. But your comments on the pioneers are very apropos. As a major player in the directory space, Novell certainly has an interest in this area. We would hate to see a solution adopted that unnecessarily wastes directory space. On the other hand, memory is getting cheaper and cheaper, but Internet congestion is getting worse, and it isn't clear that caching or other approaches would be likely to apply here. so I'm not sure that I completely buy Tim's argument that interoperability is more important than efficiency. To further complicate the problem, Novell has a relationship with Entrust, and we certainly have no desire to see their interests harmed. But likewise, we consider the US Government a very important customer, and we would hate to see a solution adopted that would fly in the face of MISSI's and DMS's needs. Knowing both Sharon and Santosh reasonably well, I can certainly say that they are both bright, and have an excellent understanding of the technology. The fact that they and others come out on opposite sides of the issue probably means that their views of the underlying problem space and their priorities, are probably different, rather than being due to some flaw in their logic. If all else fails and we have to make a choice, I also would favor not shafting the early developer who has helped the market grow. The trouble is, I'm not exactly sure whose ox would be gored, and how much effort it would take to fix it. Entrust obviously has an investment in their current client, but what the cost of changing it would be I don't know. Likewise, I'm not sure who many other players in this space have already developed clients that might also be impacted. What is pretty obvious by now is that there isn't a clear consensus, at least not yet, and that cogent arguments can be made on both sides depending on what your assumptions are regarding the behavior of the clients, which may require a crystal ball. So maybe we should go back to the drawing board and see if we have exhausted all of the possible alternatives. For example, Sharon mentioned that she thought that the "single bucket" approach was ruled out in Chicago. I wasn't there and so I don't know the pros and cons, but it would seem that reexamining that possibility might be worthwhile. At least on the surface it seems to solve both problems. Others have commented that with appropriate LDAP filters it is possible to retrieve certificates from both piles simultaneously. Maybe there is a pony in there somewhere that could be explored more fully, especially for those of us who are not LDAP gurus. I WANT my cake and eat it, too! Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA05400 for ietf-pkix-bks; Thu, 3 Sep 1998 09:36:11 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA05396 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:36:10 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQffgk13897; Thu, 3 Sep 1998 12:40:21 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRB215>; Thu, 3 Sep 1998 12:42:33 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD53608D@exchang-fairfax.pec.com> From: WHenry <WHenry@pec.com> To: ietf-pkix@imc.org Subject: For Option #2 Date: Thu, 3 Sep 1998 12:42:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA04949 for ietf-pkix-bks; Thu, 3 Sep 1998 09:27:37 -0700 (PDT) Received: from mw.3com.com (intergate.usr.com [149.112.20.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA04942 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:27:35 -0700 (PDT) Received: from mwgate02.mw.3com.com by mw.3com.com (8.8.5/3.1.090690-US Robotics) id LAA09323; Thu, 3 Sep 1998 11:36:23 -0500 (CDT) Received: by mwgate02.mw.3com.com(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id 86256674.005B319B ; Thu, 3 Sep 1998 11:36:04 -0500 X-Lotus-FromDomain: 3COM@3COM-MWGATE From: "Boby Joseph" <Boby_Joseph@mw.3com.com> To: ietf-pkix@imc.org Message-ID: <86256674.005B2F2F.00@mwgate02.mw.3com.com> Date: Thu, 3 Sep 1998 11:36:24 -0500 Subject: For option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA04631 for ietf-pkix-bks; Thu, 3 Sep 1998 09:25:19 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA04623 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:25:18 -0700 (PDT) Received: from [128.89.0.110] (COSMEC.BBN.COM [128.89.0.110]) by po1.bbn.com (8.8.6/8.8.6) with ESMTP id MAA23905 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 12:30:05 -0400 (EDT) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: kent@po1.bbn.com Message-Id: <v04011704b214746ad0fe@[128.89.0.110]> In-Reply-To: <s5ed8f62.071@prv-mail25.provo.novelll.com> Date: Thu, 3 Sep 1998 12:32:04 -0400 To: <ietf-pkix@imc.org> From: Stephen Kent <kent@bbn.com> Subject: Re: What the straw poll means Sender: owner-ietf-pkix@imc.org Precedence: bulk Folks, A straw poll is not a vote, since we don't vote in the IETF or in WGs. The WG chair(s) retain discretion to interpret the outcome of s straw poll, e.g., to discount any apparent ballot box stuffing by a given organization. I asked Sharon to extend the polling period because this is clearly a contentious issue and because we usually allow about a week for such activities, although we have gone through shorter polling intervals on occasion. have a nice Labor Day weekend, Steve Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA03056 for ietf-pkix-bks; Thu, 3 Sep 1998 09:09:07 -0700 (PDT) Received: from att.com (kcgw1.att.com [192.128.133.151]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA03051 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 09:09:05 -0700 (PDT) Received: from kcig1.fw.att.com by kcgw1.att.com (AT&T/IPNS/UPAS-1.0) for imc.org!ietf-pkix sender att.com!jayhawk (att.com!jayhawk); Thu Sep 3 11:12 CDT 1998 Received: from qsun.ho.att.com (qsunn.ho.att.com [135.16.30.2]) by kcig1.fw.att.com (AT&T/IPNS/GW-1.0) with SMTP id LAA02486 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 11:12:13 -0500 (CDT) Received: from sloop.local.windrose.omaha.ne.us by qsun.ho.att.com (SMI-8.6/EMS-1.2 sol2) id MAA15045; Thu, 3 Sep 1998 12:12:00 -0400 From: "Ryan Moats" <jayhawk@att.com> To: <John_Wray@iris.com> Cc: <ietf-pkix@imc.org> Subject: Retrieval efficiency herring? (was... RE: What the straw poll means) Date: Thu, 3 Sep 1998 11:14:31 -0500 Message-ID: <000101bdd755$ef033a00$c8c8090a@sloop.local.windrose.omaha.ne.us> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal In-Reply-To: <85256674.00465F65.00@arista.iris.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk John_Wray@iris.com writes: > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory (option > 2 stores intra-domain certificates twice) or retrieval efficiency for > the verifier (option 1 require a verifier that wants all a target CA's > certificates to retrieve them from two places). As somebody coming to the party late from the LDAP world, I don't see why the certificates need to be retrieved from two places. An LDAP lookup of an object with a fairly simple filter (objectclass="*") will return all of the attributes associated with that object. Therefore a single lookup will return both attributes, so I don't understand how retrieval efficiency is gained. Ryan Moats Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA02866 for ietf-pkix-bks; Thu, 3 Sep 1998 08:46:32 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA02862 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 08:46:31 -0700 (PDT) From: Mary_Ellen_Zurko@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090311504488:1045 for <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 11:50:44 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090311504488:1045 for <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 11:50:44 -0400 X-Lotus-FromDomain: IRIS To: ietf-pkix@imc.org Message-ID: <85256674.0057297C.00@arista.iris.com> Date: Thu, 3 Sep 1998 11:53:53 -0400 Subject: For Option 2 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA02506 for ietf-pkix-bks; Thu, 3 Sep 1998 08:20:25 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA02502 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 08:20:24 -0700 (PDT) Received: from ash (ash.chromatix.com [207.97.115.9]) by chromatix.com (8.8.8/8.8.8) with SMTP id LAA21436; Thu, 3 Sep 1998 11:24:22 -0400 (EDT) (envelope-from David.Horvath@chromatix.com) Message-ID: <008001bdd74d$95b14bc0$097361cf@ash.chromatix.com> From: "Dave Horvath" <David.Horvath@chromatix.com> To: "Bob Jueneman" <BJUENEMAN@novell.com>, <chokhani@cygnacom.com>, <ietf-pkix@imc.org> Subject: Re: What the straw poll means Date: Thu, 3 Sep 1998 11:14:45 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Bob, I feel that the definition of domain is a local policy and that CAs should be free to define it as they wish. Clients that search/read CAs entries and obtain the values from both the cACertificate and crossCertificatePair attributes can explore the values in the cACertficate attribute first. If a path to the trusted root is found, processing stops. If not, they can explore the crossCertificatePair attribute. Using this algorithm CAs can define their domain and post each of their CA certificates to one attribute or the other. The only adverse affect will be efficiency in path development on the client side if the CA does not carefully select intra or inter domain. WIth option 1, the certificates are not duplicated. With option 2, they are. But if we have an installed base that only looks in the crossCertificatePair attribute, then we have a problem. In that case option 2 will help at the expense of duplicating the data. I suggest we avoid duplication if possible, but we certainly must evaluate the installed base. Dave Horvath -----Original Message----- From: Bob Jueneman <BJUENEMAN@novell.com> To: chokhani@cygnacom.com <chokhani@cygnacom.com>; ietf-pkix@imc.org <ietf-pkix@imc.org> Date: Wednesday, September 02, 1998 10:21 PM Subject: RE: What the straw poll means >Santosh doesn't seem to have answered the questions I've raised >regarding the definition of the domain, but he seems to believe that >option 2 doesn't solve that problem either. > >If so, I am increasingly beginning to lean towards "NONE OF THE >ABOVE". > >Rebuttal, Sharon/Carlisle? > >Bob > >>Yes Bob. I hate to say this, but you have misinterpreted. >> >>The basic difference between the two approaches is the under option 1 >>you store a certificate only one time under a CA's entry. Which >>certifying CA is in its domain is upto a subject CA to decide. >> >>In all honesty, I do not see a benefit to option 2 except for the >>argument that some installed base already does it this way. >> >>Option 1 achieves everything option 2 and with efficiency. >> >>I do not understand how option 2 solves your problems either. We need >>to have a discussion on computational complexity of path development to >>allay your concerns. >> >>The way I look at the difference between the two options is that if >>n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >>bucket and n2 in another. Option 2 says put n in one bucket and n1 in >>another. When you retrieve the two buckets (which you must for path >>development efficiency), option 2 gives you n+n1 certificates and option >>1 gives you exactly all n. >> >>> -----Original Message----- >>> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >>> Sent: Wednesday, September 02, 1998 8:33 PM >>> To: ietf-pkix@imc.org >>> Cc: chokhani@cygnacom.com >>> Subject: What the straw poll means >>> >>> This is almost as exciting as watching a horse race! >>> >>> But what are we to make of the situation if the vote is as >>> close as it appears to be at present -- does that truly indicate >>> a "rough consensus"? >>> >>> As of earlier this morning, Chromatix was ahead, with >>> 8 votes cast; Entrust was tied with Microsoft with 4 votes >>> cast; and MISSI some others are clustered around third place. >>> >>> So far, with the exception of a split between MISSI and NIST >>> as two US Government factions, the voting seems to be >>> strictly by company. >>> >>> Now, the polite fiction within the IETF is that memberships are by >>> individual, and that there are no "votes" per se, and certainly not >>> on a company by company basis. That's the fiction, at least.. >>> Whether this convention shall long endure now that the IETF has >>> apparently lost some or all of its government funding and has >>> to become more self-sufficient will be interesting to see. >>> >>> But unless one side or the other starts to make some significant >>> in-roads by the dint of more persuasive technical argument, then I >>> think >>> it's effectively a draw, and we may be counting companies and their >>> installed base at least as much, and perhaps more, than >>> balancing the technical alternatives. >>> >>> Now, if we are truly at a technical impasse and the vote has to be >>> binary, i.e., only one way or the other, then maybe counting installed >>> clients and minimizing the pain is really the way to go, but frankly >>> that approach makes me uncomfortable. I want both interoperability >>> AND efficiency, and I would hate to see us don't want to be >>> pressured into a less than satisfactory decision, whatever that is, >>> just because we are in a rush to get over the next hurdle in the >>> standards progression. >>> >>> I originally said that I was inclined to go with option 1, because >>> it at least appeared to be simpler. However, I also said that I was >>> concerned about the "local" definition of a domain by a CA, >>> and the more I think about it, the more concerned I get. >>> >>> That approach might be viable for an organization such as MISSI, >>> where everyone presumably knows what community of interest >>> they fall into, but how would it apply to a public CA such as >>> VeriSign? >>> >>> Would they view all of their certificates as falling into one domain, >>> including any certificates issued by subordinate CAs, as in the case >>> of the old RSA Commercial hierarchy? >>> >>> What about GTE CyberTrust, considering their presumed affinity >>> with their ISP business. Would all of those certificates fall into >>> one domain? >>> >>> Now suppose I want to validate a certificate from Erols. Do I decide >>> that >>> because Erols is in the top half of the alphabet that they probably >>> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >>> East Coast/West Coast split, like radio and TV stations use W or K in >>> their call sign? >>> >>> What if Novell and Microsoft were to become CAs and issue certificates >>> >>> to their customers directly, at least their larger accounts. Would >>> the relying >>> party have to try to divine whether a subscriber was running NetWare >>> or >>> NT in order to decide what domain they would be likely to be in? >>> >>> Santosh, have I misrepresented the issue here? Feel free to correct >>> me, if so. >>> Maybe I just don't understand. >>> >>> Now, if the definition of "domain" were amended somewhat, perhaps some >>> of these difficulties might go away. >>> >>> In particular, it seems to me that "domain" probably ought to have a >>> lot to do >>> with name subordination, or at least the possibility of doing name >>> subordination, >>> so that it would be deterministic. That might not solve all of the >>> concerns that those >>> who are inclined to vote for option 2 might have in mind, but it might >>> help. >>> >>> So if I am a Novell employee, and I receive an S/MIME message that >>> contains >>> a certificate that begins with c=US, o=Novell, I can probably make an >>> excellent >>> good guess of what CA to go to, assuming that Novell operates a CA in >>> its >>> own name. But where do I go for a certificate from Acme >>> Manufacturing? >>> >>> I don't mean to beat up on the option 1 folks exclusively -- maybe >>> there are >>> some things that could be done within the options 2 that would come >>> closer to a >>> compromise without breaking those existing clients. But I need to >>> think about that >>> some more. maybe someone else could volunteer some suggestions. >>> >>> Bob >>> >>> Robert R. Jueneman >>> Novell, Inc. >>> 122 E. 1700 South >>> Provo, UT 84606 >>> bjueneman@novell.com >>> 1-801-861-7387 > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA02269 for ietf-pkix-bks; Thu, 3 Sep 1998 08:04:30 -0700 (PDT) Received: from war.wyeth.com (ramail1.labs.wyeth.com [155.94.101.101] (may be forged)) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA02265 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 08:04:22 -0700 (PDT) Received: from USRA08-Message_Server by war.wyeth.com with Novell_GroupWise; Thu, 03 Sep 1998 11:08:48 -0400 Message-Id: <s5ee78c0.058@war.wyeth.com> X-Mailer: Novell GroupWise 4.1 Date: Thu, 03 Sep 1998 11:08:28 -0400 From: Peter Lindstrom <LindstP@war.wyeth.com> To: ietf-pkix@imc.org Subject: For Option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA01888 for ietf-pkix-bks; Thu, 3 Sep 1998 07:29:48 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA01883 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 07:29:46 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id KAA21240; Thu, 3 Sep 1998 10:33:54 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EEA8D6.A06464BB@chromatix.com> Date: Thu, 03 Sep 1998 10:33:58 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: John_Wray@iris.com CC: Santosh Chokhani <chokhani@cygnacom.com>, ietf-pkix@imc.org Subject: Re: What the straw poll means References: <85256674.00465F65.00@arista.iris.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk See comment below. John_Wray@iris.com wrote: > > Santosh Chokhani <chockani@cyqnacom.com> writes: > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > The difference between the two options is primarily storage efficiency vs. > retrieval efficiency. Both options divide a CAs certs into two piles. > Option 1 has pile A containing only intra-domain certs, and pile B > containing only inter-domain certs; option 2 has pile A containing only > intra-domain certs and pite B containing all certs. Which option is > superior depends on two things: > > whether you care more about storage efficiency in the directory (option > 2 stores intra-domain certificates twice) or retrieval efficiency for > the verifier (option 1 require a verifier that wants all a target CA's > certificates to retrieve them from two places). > typical usage scenarios by verifiers - i.e. the percentage of clients > that are going to want to locate just inter-domain certs, compared to > clients that either don't care about the difference or are only > interested in intra-domain certs. Retrieval of _just_ inter-domain > certs is easier under option 1, retrieval of _all_ certs is easier under > option 2, and retrieval of _just_ intra-domain certs is the same under > both options. > > Consider a fairly randomly structured PKI, where the verifier has a set of > trusted roots loaded into it (assume they've been loaded under user > control, with no particular order to them), and is trying to verify the key > of some server that it hasn't spoken to before. It has no idea of which > "domain" the target's CA thinks it belongs to; it just wants to pull all > the certs that have that CA as a subject, and see if it can construct a > valid chain starting at one of its trusted roots. > > Having the target CA divide its certificates between two places within the > directory is no help to this verifier. All it does it force the verifier > to make two retrieval operations instead of the one that would be required > by option 2. The verifier isn't really interested in whether a particular > certificate comes from another CA from the same "domain" as the target's CA > - if it cares about "domains" at all, what it would be interested in is if > any certs come from the same domain as the verifier (or one of its trusted > roots), not the target (and of course that's verifier-specific). John, the verifier does NOT have to invoke two retrieval operations. The verifier simply reads the CA entry requesting both the cACertificate attribute and the crossCertificatePair attribute in the same search/read operation. All certificates are returned. The verifier can then decide whether to explore inter-domain, intra-domain, both , none, whatever. The verifier can lump them all together in the client application if they like! The main advantage to option 1 is we don't store the certificates twice which is a fundamental goal in all database applications. IMHO it applies to repositories and public key infrastructures also. In summary option 1 never ever hurts the client. It only helps to organize the two types of certs based on the CAs definition of domain. The general algorithm we envision is for clients to first explore the cACertificate attribute, then explore the crossCertificatePair attribute. That way nothing will get missed. It's not an all or nothing choice. It's an attempt to store the certificates once and to group them to make logical decisions when exploring possibly complex paths. > > For the special (and probably quite common) case where the verifier and > target happen to be in the same domain, the distinction probably is useful. > Option 2 supports this case just as well as does option 1, by allowing the > CA to place intra-domain certs in a separate place so that clients in that > domain can retrieve them first (or possibly even _instead_of_ going to the > all-certs list). But it duplicates the data, for which there is no technically sound reason. Dave Horvath > > John -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA01852 for ietf-pkix-bks; Thu, 3 Sep 1998 07:26:05 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id HAA01848 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 07:26:04 -0700 (PDT) Received: from thunderbolt.ncsl.nist.gov (thunderbolt.ncsl.nist.gov [129.6.54.130]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id KAA03719; Thu, 3 Sep 1998 10:30:39 -0400 Message-Id: <3.0.5.32.19980903103419.03b3bcd0@csmes.ncsl.nist.gov> X-Sender: burr@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 03 Sep 1998 10:34:19 -0400 To: "Bob Jueneman" <BJUENEMAN@novell.com> From: Bill Burr <william.burr@nist.gov> Subject: Re: What the straw poll means Cc: ietf-pkix@imc.org In-Reply-To: <s5ed8f62.071@prv-mail25.provo.novelll.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Bob, At 06:33 PM 9/2/98 -0600, you wrote: >This is almost as exciting as watching a horse race! > >But what are we to make of the situation if the vote is as >close as it appears to be at present -- does that truly indicate >a "rough consensus"? > >As of earlier this morning, Chromatix was ahead, with >8 votes cast; Entrust was tied with Microsoft with 4 votes >cast; and MISSI some others are clustered around third place. > >So far, with the exception of a split between MISSI and NIST >as two US Government factions, the voting seems to be >strictly by company. I hope you don't think that the government is particularly monolithic about such things. Tim Polk at times has lived in dread of the possibility that I might vote for something on one of the PKIX 1 straw polls, that would have caused him a lot of grief as editor. That's entirely within NIST. > >Now, the polite fiction within the IETF is that memberships are by >individual, and that there are no "votes" per se, and certainly not >on a company by company basis. That's the fiction, at least.. >Whether this convention shall long endure now that the IETF has >apparently lost some or all of its government funding and has >to become more self-sufficient will be interesting to see. > >But unless one side or the other starts to make some significant >in-roads by the dint of more persuasive technical argument, then I think >it's effectively a draw, and we may be counting companies and their >installed base at least as much, and perhaps more, than >balancing the technical alternatives. As a Government guy, who has been doing computer standards work for a couple of decades, I have a rough philosophy about this, which gives a lot of deference to the investments of early implementors. In most cases, for new technologies at least, we the government, haven't made much up front development investment in implementing technology alternatives. Of course MISSI and DMS are the exception to this rule here, but, on the civil side of the government, we don't have big money to put into development. We don't usually have a big investment already on the table. So it's easy to advocate an "ignore the developer's investment" viewpoint. But we don't ever have a competitive reason to want to shaft a competitor who'se ahead of us in the marketplace, either. I think that it's destructive of standards development in general to unnecessarily shaft early implementors. I want to encourage companies to take the plunge and go ahead and build something, not wait for a standard to get finished first. There are a lot of risks in this for the implementors, and I don't want to add to them. So I tend to give a lot of deference to the investments of early implementors, because I think that it makes the process of creating standards work better. Now there are some minor Government installed base issues. Many, perhaps most, of the PKI applications and pilots in the civil part of the government that use what I would call a "full function" PKI, are based on one commercial product at this point. But we're not talking a lot of big operational systems here. What is important to me is that the vendor of that product has been effective in pioneering commercial PKI products that actually build nontrivial certification paths and do nice things like revocation. I frankly like Option 1 better, in the abstract, but I think that the technical effect of either choice is not profound as far as I can see, and I'm quite uncomfortable voting for something that apparently shafts the pioneer commercial implementor a bit. Regards, Bill Burr Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA01521 for ietf-pkix-bks; Thu, 3 Sep 1998 06:54:16 -0700 (PDT) Received: from COLUMBIA.BBN.COM (COLUMBIA.BBN.COM [192.1.17.53]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA01517 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 06:54:15 -0700 (PDT) Received: from GRIMM.BBN.COM by COLUMBIA.BBN.COM id aa11646; 3 Sep 98 9:55 EDT Message-ID: <35EEA01F.CA4D1487@bbn.com> Date: Thu, 03 Sep 1998 09:56:48 -0400 From: Susan Joseph <sjoseph@bbn.com> Reply-To: sjoseph@bbn.com Organization: BBN X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- Susan Joseph GTE Internetworking 9810 Patuxent Woods Drive Columbia, MD 21046 Tel: (410) 309-8324 Fax: (410) 309-8315 E-Mail: sjoseph@bbn.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA01462 for ietf-pkix-bks; Thu, 3 Sep 1998 06:48:47 -0700 (PDT) Received: from callisto.eci-esyst.com ([205.129.215.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id GAA01458 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 06:48:45 -0700 (PDT) Date: 3 Sep 1998 08:52:29 -0400 Subject: For Option 1 To: "PKIX Mail List" <ietf-pkix@imc.org> X-Mailer: Mail*Link SMTP-QM 4.1.0 Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1"; Name="Message Body" From: "Chris Francis" <csfa@eci-esyst.com> Message-Id: <n1307305744.17943@qmgate.eci-esyst.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id GAA01459 Sender: owner-ietf-pkix@imc.org Precedence: bulk Inter-Office Memo For Option 1 Chris Francis Raytheon Systems Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA00872 for ietf-pkix-bks; Thu, 3 Sep 1998 05:49:16 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA00868 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 05:49:15 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id IAA20701; Thu, 3 Sep 1998 08:53:15 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EE913F.4F724E31@chromatix.com> Date: Thu, 03 Sep 1998 08:53:19 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Nada Kapidzic Cicovic <nada@cost.se> CC: Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Subject: Re: What the straw poll means References: <3.0.3.32.19980903110239.018aa560@mail.cost.