Re: New Liaison Statement, "Liaison to IETF on the resolution of DR320"

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 09 October 2007 23:05 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfO8Z-0003MC-QS for pkix-archive@lists.ietf.org; Tue, 09 Oct 2007 19:05:15 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IfO8O-0007KP-GC for pkix-archive@lists.ietf.org; Tue, 09 Oct 2007 19:05:06 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l99MPHfk019721 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Oct 2007 15:25:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l99MPHJ7019720; Tue, 9 Oct 2007 15:25:17 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from [192.168.1.100] (pool-72-76-39-171.nwrknj.fios.verizon.net [72.76.39.171]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l99MP55X019696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Oct 2007 15:25:12 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624082ec331ae817d64@[192.168.1.100]>
In-Reply-To: <200710051410.l95EAhr5017333@balder-227.proper.com>
References: <E1Idm2x-0000Nw-Cb@ietf.org> <200710051410.l95EAhr5017333@balder-227.proper.com>
Date: Tue, 09 Oct 2007 18:25:02 -0400
To: Russ Housley <housley@vigilsec.com>, ietf-pkix@imc.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: New Liaison Statement, "Liaison to IETF on the resolution of DR320"
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a

The ITU statement says the following:

>>One of the participants in the directory meeting stated that 
>>Certification Authorities are being deployed with names not 
>>acquired from naming authorities but with names arbitrarily chosen 
>>assuming that no other CA is or will be operating under that name.

That is, of course, true. There is no central repository for CA names 
because there is no central authority for CAs.

>>That participant further stated that the IETF provides no 
>>guidelines on ensuring that the names of CAs are unambiguous.

That is true.

>>The directory group requests the IETF PKIX group to comment on this 
>>statement.

Should we make a consensus call on "that is true"?

>>If the statement is correct, we ask the IETF to consider putting a 
>>mechanism in place to prevent conflict, e.g. a list of existing CA 
>>names that deployers of new CAs could check for naming conflicts.

Words fail me.

--Paul Hoffman, Director
--VPN Consortium