IETF Logo Mail Archive

Re: Cross-organizational ACs

Denis Pinkas <Denis.Pinkas@bull.net> Thu, 16 November 2000 09:50 UTC

Received: from ns.secondary.com (ns.secondary.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA02811 for <pkix-archive@odin.ietf.org>; Thu, 16 Nov 2000 04:50:18 -0500 (EST)
Received: from localhost (daemon@localhost) by ns.secondary.com (8.9.3/8.9.3) with SMTP id BAA25222; Thu, 16 Nov 2000 01:42:09 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Thu, 16 Nov 2000 01:42:07 -0800
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id BAA25181 for <ietf-pkix@imc.org>; Thu, 16 Nov 2000 01:42:05 -0800 (PST)
Received: from lvt-mail.frlv.bull.fr (lvt-mail.frlv.bull.fr [129.184.62.223]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id KAA09290; Thu, 16 Nov 2000 10:55:30 +0100
Received: from bull.net (frpq6118.frpq.bull.fr [129.184.8.64]) by lvt-mail.frlv.bull.fr (8.9.2/8.9.1) with ESMTP id KAA23076; Thu, 16 Nov 2000 10:49:00 +0100
Message-ID: <3A13AD8F.544971B8@bull.net>
Date: Thu, 16 Nov 2000 10:49:03 +0100
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Bull
X-Mailer: Mozilla 4.7 [fr] (Win98; I)
X-Accept-Language: fr
MIME-Version: 1.0
To: Steve Hanna <steve.hanna@sun.com>
CC: stephen.farrell@baltimore.ie, ietf-pkix@imc.org
Subject: Re: Cross-organizational ACs
References: <sa10f961.033@prv-mail20.provo.novell.com> <3A11BAAC.4140F4EF@sun.com> <3A126549.D617698A@baltimore.ie> <3A12AA3C.6F771B38@sun.com> <3A12AF55.279C2779@baltimore.ie> <3A12B13D.2BFBAD78@sun.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Content-Transfer-Encoding: 7bit

Steve,

Since I am answering to the e-mail one by one, here is another comment.

> Stephen Farrell wrote:
> > > So I suggest that we omit AAControls from ac509prof.
> > > It adds substantial complexity with little value.
> >
> > It doesn't add any complexity since its in the "optional
> > to implement" section, just like attribute encryption. So,
> > if you want to, do it, if not, not. I think this was the
> > concensus of the WG at a number of meetings and on the
> > list discussion on the various revs of the I-D.
> 
> It adds complexity to the spec. This makes it more difficult for
> implementers to decide what to implement. And, if they decide to
> implement this optional feature, it adds complexity to their
> implementation. It also makes it more difficult for customers to decide
> which features they need (since they will probably consult the RFC for
> guidance). IETF specs (especially a profile!) should be as simple as
> possible, but no simpler.
> 
> I just wanted to point out that AAControls is not sufficient for
> cross-organizational ACs. If the consensus of the working group remains
> to be that the AAControls extension is still valuable,
 
Besides Stephen (and possibly the co-editors), it would be nice to know who
is (or is not) in favour of AAControls.

> I will certainly
> accept this judgement. If there is a sudden flurry of emails saying
> "take it out," that's fine with me, too. In either case, I will not
> implement AAControls myself. 

The same for me. :-)

> And I will work on and think about a
> simplified version of X.509 delegation that could be included in a
> future AC profile.

If you plan to attend the next IETF meeting, I would like to have a chat
with you, so that we can possibly define such delegation schemes. No syntax
changes planed in the definition of ACs, simply the definition of rules on
how to use them in the context of delegation.

Denis

 
> -Steve

v2.23.0 | Report a Bug | By Email