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Nada Kapidzic Cicovic wrote: > > At 20:48 9/2/98 -0400, Santosh Chokhani wrote: > >Yes Bob. I hate to say this, but you have misinterpreted. > > > >The basic difference between the two approaches is the under option 1 > >you store a certificate only one time under a CA's entry. Which > >certifying CA is in its domain is upto a subject CA to decide. > > > >In all honesty, I do not see a benefit to option 2 except for the > >argument that some installed base already does it this way. > > > >Option 1 achieves everything option 2 and with efficiency. > > > >I do not understand how option 2 solves your problems either. We need > >to have a discussion on computational complexity of path development to > >allay your concerns. > > > >The way I look at the difference between the two options is that if > >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one > >bucket and n2 in another. Option 2 says put n in one bucket and n1 in > >another. When you retrieve the two buckets (which you must for path > >development efficiency), option 2 gives you n+n1 certificates and option > >1 gives you exactly all n. > > With option 2 you do not have to look at n1 certificates (cACertificate > attribute) at all. The n ones (from crossCertificatePair) are sufficient > for your path building. We are back the problem we raised earlier. Clients that attempt to efficiently develop a path from the end entity to the trusted root must explore 'n' paths (worst case scenario) prior to finding the correct one with option 2. Option 1 helps in this area, but this gets back to the definition of domain since paths in our domain will probably be the most efficient. Is it really a problem if all CAs do NOT standardize on a definition for domain? I don't think so. An algorithm for efficient path development (end entity to root) should always explore paths using the cACertifcate first, then fall back to the crossCertificatePair attribute. That way the last resort is to explore cross certifications. With option 1 this is accomplished without duplication of data. Using this algorithm a CA may interpret the domain as it wishes, with only performance impacts to path development on the client side. Building a path from the root to the end entity is not a problem either. If the CA chooses, it may store all certificates that it issues in the reverse component of the crossCertificatePair attribute. That way a client can explore all possibilities. Option 1 satisfies requirements for building path in either direction without duplicating data and adds increased efficiency at the CAs discretion. Dave Horvath > > Nada > > > > >> -----Original Message----- > >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > >> Sent: Wednesday, September 02, 1998 8:33 PM > >> To: ietf-pkix@imc.org > >> Cc: chokhani@cygnacom.com > >> Subject: What the straw poll means > >> > >> This is almost as exciting as watching a horse race! > >> > >> But what are we to make of the situation if the vote is as > >> close as it appears to be at present -- does that truly indicate > >> a "rough consensus"? > >> > >> As of earlier this morning, Chromatix was ahead, with > >> 8 votes cast; Entrust was tied with Microsoft with 4 votes > >> cast; and MISSI some others are clustered around third place. > >> > >> So far, with the exception of a split between MISSI and NIST > >> as two US Government factions, the voting seems to be > >> strictly by company. > >> > >> Now, the polite fiction within the IETF is that memberships are by > >> individual, and that there are no "votes" per se, and certainly not > >> on a company by company basis. That's the fiction, at least.. > >> Whether this convention shall long endure now that the IETF has > >> apparently lost some or all of its government funding and has > >> to become more self-sufficient will be interesting to see. > >> > >> But unless one side or the other starts to make some significant > >> in-roads by the dint of more persuasive technical argument, then I > >> think > >> it's effectively a draw, and we may be counting companies and their > >> installed base at least as much, and perhaps more, than > >> balancing the technical alternatives. > >> > >> Now, if we are truly at a technical impasse and the vote has to be > >> binary, i.e., only one way or the other, then maybe counting installed > >> clients and minimizing the pain is really the way to go, but frankly > >> that approach makes me uncomfortable. I want both interoperability > >> AND efficiency, and I would hate to see us don't want to be > >> pressured into a less than satisfactory decision, whatever that is, > >> just because we are in a rush to get over the next hurdle in the > >> standards progression. > >> > >> I originally said that I was inclined to go with option 1, because > >> it at least appeared to be simpler. However, I also said that I was > >> concerned about the "local" definition of a domain by a CA, > >> and the more I think about it, the more concerned I get. > >> > >> That approach might be viable for an organization such as MISSI, > >> where everyone presumably knows what community of interest > >> they fall into, but how would it apply to a public CA such as > >> VeriSign? > >> > >> Would they view all of their certificates as falling into one domain, > >> including any certificates issued by subordinate CAs, as in the case > >> of the old RSA Commercial hierarchy? > >> > >> What about GTE CyberTrust, considering their presumed affinity > >> with their ISP business. Would all of those certificates fall into > >> one domain? > >> > >> Now suppose I want to validate a certificate from Erols. Do I decide > >> that > >> because Erols is in the top half of the alphabet that they probably > >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an > >> East Coast/West Coast split, like radio and TV stations use W or K in > >> their call sign? > >> > >> What if Novell and Microsoft were to become CAs and issue certificates > >> > >> to their customers directly, at least their larger accounts. Would > >> the relying > >> party have to try to divine whether a subscriber was running NetWare > >> or > >> NT in order to decide what domain they would be likely to be in? > >> > >> Santosh, have I misrepresented the issue here? Feel free to correct > >> me, if so. > >> Maybe I just don't understand. > >> > >> Now, if the definition of "domain" were amended somewhat, perhaps some > >> of these difficulties might go away. > >> > >> In particular, it seems to me that "domain" probably ought to have a > >> lot to do > >> with name subordination, or at least the possibility of doing name > >> subordination, > >> so that it would be deterministic. That might not solve all of the > >> concerns that those > >> who are inclined to vote for option 2 might have in mind, but it might > >> help. > >> > >> So if I am a Novell employee, and I receive an S/MIME message that > >> contains > >> a certificate that begins with c=US, o=Novell, I can probably make an > >> excellent > >> good guess of what CA to go to, assuming that Novell operates a CA in > >> its > >> own name. But where do I go for a certificate from Acme > >> Manufacturing? > >> > >> I don't mean to beat up on the option 1 folks exclusively -- maybe > >> there are > >> some things that could be done within the options 2 that would come > >> closer to a > >> compromise without breaking those existing clients. But I need to > >> think about that > >> some more. maybe someone else could volunteer some suggestions. > >> > >> Bob > >> > >> Robert R. Jueneman > >> Novell, Inc. > >> 122 E. 1700 South > >> Provo, UT 84606 > >> bjueneman@novell.com > >> 1-801-861-7387 > > -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA00808 for ietf-pkix-bks; Thu, 3 Sep 1998 05:43:05 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA00804 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 05:43:04 -0700 (PDT) From: John_Wray@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090308471794:820 for <chokhani@cygnacom.com> , <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 08:47:17 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090308471794:820 for <chokhani@cygnacom.com> , <ietf-pkix@imc.org> ; Thu, 3 Sep 1998 08:47:17 -0400 X-Lotus-FromDomain: IRIS To: Santosh Chokhani <chokhani@cygnacom.com> cc: ietf-pkix@imc.org Message-ID: <85256674.00465F65.00@arista.iris.com> Date: Thu, 3 Sep 1998 08:50:38 -0400 Subject: RE: What the straw poll means Mime-Version: 1.0 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh Chokhani <chockani@cyqnacom.com> writes: >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. The difference between the two options is primarily storage efficiency vs. retrieval efficiency. Both options divide a CAs certs into two piles. Option 1 has pile A containing only intra-domain certs, and pile B containing only inter-domain certs; option 2 has pile A containing only intra-domain certs and pite B containing all certs. Which option is superior depends on two things: whether you care more about storage efficiency in the directory (option 2 stores intra-domain certificates twice) or retrieval efficiency for the verifier (option 1 require a verifier that wants all a target CA's certificates to retrieve them from two places). typical usage scenarios by verifiers - i.e. the percentage of clients that are going to want to locate just inter-domain certs, compared to clients that either don't care about the difference or are only interested in intra-domain certs. Retrieval of _just_ inter-domain certs is easier under option 1, retrieval of _all_ certs is easier under option 2, and retrieval of _just_ intra-domain certs is the same under both options. Consider a fairly randomly structured PKI, where the verifier has a set of trusted roots loaded into it (assume they've been loaded under user control, with no particular order to them), and is trying to verify the key of some server that it hasn't spoken to before. It has no idea of which "domain" the target's CA thinks it belongs to; it just wants to pull all the certs that have that CA as a subject, and see if it can construct a valid chain starting at one of its trusted roots. Having the target CA divide its certificates between two places within the directory is no help to this verifier. All it does it force the verifier to make two retrieval operations instead of the one that would be required by option 2. The verifier isn't really interested in whether a particular certificate comes from another CA from the same "domain" as the target's CA - if it cares about "domains" at all, what it would be interested in is if any certs come from the same domain as the verifier (or one of its trusted roots), not the target (and of course that's verifier-specific). For the special (and probably quite common) case where the verifier and target happen to be in the same domain, the distinction probably is useful. Option 2 supports this case just as well as does option 1, by allowing the CA to place intra-domain certs in a separate place so that clients in that domain can retrieve them first (or possibly even _instead_of_ going to the all-certs list). John Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA00646 for ietf-pkix-bks; Thu, 3 Sep 1998 05:23:58 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA00642 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 05:23:57 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id IAA20594; Thu, 3 Sep 1998 08:27:46 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EE8B46.9C50DEF1@chromatix.com> Date: Thu, 03 Sep 1998 08:27:50 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: Sean Mullan <mullan@East.Sun.COM> CC: Sharon Boeyen <sharon.boeyen@entrust.com>, ietf-pkix@imc.org Subject: Re: Straw Poll cACertificate & crossCertificatePairattributes- PKIX LDAPv2 schema I-D References: <D789F71F24B4D111955D00A0C99B4F50AC96DF@sothmxs01.entrust.com> <35EDAB43.3CE45198@east.sun.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Sean Mullan wrote: > > I agree that the forward & reverse elements of the crossCertificatePair > are useful. It would be nice if the cACertificate attribute contained > forward and reverse elements too. > > One issue I have with the crossCertificatePair and the forward & > reverse elements is that I believe they are a single-valued pair (meaning > you can't have more than one forward/reverse element per pair). > What do you do if CA1 issues more than 1 cross certificate to CA2 > (or vice versa)? Sean, The attribute is multi-valued, therefore, you would construct multiple "single valued" pairs, and place them in the attribute. The clients could then determine the appropriate CA relationship (crossCertificatePair) for the particular application. Dave H > > --Sean > > Sharon Boeyen wrote: > > > > Hi Bob, > > > > I don't think we'll every get to a point where people stop populating the > > crossCertificatePair attribute, regardless of the result of the straw poll. > > The forward/reverse elements in the syntax of this attribute are very useful > > since not all path discovery algorithms are identical. Path discovery can be > > done many ways including beginning from the subject and moving toward a > > trust anchor, beginning from a trust anchor and moving toward a subject, > > beginning at both ends etc etc. Being able to retrieve both forward and > > reverse certificates from a single entry rather than checking the directory > > entries of two CAs is a useful feature for some algorithms. > > ------------------ > > Sharon Boeyen > > Entrust Technologies > > > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > > http://www.entrust.com Fax: (613) 247-3690 > > > > > > > ---------- > > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > > Sent: September 1, 1998 7:20 PM > > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > > Subject: Re: Straw Poll cACertificate & > > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > > > I'm still on the fence, and trying to decide between the two options. > > > > > > But why is a binary decision necessary? > > > > > > If I understand Tim's points, option 2 is a superset of option 1, > > > and a significant number of clients only support option 2. > > > > > > Option 1, however, is at least arguably superior from a network and > > > directory performance standpoint, although I am still very confused > > > about exactly who defines a "domain" and how the relying party is > > > supposed to intuit what "local choice" some CA made. > > > > > > Would a viable compromise position be to support option 2 as the initial > > > direction, and to transition to option 1 at some later point in time, say > > > 36 months from now, assuming further work clearly establishes that > > > option 1 is completely workable? > > > > > > My directory guys assure me that the directory is effectively neutral in > > > this, > > > except for the possible performance issues. So all that has to happen > > > is for CAs to stop populating the crossCertificate pair. Is that correct? > > > > > > On the other hand, does this give rise to a worst of both worlds case > > > from the perspective of the client software complexity? > > > > > > Bob > > > -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA00488 for ietf-pkix-bks; Thu, 3 Sep 1998 04:53:43 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA00484 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 04:53:42 -0700 (PDT) Received: from chromatix.com (palm.chromatix.com [207.97.115.21]) by chromatix.com (8.8.8/8.8.8) with ESMTP id HAA20517 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 07:57:51 -0400 (EDT) (envelope-from rich.pimental@chromatix.com) Message-ID: <35EE84D1.517E1819@chromatix.com> Date: Thu, 03 Sep 1998 08:00:17 -0400 From: Richard Pimental <rich.pimental@chromatix.com> Organization: Chromatix, Inc. X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: multipart/mixed; boundary="------------BBC97F524D955BDFBA611C8B" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------BBC97F524D955BDFBA611C8B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------BBC97F524D955BDFBA611C8B Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Richard Pimental Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Richard Pimental n: Pimental;Richard org: Chromatix, Inc. adr: Chromatix, Inc.;;10451 Twin Rivers Road, Suite 265;Columbia;MD;21044;US email;internet: rich.pimental@chromatix.com title: Software Engineer tel;work: (301) 596-8466 x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------BBC97F524D955BDFBA611C8B-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA00358 for ietf-pkix-bks; Thu, 3 Sep 1998 04:34:51 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA00354 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 04:34:49 -0700 (PDT) Received: by gateway.r3.ch id <6803>; Thu, 3 Sep 1998 13:40:59 +0100 Message-Id: <98Sep3.134059gmt+0100.6803@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org, "'Santosh Chokhani'" <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Thu, 3 Sep 1998 12:35:00 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk The "two buckets" is exactly what I was trying to avoid in the earlier debate on this topic, however I believe that the single bucket option was rejected in the Chicago meeting. The single bucket option is the text which is currently in the Internet Draft. With that text, all self signed (or self issued certificates) were to be placed in the cACertificate attribute and all certificates issued by one CA to a different CA were put in the crossCertificatePair attribute. Depending on the particular path development algorithm being used by a relying party, directory search tools, especially when we evolve to LDAPv3 could be used to filter the content of the forward and or reverse elements of that SINGLE attribute and provide the relying party with the set of certificates of interest to that particular relying party. I still believe that this is the best solution because the relying party systems are the ones that know which certs are of interest to them, not the CA that happened to issue the certs, especially in the post PEM world where any CA could legitimately have certs issued for it by several CAs. My strong support for Option 2 in the straw poll is because the above was rejected by the meeting and I see Option 2 as a workable compromise ONLY because there is a complete set of certs in a single attribute and relying parties can do what is of interest to them without knowing the definition of domain which each individual CA happens to use. For self contained environments wanting to make use of a CA or set of CAs certs issued within some locally defined domain, this is still possible. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 2, 1998 8:48 PM > To: 'Bob Jueneman'; ietf-pkix@imc.org > Cc: Santosh Chokhani > Subject: RE: What the straw poll means > > Yes Bob. I hate to say this, but you have misinterpreted. > > The basic difference between the two approaches is the under option 1 > you store a certificate only one time under a CA's entry. Which > certifying CA is in its domain is upto a subject CA to decide. > > In all honesty, I do not see a benefit to option 2 except for the > argument that some installed base already does it this way. > > Option 1 achieves everything option 2 and with efficiency. > > I do not understand how option 2 solves your problems either. We need > to have a discussion on computational complexity of path development > to > allay your concerns. > > The way I look at the difference between the two options is that if > n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in > one > bucket and n2 in another. Option 2 says put n in one bucket and n1 in > another. When you retrieve the two buckets (which you must for path > development efficiency), option 2 gives you n+n1 certificates and > option > 1 gives you exactly all n. > > > -----Original Message----- > > From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > > Sent: Wednesday, September 02, 1998 8:33 PM > > To: ietf-pkix@imc.org > > Cc: chokhani@cygnacom.com > > Subject: What the straw poll means > > > > This is almost as exciting as watching a horse race! > > > > But what are we to make of the situation if the vote is as > > close as it appears to be at present -- does that truly indicate > > a "rough consensus"? > > > > As of earlier this morning, Chromatix was ahead, with > > 8 votes cast; Entrust was tied with Microsoft with 4 votes > > cast; and MISSI some others are clustered around third place. > > > > So far, with the exception of a split between MISSI and NIST > > as two US Government factions, the voting seems to be > > strictly by company. > > > > Now, the polite fiction within the IETF is that memberships are by > > individual, and that there are no "votes" per se, and certainly not > > on a company by company basis. That's the fiction, at least.. > > Whether this convention shall long endure now that the IETF has > > apparently lost some or all of its government funding and has > > to become more self-sufficient will be interesting to see. > > > > But unless one side or the other starts to make some significant > > in-roads by the dint of more persuasive technical argument, then I > > think > > it's effectively a draw, and we may be counting companies and their > > installed base at least as much, and perhaps more, than > > balancing the technical alternatives. > > > > Now, if we are truly at a technical impasse and the vote has to be > > binary, i.e., only one way or the other, then maybe counting > installed > > clients and minimizing the pain is really the way to go, but frankly > > > that approach makes me uncomfortable. I want both interoperability > > AND efficiency, and I would hate to see us don't want to be > > pressured into a less than satisfactory decision, whatever that is, > > just because we are in a rush to get over the next hurdle in the > > standards progression. > > > > I originally said that I was inclined to go with option 1, because > > it at least appeared to be simpler. However, I also said that I was > > > concerned about the "local" definition of a domain by a CA, > > and the more I think about it, the more concerned I get. > > > > That approach might be viable for an organization such as MISSI, > > where everyone presumably knows what community of interest > > they fall into, but how would it apply to a public CA such as > > VeriSign? > > > > Would they view all of their certificates as falling into one > domain, > > including any certificates issued by subordinate CAs, as in the case > > of the old RSA Commercial hierarchy? > > > > What about GTE CyberTrust, considering their presumed affinity > > with their ISP business. Would all of those certificates fall into > > one domain? > > > > Now suppose I want to validate a certificate from Erols. Do I > decide > > that > > because Erols is in the top half of the alphabet that they probably > > use GTE, whereas Xerox would probably use VeriSign? Or do we do an > > East Coast/West Coast split, like radio and TV stations use W or K > in > > their call sign? > > > > What if Novell and Microsoft were to become CAs and issue > certificates > > > > to their customers directly, at least their larger accounts. Would > > the relying > > party have to try to divine whether a subscriber was running NetWare > > or > > NT in order to decide what domain they would be likely to be in? > > > > Santosh, have I misrepresented the issue here? Feel free to correct > > me, if so. > > Maybe I just don't understand. > > > > Now, if the definition of "domain" were amended somewhat, perhaps > some > > of these difficulties might go away. > > > > In particular, it seems to me that "domain" probably ought to have a > > lot to do > > with name subordination, or at least the possibility of doing name > > subordination, > > so that it would be deterministic. That might not solve all of the > > concerns that those > > who are inclined to vote for option 2 might have in mind, but it > might > > help. > > > > So if I am a Novell employee, and I receive an S/MIME message that > > contains > > a certificate that begins with c=US, o=Novell, I can probably make > an > > excellent > > good guess of what CA to go to, assuming that Novell operates a CA > in > > its > > own name. But where do I go for a certificate from Acme > > Manufacturing? > > > > I don't mean to beat up on the option 1 folks exclusively -- maybe > > there are > > some things that could be done within the options 2 that would come > > closer to a > > compromise without breaking those existing clients. But I need to > > think about that > > some more. maybe someone else could volunteer some suggestions. > > > > Bob > > > > Robert R. Jueneman > > Novell, Inc. > > 122 E. 1700 South > > Provo, UT 84606 > > bjueneman@novell.com > > 1-801-861-7387 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA00104 for ietf-pkix-bks; Thu, 3 Sep 1998 04:04:33 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA00100 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 04:04:30 -0700 (PDT) Received: by gateway.r3.ch id <6803>; Thu, 3 Sep 1998 13:10:35 +0100 Message-Id: <98Sep3.131035gmt+0100.6803@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: Sharon Boeyen <sharon.boeyen@entrust.com>, "'Sean Mullan'" <mullan@East.Sun.COM> Cc: ietf-pkix@imc.org Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Thu, 3 Sep 1998 11:57:20 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Sean, re your question on crossCertificatePair - This is a multi-valued attribute and there can be any number of instances of CrossCertificatePair. So if CA1 issued more than one certificate to CA2, these can all be present in the same attribute, just in a different instance of CertificatePair. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Sean Mullan[SMTP:mullan@East.Sun.COM] > Sent: September 2, 1998 4:32 PM > To: Sharon Boeyen > Cc: ietf-pkix@imc.org > Subject: Re: Straw Poll cACertificate & > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > I agree that the forward & reverse elements of the > crossCertificatePair > are useful. It would be nice if the cACertificate attribute contained > forward and reverse elements too. > > One issue I have with the crossCertificatePair and the forward & > reverse elements is that I believe they are a single-valued pair > (meaning > you can't have more than one forward/reverse element per pair). > What do you do if CA1 issues more than 1 cross certificate to CA2 > (or vice versa)? > > --Sean > > Sharon Boeyen wrote: > > > > Hi Bob, > > > > I don't think we'll every get to a point where people stop > populating the > > crossCertificatePair attribute, regardless of the result of the > straw poll. > > The forward/reverse elements in the syntax of this attribute are > very useful > > since not all path discovery algorithms are identical. Path > discovery can be > > done many ways including beginning from the subject and moving > toward a > > trust anchor, beginning from a trust anchor and moving toward a > subject, > > beginning at both ends etc etc. Being able to retrieve both > forward and > > reverse certificates from a single entry rather than checking the > directory > > entries of two CAs is a useful feature for some algorithms. > > ------------------ > > Sharon Boeyen > > Entrust Technologies > > > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > > http://www.entrust.com Fax: (613) 247-3690 > > > > > > > ---------- > > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > > Sent: September 1, 1998 7:20 PM > > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > > Subject: Re: Straw Poll cACertificate & > > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > > > I'm still on the fence, and trying to decide between the two > options. > > > > > > But why is a binary decision necessary? > > > > > > If I understand Tim's points, option 2 is a superset of option 1, > > > and a significant number of clients only support option 2. > > > > > > Option 1, however, is at least arguably superior from a network > and > > > directory performance standpoint, although I am still very > confused > > > about exactly who defines a "domain" and how the relying party is > > > supposed to intuit what "local choice" some CA made. > > > > > > Would a viable compromise position be to support option 2 as the > initial > > > direction, and to transition to option 1 at some later point in > time, say > > > 36 months from now, assuming further work clearly establishes that > > > option 1 is completely workable? > > > > > > My directory guys assure me that the directory is effectively > neutral in > > > this, > > > except for the possible performance issues. So all that has to > happen > > > is for CAs to stop populating the crossCertificate pair. Is that > correct? > > > > > > On the other hand, does this give rise to a worst of both worlds > case > > > from the perspective of the client software complexity? > > > > > > Bob > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA27382 for ietf-pkix-bks; Thu, 3 Sep 1998 02:02:08 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA27378 for <ietf-pkix@imc.org>; Thu, 3 Sep 1998 02:02:06 -0700 (PDT) Received: from jimmie ([10.0.0.22]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id LAA10604; Thu, 3 Sep 1998 11:02:05 +0200 (MET DST) Message-Id: <3.0.3.32.19980903110239.018aa560@mail.cost.se> X-Sender: nada@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 03 Sep 1998 11:02:39 +0200 To: Santosh Chokhani <chokhani@cygnacom.com>, "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org From: Nada Kapidzic Cicovic <nada@cost.se> Subject: RE: What the straw poll means Cc: Santosh Chokhani <chokhani@cygnacom.com> In-Reply-To: <51BF55C30B4FD1118B4900207812701E16D21E@WUHER> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk At 20:48 9/2/98 -0400, Santosh Chokhani wrote: >Yes Bob. I hate to say this, but you have misinterpreted. > >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. > >Option 1 achieves everything option 2 and with efficiency. > >I do not understand how option 2 solves your problems either. We need >to have a discussion on computational complexity of path development to >allay your concerns. > >The way I look at the difference between the two options is that if >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >bucket and n2 in another. Option 2 says put n in one bucket and n1 in >another. When you retrieve the two buckets (which you must for path >development efficiency), option 2 gives you n+n1 certificates and option >1 gives you exactly all n. With option 2 you do not have to look at n1 certificates (cACertificate attribute) at all. The n ones (from crossCertificatePair) are sufficient for your path building. Nada > >> -----Original Message----- >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >> Sent: Wednesday, September 02, 1998 8:33 PM >> To: ietf-pkix@imc.org >> Cc: chokhani@cygnacom.com >> Subject: What the straw poll means >> >> This is almost as exciting as watching a horse race! >> >> But what are we to make of the situation if the vote is as >> close as it appears to be at present -- does that truly indicate >> a "rough consensus"? >> >> As of earlier this morning, Chromatix was ahead, with >> 8 votes cast; Entrust was tied with Microsoft with 4 votes >> cast; and MISSI some others are clustered around third place. >> >> So far, with the exception of a split between MISSI and NIST >> as two US Government factions, the voting seems to be >> strictly by company. >> >> Now, the polite fiction within the IETF is that memberships are by >> individual, and that there are no "votes" per se, and certainly not >> on a company by company basis. That's the fiction, at least.. >> Whether this convention shall long endure now that the IETF has >> apparently lost some or all of its government funding and has >> to become more self-sufficient will be interesting to see. >> >> But unless one side or the other starts to make some significant >> in-roads by the dint of more persuasive technical argument, then I >> think >> it's effectively a draw, and we may be counting companies and their >> installed base at least as much, and perhaps more, than >> balancing the technical alternatives. >> >> Now, if we are truly at a technical impasse and the vote has to be >> binary, i.e., only one way or the other, then maybe counting installed >> clients and minimizing the pain is really the way to go, but frankly >> that approach makes me uncomfortable. I want both interoperability >> AND efficiency, and I would hate to see us don't want to be >> pressured into a less than satisfactory decision, whatever that is, >> just because we are in a rush to get over the next hurdle in the >> standards progression. >> >> I originally said that I was inclined to go with option 1, because >> it at least appeared to be simpler. However, I also said that I was >> concerned about the "local" definition of a domain by a CA, >> and the more I think about it, the more concerned I get. >> >> That approach might be viable for an organization such as MISSI, >> where everyone presumably knows what community of interest >> they fall into, but how would it apply to a public CA such as >> VeriSign? >> >> Would they view all of their certificates as falling into one domain, >> including any certificates issued by subordinate CAs, as in the case >> of the old RSA Commercial hierarchy? >> >> What about GTE CyberTrust, considering their presumed affinity >> with their ISP business. Would all of those certificates fall into >> one domain? >> >> Now suppose I want to validate a certificate from Erols. Do I decide >> that >> because Erols is in the top half of the alphabet that they probably >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >> East Coast/West Coast split, like radio and TV stations use W or K in >> their call sign? >> >> What if Novell and Microsoft were to become CAs and issue certificates >> >> to their customers directly, at least their larger accounts. Would >> the relying >> party have to try to divine whether a subscriber was running NetWare >> or >> NT in order to decide what domain they would be likely to be in? >> >> Santosh, have I misrepresented the issue here? Feel free to correct >> me, if so. >> Maybe I just don't understand. >> >> Now, if the definition of "domain" were amended somewhat, perhaps some >> of these difficulties might go away. >> >> In particular, it seems to me that "domain" probably ought to have a >> lot to do >> with name subordination, or at least the possibility of doing name >> subordination, >> so that it would be deterministic. That might not solve all of the >> concerns that those >> who are inclined to vote for option 2 might have in mind, but it might >> help. >> >> So if I am a Novell employee, and I receive an S/MIME message that >> contains >> a certificate that begins with c=US, o=Novell, I can probably make an >> excellent >> good guess of what CA to go to, assuming that Novell operates a CA in >> its >> own name. But where do I go for a certificate from Acme >> Manufacturing? >> >> I don't mean to beat up on the option 1 folks exclusively -- maybe >> there are >> some things that could be done within the options 2 that would come >> closer to a >> compromise without breaking those existing clients. But I need to >> think about that >> some more. maybe someone else could volunteer some suggestions. >> >> Bob >> >> Robert R. Jueneman >> Novell, Inc. >> 122 E. 1700 South >> Provo, UT 84606 >> bjueneman@novell.com >> 1-801-861-7387 > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id SAA01178 for ietf-pkix-bks; Wed, 2 Sep 1998 18:05:36 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id SAA01174 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 18:05:34 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Wed, 02 Sep 1998 19:09:51 -0600 Message-Id: <s5ed97ff.098@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Wed, 02 Sep 1998 19:09:16 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <chokhani@cygnacom.com>, <ietf-pkix@imc.org> Subject: RE: What the straw poll means Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id SAA01175 Sender: owner-ietf-pkix@imc.org Precedence: bulk Santosh doesn't seem to have answered the questions I've raised regarding the definition of the domain, but he seems to believe that option 2 doesn't solve that problem either. If so, I am increasingly beginning to lean towards "NONE OF THE ABOVE". Rebuttal, Sharon/Carlisle? Bob >Yes Bob. I hate to say this, but you have misinterpreted. > >The basic difference between the two approaches is the under option 1 >you store a certificate only one time under a CA's entry. Which >certifying CA is in its domain is upto a subject CA to decide. > >In all honesty, I do not see a benefit to option 2 except for the >argument that some installed base already does it this way. > >Option 1 achieves everything option 2 and with efficiency. > >I do not understand how option 2 solves your problems either. We need >to have a discussion on computational complexity of path development to >allay your concerns. > >The way I look at the difference between the two options is that if >n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one >bucket and n2 in another. Option 2 says put n in one bucket and n1 in >another. When you retrieve the two buckets (which you must for path >development efficiency), option 2 gives you n+n1 certificates and option >1 gives you exactly all n. > >> -----Original Message----- >> From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] >> Sent: Wednesday, September 02, 1998 8:33 PM >> To: ietf-pkix@imc.org >> Cc: chokhani@cygnacom.com >> Subject: What the straw poll means >> >> This is almost as exciting as watching a horse race! >> >> But what are we to make of the situation if the vote is as >> close as it appears to be at present -- does that truly indicate >> a "rough consensus"? >> >> As of earlier this morning, Chromatix was ahead, with >> 8 votes cast; Entrust was tied with Microsoft with 4 votes >> cast; and MISSI some others are clustered around third place. >> >> So far, with the exception of a split between MISSI and NIST >> as two US Government factions, the voting seems to be >> strictly by company. >> >> Now, the polite fiction within the IETF is that memberships are by >> individual, and that there are no "votes" per se, and certainly not >> on a company by company basis. That's the fiction, at least.. >> Whether this convention shall long endure now that the IETF has >> apparently lost some or all of its government funding and has >> to become more self-sufficient will be interesting to see. >> >> But unless one side or the other starts to make some significant >> in-roads by the dint of more persuasive technical argument, then I >> think >> it's effectively a draw, and we may be counting companies and their >> installed base at least as much, and perhaps more, than >> balancing the technical alternatives. >> >> Now, if we are truly at a technical impasse and the vote has to be >> binary, i.e., only one way or the other, then maybe counting installed >> clients and minimizing the pain is really the way to go, but frankly >> that approach makes me uncomfortable. I want both interoperability >> AND efficiency, and I would hate to see us don't want to be >> pressured into a less than satisfactory decision, whatever that is, >> just because we are in a rush to get over the next hurdle in the >> standards progression. >> >> I originally said that I was inclined to go with option 1, because >> it at least appeared to be simpler. However, I also said that I was >> concerned about the "local" definition of a domain by a CA, >> and the more I think about it, the more concerned I get. >> >> That approach might be viable for an organization such as MISSI, >> where everyone presumably knows what community of interest >> they fall into, but how would it apply to a public CA such as >> VeriSign? >> >> Would they view all of their certificates as falling into one domain, >> including any certificates issued by subordinate CAs, as in the case >> of the old RSA Commercial hierarchy? >> >> What about GTE CyberTrust, considering their presumed affinity >> with their ISP business. Would all of those certificates fall into >> one domain? >> >> Now suppose I want to validate a certificate from Erols. Do I decide >> that >> because Erols is in the top half of the alphabet that they probably >> use GTE, whereas Xerox would probably use VeriSign? Or do we do an >> East Coast/West Coast split, like radio and TV stations use W or K in >> their call sign? >> >> What if Novell and Microsoft were to become CAs and issue certificates >> >> to their customers directly, at least their larger accounts. Would >> the relying >> party have to try to divine whether a subscriber was running NetWare >> or >> NT in order to decide what domain they would be likely to be in? >> >> Santosh, have I misrepresented the issue here? Feel free to correct >> me, if so. >> Maybe I just don't understand. >> >> Now, if the definition of "domain" were amended somewhat, perhaps some >> of these difficulties might go away. >> >> In particular, it seems to me that "domain" probably ought to have a >> lot to do >> with name subordination, or at least the possibility of doing name >> subordination, >> so that it would be deterministic. That might not solve all of the >> concerns that those >> who are inclined to vote for option 2 might have in mind, but it might >> help. >> >> So if I am a Novell employee, and I receive an S/MIME message that >> contains >> a certificate that begins with c=US, o=Novell, I can probably make an >> excellent >> good guess of what CA to go to, assuming that Novell operates a CA in >> its >> own name. But where do I go for a certificate from Acme >> Manufacturing? >> >> I don't mean to beat up on the option 1 folks exclusively -- maybe >> there are >> some things that could be done within the options 2 that would come >> closer to a >> compromise without breaking those existing clients. But I need to >> think about that >> some more. maybe someone else could volunteer some suggestions. >> >> Bob >> >> Robert R. Jueneman >> Novell, Inc. >> 122 E. 1700 South >> Provo, UT 84606 >> bjueneman@novell.com >> 1-801-861-7387 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA00961 for ietf-pkix-bks; Wed, 2 Sep 1998 17:43:57 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA00957 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:43:55 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1TZ3RTW>; Wed, 2 Sep 1998 20:48:07 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D21E@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Bob Jueneman'" <BJUENEMAN@novell.com>, ietf-pkix@imc.org Cc: Santosh Chokhani <chokhani@cygnacom.com> Subject: RE: What the straw poll means Date: Wed, 2 Sep 1998 20:48:05 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Yes Bob. I hate to say this, but you have misinterpreted. The basic difference between the two approaches is the under option 1 you store a certificate only one time under a CA's entry. Which certifying CA is in its domain is upto a subject CA to decide. In all honesty, I do not see a benefit to option 2 except for the argument that some installed base already does it this way. Option 1 achieves everything option 2 and with efficiency. I do not understand how option 2 solves your problems either. We need to have a discussion on computational complexity of path development to allay your concerns. The way I look at the difference between the two options is that if n=n1+n2 certificates are issued to a CA, option 1says CA puts n1 in one bucket and n2 in another. Option 2 says put n in one bucket and n1 in another. When you retrieve the two buckets (which you must for path development efficiency), option 2 gives you n+n1 certificates and option 1 gives you exactly all n. > -----Original Message----- > From: Bob Jueneman [SMTP:BJUENEMAN@novell.com] > Sent: Wednesday, September 02, 1998 8:33 PM > To: ietf-pkix@imc.org > Cc: chokhani@cygnacom.com > Subject: What the straw poll means > > This is almost as exciting as watching a horse race! > > But what are we to make of the situation if the vote is as > close as it appears to be at present -- does that truly indicate > a "rough consensus"? > > As of earlier this morning, Chromatix was ahead, with > 8 votes cast; Entrust was tied with Microsoft with 4 votes > cast; and MISSI some others are clustered around third place. > > So far, with the exception of a split between MISSI and NIST > as two US Government factions, the voting seems to be > strictly by company. > > Now, the polite fiction within the IETF is that memberships are by > individual, and that there are no "votes" per se, and certainly not > on a company by company basis. That's the fiction, at least.. > Whether this convention shall long endure now that the IETF has > apparently lost some or all of its government funding and has > to become more self-sufficient will be interesting to see. > > But unless one side or the other starts to make some significant > in-roads by the dint of more persuasive technical argument, then I > think > it's effectively a draw, and we may be counting companies and their > installed base at least as much, and perhaps more, than > balancing the technical alternatives. > > Now, if we are truly at a technical impasse and the vote has to be > binary, i.e., only one way or the other, then maybe counting installed > clients and minimizing the pain is really the way to go, but frankly > that approach makes me uncomfortable. I want both interoperability > AND efficiency, and I would hate to see us don't want to be > pressured into a less than satisfactory decision, whatever that is, > just because we are in a rush to get over the next hurdle in the > standards progression. > > I originally said that I was inclined to go with option 1, because > it at least appeared to be simpler. However, I also said that I was > concerned about the "local" definition of a domain by a CA, > and the more I think about it, the more concerned I get. > > That approach might be viable for an organization such as MISSI, > where everyone presumably knows what community of interest > they fall into, but how would it apply to a public CA such as > VeriSign? > > Would they view all of their certificates as falling into one domain, > including any certificates issued by subordinate CAs, as in the case > of the old RSA Commercial hierarchy? > > What about GTE CyberTrust, considering their presumed affinity > with their ISP business. Would all of those certificates fall into > one domain? > > Now suppose I want to validate a certificate from Erols. Do I decide > that > because Erols is in the top half of the alphabet that they probably > use GTE, whereas Xerox would probably use VeriSign? Or do we do an > East Coast/West Coast split, like radio and TV stations use W or K in > their call sign? > > What if Novell and Microsoft were to become CAs and issue certificates > > to their customers directly, at least their larger accounts. Would > the relying > party have to try to divine whether a subscriber was running NetWare > or > NT in order to decide what domain they would be likely to be in? > > Santosh, have I misrepresented the issue here? Feel free to correct > me, if so. > Maybe I just don't understand. > > Now, if the definition of "domain" were amended somewhat, perhaps some > of these difficulties might go away. > > In particular, it seems to me that "domain" probably ought to have a > lot to do > with name subordination, or at least the possibility of doing name > subordination, > so that it would be deterministic. That might not solve all of the > concerns that those > who are inclined to vote for option 2 might have in mind, but it might > help. > > So if I am a Novell employee, and I receive an S/MIME message that > contains > a certificate that begins with c=US, o=Novell, I can probably make an > excellent > good guess of what CA to go to, assuming that Novell operates a CA in > its > own name. But where do I go for a certificate from Acme > Manufacturing? > > I don't mean to beat up on the option 1 folks exclusively -- maybe > there are > some things that could be done within the options 2 that would come > closer to a > compromise without breaking those existing clients. But I need to > think about that > some more. maybe someone else could volunteer some suggestions. > > Bob > > Robert R. Jueneman > Novell, Inc. > 122 E. 1700 South > Provo, UT 84606 > bjueneman@novell.com > 1-801-861-7387 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA00925 for ietf-pkix-bks; Wed, 2 Sep 1998 17:39:04 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id RAA00921 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:39:03 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Wed, 02 Sep 1998 18:43:13 -0600 Message-Id: <s5ed91c1.071@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Wed, 02 Sep 1998 18:42:40 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <stefan@accurata.se>, <aram@apple.com> Cc: <ietf-pkix@imc.org> Subject: Re: Digital signature and non-repudiation key usage bits Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id RAA00922 Sender: owner-ietf-pkix@imc.org Precedence: bulk ><snip> >>I'll grant that by suggesting that NR might apply to encryption, I am >stretching the >>popular concept a bit, and effectively redefining the key usage to mean >"exclusive >>control of the private key by the names user". But isn't that effectively >what we have >>been saying? >> > >I suggest that we stick to the standardized definitions of the key usage >bits and leave >policy issues out of a common certificate profile. If there were any sense of the community as to what these definitions really mean, or ought to mean, we would probably not be having this discussion. Otherwise I would agree with you. > >non-repudiation is according to standard selected by the NR bit, not NR in >combination with DS bit. Inclusion of the DS bit means that DS mechanisms >other than non-repudiation are allowed for the key. I believe that is exactly the issue. Are you suggesting that NR plus DS should not be allowed? Why? > >Restrictions regarding combinations of key usages are policy issues. >Whether a particular key usage combination is good or bad has to be decided >through the perspective of a community with common security requirements. > >Non-repudiation is defined to be (according to X.509): > non-repudiation - This service provides proof of the integrity and > origin of data - both in an unforgeable relationship - which can be > verified by any third party at any time. That particular definition is both circular and could also apply to any kind of digital signature, and so is conspicuously unhelpful, regardless of its origins. It's broken, and must be fixed, whether we provide an overlay within PKIX that further refines it, or we start the process to drive through a defect report. > >Key escrow is not defined by non-repudiation so I would not use the NR bit >as a "no-recovery" declaration. I guess I could agree with you, as I don't like to overload bits. So there is yet another reason to submit a defect report, to add a key escrow/key recovery/GAK notification bit. > >/Stefan Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA00862 for ietf-pkix-bks; Wed, 2 Sep 1998 17:29:02 -0700 (PDT) Received: from prv-mail25.provo.novelll.com (prv-mail25.Provo.Novell.COM [137.65.40.3]) by mail.proper.com (8.8.8/8.8.5) with SMTP id RAA00858 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:29:01 -0700 (PDT) Received: from INET-PRV1-Message_Server by prv-mail25.provo.novelll.com with Novell_GroupWise; Wed, 02 Sep 1998 18:33:06 -0600 Message-Id: <s5ed8f62.071@prv-mail25.provo.novelll.com> X-Mailer: Novell GroupWise 5.5 Date: Wed, 02 Sep 1998 18:33:01 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <ietf-pkix@imc.org> Cc: <chokhani@cygnacom.com> Subject: What the straw poll means Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id RAA00859 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is almost as exciting as watching a horse race! But what are we to make of the situation if the vote is as close as it appears to be at present -- does that truly indicate a "rough consensus"? As of earlier this morning, Chromatix was ahead, with 8 votes cast; Entrust was tied with Microsoft with 4 votes cast; and MISSI some others are clustered around third place. So far, with the exception of a split between MISSI and NIST as two US Government factions, the voting seems to be strictly by company. Now, the polite fiction within the IETF is that memberships are by individual, and that there are no "votes" per se, and certainly not on a company by company basis. That's the fiction, at least.. Whether this convention shall long endure now that the IETF has apparently lost some or all of its government funding and has to become more self-sufficient will be interesting to see. But unless one side or the other starts to make some significant in-roads by the dint of more persuasive technical argument, then I think it's effectively a draw, and we may be counting companies and their installed base at least as much, and perhaps more, than balancing the technical alternatives. Now, if we are truly at a technical impasse and the vote has to be binary, i.e., only one way or the other, then maybe counting installed clients and minimizing the pain is really the way to go, but frankly that approach makes me uncomfortable. I want both interoperability AND efficiency, and I would hate to see us don't want to be pressured into a less than satisfactory decision, whatever that is, just because we are in a rush to get over the next hurdle in the standards progression. I originally said that I was inclined to go with option 1, because it at least appeared to be simpler. However, I also said that I was concerned about the "local" definition of a domain by a CA, and the more I think about it, the more concerned I get. That approach might be viable for an organization such as MISSI, where everyone presumably knows what community of interest they fall into, but how would it apply to a public CA such as VeriSign? Would they view all of their certificates as falling into one domain, including any certificates issued by subordinate CAs, as in the case of the old RSA Commercial hierarchy? What about GTE CyberTrust, considering their presumed affinity with their ISP business. Would all of those certificates fall into one domain? Now suppose I want to validate a certificate from Erols. Do I decide that because Erols is in the top half of the alphabet that they probably use GTE, whereas Xerox would probably use VeriSign? Or do we do an East Coast/West Coast split, like radio and TV stations use W or K in their call sign? What if Novell and Microsoft were to become CAs and issue certificates to their customers directly, at least their larger accounts. Would the relying party have to try to divine whether a subscriber was running NetWare or NT in order to decide what domain they would be likely to be in? Santosh, have I misrepresented the issue here? Feel free to correct me, if so. Maybe I just don't understand. Now, if the definition of "domain" were amended somewhat, perhaps some of these difficulties might go away. In particular, it seems to me that "domain" probably ought to have a lot to do with name subordination, or at least the possibility of doing name subordination, so that it would be deterministic. That might not solve all of the concerns that those who are inclined to vote for option 2 might have in mind, but it might help. So if I am a Novell employee, and I receive an S/MIME message that contains a certificate that begins with c=US, o=Novell, I can probably make an excellent good guess of what CA to go to, assuming that Novell operates a CA in its own name. But where do I go for a certificate from Acme Manufacturing? I don't mean to beat up on the option 1 folks exclusively -- maybe there are some things that could be done within the options 2 that would come closer to a compromise without breaking those existing clients. But I need to think about that some more. maybe someone else could volunteer some suggestions. Bob Robert R. Jueneman Novell, Inc. 122 E. 1700 South Provo, UT 84606 bjueneman@novell.com 1-801-861-7387 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA00484 for ietf-pkix-bks; Wed, 2 Sep 1998 16:33:42 -0700 (PDT) Received: from dc.jones.com ([206.156.0.9]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id QAA00480 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 16:33:40 -0700 (PDT) Received: from dc.jones.com (cm0714h.jones.com [208.159.209.173]) by dc.jones.com (8.8.8/8.8.8) with ESMTP id TAA11700 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 19:35:35 -0400 (EDT) Message-ID: <35EDD64B.3235FB07@dc.jones.com> Date: Wed, 02 Sep 1998 19:35:39 -0400 From: bgmiller <bgmiller@dc.jones.com> Reply-To: bgmiller@dc.jones.com Organization: Jones Internet Channel X-Mailer: Mozilla 4.05 [en]C-JIC-DC (Win95; I) MIME-Version: 1.0 To: ietf-pkix <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA29792 for ietf-pkix-bks; Wed, 2 Sep 1998 15:56:02 -0700 (PDT) Received: from smtp3.erols.com (smtp3.erols.com [207.172.3.236]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA29788 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:56:00 -0700 (PDT) Received: from cwallace (jazzhive.erols.com [207.96.124.71]) by smtp3.erols.com (8.8.8/8.8.5) with SMTP id TAA11116 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 19:00:06 -0400 (EDT) From: "Carl Wallace" <cwallace@erols.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 19:19:11 -0400 Message-ID: <01bdd6c8$17c917e0$477c60cf@cwallace.erols.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000A_01BDD6A6.90B777E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-Mimeole: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_000A_01BDD6A6.90B777E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_000A_01BDD6A6.90B777E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.71.1712.3"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_000A_01BDD6A6.90B777E0-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA29757 for ietf-pkix-bks; Wed, 2 Sep 1998 15:53:24 -0700 (PDT) Received: from mail-oak-1.pilot.net (mail-oak-1.pilot.net [198.232.147.16]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA29753 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:53:23 -0700 (PDT) Received: from sfns01.hewm.com ([206.189.8.8]) by mail-oak-1.pilot.net with ESMTP id PAA23446 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:58:07 -0700 (PDT) Received: by SFNS01 with Internet Mail Service (5.5.1960.3) id <RH9AD63X>; Wed, 2 Sep 1998 15:58:07 -0700 Message-ID: <422B07DB41D7D111B9AF00805F19B04C2BB524@SFNS01> From: "Maloney, Teresa A." <TMaloney@HEWM.COM> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 15:58:03 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA29732 for ietf-pkix-bks; Wed, 2 Sep 1998 15:47:08 -0700 (PDT) Received: from mail.sprint.com (mail.sprint.com [208.4.28.129]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id PAA29728 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 15:47:07 -0700 (PDT) Received: from sii01.mail.sprint.com ([192.251.141.141]) by bastion.mail.sprint.com with ESMTP id <114634>; Wed, 2 Sep 1998 17:50:51 -0500 Received: from [144.223.148.154] by sii01.mail.sprint.com with ESMTP; Wed, 2 Sep 1998 17:51:42 -0500 Received: from localhost (root@localhost) by kcopmp01.corp.sprint.com (8.8.6 (PHNE_14041)/8.8.6) with SMTP id RAA20639 for ietf-pkix@imc.org; Wed, 2 Sep 1998 17:52:36 -0500 (CDT) From: John Everson <John.Everson@mail.sprint.com> X-OpenMail-Hops: 1 Date: Wed, 2 Sep 1998 17:52:31 -0500 Message-Id: <H0001a0e0313ef37@MHS> Subject: For Option 2 TO: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA29140 for ietf-pkix-bks; Wed, 2 Sep 1998 14:18:33 -0700 (PDT) Received: from docws001.shl.com (docws001.shl.com [159.249.56.252]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA29136 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 14:18:32 -0700 (PDT) Received: from dalmsdoc01.shl.com (dalmsdoc01.shl.com [159.249.142.247]) by docws001.shl.com (8.7.3/8.7.3) with SMTP id QAA34790 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 16:07:53 -0500 Received: by dalmsdoc01.shl.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BDD68D.F7DA3ED0@dalmsdoc01.shl.com>; Wed, 2 Sep 1998 16:23:07 -0500 Message-ID: <c=US%a=MCI%p=SHL%l=DALFW03-980902212219Z-38771@dalmsdoc01.shl.com> From: "PACHL, Jan" <jpachl@shl.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 16:22:19 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 MIME-Version: 1.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA29086 for ietf-pkix-bks; Wed, 2 Sep 1998 14:13:32 -0700 (PDT) Received: from mail.spyrus.com.au (fwuser@[203.37.128.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA29081 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 14:13:26 -0700 (PDT) Message-ID: <A1019E9C2D34D211A501006008C204506FAC@MAIL> From: Charles Moore <cmoore@spyrus.com.au> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: for Option 1 Date: Thu, 3 Sep 1998 07:03:54 +1000 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA29024 for ietf-pkix-bks; Wed, 2 Sep 1998 14:09:13 -0700 (PDT) Received: from smtp4.ny.us.ibm.COM (smtp4.ny.us.ibm.com [198.133.22.43]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA29020 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 14:09:12 -0700 (PDT) Received: from relay3.server.ibm.com (relay3.server.ibm.com [9.14.2.100]) by smtp4.ny.us.ibm.COM (8.8.7/8.8.7) with ESMTP id RAA56410 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:03:09 -0400 Received: from US.IBM.COM (d04lms03.raleigh.ibm.com [9.37.164.195]) by relay3.server.ibm.com (8.8.7/8.8.7) with SMTP id RAA36166 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 17:12:53 -0400 Received: by US.IBM.COM (Soft-Switch LMS 2.0) with snapi via D04AU014 id 5040300019930751; Wed, 2 Sep 1998 17:09:46 -0400 From: MA Crane <cranem@us.ibm.com> To: <ietf-pkix@imc.org> Subject: For Option 2 Message-ID: <5040300019930751000002L012*@MHS> Date: Wed, 2 Sep 1998 17:09:46 -0400 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA28896 for ietf-pkix-bks; Wed, 2 Sep 1998 13:55:12 -0700 (PDT) Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA28892 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 13:55:11 -0700 (PDT) Received: by INET-IMC-01 with Internet Mail Service (5.5.2232.9) id <RWPXR37C>; Wed, 2 Sep 1998 13:59:24 -0700 Message-ID: <D70342829C12D2119D0700805FBECA2FC79AF0@RED-MSG-55> From: Rick Johnson <rickj@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 13:59:20 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA28703 for ietf-pkix-bks; Wed, 2 Sep 1998 13:28:05 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id NAA28698 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 13:28:04 -0700 (PDT) Received: from East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id NAA03697; Wed, 2 Sep 1998 13:32:16 -0700 Received: from suneast.East.Sun.COM by East.Sun.COM (SMI-8.6/SMI-5.3) id QAA05825; Wed, 2 Sep 1998 16:32:04 -0400 Received: from bcn.East.Sun.COM by suneast.East.Sun.COM (SMI-8.6/SMI-SVR4) id QAA22112; Wed, 2 Sep 1998 16:32:04 -0400 Received: from east.sun.com by bcn.East.Sun.COM (SMI-8.6/SMI-SVR4) id QAA21764; Wed, 2 Sep 1998 16:32:02 -0400 Message-ID: <35EDAB43.3CE45198@east.sun.com> Date: Wed, 02 Sep 1998 16:32:03 -0400 From: Sean Mullan <mullan@East.Sun.COM> Organization: Sun Microsystems X-Mailer: Mozilla 4.5b1 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Sharon Boeyen <sharon.boeyen@entrust.com> CC: ietf-pkix@imc.org Subject: Re: Straw Poll cACertificate & crossCertificatePairattributes- PKIX LDAPv2 schema I-D References: <D789F71F24B4D111955D00A0C99B4F50AC96DF@sothmxs01.entrust.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk I agree that the forward & reverse elements of the crossCertificatePair are useful. It would be nice if the cACertificate attribute contained forward and reverse elements too. One issue I have with the crossCertificatePair and the forward & reverse elements is that I believe they are a single-valued pair (meaning you can't have more than one forward/reverse element per pair). What do you do if CA1 issues more than 1 cross certificate to CA2 (or vice versa)? --Sean Sharon Boeyen wrote: > > Hi Bob, > > I don't think we'll every get to a point where people stop populating the > crossCertificatePair attribute, regardless of the result of the straw poll. > The forward/reverse elements in the syntax of this attribute are very useful > since not all path discovery algorithms are identical. Path discovery can be > done many ways including beginning from the subject and moving toward a > trust anchor, beginning from a trust anchor and moving toward a subject, > beginning at both ends etc etc. Being able to retrieve both forward and > reverse certificates from a single entry rather than checking the directory > entries of two CAs is a useful feature for some algorithms. > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > > > > ---------- > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > Sent: September 1, 1998 7:20 PM > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > Subject: Re: Straw Poll cACertificate & > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > I'm still on the fence, and trying to decide between the two options. > > > > But why is a binary decision necessary? > > > > If I understand Tim's points, option 2 is a superset of option 1, > > and a significant number of clients only support option 2. > > > > Option 1, however, is at least arguably superior from a network and > > directory performance standpoint, although I am still very confused > > about exactly who defines a "domain" and how the relying party is > > supposed to intuit what "local choice" some CA made. > > > > Would a viable compromise position be to support option 2 as the initial > > direction, and to transition to option 1 at some later point in time, say > > 36 months from now, assuming further work clearly establishes that > > option 1 is completely workable? > > > > My directory guys assure me that the directory is effectively neutral in > > this, > > except for the possible performance issues. So all that has to happen > > is for CAs to stop populating the crossCertificate pair. Is that correct? > > > > On the other hand, does this give rise to a worst of both worlds case > > from the perspective of the client software complexity? > > > > Bob > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27945 for ietf-pkix-bks; Wed, 2 Sep 1998 11:50:59 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27941 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:50:58 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1BY50L2>; Wed, 2 Sep 1998 14:55:09 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E0EC4A7@WUHER> From: Kenneth Eggers <eggers@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 14:55:08 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Kenneth W. Eggers <eggers@cygnacom.com> http://www.cygnacom.com CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA 22102 (703) 848-0883x228 fax: (703) 848-0960 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27858 for ietf-pkix-bks; Wed, 2 Sep 1998 11:40:48 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27854 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:40:46 -0700 (PDT) Received: by gateway.r3.ch id <6802>; Wed, 2 Sep 1998 20:46:47 +0100 Message-Id: <98Sep2.204647gmt+0100.6802@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, ietf-pkix@imc.org, wpolk@nist.gov, "'Bob Jueneman'" <BJUENEMAN@novell.com>, "'Santosh Chokhani'" <chokhani@cygnacom.com> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Wed, 2 Sep 1998 19:40:43 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Santosh Chokhani[SMTP:chokhani@cygnacom.com] > Sent: September 2, 1998 2:17 PM > To: 'Sharon Boeyen'; ietf-pkix@imc.org; wpolk@nist.gov; 'Bob > Jueneman' > Cc: 'Stefan Santesson' > Subject: RE: Straw Poll cACertificate & > crossCertificatePairattributes- PK IX LDAPv2 schema I-D > > Hi Sharon and Stefan: > > While option 1 does not mandate it, it does not prohibit a CA from > populating all the certificates it has issued to other CAs (inter as > well as intra domain) in the reverse attribute of the cross > certificate > pair. Agreed > The fundamental difference between the two options is that under > option > 1 certificates are not duplicated in a CA's entry. There are other fundamental differences as well such as requiring CAs to split the certs to populate 2 attributes in Option 1 and requiring clients to know the meaning of domain ahead of time in order to be able to take any advantage of the split storage, else to require retrieval from 2 attributes. > > -----Original Message----- > > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > > Sent: Wednesday, September 02, 1998 8:46 AM > > To: ietf-pkix@imc.org; wpolk@nist.gov; 'Bob Jueneman' > > Subject: RE: Straw Poll cACertificate & > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > Hi Bob, > > > > I don't think we'll every get to a point where people stop > populating > > the > > crossCertificatePair attribute, regardless of the result of the > straw > > poll. > > The forward/reverse elements in the syntax of this attribute are > very > > useful > > since not all path discovery algorithms are identical. Path > discovery > > can be > > done many ways including beginning from the subject and moving > toward > > a > > trust anchor, beginning from a trust anchor and moving toward a > > subject, > > beginning at both ends etc etc. Being able to retrieve both > forward > > and > > reverse certificates from a single entry rather than checking the > > directory > > entries of two CAs is a useful feature for some algorithms. > > ------------------ > > Sharon Boeyen > > Entrust Technologies > > > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > > http://www.entrust.com Fax: (613) 247-3690 > > > > > > > > > ---------- > > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > > Sent: September 1, 1998 7:20 PM > > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > > Subject: Re: Straw Poll cACertificate & > > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > > > I'm still on the fence, and trying to decide between the two > > options. > > > > > > But why is a binary decision necessary? > > > > > > If I understand Tim's points, option 2 is a superset of option 1, > > > and a significant number of clients only support option 2. > > > > > > Option 1, however, is at least arguably superior from a network > and > > > directory performance standpoint, although I am still very > confused > > > about exactly who defines a "domain" and how the relying party is > > > supposed to intuit what "local choice" some CA made. > > > > > > Would a viable compromise position be to support option 2 as the > > initial > > > direction, and to transition to option 1 at some later point in > > time, say > > > 36 months from now, assuming further work clearly establishes that > > > > option 1 is completely workable? > > > > > > My directory guys assure me that the directory is effectively > > neutral in > > > this, > > > except for the possible performance issues. So all that has to > > happen > > > is for CAs to stop populating the crossCertificate pair. Is that > > correct? > > > > > > On the other hand, does this give rise to a worst of both worlds > > case > > > from the perspective of the client software complexity? > > > > > > Bob > > > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27837 for ietf-pkix-bks; Wed, 2 Sep 1998 11:37:20 -0700 (PDT) Received: from krusty.rosenquist.com (cr462639-a.flfrd1.on.wave.home.com [24.112.89.61]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27833 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:37:19 -0700 (PDT) Received: by krusty.rosenquist.com with Internet Mail Service (5.5.1960.3) id <RTZXP18A>; Wed, 2 Sep 1998 14:42:03 -0400 Message-ID: <91E1AFA3AC39D11181930080C83879E3055EF8@krusty.rosenquist.com> From: Eric Rosenquist <eric@rosenquist.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 14:42:00 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: multipart/alternative; boundary="---- =_NextPart_001_01BDD6A1.5ED91770" Sender: owner-ietf-pkix@imc.org Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------ =_NextPart_001_01BDD6A1.5ED91770 Content-Type: text/plain ------ =_NextPart_001_01BDD6A1.5ED91770 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.1960.3"> <TITLE>For Option 2</TITLE> </HEAD> <BODY> <BR> </BODY> </HTML> ------ =_NextPart_001_01BDD6A1.5ED91770-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA27631 for ietf-pkix-bks; Wed, 2 Sep 1998 11:13:11 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA27627 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:13:09 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1BY50GJ>; Wed, 2 Sep 1998 14:17:20 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D219@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Sharon Boeyen'" <sharon.boeyen@entrust.com>, ietf-pkix@imc.org, wpolk@nist.gov, "'Bob Jueneman'" <BJUENEMAN@novell.com> Cc: "'Stefan Santesson'" <stefan@accurata.se> Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Wed, 2 Sep 1998 14:17:18 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Sharon and Stefan: While option 1 does not mandate it, it does not prohibit a CA from populating all the certificates it has issued to other CAs (inter as well as intra domain) in the reverse attribute of the cross certificate pair. The fundamental difference between the two options is that under option 1 certificates are not duplicated in a CA's entry. > -----Original Message----- > From: Sharon Boeyen [SMTP:sharon.boeyen@entrust.com] > Sent: Wednesday, September 02, 1998 8:46 AM > To: ietf-pkix@imc.org; wpolk@nist.gov; 'Bob Jueneman' > Subject: RE: Straw Poll cACertificate & > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > Hi Bob, > > I don't think we'll every get to a point where people stop populating > the > crossCertificatePair attribute, regardless of the result of the straw > poll. > The forward/reverse elements in the syntax of this attribute are very > useful > since not all path discovery algorithms are identical. Path discovery > can be > done many ways including beginning from the subject and moving toward > a > trust anchor, beginning from a trust anchor and moving toward a > subject, > beginning at both ends etc etc. Being able to retrieve both forward > and > reverse certificates from a single entry rather than checking the > directory > entries of two CAs is a useful feature for some algorithms. > ------------------ > Sharon Boeyen > Entrust Technologies > > mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > http://www.entrust.com Fax: (613) 247-3690 > > > > > ---------- > > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > > Sent: September 1, 1998 7:20 PM > > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > > Subject: Re: Straw Poll cACertificate & > > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > > > I'm still on the fence, and trying to decide between the two > options. > > > > But why is a binary decision necessary? > > > > If I understand Tim's points, option 2 is a superset of option 1, > > and a significant number of clients only support option 2. > > > > Option 1, however, is at least arguably superior from a network and > > directory performance standpoint, although I am still very confused > > about exactly who defines a "domain" and how the relying party is > > supposed to intuit what "local choice" some CA made. > > > > Would a viable compromise position be to support option 2 as the > initial > > direction, and to transition to option 1 at some later point in > time, say > > 36 months from now, assuming further work clearly establishes that > > option 1 is completely workable? > > > > My directory guys assure me that the directory is effectively > neutral in > > this, > > except for the possible performance issues. So all that has to > happen > > is for CAs to stop populating the crossCertificate pair. Is that > correct? > > > > On the other hand, does this give rise to a worst of both worlds > case > > from the perspective of the client software complexity? > > > > Bob > > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA27427 for ietf-pkix-bks; Wed, 2 Sep 1998 10:57:12 -0700 (PDT) Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA27423 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:57:11 -0700 (PDT) Received: by mail3.microsoft.com with Internet Mail Service (5.5.2232.9) id <RWP6JHY3>; Wed, 2 Sep 1998 11:01:25 -0700 Message-ID: <61AC5C9A4B9CD11181A200805F57CD5403F46D21@RED-MSG-44> From: Peter Brundrett <petebr@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 11:01:16 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA27149 for ietf-pkix-bks; Wed, 2 Sep 1998 10:31:11 -0700 (PDT) Received: from dell_srv.bankers.org (l131.wespay.org [204.188.21.131]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA27145 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:31:10 -0700 (PDT) Received: by l130.wespay.org with Internet Mail Service (5.5.1960.3) id <RYVJG1T6>; Wed, 2 Sep 1998 10:35:02 -0700 Message-ID: <2F05D61D07F4D111A96900A0C90CD46801AEE2@l130.wespay.org> From: Peter Yeatrakas <pyeatrakas@wespay.org> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 10:34:55 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26986 for ietf-pkix-bks; Wed, 2 Sep 1998 10:17:47 -0700 (PDT) Received: from shadow.munge.com (1005@cc586254-a.hwrd1.md.home.com [24.3.19.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA26982 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:17:45 -0700 (PDT) Received: from localhost (kaos@localhost) by shadow.munge.com (8.8.7/8.8.7) with SMTP id NAA11361; Wed, 2 Sep 1998 13:20:43 -0400 (EDT) (envelope-from kaos@shadow.munge.com) Date: Wed, 2 Sep 1998 13:20:42 -0400 (EDT) From: Karen Oostendorp <kaos@shadow.munge.com> To: ietf-pkix@imc.org cc: Chris Vance <cvance@shadow.munge.com> Subject: For Option 1 Message-ID: <Pine.BSF.3.96.980902131948.10441D-100000@shadow.munge.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26827 for ietf-pkix-bks; Wed, 2 Sep 1998 10:07:57 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA26823 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:07:56 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <S1BY501N>; Wed, 2 Sep 1998 13:12:02 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E12B0DF@WUHER> From: Peter Hesse <pmhesse@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 13:11:54 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ---------------------------------------------------------------- Peter M. Hesse pmhesse@cygnacom.com CygnaCom Solutions, Inc. (703)848-0883(voice) (703)848-0960(fax) Visit the CygnaCom Solutions Web Site: http://www.cygnacom.com Page me instantly! http://wwp.mirabilis.com/1942828#pager Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26794 for ietf-pkix-bks; Wed, 2 Sep 1998 10:04:13 -0700 (PDT) Received: from hq.freegate.com ([208.226.86.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA26790 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:04:12 -0700 (PDT) Received: (qmail+freegate 12097 invoked by alias); 2 Sep 1998 17:08:41 -0000 Received: from ws37-n0.hq.freegate.com (HELO tardo2.hq.freegate.com) (208.226.86.165) by hq.freegate.com with SMTP; 2 Sep 1998 17:08:41 -0000 Message-Id: <2.2.32.19980902170825.00ada5e0@mailhost.hq.freegate.com> X-Sender: jtardo@mailhost.hq.freegate.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 02 Sep 1998 10:08:25 -0700 To: ietf-pkix@imc.org From: Joe Tardo <jtardo@freegate.com> Subject: For Option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA26755 for ietf-pkix-bks; Wed, 2 Sep 1998 10:00:11 -0700 (PDT) Received: from eagle.rsa.com (eagle.rsa.com [192.80.211.35]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA26751 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:00:10 -0700 (PDT) Received: from [10.81.217.217] by eagle.rsa.com via smtpd (for imc.org [206.184.129.134]) with SMTP; 2 Sep 1998 17:17:36 UT Received: by LOBESTER with Internet Mail Service (5.0.1460.8) id <P3J70J5X>; Wed, 2 Sep 1998 10:07:06 -0700 Message-ID: <6236E58EC451D1119E80006097040ED98D3C04@LOBESTER> From: Bruce Greenblatt <Bgreenblatt@rsa.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 10:07:04 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Note new phone number below | v ---------------------------------------------------- Bruce Greenblatt bgreenblatt@rsa.com Personal: bruceg@innetix.com (650) 295-7569 http://www.innetix.com/~bruceg ---------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA26612 for ietf-pkix-bks; Wed, 2 Sep 1998 09:48:47 -0700 (PDT) Received: from imo28.mx.aol.com (imo28.mx.aol.com [198.81.17.72]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA26608 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:48:45 -0700 (PDT) From: SLucch3390@aol.com Received: from SLucch3390@aol.com by imo28.mx.aol.com (IMOv16.1) id 7WUCa24183 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:52:48 -0400 (EDT) Message-ID: <e0f53fb5.35ed77e0@aol.com> Date: Wed, 2 Sep 1998 12:52:48 EDT To: ietf-pkix@imc.org Mime-Version: 1.0 Subject: For Option 1 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Mailer: AOL 3.0 for Windows 95 sub 18 Sender: owner-ietf-pkix@imc.org Precedence: bulk I vote for Option 1. EAL Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA25443 for ietf-pkix-bks; Wed, 2 Sep 1998 09:03:45 -0700 (PDT) Received: from dkeynt1.DATAKEY.COM (dkeynt1.datakey.com [205.218.59.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id JAA25439 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:03:44 -0700 (PDT) Received: from datakey.com ([205.218.59.20]) by dkeynt1.DATAKEY.COM (Netscape Messaging Server 3.5) with ESMTP id 382 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:09:26 -0500 Message-ID: <35ED6DEB.7D5299FE@datakey.com> Date: Wed, 02 Sep 1998 11:10:19 -0500 From: "Dale Gustafson" <daleg@datakey.com> Organization: Datakey, Inc. X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: PKIX Working Group <ietf-pkix@imc.org> Subject: For Option 2 References: <5040300019913452000002L022*@MHS> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA25345 for ietf-pkix-bks; Wed, 2 Sep 1998 08:54:18 -0700 (PDT) Received: from smtp2.erols.com (smtp2.erols.com [207.172.3.235]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA25341 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:54:17 -0700 (PDT) Received: from erols.com (207-172-132-91.s91.tnt5.col.erols.com [207.172.132.91]) by smtp2.erols.com (8.8.8/8.8.5) with ESMTP id MAA06506 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:00:44 -0400 (EDT) Message-ID: <35ED26CA.53B6A936@erols.com> Date: Wed, 02 Sep 1998 11:06:52 +0000 From: susanmaloney <susanmaloney@erols.com> Reply-To: susanmaloney@erols.com X-Mailer: Mozilla 4.04 (Macintosh; I; PPC) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854"; x-mac-creator="4D4F5353" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA25191 for ietf-pkix-bks; Wed, 2 Sep 1998 08:40:02 -0700 (PDT) Received: from r3.ch (gateway.r3.ch [193.73.163.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA25187 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:40:01 -0700 (PDT) Received: by gateway.r3.ch id <6803>; Wed, 2 Sep 1998 17:46:05 +0100 Message-Id: <98Sep2.174605gmt+0100.6803@gateway.r3.ch> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Extension of straw poll Date: Wed, 2 Sep 1998 16:40:06 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk I've just been speaking with one of the PKIX co-chairs and as a result of that conversation, we're extending the deadline on the straw poll regarding the use of cACertificate and crossCertificatePair attributes to be more in line with the length of time usually afforded straw polls in IETF. My reason for pushing a short timeframe was in anticipation of a PKIX resolution which could then be submitted to the X.509 group next week for consideration in their discussion of the related defect report. If the straw poll ends on Wednesday, and if a PKIX resolution is finalized quickly, we can probably still meet that timeframe. Votes can now be submitted up until COB on Wednesday September 9th. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA25160 for ietf-pkix-bks; Wed, 2 Sep 1998 08:36:10 -0700 (PDT) Received: from smtp3.ny.us.ibm.com (smtp3.ny.us.ibm.com [198.133.22.42]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA25156 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:36:09 -0700 (PDT) Received: from relay3.server.ibm.com (relay3.server.ibm.com [9.14.2.100]) by smtp3.ny.us.ibm.com (8.8.7/8.8.7) with ESMTP id LAA62454 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:25:17 -0400 Received: from US.IBM.COM (d04lms03.raleigh.ibm.com [9.37.164.195]) by relay3.server.ibm.com (8.8.7/8.8.7) with SMTP id LAA37654 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:39:46 -0400 Received: by US.IBM.COM (Soft-Switch LMS 2.0) with snapi via D04AU053 id 5040300019913452; Wed, 2 Sep 1998 11:36:41 -0400 From: Ivan Milman <milman@us.ibm.com> To: <ietf-pkix@imc.org> Subject: For Option 2 Message-ID: <5040300019913452000002L022*@MHS> Date: Wed, 2 Sep 1998 11:36:41 -0400 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Thanks, Ivan Ivan M. Milman IBM/Austin Distributed System Services Email: milman@austin.ibm.com Phone: 1-512-838-8152 Fax: 1-512-838-8597 T/L: 678-8152 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA24801 for ietf-pkix-bks; Wed, 2 Sep 1998 08:01:01 -0700 (PDT) Received: from thunder.smartlink.navy.mil (thunder.smartlink.navy.mil [204.36.16.143]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id IAA24790 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:01:00 -0700 (PDT) Received: (from smap@localhost) by thunder.smartlink.navy.mil (8.7.3/8.7.3) id LAA01758 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:03:13 -0400 (EDT) X-Authentication-Warning: thunder.smartlink.navy.mil: smap set sender to <thorvath@chromatix.com> using -f Received: from localhost(127.0.0.1) by thunder via smap (V2.0) id xma001756; Wed, 2 Sep 98 11:02:48 -0400 Message-ID: <35ED5E18.BC183F7E@chromatix.com> Date: Wed, 02 Sep 1998 11:02:48 -0400 From: Tom Horvath <thorvath@chromatix.com> Organization: Smart Link Office X-Mailer: Mozilla 4.04 [en] (X11; I; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24771 for ietf-pkix-bks; Wed, 2 Sep 1998 07:59:29 -0700 (PDT) Received: from stingray.missi.ncsc.mil ([144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24767 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:59:28 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id LAA29628 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:03:31 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id LAA29624 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:03:31 -0400 (EDT) Received: from [144.51.53.159] (impala.missi.ncsc.mil [144.51.53.159]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id LAA01159 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 11:02:54 -0400 (EDT) X-Sender: dadalko@storm.missi.ncsc.mil Message-Id: <v03110700b2130f1ae193@[144.51.53.159]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 2 Sep 1998 11:05:12 -0400 To: ietf-pkix@imc.org From: David Dalkowski <dadalko@missi.ncsc.mil> Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24736 for ietf-pkix-bks; Wed, 2 Sep 1998 07:55:24 -0700 (PDT) Received: from mclean2-mail.usae.bah.com (mclean2-mail.usae.bah.com [156.80.5.110]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24732 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:55:23 -0700 (PDT) Received: from bah.com ([156.80.128.200]) by mclean2-mail.usae.bah.com (Netscape Messaging Server 3.01) with ESMTP id AAA27454 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:54:26 -0400 Message-ID: <35ED5DA0.3645A842@bah.com> Date: Wed, 02 Sep 1998 11:00:48 -0400 From: "Hirsch Matthew" <hirsch_matthew@bah.com> Organization: BAH X-Mailer: Mozilla 4.03 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24667 for ietf-pkix-bks; Wed, 2 Sep 1998 07:48:37 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24663 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:48:35 -0700 (PDT) Received: from juniper (juniper.chromatix.com [207.97.115.33]) by chromatix.com (8.8.8/8.8.8) with SMTP id KAA09830 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:52:43 -0400 (EDT) (envelope-from bill@chromatix.com) Message-ID: <008401bdd680$fb7af820$217361cf@juniper.chromatix.com> From: "Bill Lenz" <bill@chromatix.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Wed, 2 Sep 1998 10:50:09 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0081_01BDD65F.74558200" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0081_01BDD65F.74558200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_0081_01BDD65F.74558200 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_0081_01BDD65F.74558200-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24607 for ietf-pkix-bks; Wed, 2 Sep 1998 07:44:25 -0700 (PDT) Received: from Tandem.com (suntan.tandem.com [192.216.221.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24603 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:44:25 -0700 (PDT) Received: from exccup-conn01.mis.tandem.com (exccup-conn01.mis.tandem.com [130.252.226.231]) by Tandem.com (8.8.8/2.0.1) with ESMTP id HAA02474 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:49:07 -0700 (PDT) Received: by exccup-conn01.mis.tandem.com with Internet Mail Service (5.5.1960.3) id <Q04MF3N5>; Wed, 2 Sep 1998 07:48:19 -0700 Message-ID: <418B8B7ACE69D111879B00805F6F281DFDF674@exccup-25006.mis.tandem.com> From: "Pawluk, Jean" <jean.pawluk@compaq.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 07:48:14 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id HAA24547 for ietf-pkix-bks; Wed, 2 Sep 1998 07:38:43 -0700 (PDT) Received: from marlowe.APSINC.COM (marlowe.apsinc.com [198.160.146.80]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id HAA24543 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:38:42 -0700 (PDT) Received: by MARLOWE with Internet Mail Service (5.5.2232.9) id <R4PAPTDT>; Wed, 2 Sep 1998 07:41:32 -0700 Message-ID: <70EAEA308C1FD211BF9B00805FBEF6B4158921@MARLOWE> From: Bruce Bell <BBELL@apsinc.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: for option 1 Date: Wed, 2 Sep 1998 07:41:24 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Bruce S. Bell Compliance Officer phone 510-568-0276 ext.361 fax 510-568-0195 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA24010 for ietf-pkix-bks; Wed, 2 Sep 1998 06:46:56 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA24006 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:46:55 -0700 (PDT) Received: from bonsai.chromatix.com (bonsai.chromatix.com [207.97.115.32]) by chromatix.com (8.8.8/8.8.8) with SMTP id JAA09586 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:51:03 -0400 (EDT) (envelope-from Nora.Kraemer@chromatix.com) Message-ID: <00c101bdd678$680639e0$207361cf@bonsai.chromatix.com> From: "Nora Kraemer" <Nora.Kraemer@chromatix.com> To: <ietf-pkix@imc.org> Subject: Option 1 Date: Wed, 2 Sep 1998 09:48:46 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00BE_01BDD656.E0E3D100" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_00BE_01BDD656.E0E3D100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Nora Kraemer=20 Chromatix 10451 Twin Rivers Road, #265 Columbia, MD 21044 Phone: 301-596-8466 Fax: 410-997-4306 Nora.Kraemer@chromatix.com http://www.chromatix.com ------=_NextPart_000_00BE_01BDD656.E0E3D100 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.2106.6"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV> <DIV><FONT color=3D#000000 size=3D2>Nora Kraemer </FONT></DIV> <DIV><FONT color=3D#000000 size=3D2>Chromatix<BR>10451 Twin Rivers Road, = #265<BR>Columbia, MD 21044<BR>Phone: =20 301-596-8466<BR>Fax: = 410-997-4306<BR><A=20 href=3D"mailto:Nora.Kraemer@chromatix.com">Nora.Kraemer@chromatix.com</A>= <BR><A=20 href=3D"http://www.chromatix.com">http://www.chromatix.com</A></FONT></DI= V></BODY></HTML> ------=_NextPart_000_00BE_01BDD656.E0E3D100-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA23960 for ietf-pkix-bks; Wed, 2 Sep 1998 06:42:29 -0700 (PDT) Received: from post.queensu.ca (post.QueensU.CA [130.15.126.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA23956 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:42:23 -0700 (PDT) Received: from eleceng.ee.queensu.ca (eleceng.ee.queensu.ca [130.15.16.1]) by post.queensu.ca (8.9.0/8.9.0) with SMTP id JAA29695 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 09:47:06 -0400 (EDT) Received: from apollo.ee.queensu.ca by eleceng.ee.queensu.ca (4.1/SMI-4.1) id AA22895; Wed, 2 Sep 98 09:47:05 EDT Received: from localhost by apollo.ee.queensu.ca (SMI-8.6/SMI-SVR4) id JAA14757; Wed, 2 Sep 1998 09:47:04 -0400 Date: Wed, 2 Sep 1998 09:47:04 -0400 (EDT) From: Serge Mister <misters@eleceng.ee.queensu.ca> X-Sender: misters@apollo Reply-To: Serge Mister <misters@eleceng.ee.queensu.ca> To: ietf-pkix@imc.org Subject: For Option 2 Message-Id: <Pine.GSO.3.96.980902094403.14741B-100000@apollo> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA23926 for ietf-pkix-bks; Wed, 2 Sep 1998 06:39:03 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA23921 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:39:02 -0700 (PDT) Received: from chromatix.com (maple.chromatix.com [207.97.115.23]) by chromatix.com (8.8.8/8.8.8) with ESMTP id JAA09547; Wed, 2 Sep 1998 09:43:10 -0400 (EDT) (envelope-from daveb@chromatix.com) Message-ID: <35ED4A4E.3F0519C9@chromatix.com> Date: Wed, 02 Sep 1998 09:38:22 -0400 From: David Berstein <daveb@chromatix.com> Organization: Chromatix X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- _/_/_/ David M. Berstein _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | daveb@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id GAA23868 for ietf-pkix-bks; Wed, 2 Sep 1998 06:33:01 -0700 (PDT) Received: from ha1.rdc1.md.home.com (siteadm@ha1.rdc1.md.home.com [24.2.2.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id GAA23863 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:33:00 -0700 (PDT) Received: from shadow.munge.com ([24.3.19.3]) by ha1.rdc1.md.home.com (Netscape Mail Server v2.02) with SMTP id AAA28598 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:37:42 -0700 Date: Wed, 2 Sep 1998 09:36:05 -0400 (EDT) From: Chris Vance <cvance@shadow.munge.com> To: ietf-pkix@imc.org Subject: For Option 1 Message-ID: <Pine.BSF.3.96.980902093518.10329B-100000@shadow.munge.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23392 for ietf-pkix-bks; Wed, 2 Sep 1998 05:47:21 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA23388 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:47:20 -0700 (PDT) Received: id IAA23613; Wed, 2 Sep 1998 08:49:31 -0400 Received: by gateway id <RNJC07PP>; Wed, 2 Sep 1998 08:46:38 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC96E0@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Wed, 2 Sep 1998 08:46:34 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23383 for ietf-pkix-bks; Wed, 2 Sep 1998 05:47:04 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id FAA23378 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:47:03 -0700 (PDT) Received: id IAA23379; Wed, 2 Sep 1998 08:48:31 -0400 Received: by gateway id <RNJC07PN>; Wed, 2 Sep 1998 08:45:38 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC96DF@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: ietf-pkix@imc.org, wpolk@nist.gov, "'Bob Jueneman'" <BJUENEMAN@novell.com> Subject: RE: Straw Poll cACertificate & crossCertificatePairattributes- PK IX LDAPv2 schema I-D Date: Wed, 2 Sep 1998 08:45:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi Bob, I don't think we'll every get to a point where people stop populating the crossCertificatePair attribute, regardless of the result of the straw poll. The forward/reverse elements in the syntax of this attribute are very useful since not all path discovery algorithms are identical. Path discovery can be done many ways including beginning from the subject and moving toward a trust anchor, beginning from a trust anchor and moving toward a subject, beginning at both ends etc etc. Being able to retrieve both forward and reverse certificates from a single entry rather than checking the directory entries of two CAs is a useful feature for some algorithms. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 > ---------- > From: Bob Jueneman[SMTP:BJUENEMAN@novell.com] > Sent: September 1, 1998 7:20 PM > To: ietf-pkix@imc.org; wpolk@nist.gov; BJUENEMAN@novell.com > Subject: Re: Straw Poll cACertificate & > crossCertificatePairattributes- PKIX LDAPv2 schema I-D > > I'm still on the fence, and trying to decide between the two options. > > But why is a binary decision necessary? > > If I understand Tim's points, option 2 is a superset of option 1, > and a significant number of clients only support option 2. > > Option 1, however, is at least arguably superior from a network and > directory performance standpoint, although I am still very confused > about exactly who defines a "domain" and how the relying party is > supposed to intuit what "local choice" some CA made. > > Would a viable compromise position be to support option 2 as the initial > direction, and to transition to option 1 at some later point in time, say > 36 months from now, assuming further work clearly establishes that > option 1 is completely workable? > > My directory guys assure me that the directory is effectively neutral in > this, > except for the possible performance issues. So all that has to happen > is for CAs to stop populating the crossCertificate pair. Is that correct? > > On the other hand, does this give rise to a worst of both worlds case > from the perspective of the client software complexity? > > Bob > Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23301 for ietf-pkix-bks; Wed, 2 Sep 1998 05:40:29 -0700 (PDT) Received: from mbunix.mitre.org (mbunix.mitre.org [129.83.20.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA23297 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:40:26 -0700 (PDT) Received: from FUZZY (fuzzy.mitre.org [129.83.20.83]) by mbunix.mitre.org (8.8.8/8.8.8/mitre.0) with ESMTP id IAA14963 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 08:45:08 -0400 (EDT) Received: from mm60206-lptp.mitre.org (128.29.105.60) by fuzzy.mitre.org with SMTP id 389257; Wed, 02 Sep 1998 08:45:07 EST Message-Id: <3.0.3.32.19980902083749.00747eb0@mail90.mitre.org> X-Sender: egardner@mail90.mitre.org X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 02 Sep 1998 08:37:49 -0400 To: ietf-pkix@imc.org From: egardner@mitre.org (Ella P. Gardner) Subject: For Option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Ella P. Gardner phone: +1 703 883 5826 The MITRE Corporation fax +1 703 883 7142 1820 Dolley Madison Boulevard email: egardner@mitre.org McLean, VA 22102-3481 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA23208 for ietf-pkix-bks; Wed, 2 Sep 1998 05:26:25 -0700 (PDT) Received: from Sonnet.GSC.GTE.Com (Sonnet.GSC.GTE.Com [131.131.251.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA23204 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 05:26:24 -0700 (PDT) Received: from gscex01.ndhm.gtegsc.com ("port 3641"@gscex01.ndhm.gtegsc.com) by Sonnet.GSC.GTE.Com (PMDF V5.0-8 #17886) id <01J1BP3GOR5W0017HI@Sonnet.GSC.GTE.Com> for ietf-pkix@imc.org; Wed, 02 Sep 1998 08:30:46 -0400 (EDT) Received: by gscex01.ndhm.gtegsc.com with Internet Mail Service (5.0.1460.8) id <Q16F2A6D>; Wed, 02 Sep 1998 08:28:31 -0400 Date: Wed, 02 Sep 1998 08:34:05 -0400 From: "Saylor, John" <John.Saylor@gsc.gte.com> Subject: For Option 2 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Message-id: <ED3CB0BEB22CD211A4580008C756184441476F@NDHMEX01> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-type: text/plain Content-transfer-encoding: 7BIT Sender: owner-ietf-pkix@imc.org Precedence: bulk \js Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22985 for ietf-pkix-bks; Wed, 2 Sep 1998 04:53:31 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22981 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:53:29 -0700 (PDT) Received: from chromatix.com (redoak.chromatix.com [207.97.115.4]) by chromatix.com (8.8.8/8.8.8) with ESMTP id HAA09208 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:57:37 -0400 (EDT) (envelope-from john@chromatix.com) Message-ID: <35ED33B6.9F70645@chromatix.com> Date: Wed, 02 Sep 1998 08:01:58 -0400 From: John Garner <john@chromatix.com> X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: "IETF X.509 PKI" <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: multipart/alternative; boundary="------------06CB147F224BAAC5EA029C20" Sender: owner-ietf-pkix@imc.org Precedence: bulk --------------06CB147F224BAAC5EA029C20 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit -- ====================================================================== //_/_/ John R. Garner _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | john@chromatix.com --------------06CB147F224BAAC5EA029C20 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <HTML> <PRE>-- ====================================================================== //_/_/ John R. Garner _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | <A HREF="http://www.chromatix.com">http://www.chromatix.com</A> _/_/_/ _/ _/ Fax: (410) 997-4306 | john@chromatix.com</PRE> </HTML> --------------06CB147F224BAAC5EA029C20-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22811 for ietf-pkix-bks; Wed, 2 Sep 1998 04:32:01 -0700 (PDT) Received: from mbunix.mitre.org (mbunix.mitre.org [129.83.20.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22807 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:31:59 -0700 (PDT) Received: from mail92.mitre.org (mail92.mitre.org [129.83.20.76]) by mbunix.mitre.org (8.8.8/8.8.8/mitre.0) with SMTP id HAA03515 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:36:35 -0400 (EDT) Received: from mwppp12.mitre.org by mail92.mitre.org; (5.65v3.2/1.1.8.2/22Jun94-0628PM) id AA26210; Wed, 2 Sep 1998 07:36:34 -0400 Message-Id: <Version.32.19980902073600.00dec600@mail92.mitre.org> X-Sender: ginsburg@mail92.mitre.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Wed, 02 Sep 1998 07:36:15 -0400 To: ietf-pkix@imc.org From: Elliott N Ginsburg <ginsburg@mitre.org> Subject: for option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22784 for ietf-pkix-bks; Wed, 2 Sep 1998 04:28:38 -0700 (PDT) Received: from smtp4.ny.us.ibm.COM (smtp4.ny.us.ibm.com [198.133.22.43]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22780 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:28:36 -0700 (PDT) Received: from relay3.server.ibm.com (relay3.server.ibm.com [9.14.2.100]) by smtp4.ny.us.ibm.COM (8.8.7/8.8.7) with ESMTP id HAA24382 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:22:32 -0400 Received: from US.IBM.COM (d04lms03.raleigh.ibm.com [9.37.164.195]) by relay3.server.ibm.com (8.8.7/8.8.7) with SMTP id HAA24986 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 07:32:18 -0400 Received: by US.IBM.COM (Soft-Switch LMS 2.0) with snapi via D04AU014 id 5040300019901937; Wed, 2 Sep 1998 07:29:13 -0400 From: Mark C Davis <davismc@us.ibm.com> To: <ietf-pkix@imc.org> Subject: For Option 2 Message-ID: <5040300019901937000002L072*@MHS> Date: Wed, 2 Sep 1998 07:29:13 -0400 MIME-Version: 1.0 Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk ______________________________________________________________ Mark C Davis/Raleigh/IBM, DSS Network Security, davismc@us.ibm.com (919)254-7876, pager 1(800)946-4646 PIN 6066244, FAX (919)254-5710 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id EAA22620 for ietf-pkix-bks; Wed, 2 Sep 1998 04:08:00 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id EAA22616 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 04:07:59 -0700 (PDT) Received: from stefans (t2o68p26.telia.com [62.20.138.146]) by mailc.telia.com (8.8.8/8.8.8) with SMTP id NAA05183; Wed, 2 Sep 1998 13:12:31 +0200 (MET DST) Message-Id: <3.0.32.19980902130942.00a42bd0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 02 Sep 1998 13:10:19 +0200 To: "Bob Jueneman" <BJUENEMAN@novell.com>, <aram@apple.com> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Digital signature and non-repudiation key usage bits Cc: <ietf-pkix@imc.org> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id EAA22617 Sender: owner-ietf-pkix@imc.org Precedence: bulk At 11:35 AM 9/1/98 -0600, Bob Jueneman wrote: <snip> >>>Equally clearly, the use of both the DS and the NR bit _is_ allowed. >> >>YES!! If I could, I would require the DS bit to be set anytime the NR was set. > >I'm not strongly opposed to that, and in fact that was my position prior to realizing >that NR plus encryption could be used to indicate that no escrow was taking place. >If the DS bit would always be set, as opposed to using NR by itself, it would be >a few nanoseconds faster. <snip> >I'll grant that by suggesting that NR might apply to encryption, I am stretching the >popular concept a bit, and effectively redefining the key usage to mean "exclusive >control of the private key by the names user". But isn't that effectively what we have >been saying? > I suggest that we stick to the standardized definitions of the key usage bits and leave policy issues out of a common certificate profile. non-repudiation is according to standard selected by the NR bit, not NR in combination with DS bit. Inclusion of the DS bit means that DS mechanisms other than non-repudiation are allowed for the key. Restrictions regarding combinations of key usages are policy issues. Whether a particular key usage combination is good or bad has to be decided through the perspective of a community with common security requirements. Non-repudiation is defined to be (according to X.509): non-repudiation - This service provides proof of the integrity and origin of data - both in an unforgeable relationship - which can be verified by any third party at any time. Key escrow is not defined by non-repudiation so I would not use the NR bit as a "no-recovery" declaration. /Stefan ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA22485 for ietf-pkix-bks; Wed, 2 Sep 1998 03:54:07 -0700 (PDT) Received: from epic.iris.com (epic.iris.com [198.112.211.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA22480 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:54:06 -0700 (PDT) From: John_Wray@iris.com Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090206582906:162 for <ietf-pkix@imc.org> ; Wed, 2 Sep 1998 06:58:29 -0400 Received: from arista.iris.com ([9.95.65.15]) by epic.iris.com (Lotus Domino Build 161 (Beta)) with SMTP id 1998090206582906:162 for <ietf-pkix@imc.org> ; Wed, 2 Sep 1998 06:58:29 -0400 X-Lotus-FromDomain: IRIS To: ietf-pkix@imc.org Message-ID: <85256673.003C644F.00@arista.iris.com> Date: Wed, 2 Sep 1998 07:01:37 -0400 Subject: For Option 2 x-notes-Form: Memo x-notes-$24UpdatedBy: CN=Epic/O=Iris x-notes-$24Hops: 22 X-Priority: 3 (Normal) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA22420 for ietf-pkix-bks; Wed, 2 Sep 1998 03:47:26 -0700 (PDT) Received: from alpha.shiva.com (eagle-ext.shiva.com [192.80.57.28]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA22416 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:47:25 -0700 (PDT) Received: from wigeon.shiva.com (wigeon.shiva.com [140.248.194.223]) by alpha.shiva.com (8.8.8/8.8.8) with SMTP id GAA07839 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 06:49:05 -0400 (EDT) Received: from shiva.com by wigeon.shiva.com (SMI-8.6/SMI-SVR4) id GAA05853; Wed, 2 Sep 1998 06:51:37 -0400 Message-ID: <35ED2338.7258C255@shiva.com> Date: Wed, 02 Sep 1998 06:51:36 -0400 From: Jesse Walker <jwalker@shiva.com> Organization: Shiva Corporation X-Mailer: Mozilla 4.04 [en] (X11; U; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA21021 for ietf-pkix-bks; Wed, 2 Sep 1998 03:06:50 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA21017 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:06:48 -0700 (PDT) Received: from stefans (t2o68p44.telia.com [62.20.138.164]) by mailc.telia.com (8.8.8/8.8.8) with SMTP id MAA12855; Wed, 2 Sep 1998 12:10:23 +0200 (MET DST) Message-Id: <3.0.32.19980902120500.00a417c0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 02 Sep 1998 12:08:11 +0200 To: Santosh Chokhani <chokhani@cygnacom.com>, Sharon Boeyen <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: RE: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Cc: "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id DAA21018 Sender: owner-ietf-pkix@imc.org Precedence: bulk I just feel uncomfortable with a situation where the CA is NOT allowed to store some of it's issued CA certificates in its directory (OPTION 1). If nothing less, storage of these certificates may be used for cashing to enhance path construction (less directory look ups in new paths). Since OPTION2 closes less doors and obviously supports a wider range of local path algorithms, OPTION 2 seems to be the natural choice. I agree with Carlislie and Tim that since OPTION 1 only is a subset of OPTION 2 and OPTION 2 offer full interoperability, that OPTION 2 should be selected even if only a minority declare a need for it. /Stefan At 05:56 PM 9/1/98 -0400, Santosh Chokhani wrote: >They are stored in caCertificate attribute of directory entry >representing the subject (subscriber) CA. > >> -----Original Message----- >> From: Stefan Santesson [SMTP:stefan@accurata.se] >> Sent: Tuesday, September 01, 1998 3:54 PM >> To: Sharon Boeyen; 'ietf-pkix@imc.org' >> Cc: 'Santosh Chokhani' >> Subject: Re: Straw Poll cACertificate & crossCertificatePair >> attributes - PKIX LDAPv2 schema I-D >> >> I don't get this. >> >> In OPTION 1, where do I store certificates issued by this CA to CA:s >> in the same domain???? >> >> It seems to be missing. >> >> /Stefan >> >> ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id DAA21010 for ietf-pkix-bks; Wed, 2 Sep 1998 03:05:49 -0700 (PDT) Received: from mailc.telia.com (root@mailc.telia.com [194.22.190.4]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id DAA21006 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 03:05:46 -0700 (PDT) Received: from stefans (t2o68p44.telia.com [62.20.138.164]) by mailc.telia.com (8.8.8/8.8.8) with SMTP id MAA12859 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:10:24 +0200 (MET DST) Message-Id: <3.0.32.19980902120734.00a33df0@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 02 Sep 1998 12:08:12 +0200 To: ietf-pkix@imc.org From: Stefan Santesson <stefan@accurata.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id DAA21007 Sender: owner-ietf-pkix@imc.org Precedence: bulk ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19711 for ietf-pkix-bks; Wed, 2 Sep 1998 01:35:50 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19707 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:35:49 -0700 (PDT) Received: from roger ([10.0.0.21]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id KAA05769 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:37:32 +0200 (MET DST) Message-Id: <3.0.5.32.19980902103952.00a45d00@mail.cost.se> X-Sender: martin@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 02 Sep 1998 10:39:52 +0200 To: ietf-pkix@imc.org From: Martin =?iso-8859-1?Q?Lindström?= <martin@cost.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id BAA19708 Sender: owner-ietf-pkix@imc.org Precedence: bulk ______________________________________ |________ Entegrity Solutions _________| | | | Martin Lindström, Systems Engineer | | | | Finlandsgatan 60 | | S-164 74 Kista, Sweden | | Direct: +46-(0)8-477-7735 | | Fax: +46-(0)8-477-7731 | | Cell: +46-(0)70-483-0024 | |______________________________________| Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19623 for ietf-pkix-bks; Wed, 2 Sep 1998 01:18:14 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19619 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:18:13 -0700 (PDT) Received: from esmarelda ([10.0.0.11]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id KAA05687 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:20:01 +0200 (MET DST) Message-Id: <4.1.0.44.19980902101824.00b0e860@mail.cost.se> X-Sender: tca@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.44 (Beta) Date: Wed, 02 Sep 1998 10:19:46 +0200 To: ietf-pkix@imc.org From: Thomas Caldenius <tca@cost.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19614 for ietf-pkix-bks; Wed, 2 Sep 1998 01:17:50 -0700 (PDT) Received: from ccas.ru (ext1.ccas.ru [193.233.208.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19610 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:17:47 -0700 (PDT) Received: from sauron ([193.232.81.34]) by ccas.ru (8.7.5/8.7.3) with SMTP id MAA18012 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 12:19:50 +0300 (EET DST) Message-ID: <005501bdd64a$e2293fc0$2251e8c1@sauron.ccas.ru> From: "Andrey Lopatenko" <andreyl@ccas.ru> To: <ietf-pkix@imc.org> Subject: Option 2 Date: Wed, 2 Sep 1998 12:22:54 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0052_01BDD66C.68EE6D70" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0052_01BDD66C.68EE6D70 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_0052_01BDD66C.68EE6D70 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Dkoi8-r http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_0052_01BDD66C.68EE6D70-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id BAA19576 for ietf-pkix-bks; Wed, 2 Sep 1998 01:12:11 -0700 (PDT) Received: from marcellus.cost.se (marcellus.cost.se [195.100.88.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id BAA19572 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 01:12:09 -0700 (PDT) Received: from jimmie ([10.0.0.22]) by marcellus.cost.se (8.8.5/8.7.5) with SMTP id KAA05667 for <ietf-pkix@imc.org>; Wed, 2 Sep 1998 10:13:54 +0200 (MET DST) Message-Id: <3.0.3.32.19980902101429.0187f160@mail.cost.se> X-Sender: nada@mail.cost.se X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 02 Sep 1998 10:14:29 +0200 To: ietf-pkix@imc.org From: Nada Kapidzic Cicovic <nada@cost.se> Subject: For Option 2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id WAA08102 for ietf-pkix-bks; Tue, 1 Sep 1998 22:34:25 -0700 (PDT) Received: from relay2.elvis.ru (ss10.elvis.ru [194.190.192.34]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id WAA08098 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 22:34:22 -0700 (PDT) Received: by relay2.elvis.ru (8.8.5/1.24) id JAA19889; Wed, 2 Sep 1998 09:38:55 +0400 (MSK DST) Message-ID: <XFMail.980902093855.versed@elvis.ru> X-Mailer: XFMail 1.3 [p0] on Solaris X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Wed, 02 Sep 1998 09:38:55 +0400 (MSK DST) From: Pavel Krylov <versed@elvis.ru> To: ietf-pkix@imc.org Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id VAA25421 for ietf-pkix-bks; Tue, 1 Sep 1998 21:15:31 -0700 (PDT) Received: from mailer.Symantec.Com (mailer.symantec.com [198.6.49.176]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id VAA25417 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 21:15:30 -0700 (PDT) From: DGrawrock@symantec.com Received: from smtp-ima.symantec.com (host39-sub74.symantec.com [155.64.74.39]) by mailer.Symantec.Com (8.8.8/8.8.8) with ESMTP id VAA24786 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 21:18:25 -0700 (PDT) Received: from ccMail by smtp-ima.symantec.com (IMA Internet Exchange 3.1) id 00201118; Tue, 1 Sep 1998 21:17:59 -0700 Mime-Version: 1.0 Date: Tue, 1 Sep 1998 21:14:44 -0700 Message-ID: <00201118.C21288@symantec.com> To: ietf-pkix@imc.org Subject: option 2 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id TAA24963 for ietf-pkix-bks; Tue, 1 Sep 1998 19:38:21 -0700 (PDT) Received: from spyrus.com (prometheus.spyrus.com [209.66.65.49]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id TAA24959 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 19:38:19 -0700 (PDT) Received: from yuriy_nb.spyrus.com ([209.66.65.101]) by spyrus.com (8.7.6/8.7.3/arc) with SMTP id TAA26697 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 19:42:28 -0700 (PDT) From: "Yuriy Dzambasow" <ydzambasow@spyrus.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 22:44:42 -0400 Message-ID: <001e01bdd61b$a2db8b40$066c42d1@yuriy_nb.spyrus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA22960 for ietf-pkix-bks; Tue, 1 Sep 1998 16:20:11 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id QAA22956 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 16:20:10 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Tue, 01 Sep 1998 17:20:24 -0600 Message-Id: <s5ec2cd8.091@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Tue, 01 Sep 1998 17:20:10 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <ietf-pkix@imc.org>, <wpolk@nist.gov>, <BJUENEMAN@novell.com> Subject: Re: Straw Poll cACertificate & crossCertificatePairattributes- PKIX LDAPv2 schema I-D Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id QAA22957 Sender: owner-ietf-pkix@imc.org Precedence: bulk I'm still on the fence, and trying to decide between the two options. But why is a binary decision necessary? If I understand Tim's points, option 2 is a superset of option 1, and a significant number of clients only support option 2. Option 1, however, is at least arguably superior from a network and directory performance standpoint, although I am still very confused about exactly who defines a "domain" and how the relying party is supposed to intuit what "local choice" some CA made. Would a viable compromise position be to support option 2 as the initial direction, and to transition to option 1 at some later point in time, say 36 months from now, assuming further work clearly establishes that option 1 is completely workable? My directory guys assure me that the directory is effectively neutral in this, except for the possible performance issues. So all that has to happen is for CAs to stop populating the crossCertificate pair. Is that correct? On the other hand, does this give rise to a worst of both worlds case from the perspective of the client software complexity? Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id QAA22879 for ietf-pkix-bks; Tue, 1 Sep 1998 16:12:52 -0700 (PDT) Received: from aum.proper.com (ts011d20.cup-ca.concentric.net [209.31.12.32]) by mail.proper.com (8.8.8/8.8.5) with SMTP id QAA22874 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 16:12:49 -0700 (PDT) Message-Id: <199809012312.QAA22874@mail.proper.com> X-Sender: phoffman@mail.imc.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 01 Sep 1998 09:01:49 -0700 To: ietf-pkix@imc.org From: Paul Hoffman / IMC <phoffman@imc.org> Subject: For Option 2 In-Reply-To: <3.0.2.32.19980901133954.00a76a30@csmes.ncsl.nist.gov> References: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk --Paul Hoffman, Director --Internet Mail Consortium Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22266 for ietf-pkix-bks; Tue, 1 Sep 1998 14:58:03 -0700 (PDT) Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22262 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:58:03 -0700 (PDT) Received: by mail4.microsoft.com with Internet Mail Service (5.5.2232.9) id <RWP6XMJM>; Tue, 1 Sep 1998 15:02:12 -0700 Message-ID: <2F2DC5CE035DD1118C8E00805FFE354C0509BA3E@RED-MSG-56> From: Trevor Freeman <trevorf@microsoft.com> To: "Pkix List (E-mail)" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 15:02:05 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22248 for ietf-pkix-bks; Tue, 1 Sep 1998 14:56:13 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22244 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:56:12 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SAKHKX5N>; Tue, 1 Sep 1998 18:00:16 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D210@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 18:00:13 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk For option 1 Santosh Chokhani CygnaCom Solutions, Inc. 7927 Jones Branch Drive, Suite 100 West McLean, VA. 22102 (703) 848-0883 (voice) (703) 848-0960 (fax) chokhani@cygancom.com http://www.cygnacom.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22241 for ietf-pkix-bks; Tue, 1 Sep 1998 14:56:00 -0700 (PDT) Received: from louie.scs.carleton.ca (louie.scs.carleton.ca [134.117.5.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22237 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:55:58 -0700 (PDT) Received: from turing (turing [134.117.5.10]) by louie.scs.carleton.ca (96/30.01.97) with SMTP id SAA04115 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 18:00:00 -0400 (EDT) Received: from floyd by turing (5.x/SMI-SVR4) id AA03913; Tue, 1 Sep 1998 17:59:55 -0400 From: just@turing.scs.carleton.ca (Mike Just) Received: by floyd (5.x/Scs-1.0-client) id AA17259; Tue, 1 Sep 1998 17:59:54 -0400 Date: Tue, 1 Sep 1998 17:59:54 -0400 Message-Id: <9809012159.AA17259@floyd> To: ietf-pkix@imc.org Subject: For Option 2 X-Sun-Charset: US-ASCII Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22199 for ietf-pkix-bks; Tue, 1 Sep 1998 14:52:28 -0700 (PDT) Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22195 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:52:26 -0700 (PDT) Received: by WUHER with Internet Mail Service (5.0.1458.49) id <SAKHKXZ0>; Tue, 1 Sep 1998 17:56:29 -0400 Message-ID: <51BF55C30B4FD1118B4900207812701E16D20F@WUHER> From: Santosh Chokhani <chokhani@cygnacom.com> To: "'Stefan Santesson'" <stefan@accurata.se>, Sharon Boeyen <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Subject: RE: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Date: Tue, 1 Sep 1998 17:56:27 -0400 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk They are stored in caCertificate attribute of directory entry representing the subject (subscriber) CA. > -----Original Message----- > From: Stefan Santesson [SMTP:stefan@accurata.se] > Sent: Tuesday, September 01, 1998 3:54 PM > To: Sharon Boeyen; 'ietf-pkix@imc.org' > Cc: 'Santosh Chokhani' > Subject: Re: Straw Poll cACertificate & crossCertificatePair > attributes - PKIX LDAPv2 schema I-D > > I don't get this. > > In OPTION 1, where do I store certificates issued by this CA to CA:s > in the same domain???? > > It seems to be missing. > > /Stefan > > > At 11:10 AM 9/1/98 -0400, Sharon Boeyen wrote: > > > >Folks > > > >This is a straw poll on the use of the cACertificate and > >crossCertificatePair attributes in the PKIX LDAP schema draft. There > are 2 > >options, each of which received sufficient support during the Chicago > >meeting to require this straw poll to resolve the issue. Below is the > >specific text proposed for each option, followed by a summary of the > >rationale behind each of the proposals. The specific text for the > proposals > >and rationale summaries have been cooperatively drafted by Santosh > Chokhani, > >Dave Horvath and myself. > > > >Votes must be in by COB on Thursday Sept 3. This is the only > outstanding > >issue on this I-D following the 2 week last call so we should be able > to > >progress both the PKIX LDAPv2 protocol profile and PKIX LDAPv2 schema > >following this poll. > >. > >To vote, send an email to ietf-pkix@imc.org with one of the following > >subject lines: > > > >To vote for option 1put "For Option 1" in the subject line. > >To vote for option 2 put "For Option 2" in the subject line. > > > >As with the earlier polls conducted by Tim Polk on Part 1, don't > bother with > >a message body, I am just going to count the messages. Discussion of > the > >content of this message should reply to this message. > > > > > >PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: > >OPTION 1: > >---------------- > >The cACertificate attribute, held in a particular CA's directory > entry, > >shall be used to store certificates issued to this CA by CAs in the > same > >domain as this CA. In addition, the cACertificate attribute shall be > used to > >store self-issued certificates. > > > >The forward element of the crossCertificatePair attribute, held in a > >particular CA's directory entry, shall be used to store certificates > issued > >to this CA by CAs in other domains. Optionally, the reverse element > of the > >crossCertificatePair attribute, held in a particular CA's directory > entry, > >may contain certificates issued by this CA to CAs in other domains. > > > >In the case of V3 certificates, none of the above CA certificates may > >include a basicConstraints extension with the cA value set to FALSE. > > > >The definition of domain is purely a matter of local policy. > > > >OPTION 2: > >------------- > >The crossCertificatePair attribute, held in a particular CA's > directory > >entry, shall be used to store all certificates issued by this CA to > other > >CAs, as well as certificates issued for this CA by other CAs. Values > held in > >the forward element are certificates issued for this CA by other CAs, > while > >values in the reverse element are certificates issued by this CA for > other > >CAs. > > > >The cACertificate attribute, held in a particular CA's directory > entry, > >shall be used to store certificates issued to this CA by CAs in the > same > >domain as this CA. This set of certificates is a subset of the values > of the > >forward element of the crossCertificatePair attribute in the same CA > entry. > >In addition, the cACertificate attribute shall beused to store > self-issued > >certificates. > > > >The definition of domain is purely a matter of local policy. > > > >In the case of version 3 certificates, none of the above CA > certificates may > >include a basicConstraints extension with the cA value set to FALSE. > > > >SUMMARY OF RATIONALE FOR EACH OF THE OPTIONS: > >-------------------------------------------------------------------- > > > >RATIONALE FOR PROPOSING OPTION 1: > >-------------------------------------------------- > >The major advantage of this approach is that it minimizes the amount > of data > >retrieved from the directory. The approach improves the relying > party > >response time and minimizes network utilization. > > > >Another advantage of this approach over the alternative is that it > does not > >require the relying parties to separate the certificates stored in > >caCertificate attribute from those stored in the crossCertificatePair > >attribute. The clients may need to do this during path construction. > > > >Storing all the certificates in the crossCertificatePair attribute > and also > >storing some of the certificates in the caCertificate attribute, as > >described in the alternative, unnecessarily increases the number of > >certificates retrieved. The alternative will result in poorer > relying party > >response time and use network bandwidth unnecessarily. The > alternative will > >be particularly inefficient when a relying party is located remotely > from > >the repository/directory. > > > >A minor disadvantage of the alternative is that it requires the same > >information object (certificate) to be stored twice in a repository, > once in > >the caCertificate attribute and once in the crossCertificatePair > attribute. > >This increases he storage requirement on the directory. > > > > > >RATIONALE FOR PROPOSING OPTION 2: > >------------------------------------------------------------ > > > >Path development is a relying party process and the criteria for > selection > >of a 'preferred' set of certificates to enable efficiencies in that > process > >can vary according to the path discovery algorithm as well as from > one > >relying party to another, from one application to another, and on > other > >criteria as well. While a CA should optionally be able to provide > helpful > >hints to relying parties regarding the set of certificates the CA > expects to > >provide efficiencies, these may or may not match the requirements of > a > >relying party path discovery process. Relying parties will access CA > >directory entries frequently to retrieve certificates as input to a > >certification path development process and they should not be forced > to know > >whether or not a CA has published a set of its 'preferred' > certificates, > >nor should relying parties be required to take on the extra burden of > having > >to request filtering of multiple directory attributes to retrieve the > set of > >certificates which is preferred in their particular environment, > especially > >given that relying parties will often need this information from CAs > outside > >their own local Intranet. > > > >CAs should be given the option to publish a set of 'preferred' > certificates > >but should not be required to do so. Should a CA elect to publish > such a > >set, the criteria used by that CA to determine the bases of the > preference > >should be left to the discretion of each CA or each security domain. > The > >preference should not be necessarily tied to a predetermined > universal > >criterion such as a single PKI or 'internal domain', especially given > that a > >CA may be issued a certificate by any number of other CAs and may > therefore > >subscribe to many PKIs. > > > > > >------------------ > >Sharon Boeyen > >Entrust Technologies > > > >mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 > >http://www.entrust.com Fax: (613) 247-3690 > > > > > > > > > ------------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systemsäkerhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malmö Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > > PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 > ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22157 for ietf-pkix-bks; Tue, 1 Sep 1998 14:46:11 -0700 (PDT) Received: from caladan.verisign.com (caladan.verisign.com [205.180.232.21]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA22153 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:46:10 -0700 (PDT) Received: from mentat.verisign.com by caladan.verisign.com (8.8.5/BCH1.5) id OAA04459; Tue, 1 Sep 1998 14:48:30 -0700 (PDT) Received: from mmyers-pc.verisign.com by mentat.verisign.com (8.8.5/BCH1.0) id OAA09078; Tue, 1 Sep 1998 14:50:15 -0700 (PDT) Message-Id: <3.0.32.19980901145013.00683c4c@mail.verisign.com> X-Sender: mmyers@mail.verisign.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 01 Sep 1998 14:50:18 -0700 To: ietf-pkix@imc.org From: Michael Myers <mmyers@verisign.com> Subject: For Option 1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA22067 for ietf-pkix-bks; Tue, 1 Sep 1998 14:37:38 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id OAA22063 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:37:37 -0700 (PDT) Received: from East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id OAA08469 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:41:46 -0700 Received: from suneast.East.Sun.COM by East.Sun.COM (SMI-8.6/SMI-5.3) id RAA28723; Tue, 1 Sep 1998 17:41:41 -0400 Received: from bcn.East.Sun.COM by suneast.East.Sun.COM (SMI-8.6/SMI-SVR4) id RAA01584; Tue, 1 Sep 1998 17:41:43 -0400 Received: from east.sun.com by bcn.East.Sun.COM (SMI-8.6/SMI-SVR4) id RAA17370; Tue, 1 Sep 1998 17:41:40 -0400 Message-ID: <35EC6A15.F94799D9@east.sun.com> Date: Tue, 01 Sep 1998 17:41:41 -0400 From: Sean Mullan <mullan@East.Sun.COM> Organization: Sun Microsystems X-Mailer: Mozilla 4.5b1 [en] (X11; U; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA21256 for ietf-pkix-bks; Tue, 1 Sep 1998 14:28:24 -0700 (PDT) Received: from spacenet.com.br (saturno.spacenet.com.br [200.255.100.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA21252 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:28:20 -0700 (PDT) Received: from spacenet.com.br (lagoa.spacenet.com.br [200.255.243.65]) by spacenet.com.br (8.8.4/SMI-SVR4) id SAA00630; Tue, 1 Sep 1998 18:18:41 -0300 (EST) X-Sender: lagoa.spacenet.com.br [200.255.243.65] Message-ID: <35EC6800.784BFAE3@spacenet.com.br> Date: Tue, 01 Sep 1998 18:32:48 -0300 From: Eduardo Rosemberg de Moura <eduardor@spacenet.com.br> Reply-To: eduardor@iname.com X-Mailer: Mozilla 4.06 [en] (Win95; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- Eduardo Rosemberg de Moura mailto:eduardor@iname.com (eduardor@spacenet.com.br) Phone: +55 21 521-0120 (voice) +55 21 523-4499 (fax) Mobile:+55 21 9985-7934 ICQ: 6365858 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA21166 for ietf-pkix-bks; Tue, 1 Sep 1998 14:17:29 -0700 (PDT) Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA21162 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:17:28 -0700 (PDT) Received: by mail4.microsoft.com with Internet Mail Service (5.5.2232.9) id <RWP6XHA8>; Tue, 1 Sep 1998 14:21:33 -0700 Message-ID: <39ADCF833E74D111A2D700805F1951EF056B9D4A@RED-MSG-06> From: Brian LaMacchia <bal@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 14:21:30 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20962 for ietf-pkix-bks; Tue, 1 Sep 1998 13:51:24 -0700 (PDT) Received: from mtahqs2.ncr.disa.mil (mtahqs2.ncr.disa.mil [164.117.144.158]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20957 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:51:23 -0700 (PDT) Received: by mtahqs2.ncr.disa.mil with Internet Mail Service (5.0.1460.8) id <R503HD5B>; Tue, 1 Sep 1998 20:55:56 -0000 Message-ID: <5E15A94A31EED011BF9F0060970BACBC123E27@mtapkr1.ncr.disa.mil> From: "Adkins, Sherrill" <AdkinsS@ncr.disa.mil> To: ietf-pkix@imc.org Subject: For Option 1 Date: Tue, 1 Sep 1998 20:55:47 -0000 Importance: low X-Priority: 5 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20951 for ietf-pkix-bks; Tue, 1 Sep 1998 13:50:49 -0700 (PDT) Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20947 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:50:48 -0700 (PDT) Received: by INET-IMC-01 with Internet Mail Service (5.5.2232.9) id <RWPXN6PY>; Tue, 1 Sep 1998 13:54:57 -0700 Message-ID: <4FD6422BE942D111908D00805F3158DF055136F3@RED-MSG-52> From: Barb Fox <bfox@microsoft.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: for Option 1 Date: Tue, 1 Sep 1998 13:54:51 -0700 X-Mailer: Internet Mail Service (5.5.2232.9) Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20939 for ietf-pkix-bks; Tue, 1 Sep 1998 13:49:06 -0700 (PDT) Received: from ultraman.ilan.net (ultraman.ilan.net [207.211.122.35]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20935 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:49:03 -0700 (PDT) Received: from secantnet.com ([207.211.125.5]) by ultraman.ilan.net (Post.Office MTA v3.1.2 release (PO203-101c) ID# 610-52672U600L100S0V35) with SMTP id AAA5949 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 16:45:31 -0400 Received: from secantnet.com by secantnet.com (SMI-8.6/SMI-SVR4) id QAA06759; Tue, 1 Sep 1998 16:53:36 -0400 Message-ID: <35EC5ED4.B40E1161@secantnet.com> Date: Tue, 01 Sep 1998 16:53:40 -0400 From: Greg Byrd <gbyrd@cow.secantnet.com> Organization: SECANT Network Technologies X-Mailer: Mozilla 4.03 [en] (X11; U; SunOS 5.6 sun4u) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: for option 2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- Greg Byrd gbyrd@secantnet.com SECANT Network Technologies, Inc. 919-462-1900 x229 P.O. Box 14285 919-462-1933 (fax) Research Triangle Park, NC 27709 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20554 for ietf-pkix-bks; Tue, 1 Sep 1998 13:02:41 -0700 (PDT) Received: from chopin.digsigtrust.com (chopin.digsigtrust.com [208.30.64.66]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20550 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:02:40 -0700 (PDT) Received: from digsigtrust.com (rfwdesktop.digsigtrust.com [208.30.64.114]) by chopin.digsigtrust.com (8.9.1/8.9.1) with ESMTP id OAA01554 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:06:48 -0600 (MDT) Message-ID: <35EC5997.85FEC582@digsigtrust.com> Date: Tue, 01 Sep 1998 14:31:19 -0600 From: "Russel F. Weiser" <rweiser@digsigtrust.com> X-Mailer: Mozilla 4.05 [en] (WinNT; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: multipart/mixed; boundary="------------C201775B051242826227D678" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------C201775B051242826227D678 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------C201775B051242826227D678 Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Russel Weiser Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Russel Weiser n: Weiser;Russel org: DST email;internet: rweiser@DigSigTrust.COm x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------C201775B051242826227D678-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20474 for ietf-pkix-bks; Tue, 1 Sep 1998 12:51:51 -0700 (PDT) Received: from maild.telia.com (root@maild.telia.com [194.22.190.3]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA20470 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:51:47 -0700 (PDT) Received: from stefans (t2o68p112.telia.com [62.20.138.232]) by maild.telia.com (8.8.8/8.8.8) with SMTP id VAA14836; Tue, 1 Sep 1998 21:55:47 +0200 (CEST) Message-Id: <3.0.32.19980901215234.009dd940@m1.403.telia.com> X-Sender: u40400192@m1.403.telia.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 01 Sep 1998 21:53:35 +0200 To: Sharon Boeyen <sharon.boeyen@entrust.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Stefan Santesson <stefan@accurata.se> Subject: Re: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Cc: "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id MAA20471 Sender: owner-ietf-pkix@imc.org Precedence: bulk I don't get this. In OPTION 1, where do I store certificates issued by this CA to CA:s in the same domain???? It seems to be missing. /Stefan At 11:10 AM 9/1/98 -0400, Sharon Boeyen wrote: > >Folks > >This is a straw poll on the use of the cACertificate and >crossCertificatePair attributes in the PKIX LDAP schema draft. There are 2 >options, each of which received sufficient support during the Chicago >meeting to require this straw poll to resolve the issue. Below is the >specific text proposed for each option, followed by a summary of the >rationale behind each of the proposals. The specific text for the proposals >and rationale summaries have been cooperatively drafted by Santosh Chokhani, >Dave Horvath and myself. > >Votes must be in by COB on Thursday Sept 3. This is the only outstanding >issue on this I-D following the 2 week last call so we should be able to >progress both the PKIX LDAPv2 protocol profile and PKIX LDAPv2 schema >following this poll. >. >To vote, send an email to ietf-pkix@imc.org with one of the following >subject lines: > >To vote for option 1put "For Option 1" in the subject line. >To vote for option 2 put "For Option 2" in the subject line. > >As with the earlier polls conducted by Tim Polk on Part 1, don't bother with >a message body, I am just going to count the messages. Discussion of the >content of this message should reply to this message. > > >PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: >OPTION 1: >---------------- >The cACertificate attribute, held in a particular CA's directory entry, >shall be used to store certificates issued to this CA by CAs in the same >domain as this CA. In addition, the cACertificate attribute shall be used to >store self-issued certificates. > >The forward element of the crossCertificatePair attribute, held in a >particular CA's directory entry, shall be used to store certificates issued >to this CA by CAs in other domains. Optionally, the reverse element of the >crossCertificatePair attribute, held in a particular CA's directory entry, >may contain certificates issued by this CA to CAs in other domains. > >In the case of V3 certificates, none of the above CA certificates may >include a basicConstraints extension with the cA value set to FALSE. > >The definition of domain is purely a matter of local policy. > >OPTION 2: >------------- >The crossCertificatePair attribute, held in a particular CA's directory >entry, shall be used to store all certificates issued by this CA to other >CAs, as well as certificates issued for this CA by other CAs. Values held in >the forward element are certificates issued for this CA by other CAs, while >values in the reverse element are certificates issued by this CA for other >CAs. > >The cACertificate attribute, held in a particular CA's directory entry, >shall be used to store certificates issued to this CA by CAs in the same >domain as this CA. This set of certificates is a subset of the values of the >forward element of the crossCertificatePair attribute in the same CA entry. >In addition, the cACertificate attribute shall beused to store self-issued >certificates. > >The definition of domain is purely a matter of local policy. > >In the case of version 3 certificates, none of the above CA certificates may >include a basicConstraints extension with the cA value set to FALSE. > >SUMMARY OF RATIONALE FOR EACH OF THE OPTIONS: >-------------------------------------------------------------------- > >RATIONALE FOR PROPOSING OPTION 1: >-------------------------------------------------- >The major advantage of this approach is that it minimizes the amount of data >retrieved from the directory. The approach improves the relying party >response time and minimizes network utilization. > >Another advantage of this approach over the alternative is that it does not >require the relying parties to separate the certificates stored in >caCertificate attribute from those stored in the crossCertificatePair >attribute. The clients may need to do this during path construction. > >Storing all the certificates in the crossCertificatePair attribute and also >storing some of the certificates in the caCertificate attribute, as >described in the alternative, unnecessarily increases the number of >certificates retrieved. The alternative will result in poorer relying party >response time and use network bandwidth unnecessarily. The alternative will >be particularly inefficient when a relying party is located remotely from >the repository/directory. > >A minor disadvantage of the alternative is that it requires the same >information object (certificate) to be stored twice in a repository, once in >the caCertificate attribute and once in the crossCertificatePair attribute. >This increases he storage requirement on the directory. > > >RATIONALE FOR PROPOSING OPTION 2: >------------------------------------------------------------ > >Path development is a relying party process and the criteria for selection >of a 'preferred' set of certificates to enable efficiencies in that process >can vary according to the path discovery algorithm as well as from one >relying party to another, from one application to another, and on other >criteria as well. While a CA should optionally be able to provide helpful >hints to relying parties regarding the set of certificates the CA expects to >provide efficiencies, these may or may not match the requirements of a >relying party path discovery process. Relying parties will access CA >directory entries frequently to retrieve certificates as input to a >certification path development process and they should not be forced to know >whether or not a CA has published a set of its 'preferred' certificates, >nor should relying parties be required to take on the extra burden of having >to request filtering of multiple directory attributes to retrieve the set of >certificates which is preferred in their particular environment, especially >given that relying parties will often need this information from CAs outside >their own local Intranet. > >CAs should be given the option to publish a set of 'preferred' certificates >but should not be required to do so. Should a CA elect to publish such a >set, the criteria used by that CA to determine the bases of the preference >should be left to the discretion of each CA or each security domain. The >preference should not be necessarily tied to a predetermined universal >criterion such as a single PKI or 'internal domain', especially given that a >CA may be issued a certificate by any number of other CAs and may therefore >subscribe to many PKIs. > > >------------------ >Sharon Boeyen >Entrust Technologies > >mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 >http://www.entrust.com Fax: (613) 247-3690 > > > > ------------------------------------------------------------------- Stefan Santesson <stefan@accurata.se> Accurata Systemsäkerhet AB Lotsgatan 27 D Tel. +46-40 152211 216 42 Malmö Fax. +46-40 150790 Sweden Mobile +46-70 5247799 PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0 ------------------------------------------------------------------- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20428 for ietf-pkix-bks; Tue, 1 Sep 1998 12:44:44 -0700 (PDT) Received: from fw.ssb.it (fw.ssb.it [192.106.128.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20424 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:44:40 -0700 (PDT) Received: from notesmail.ssb.it (domino.ssb.it [192.168.19.5]) by ns.ssb.it (8.8.5/8.7.3) with SMTP id XAA26047 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 23:45:55 +0200 (CEST) Received: by notesmail.ssb.it(Lotus SMTP MTA v4.6.1 (569.2 2-6-1998)) id C1256672.006D747B ; Tue, 1 Sep 1998 21:55:32 +0200 X-Lotus-FromDomain: SSB From: "Fabio Omenigrandi" <Omenigrandi@ssb.it> To: ietf-pkix@imc.org Message-ID: <C1256672.006B44A7.00@notesmail.ssb.it> Date: Tue, 1 Sep 1998 21:32:35 +0200 Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20329 for ietf-pkix-bks; Tue, 1 Sep 1998 12:37:15 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20325 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:37:13 -0700 (PDT) Received: id PAA27010; Tue, 1 Sep 1998 15:38:44 -0400 Received: by gateway id <RNJC0ZXX>; Tue, 1 Sep 1998 15:35:52 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50C515D3@sothmxs01.entrust.com> From: Ron Chittaro <ron.chittaro@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 1 Sep 1998 15:35:44 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20095 for ietf-pkix-bks; Tue, 1 Sep 1998 12:08:59 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20091 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:08:56 -0700 (PDT) Received: id PAA23359; Tue, 1 Sep 1998 15:09:38 -0400 Received: by gateway id <RNJC0ZSP>; Tue, 1 Sep 1998 15:06:46 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50017890AC@sothmxs01.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org>, "'Tim Polk'" <wpolk@nist.gov>, "'BJUENEMAN@novell.com'" <BJUENEMAN@novell.com> Subject: RE: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Date: Tue, 1 Sep 1998 15:06:36 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, Here's my two cents (which, at the current exchange rate, is worth considerably less than Tim's two cents...). > ---------- > From: Tim Polk[SMTP:wpolk@nist.gov] > Sent: Tuesday, September 01, 1998 1:39 PM > To: 'ietf-pkix@imc.org' > Subject: Re: Straw Poll cACertificate & crossCertificatePair > attributes - PKIX LDAPv2 schema I-D > > In case anyone is interested, here's my two cents worth... > ... > I prefer option #2, but for rather pragmatic reasons. There are two large > pools of PKI clients. These two groups were designed independently, and > the implementers made different assumptions. If we choose option #1, we > break one group of clients. HOWEVER, if we choose option #2, both sets of > clients will work - and will be interoperable! > > Since a technically viable solution exists that doesn't break any existing > clients and actually makes them interoperable, that is my preference. > This sort of reasoning (*especially* within the IETF community) seems sufficiently strong that I wonder why in the world we need a straw poll at all. It meets every conceivable definition of "rough consensus and running code" and "interoperability above non-interoperability", which are the two golden rules of this community. Within an *IETF* Working Group, is there any defensible basis for choosing another option that does not have these properties? Carlisle. P.S., Bob, I share your concern for the definition of a domain being left up to "local policy". What exactly is the definition of "local"? Does this mean local to the CA whose entry we're considering? If so, then if I am certified by another CA, how do I know whether or not I'm in that first CA's "domain" (i.e., how do I know what it "locally" defined its domain to be)? Therefore, how do I know whether or not to look in the caCertificate attribute? Again, it seems to me that option 2 nicely (and completely) solves this problem: if I somehow (magically) know that I'm in that CA's domain, then I can retrieve certificates from the caCertificate attribute; otherwise, I can retrieve certificates from the crossCertificatePair attribute. Both methods are guaranteed to work. Option 1, on the other hand, works on the underlying assumption that everybody knows (a priori) what domain they're in. Given that there is no universal definition for "domain" (i.e., that it is only defined "locally"), it is not at all obvious how to ensure this. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20090 for ietf-pkix-bks; Tue, 1 Sep 1998 12:08:55 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id MAA20086 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:08:54 -0700 (PDT) Received: id PAA23418; Tue, 1 Sep 1998 15:10:18 -0400 Received: by gateway id <RNJC0ZST>; Tue, 1 Sep 1998 15:07:26 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50017890AD@sothmxs01.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: ietf-pkix@imc.org Subject: For Option 2 Date: Tue, 1 Sep 1998 15:07:25 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id MAA20051 for ietf-pkix-bks; Tue, 1 Sep 1998 12:03:04 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id MAA20047 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 12:03:03 -0700 (PDT) Received: from chromatix.com (whiteoak.chromatix.com [207.97.115.5]) by chromatix.com (8.8.8/8.8.8) with ESMTP id PAA06735 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:07:10 -0400 (EDT) (envelope-from dave@chromatix.com) Message-ID: <35EC45DB.C33A3300@chromatix.com> Date: Tue, 01 Sep 1998 15:07:07 -0400 From: Dave Horvath <dave@chromatix.com> Organization: Chromatix Inc. X-Mailer: Mozilla 4.04 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- ================================================ _/_/_/ David J. Horvath _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | dave@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19990 for ietf-pkix-bks; Tue, 1 Sep 1998 11:59:18 -0700 (PDT) Received: from relay1.UU.NET (relay1.UU.NET [192.48.96.5]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19986 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:59:17 -0700 (PDT) Received: from exchng-fairfax.p-e-c.com by relay1.UU.NET with ESMTP (peer crosschecked as: [204.254.216.13]) id QQfezk12448; Tue, 1 Sep 1998 15:03:22 -0400 (EDT) Received: by exchang-fairfax.pec.com with Internet Mail Service (5.0.1460.8) id <RZYRA0CT>; Tue, 1 Sep 1998 15:05:27 -0400 Message-ID: <3C7EABA3F6F1D1118FD90008C7F450FD5EAD3D@exchang-fairfax.pec.com> From: MHenry <MHenry@pec.com> To: ietf-pkix@imc.org Subject: for option 2 Date: Tue, 1 Sep 1998 15:05:25 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19970 for ietf-pkix-bks; Tue, 1 Sep 1998 11:56:58 -0700 (PDT) Received: from stingray.missi.ncsc.mil ([144.51.52.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19966 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:56:57 -0700 (PDT) Received: from stingray.missi.ncsc.mil (root@localhost) by stingray.missi.ncsc.mil with ESMTP id PAA22769 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:00:56 -0400 (EDT) Received: from missi.ncsc.mil (depot.missi.ncsc.mil [144.51.60.1]) by stingray.missi.ncsc.mil with ESMTP id PAA22763 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:00:55 -0400 (EDT) Received: from mimesweeper.missi.ncsc.mil (mimesweeper.missi.ncsc.mil [144.51.60.2]) by missi.ncsc.mil (8.8.8/8.8.8) with ESMTP id PAA14818 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 15:00:19 -0400 (EDT) Received: from avenger.missi.ncsc.mil (unverified) by mimesweeper.missi.ncsc.mil (Content Technologies SMTPRS 2.0.15) with SMTP id <B0000256056@mimesweeper.missi.ncsc.mil> for <ietf-pkix@imc.org>; Tue, 01 Sep 1998 15:01:51 -0400 Received: by avenger.missi.ncsc.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BDD5B9.733EE650@avenger.missi.ncsc.mil>; Tue, 1 Sep 1998 15:01:51 -0400 Message-Id: <c=US%a=_%p=ExchangeNSA%l=AVENGER-980901190150Z-30002@avenger.missi.ncsc.mil> From: "Fillingham, David W." <dwfilli@missi.ncsc.mil> To: "'IETF/PKIX'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 15:01:50 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19925 for ietf-pkix-bks; Tue, 1 Sep 1998 11:47:27 -0700 (PDT) Received: from mail0.sse.ie (mail0.sse.ie [193.120.32.47]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA19921 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:47:25 -0700 (PDT) Received: from mail2.sse.ie by mail0.sse.ie; Tue, 1 Sep 1998 19:51:30 +0100 Received: from mail0.sse.ie (unverified [193.120.32.47]) by mail2.sse.ie (Integralis SMTPRS 2.04) with ESMTP id <B0000323104@mail2.sse.ie>; Tue, 01 Sep 1998 19:51:21 +0100 Received: from baboo.sse.ie (farrell@baboo.sse.ie [193.120.32.109]) by mail0.sse.ie (8.9.1a/8.9.1) with ESMTP id TAA07273 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 19:51:19 +0100 (BST) Message-Id: <199809011851.TAA07273@mail0.sse.ie> X-Mailer: exmh version 1.6.9 8/22/96 Reply-To: Stephen.Farrell@sse.ie To: ietf-pkix@imc.org Subject: For Option 2 From: Stephen Farrell <stephen.farrell@sse.ie> MIME-Version: 1.0 Date: Tue, 01 Sep 1998 19:52:09 +0100 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19878 for ietf-pkix-bks; Tue, 1 Sep 1998 11:38:52 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19874 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:38:51 -0700 (PDT) Received: from chromatix.com (poplar.chromatix.com [207.97.115.14]) by chromatix.com (8.8.8/8.8.8) with ESMTP id OAA06632 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:42:57 -0400 (EDT) (envelope-from mike@chromatix.com) Message-ID: <35EC4050.7C99987F@chromatix.com> Date: Tue, 01 Sep 1998 14:43:28 -0400 From: Michael Maloney <mike@chromatix.com> X-Mailer: Mozilla 4.05 [en] (WinNT; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: multipart/mixed; boundary="------------10B5479D1700C8A1FFAC998E" Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. --------------10B5479D1700C8A1FFAC998E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------10B5479D1700C8A1FFAC998E Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Mike Maloney Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Mike Maloney n: Maloney;Mike org: Chromatix, Inc adr: 10451 Twin Rivers Road;;Suite 265;Columbia;MD;21044;USA email;internet: mike@chromatix.com title: Senior Engineer tel;work: 301 596-8466 tel;fax: 410 997-4306 x-mozilla-cpt: ;0 x-mozilla-html: TRUE version: 2.1 end: vcard --------------10B5479D1700C8A1FFAC998E-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19820 for ietf-pkix-bks; Tue, 1 Sep 1998 11:35:01 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id LAA19816 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:35:00 -0700 (PDT) Received: id OAA19092; Tue, 1 Sep 1998 14:36:01 -0400 Received: by gateway id <RNJC0ZNA>; Tue, 1 Sep 1998 14:33:07 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F500139AFC3@sothmxs01.entrust.com> From: Robert Zuccherato <robert.zuccherato@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 2 Date: Tue, 1 Sep 1998 14:33:05 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19706 for ietf-pkix-bks; Tue, 1 Sep 1998 11:23:55 -0700 (PDT) Received: from inetgw.fs.lmco.com (inetgw.fs.lmco.com [204.177.125.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19702 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:23:53 -0700 (PDT) Received: (from mail@localhost) by inetgw.fs.lmco.com (AIX4.2/UCB 8.7/8.7) id OAA33110 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:28:26 -0400 (EDT) Received: from dmsman.man.fs.lmco.com(158.187.195.16) by inetgw.fs.lmco.com via smap (V2.0) id xma075892; Tue, 1 Sep 98 14:27:58 -0400 Received: by dmsman.man.fs.lmco.com with Internet Mail Service (5.5.2232.9) id <RQDKB2NB>; Tue, 1 Sep 1998 14:26:58 -0400 Message-ID: <E1F508DF1910D1118BCB000083B11B7F46B2C1@dmsman.man.fs.lmco.com> From: "Rogers III, Edward B." <ed.rogers@lmco.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 14:26:56 -0400 Importance: low X-Priority: 5 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk R/ Ed Technical Lead, DMS Security Evolution Lockheed Martin Federal Systems Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19574 for ietf-pkix-bks; Tue, 1 Sep 1998 11:06:39 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19570 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:06:38 -0700 (PDT) Received: from cedar.chromatix.com (cedar.chromatix.com [207.97.115.12]) by chromatix.com (8.8.8/8.8.8) with SMTP id OAA06514; Tue, 1 Sep 1998 14:10:42 -0400 (EDT) (envelope-from Steven.Peterson@Chromatix.com) Message-ID: <018201bdd5d4$10ca0520$0c7361cf@cedar.chromatix.com> From: "Steven (Pete) Peterson" <Steven.Peterson@chromatix.com> To: <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 14:12:22 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_017F_01BDD5B2.89B86520" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-ietf-pkix@imc.org Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_017F_01BDD5B2.89B86520 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_017F_01BDD5B2.89B86520 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN"> <HTML> <HEAD> <META content=3Dtext/html;charset=3Diso-8859-1 = http-equiv=3DContent-Type> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR> </HEAD> <BODY bgColor=3D#ffffff> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_017F_01BDD5B2.89B86520-- Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19563 for ietf-pkix-bks; Tue, 1 Sep 1998 11:05:08 -0700 (PDT) Received: from chromatix.com (chromatix.com [207.97.115.2]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19559 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:05:04 -0700 (PDT) Received: from chromatix.com (kapok.chromatix.com [207.97.115.37]) by chromatix.com (8.8.8/8.8.8) with ESMTP id OAA06501 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:09:07 -0400 (EDT) (envelope-from tom@chromatix.com) Message-ID: <35EC3928.1172461C@chromatix.com> Date: Tue, 01 Sep 1998 14:12:56 -0400 From: Thomas Llanso <tom@chromatix.com> X-Mailer: Mozilla 4.06 [en] (Win95; I) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk -- _/_/_/ Thomas H. Llanso _/ _/ _/ _/ Chromatix, Inc. _/ _/ _/ 10451 Twin Rivers Road, Suite 265 _/ _/_/ Columbia, MD 21044 _/ _/ _/_/ Phone: (301) 596-8466 | http://www.chromatix.com _/_/_/ _/ _/ Fax: (410) 997-4306 | tom_llanso@chromatix.com Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id LAA19529 for ietf-pkix-bks; Tue, 1 Sep 1998 11:03:15 -0700 (PDT) Received: from hq.vni.net (hq.vni.net [205.252.27.1]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id LAA19524 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 11:03:12 -0700 (PDT) Received: from ieca.com (nova-aaa-061.vni.net [205.177.115.61]) by hq.vni.net (8.8.8/8.8.5) with ESMTP id OAA10687 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 14:07:49 -0400 (EDT) Message-ID: <35EC37AE.B0138842@ieca.com> Date: Tue, 01 Sep 1998 14:06:38 -0400 From: Sean Turner <turners@ieca.com> Organization: IECA, Inc. X-Mailer: Mozilla 4.06 [en] (Win98; U) MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: For Option 1 References: <199809011751.NAA17303@ajsn101.jgvandyke.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19400 for ietf-pkix-bks; Tue, 1 Sep 1998 10:53:33 -0700 (PDT) Received: from hq.ljl.COM (hq.ljl.com [206.151.234.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19394 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:53:28 -0700 (PDT) Received: from larry.ljl.com by hq.ljl.COM. with smtp id aa23343; Tue, 1 Sep 1998 12:58:23 -0500 Received: by localhost with Microsoft MAPI; Tue, 1 Sep 1998 12:58:07 -0500 Message-ID: <01BDD5A8.29E77AA0.larry@ljl.com> From: Larry Layten <larry@ljl.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: For Option 1 Date: Tue, 1 Sep 1998 12:58:05 -0500 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19364 for ietf-pkix-bks; Tue, 1 Sep 1998 10:50:49 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19360 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:50:48 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Tue, 01 Sep 1998 11:51:07 -0600 Message-Id: <s5ebdfab.090@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Tue, 01 Sep 1998 11:51:01 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <ietf-pkix@imc.org>, <wpolk@nist.gov> Subject: Re: Straw Poll cACertificate & crossCertificatePair attributes- PKIX LDAPv2 schema I-D Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id KAA19361 Sender: owner-ietf-pkix@imc.org Precedence: bulk I am inclined to support option 1, because it seems simpler.. However, I am concerned that the definition of the domain is left up to local policy. If "domain " referred to the chain of certificates that could be validated by climbing the subject to issuer chain within the certificates, I think it would be much cleaner. As it stands, I'm not quite sure that I understand how to construct a path search algorithm in either of the two proposals, so I guess I need to stare at it harder. I understand Tim's pragmatic argument, but I'm not convinced that the number of applications actually using LDAP to retrieve certificates is so large that this is an overwhelming reason to go one way or the other. In absolute numbers, what are we talking about? Bob >>> Tim Polk <wpolk@nist.gov> 09/01 11:39 AM >>> In case anyone is interested, here's my two cents worth... The LDAP straw poll message concentrates on the technical rationale behind each of the two options. In fact, each is a technically sound proposal. Option #1 is more elegant since there is no redundant data. Option #2 is a little more flexible, but clients may incur a performance hit when building infrequently used paths. IMHO, it's a wash. I prefer option #2, but for rather pragmatic reasons. There are two large pools of PKI clients. These two groups were designed independently, and the implementers made different assumptions. If we choose option #1, we break one group of clients. HOWEVER, if we choose option #2, both sets of clients will work - and will be interoperable! Since a technically viable solution exists that doesn't break any existing clients and actually makes them interoperable, that is my preference. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19335 for ietf-pkix-bks; Tue, 1 Sep 1998 10:44:44 -0700 (PDT) Received: from apollo.jgvandyke.com (apollo.jgvandyke.com [158.189.10.100]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id KAA19330 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:44:43 -0700 (PDT) Received: from ajsn101.jgvandyke.com (ajsn101.jgvandyke.com [158.189.2.101]) by apollo.jgvandyke.com (8.8.8/8.8.8) with SMTP id NAA09240 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:52:46 -0400 (EDT) Received: from ajpc81 by ajsn101.jgvandyke.com (SMI-8.6/SMI-SVR4) id NAA17303; Tue, 1 Sep 1998 13:51:23 -0400 Date: Tue, 1 Sep 1998 13:51:23 -0400 Message-Id: <199809011751.NAA17303@ajsn101.jgvandyke.com> X-Sender: jsp@ajsn101 X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: ietf-pkix@imc.org From: jsp@jgvandyke.com (John Pawling) Subject: For Option 1 Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19270 for ietf-pkix-bks; Tue, 1 Sep 1998 10:35:35 -0700 (PDT) Received: from ORM-BBWEB.orem.novell.com (orm-bbweb.orem.novell.com [151.155.134.147]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19266 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:35:34 -0700 (PDT) Received: from GATEWAYS-Message_Server by ORM-BBWEB.orem.novell.com with Novell_GroupWise; Tue, 01 Sep 1998 11:35:47 -0600 Message-Id: <s5ebdc13.048@ORM-BBWEB.orem.novell.com> X-Mailer: Novell GroupWise 5.5 Date: Tue, 01 Sep 1998 11:35:15 -0600 From: "Bob Jueneman" <BJUENEMAN@novell.com> To: <stefan@accurata.se>, <aram@apple.com> Cc: <ietf-pkix@imc.org> Subject: Re: Digital signature and non-repudiation key usage bits Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id KAA19267 Sender: owner-ietf-pkix@imc.org Precedence: bulk Hi, Aram, I'll try to respond to some of your points to clarify what I meant, although in some cases I suspect we may agree to disagree. >>I believe that we can agree on at least two things: Maybe not! >> >>1. The Digital Signature key usage is an important indicator in those >>environments where key strength may be limited and/or key escrow >>required, _except_ for keys whose usage can be proven to be restricted >>to benign applications, e.g., digital signatures. (Actually proving that >>to the satisfaction of the export/import/use authorities isn't all that easy, >>especially in a general-purpose API environment, but the PKIX group >>doesn't need to concern themselves with those kinds of details.) > >I do not think that key usage should be tied to any key strength and/or key >escrow requirements. There are many valid *security* reasons to limit how a key >is used. I certainly agree with your second sentence, and am not trying to tie key usage to key strength and/or key escrow requirements. But for those of us who are delivering software to international markets, notably including France, Russia, Singapore, and some other countries, key escrow is a fact of life that is quite independent of what you or I, or for that matter what the US Government thinks of it. It's true that the originator is primarily concerned with the _private_ key, not the public key or the certificate. But I disagree with whoever suggested that the application would have to parse the certificate to understand the key usage restriction. It is much more likely that the key pair is typed once and for all at the time of its creation, and that the application or operating system therefore knows the kinds of operation that the key can be used for from the type that is bound to it, and has to enforce those limitations on the key usage. Including the key usage in the certificate is therefore merely reflecting the already existing restrictions on the private key, so that someone won't try to use the public key in the certificate for encryption, since the recipient wouldn't be able to read it. (Note that by saying this I don't mean to imply that there are other perfectly valid reasons why the owner of the DS key doesn't want it used for encryption as well. So I'm not limiting the use of the DS bit to this purpose exclusively.) > >> >>2. There is a strong desire to have the Non-Repudiation bit serve as >>an indication of a conscious, volitional act that may have significant >>legal consequences. > >Does this mean that unless there is *always* "a conscious, volitional act" >Non-Repudiation can never occur? Well, from a legal standpoint as I understand it, non-repudiation is an oxymoron, since a contract or other apparent agreement can always be repudiated by showing that compulsion or force was used, that the signer was not mentally and legally competent (of sufficient age, etc.) I'm not an attorney, and I'm not going to try to summarize a year's worth of contract law in a sentence or two, but it is my understanding that the essential elements of a contract are a true meeting of the minds of the two (or more) parties, plus "consideration," normally an exchange of money for goods. I believe that there is some concern in legal circles that someone who was not necessarily skilled in the software arts might not recognize when a digital signature was being applied, and hence could claims that they were uninformed or worse yet, duped or tricked into signing away Grandma's house. So I'm not going to say "always," especially with a double negative like "non-repudiation can never occur". A conscious, volitional act might still be overturned for some other reason, and the absence of a conscious, volitional act might still be upheld as legal binding, especially if it can be shown that the alleged signer knew, or ought to have known, the likely consequences of their actions. You or I, in other words, are probably going to have a more difficult time trying to wriggle out of a contract than Grandma might. (Since I'm married to a "Grandma," I guess I ought to make it clear that I am using that term in an affectionate, rather than pejorative sense! :-) Now it's true that there might be other implications associated with the NR usage. Some have suggested that when it is asserted, the CA is assuming an obligation to maintain all of the records necessary to confirm the absence of any revocation, more or less in perpetuity. I doubt that makes much business sense -- in perpetuity is a very long time, and I suspect that the amount charged for the certificate isn't enough to pay for maintaining those records forever, but if some CA wants to commit to that for its NR certificates I won't object. Personally, I would like to see the NR bit used to inform the relying party that this certificate is rather special, and that any document that is signed and verified with it is likely to be important, and hence the relying party would probably be well advised to collect all of the certificates, perhaps have them notarized or timestamped, and archive them along with the document. That's what I would do for any important document that I received that was associated with a NR usage, but I'm not going to lobby too hard for that interpretation either. Again, just to make it clear, I am addressing the key usage which is primarily associated with the private key, and is _reflected_ in the public key usage. > >> >>(Although there might be some benefit to having defining an "authentication >>service" that would be distinct from the nonrepudiation service, there wasn't >>much support for that, especially if it would mean trying to push a defect >>report through X.509. So I've given up on that thrust.) > >I'd be glad to support pushing a defect report. They never should have >overloaded the key usage extension. They have overloaded the extension with 1) >usage of the key, 2) services the key may provide, and 3) limiting what the key >may signed. In the immortal words of Walt Kelley, the originator of the finest comic strip ever created ("Pogo"), "We have met the enemy, and they is us." I'm afraid we are all somewhat guilty in this particular area -- it looked reasonable at the time. I'm not sure how feasible it is to try to overturn the apple cart at this late date, but maybe better late than later still. You lead, and I'll follow. > >> >>So let's think about what the implications of the NR bit ought to be. >> >>For one thing, as some people on the legal side of the house have argued, >>in order to forestall the "Grandma hits the wrong button and loses her house" >>argument against PKI and digital signatures in general, we need to require >>a "gravity charge" be provided in the software in this case. It should say something >>like: "Warning. You are about to sign something using a Non-Repudiation >>key, which may give rise to legal consequences for which you may be >>held personally and uniquely liable or responsible. Do you want to continue?" > >As someone else already pointed out, this assumes that the application can parse >the certificate. Also, it assumes the the underlying crypto API takes the >certificate to do the sign operation and not the private key. No, as I said earlier, I am assuming that the key is strongly typed at the time of its creation. If the usage by the originator depended only on the certificate, then the issue of having two certificates for the same key could arise. > >> >>In addition to the gravity charge, it would certainly be desirable to have >>an additional level of password or even biometric controls that are applied in >>order to unlock the NR key. This not only underscores the serious, ceremonial >>aspect of a legally binding signature, it helps to assure that that user and that user >>only has access to that key. >> >>(I'm using the term "NR key" to avoid the awkward phrase, "the private >>key that is logically associated with the public key which is included in a >>certificate which has a Non Repudiation keyUsage parameter specified." >>Besides, although some applications and/or APIs may not associate >>the corresponding public key attributes with the private key, I >>believe that most applications will in fact do so.) >> >>Since the absolute quintessence of non-repudiation in the technical sense is that >>only the authorized holder of the corresponding private key could have possibly >>signed the document which is validated by the NR certificate, it is essential that >>access to that key be uniquely restricted to that user. >> >>At the risk of being obvious, that means that: >> >>1. It must be computationally infeasible in the strictest sense for any other person >>than the authorized user to computer or re-derive the private key. that includes the >>software vendor, the user's MIS department, the various export/import authorities, >>etc. >> >>2. Likewise, it means that all possible precautions must be taken against >>the possibility >>that even the authorized user could, accidentally or deliberately, disclose >>or give away >>knowledge of or access to so much as a single bit of the private key, or of >>the entropy >>from which it was derived. >> >>3. And again, it must not be possible for even the user's supervisor or MIS department >>to replace the user's private key with another private key that matches a certificate >>containing the user's identity information or rights access. (The CA may >>be able to issue >>a certificate corresponding to a bogus private key, but the network >>administrator, directory >>administrator, etc., must not be able to do so, or to cause it to happen.) > >Don't these 3 items apply to digital signatures when used for authentication? >While digital signatures provide integrity, you usually want more than integrity >(otherwise why use digital signatures?). Thus, if my supervisor can replace my >private key, then he can impersonate me. You of course have a point. However, in most of the authentication examples I am familiar with, the user is authenticating his access to resources that are controlled by the company he works for (e.g., printer, a server, or a database), and those access rights are typically controlled by the much the same people that issue e-mail accounts, grant directory access, etc. I'm willing to think about this some more, but I view the use of digital signatures to control access to information and/or other resources as being primarily a usage issue, and secondarily a privacy issue. For example, take an on-line personnel database. The company might very well require the use of a digital signature, e.g., SSL client authentication, to control access to who can read my 401K earnings. I would certainly be upset if my supervisor could access that information, but it wouldn't be the end of the world, since he already knows and controls how much I make, etc. What I do want to make very sure, however, is that he can't go into my file and for example cash me out, or change the beneficiary of my insurance policies -- such actions have significant legal consequences that go far beyond privacy, and ought to require non-repudiation. So I don't think there would be any disagreement with point 1 -- digital signature keys should never be escrowed. Even the feds don't want that for it would make it too easy for someone to claim that they were set up. Point 2 is particularly difficult to implement, but is intended to prevent the situation where someone allows their spouse to have access to their private key (password) for home banking, but without that person' knowledge, or even after death, uses that key to forge a codicil to their will, etc. So I'd live to come right out and require the use of biometrics for all non-repudiation, but as yet is isn't quite feasible. Point 3 address the case we were talking about earlier, in particular where the user's key may be stored in the directory or other central location where the system administrator could conceivably change the user's password and access the key somehow. Although I can imagine that a number of people who would say that this is just flat out a terrible idea and should never be done, the benefits of being able to access a single sign-on key from whatever terminal or workstation you are using are considerable. Schools, for example, can usually not afford to dedicate a particular terminal to a single student, and the same is true for operational control centers that operate on a 7x24 hour basis. Storing keys in smart cards, is one approach, but if you forget or lose your card you may be locked out. Password encrypted floppy disks are another possibility, but still awkward. So I'm not willing to rule out these kinds of systems in general. I just want to make sure that they don't compromise the NR aspects that apply to a particular individual. >>In a sense, the NR bit goes further than my definition of the DS bit, in >>that the DS bit >>implies that the private key is not subject to governmental escrow as a >>condition of its >>export, import, or use, while the NR bit implies that the private key is >>not subject to >>ANY form of externally imposed escrow, key recovery, or key sharing. > >I strongly disagree! Don't confuse the issue by bringing in key escrow, key >strength, key recovery, etc. into the picture. If I can coin a new phrase (and >I'm not trying to insult you, I highly respect your opinions): KISS - Keep It >Secure Stupid! Well, thanks, but unfortunately as a US citizen I don't get to vote in the French elections. so whether we like it or not, these issues have to be dealt with. All I'm suggesting is that the prohibitions against key sharing, access to keys by people within the company, etc., etc., are not quite as rigid in the case of DS as they are in the NR case. In either case, DS or NR, government access to keys (GAK!) would be prohibited by the key typing, or vice versa, and so indicated. > >> >>So what does this imply about various combinations of key usage bits? >> >>Clearly, the use of the DS bit and either key exchange or data encryption is not >>valid, as they are diametrically opposed concepts. > >YES!! > >> >>Equally clearly, the use of both the DS and the NR bit _is_ allowed. > >YES!! If I could, I would require the DS bit to be set anytime the NR was set. I'm not strongly opposed to that, and in fact that was my position prior to realizing that NR plus encryption could be used to indicate that no escrow was taking place. If the DS bit would always be set, as opposed to using NR by itself, it would be a few nanoseconds faster. > >> >>But surprisingly, as I just realized while driving in to work this morning, the use >>of the NR bit in combination with key encryption or data encryption is NOT prohibited, >>and in fact can be used as a form of back-handed specification of a key that can be >>used for encryption and is not subject to escrow or sharing! > >NO!! Do not mix key usage. To provide Non-Repudiation, you have to sign >something and hence that key should not be used for encryption. Well, not so fast. Even if NR _always_ equates to a signature operation, that shouldn't necessarily _prohibit_ its use for encryption, should it? You and I might prefer to use two different keys, but does that have to be imposed as a mandatory standard? For example, is it possible to conceive of an SSL v3 session which uses client authentication, and claims nonrepudiation for the _session_, as opposed to signing a particular document? Seems to me that some home banking and similar applications might conceivably want to make use of such a concept. I'll grant that by suggesting that NR might apply to encryption, I am stretching the popular concept a bit, and effectively redefining the key usage to mean "exclusive control of the private key by the names user". But isn't that effectively what we have been saying? I won't go to war if the consensus is that we should restrict NR to signature operations, but even then I wonder about such constructs as hashed MAC operations, etc. > >>That is the assumed or default case, where none of the key usage bits are specified. >> >>Using a key that is marked for both NR and key or data encryption does NOT mean that >>it is being used for digital signature, however -- at least with the above >>definition. But it >>does mean that that key is uniquely and exclusively associated with that user, which >>in many cases is a very desirable condition. I unfortunately muddied the water by a typo repeated several times. >>So KR by itself or KR plus data encryption is OK. Let's take them one at a time: NR by itself is OK. I suppose you agree, but would prefer that NR always means signature, and hence should never be used alone, whereas I am willing to allow (but would discourage) a single key labeled NR being used for both signature and encryption purposes. NR in combination with key encryption or data encryption is OK. (This makes it explicit. In particular, it means that the key is NOT subject to key escrow or other forms of sharing, whether or not it is used for signature purposes. So I would think you would like this??) >> >>KR plus DS is OK. >I would prefer NOT OK. I meant NR plus DS is OK, and I think you meant to agree, except for the confusion, especially if you interpreted "KR" to mean key recovery. Sorry about that. > >> >>DS by itself is OK. >> >>DS plus data encryption is forbidden. > >YES!! In this case (DS by itself), I am assuming the use of a signature for integrity purposes, but perhaps with a lesser standard of exclusivity of the key control (no key escrow, however), and also the lack of the gravity charge and the conscious, volitional usage? Whereas the absence of both DS and KR would imply that the key might possible have been escrowed, and/or that the signature might be generated by an automaton that is not under the specific control and case by case review of the user? > >> >>Does this make sense? > >In general yes, but where does this leave a question I previously posted: "What >happens when there is more than one certificate for a key?" Who ensures that >there are no conflicting key usage in the different certificates? Typing the key, as opposed to relying on the contents of the certificate, solves this problem. The key usage in the certificate is primarily of an advisory nature to the recipient. > >Regards, >Aram Perez >Apple Computer, Inc. This stuff is hard, and we have to get it right. I appreciate the detailed comments and the dialog. Regards, Bob Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19246 for ietf-pkix-bks; Tue, 1 Sep 1998 10:32:52 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19242 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:32:51 -0700 (PDT) Received: from st12.ncsl.nist.gov (st12.ncsl.nist.gov [129.6.54.66]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id NAA17339 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:37:18 -0400 Message-Id: <3.0.2.32.19980901133954.00a76a30@csmes.ncsl.nist.gov> X-Sender: polk@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.2 (32) Date: Tue, 01 Sep 1998 13:39:54 -0400 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Tim Polk <wpolk@nist.gov> Subject: For Option 2 In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id KAA19241 for ietf-pkix-bks; Tue, 1 Sep 1998 10:32:51 -0700 (PDT) Received: from csmes.ncsl.nist.gov (csmes.ncsl.nist.gov [129.6.54.2]) by mail.proper.com (8.8.8/8.8.5) with SMTP id KAA19237 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 10:32:49 -0700 (PDT) Received: from st12.ncsl.nist.gov (st12.ncsl.nist.gov [129.6.54.66]) by csmes.ncsl.nist.gov (8.6.12/8.6.4jck0) with SMTP id NAA17327 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 13:37:11 -0400 Message-Id: <3.0.2.32.19980901133947.00a7e6f8@csmes.ncsl.nist.gov> X-Sender: polk@csmes.ncsl.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.2 (32) Date: Tue, 01 Sep 1998 13:39:47 -0400 To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> From: Tim Polk <wpolk@nist.gov> Subject: Re: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.c om> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@imc.org Precedence: bulk In case anyone is interested, here's my two cents worth... The LDAP straw poll message concentrates on the technical rationale behind each of the two options. In fact, each is a technically sound proposal. Option #1 is more elegant since there is no redundant data. Option #2 is a little more flexible, but clients may incur a performance hit when building infrequently used paths. IMHO, it's a wash. I prefer option #2, but for rather pragmatic reasons. There are two large pools of PKI clients. These two groups were designed independently, and the implementers made different assumptions. If we choose option #1, we break one group of clients. HOWEVER, if we choose option #2, both sets of clients will work - and will be interoperable! Since a technically viable solution exists that doesn't break any existing clients and actually makes them interoperable, that is my preference. Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id JAA18845 for ietf-pkix-bks; Tue, 1 Sep 1998 09:34:40 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.proper.com (8.8.8/8.8.5) with SMTP id JAA18836 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 09:34:39 -0700 (PDT) Received: from East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id JAA06062 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 09:38:47 -0700 Received: from suneast.East.Sun.COM by East.Sun.COM (SMI-8.6/SMI-5.3) id MAA08888; Tue, 1 Sep 1998 12:38:43 -0400 Received: from saguaro.East.Sun.COM by suneast.East.Sun.COM (SMI-8.6/SMI-SVR4) id MAA22275; Tue, 1 Sep 1998 12:38:45 -0400 Received: by saguaro.East.Sun.COM (SMI-8.6/SMI-SVR4) id MAA16476; Tue, 1 Sep 1998 12:38:44 -0400 From: Anne Anderson - Sun Microsystems <aha@East.Sun.COM> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 1 Sep 1998 12:38:44 -0400 (EDT) To: ietf-pkix@imc.org Subject: For Option 1 X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <13804.8941.806700.92413@saguaro> Sender: owner-ietf-pkix@imc.org Precedence: bulk Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA18167 for ietf-pkix-bks; Tue, 1 Sep 1998 08:12:58 -0700 (PDT) Received: from gatekeeper.entrust.com (gatekeeper.entrust.com [204.101.128.170]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA18162 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 08:12:56 -0700 (PDT) Received: id LAA21117; Tue, 1 Sep 1998 11:13:29 -0400 Received: by gateway id <RNJC0YLQ>; Tue, 1 Sep 1998 11:10:37 -0400 Message-ID: <D789F71F24B4D111955D00A0C99B4F50AC96CF@sothmxs01.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'Steve Kent'" <kent@bbn.com>, "'Warwick Ford'" <wford@verisign.com>, "'Santosh Chokhani'" <chokhani@sisko.cygnacom.com>, "'Dave@chromatix.com'" <Dave@chromatix.com> Subject: Straw Poll cACertificate & crossCertificatePair attributes - PKIX LDAPv2 schema I-D Date: Tue, 1 Sep 1998 11:10:28 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@imc.org Precedence: bulk Folks This is a straw poll on the use of the cACertificate and crossCertificatePair attributes in the PKIX LDAP schema draft. There are 2 options, each of which received sufficient support during the Chicago meeting to require this straw poll to resolve the issue. Below is the specific text proposed for each option, followed by a summary of the rationale behind each of the proposals. The specific text for the proposals and rationale summaries have been cooperatively drafted by Santosh Chokhani, Dave Horvath and myself. Votes must be in by COB on Thursday Sept 3. This is the only outstanding issue on this I-D following the 2 week last call so we should be able to progress both the PKIX LDAPv2 protocol profile and PKIX LDAPv2 schema following this poll. . To vote, send an email to ietf-pkix@imc.org with one of the following subject lines: To vote for option 1put "For Option 1" in the subject line. To vote for option 2 put "For Option 2" in the subject line. As with the earlier polls conducted by Tim Polk on Part 1, don't bother with a message body, I am just going to count the messages. Discussion of the content of this message should reply to this message. PROPOSED TEXT FOR THE ATTRIBUTE DEFINITIONS: OPTION 1: ---------------- The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. In addition, the cACertificate attribute shall be used to store self-issued certificates. The forward element of the crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in other domains. Optionally, the reverse element of the crossCertificatePair attribute, held in a particular CA's directory entry, may contain certificates issued by this CA to CAs in other domains. In the case of V3 certificates, none of the above CA certificates may include a basicConstraints extension with the cA value set to FALSE. The definition of domain is purely a matter of local policy. OPTION 2: ------------- The crossCertificatePair attribute, held in a particular CA's directory entry, shall be used to store all certificates issued by this CA to other CAs, as well as certificates issued for this CA by other CAs. Values held in the forward element are certificates issued for this CA by other CAs, while values in the reverse element are certificates issued by this CA for other CAs. The cACertificate attribute, held in a particular CA's directory entry, shall be used to store certificates issued to this CA by CAs in the same domain as this CA. This set of certificates is a subset of the values of the forward element of the crossCertificatePair attribute in the same CA entry. In addition, the cACertificate attribute shall beused to store self-issued certificates. The definition of domain is purely a matter of local policy. In the case of version 3 certificates, none of the above CA certificates may include a basicConstraints extension with the cA value set to FALSE. SUMMARY OF RATIONALE FOR EACH OF THE OPTIONS: -------------------------------------------------------------------- RATIONALE FOR PROPOSING OPTION 1: -------------------------------------------------- The major advantage of this approach is that it minimizes the amount of data retrieved from the directory. The approach improves the relying party response time and minimizes network utilization. Another advantage of this approach over the alternative is that it does not require the relying parties to separate the certificates stored in caCertificate attribute from those stored in the crossCertificatePair attribute. The clients may need to do this during path construction. Storing all the certificates in the crossCertificatePair attribute and also storing some of the certificates in the caCertificate attribute, as described in the alternative, unnecessarily increases the number of certificates retrieved. The alternative will result in poorer relying party response time and use network bandwidth unnecessarily. The alternative will be particularly inefficient when a relying party is located remotely from the repository/directory. A minor disadvantage of the alternative is that it requires the same information object (certificate) to be stored twice in a repository, once in the caCertificate attribute and once in the crossCertificatePair attribute. This increases he storage requirement on the directory. RATIONALE FOR PROPOSING OPTION 2: ------------------------------------------------------------ Path development is a relying party process and the criteria for selection of a 'preferred' set of certificates to enable efficiencies in that process can vary according to the path discovery algorithm as well as from one relying party to another, from one application to another, and on other criteria as well. While a CA should optionally be able to provide helpful hints to relying parties regarding the set of certificates the CA expects to provide efficiencies, these may or may not match the requirements of a relying party path discovery process. Relying parties will access CA directory entries frequently to retrieve certificates as input to a certification path development process and they should not be forced to know whether or not a CA has published a set of its 'preferred' certificates, nor should relying parties be required to take on the extra burden of having to request filtering of multiple directory attributes to retrieve the set of certificates which is preferred in their particular environment, especially given that relying parties will often need this information from CAs outside their own local Intranet. CAs should be given the option to publish a set of 'preferred' certificates but should not be required to do so. Should a CA elect to publish such a set, the criteria used by that CA to determine the bases of the preference should be left to the discretion of each CA or each security domain. The preference should not be necessarily tied to a predetermined universal criterion such as a single PKI or 'internal domain', especially given that a CA may be issued a certificate by any number of other CAs and may therefore subscribe to many PKIs. ------------------ Sharon Boeyen Entrust Technologies mailto:sharon.boeyen@entrust.com Tel: (613) 247-3181 http://www.entrust.com Fax: (613) 247-3690 Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id IAA18070 for ietf-pkix-bks; Tue, 1 Sep 1998 08:03:07 -0700 (PDT) Received: from hrdcgate.nhq.hrdc-drhc.gc.ca (hrdcgate.nhq.hrdc-drhc.gc.ca [198.103.152.3]) by mail.proper.com (8.8.8/8.8.5) with SMTP id IAA18066 for <ietf-pkix@imc.org>; Tue, 1 Sep 1998 08:03:05 -0700 (PDT) Received: from svmailsw1.hq-ac.prv by hrdcgate.nhq.hrdc-drhc.gc.ca via smtpd (for imc.org [206.184.129.134]) with SMTP; 1 Sep 1998 15:07:43 UT Received: from gwsmtpim1.hq-ac.prv (10.54.254.16) by svmailsw1.hq-ac.prv (NPlex 1.3.152) for ietf-pkix@imc.org; 1 Sep 1998 11:10:02 -0400 Received: by gwsmtpim1.hq-ac.prv with VINES-ISMTP; Tue, 1 Sep 98 11:10:04 -0400 Date: Tue, 1 Sep 98 11:09:56 -0400 Message-ID: <vines.4px7+0t+vpA@gwsmtpim1.hq-ac.prv> X-Priority: 3 (Normal) To: <ietf-pkix@imc.org> From: "Fred Gloade Hrdc-drhc" <fred.gloade@hrdc-drhc.gc.ca> Reply-To: <fred.gloade@hrdc-drhc.gc.ca> Subject: fwd: Re: ...no subject... X-Incognito-SN: 1396 X-Incognito-Version: 4.11.23 MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id IAA18067 Sender: owner-ietf-pkix@imc.org Precedence: bulk Fred Gloade Senior Auditor/Vérificateur principal Information Technology and Systems Technologies et systèmes informatiques (819) 953-0842 Fred.gloade@hrdc-drhc.gc.ca ------------- Original Text From: "Steve Coya" <scoya@ietf.org>, on 9/1/98 8:37 AM: To: GLOADE.F@FAS.IAB@NHQ Cc: INET[<ietf-web@ietf.org>] Fred, Your question should be sent to the PKIX Working Group: ietf-pkix@imc.org On Mon, 24 Aug 1998, Fred Gloade Hrdc-drhc wrote: >>OK help me out here. >>With PKI do we need to rewrite code to incorporate the encryption routines? >>There will be a server maintained somewhere with the public keys? >>Will there be a hardware component or just a PIN? >>Do you have a simple diagram that shows the flow of information in a very >>simple way? >>Anything else you can send to help me would be greatly appreciated. >> >> >>Fred Gloade >>Senior Auditor/VÚrificateur principal >>Information Technology and Systems >>Technologies et systþmes informatiques >>(819) 953-0842 >>Fred.gloade@hrdc-drhc.gc.ca >> >> >> o
- NEW Data type for certificate selection ? Stefan Santesson
- Re: NEW Data type for certificate selection ? Mark Shuttleworth
- RE: NEW Data type for certificate selection ? Miklos, Sue A.
- Re: NEW Data type for certificate selection ? 吉武 淳
- RE: NEW Data type for certificate selection ? Stefan Santesson
- RE: NEW Data type for certificate selection ? Alan Lloyd
- Re: NEW Data type for certificate selection ? tyone
- RE: NEW Data type for certificate selection ? Alan Lloyd
- RE: NEW Data type for certificate selection ? Stefan Santesson
- Re: NEW Data type for certificate selection ? 吉武 淳
- Re: NEW Data type for certificate selection ? Peter Gutmann
- Re: NEW Data type for certificate selection ? Ed Gerck
- RE: NEW Data type for certificate selection ? Alan Lloyd
- RE: NEW Data type for certificate selection ? Anders Rundgren
- Re: NEW Data type for certificate selection ? David Horvath
- Re: NEW Data type for certificate selection ? Stefan Santesson
- Re: NEW Data type for certificate selection ? Dave Horvath
- Re: NEW Data type for certificate selection ? Robert Klerer
- Re: NEW Data type for certificate selection ? Ed Gerck
- Re: NEW Data type for certificate selection ? Stefan Santesson
- Re: NEW Data type for certificate selection ? Stefan Santesson
- RE: NEW Data type for certificate selection ? Alan Lloyd
- Re: NEW Data type for certificate selection ? Ed Gerck
- Re: NEW Data type for certificate selection ? Stefan Santesson
- RE: NEW Data type for certificate selection ? Anders Rundgren
- Re: NEW Data type for certificate selection ? Olle E. Johansson
- Re: NEW Data type for certificate selection ? Andreas Berger
- Re: NEW Data type for certificate selection ? Stefan Santesson
- Re: NEW Data type for certificate selection ? Paul Koning
- Re: NEW Data type for certificate selection ? Ed Gerck
- Re: NEW Data type for certificate selection ? Ed Gerck
- RE: NEW Data type for certificate selection ? Stefan Santesson
- RE: NEW Data type for certificate selection ? Ed Gerck
- Re: NEW Data type for certificate selection ? Stefan Santesson
- Re: NEW Data type for certificate selection ? Ed Gerck
- RE: NEW Data type for certificate selection ? Anders Rundgren
- RE: NEW Data type for certificate selection ? Ed Gerck
- Re: NEW Data type for certificate selection ? Ed Gerck
- RE: NEW Data type for certificate selection ? Ed Gerck
- Re: NEW Data type for certificate selection ? Marc Branchaud
- Re: NEW Data type for certificate selection ? Stefan Santesson
- Re: NEW Data type for certificate selection ? Marc Branchaud
- RE: NEW Data type for certificate selection ? Anders Rundgren
- RE: NEW Data type for certificate selection ? Ed Gerck
- RE: NEW Data type for certificate selection ? Tony Bartoletti
- RE: NEW Data type for certificate selection ? Anders Rundgren
- RE: NEW Data type for certificate selection ? Sievänen Markku
- RE: NEW Data type for certificate selection ? Tony Bartoletti
- RE: NEW Data type for certificate selection ? Phillip M Hallam-Baker
- Common misconception #10. was RE: NEW Data type f… Ed Gerck
- RE: NEW Data type for certificate selection ? Dwight Arthur
- RE: NEW Data type for certificate selection ? Dwight Arthur
- RE: Common misconception #10. was RE: NEW Data ty… Phillip M Hallam-Baker
- RE: Common misconception #10. was RE: NEW Data ty… Ed Gerck
- RE: NEW Data type for certificate selection ? Dwight Arthur
- RE: NEW Data type for certificate selection ? Phillip M Hallam-Baker
- RE: Common misconception #10. was RE: NEW Data ty… Phillip M Hallam-Baker
- RE: Common misconception #10. was RE: NEW Data ty… Ed Gerck
- RE: NEW Data type for certificate selection ? Stephen Kent
- RE: NEW Data type for certificate selection ? Stefan Santesson
- RE: NEW Data type for certificate selection ? Sarbari Gupta
- RE: NEW Data type for certificate selection ? Stefan Santesson
- RE: NEW Data type for certificate selection ? r1naray
- CertPolicySet definition (was Re: NEW Data type f… David Boyce
- Re: NEW Data type for certificate selection ? David Boyce
- RE: NEW Data type for certificate selection ? Sarbari Gupta
- Re: NEW Data type for certificate selection ? David Boyce
- RE: NEW Data type for certificate selection ? Alan Lloyd
- RE: NEW Data type for certificate selection ? Stephen Kent
- RE: NEW Data type for certificate selection ? Alan Lloyd
- RE: NEW Data type for certificate selection ? Alan Lloyd
- RE: NEW Data type for certificate selection ? Stephen Kent
- RE: NEW Data type for certificate selection ? Stephen Kent
- RE: NEW Data type for certificate selection ? Alan Lloyd
- RE: NEW Data type for certificate selection ? Alan Lloyd