IETF Logo Mail Archive

Re: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt

"Kyle Hamilton" <kyanha@kyanha.net> Thu, 03 November 2011 01:37 UTC

Return-Path: <kyanha@kyanha.net>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B2AC11E80FE for <pkix@ietfa.amsl.com>; Wed, 2 Nov 2011 18:37:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.289
X-Spam-Level:
X-Spam-Status: No, score=-1.289 tagged_above=-999 required=5 tests=[AWL=-0.065, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_BASE64_TEXT=1.753, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id STtfMXnqccQY for <pkix@ietfa.amsl.com>; Wed, 2 Nov 2011 18:37:41 -0700 (PDT)
Received: from mail-pz0-f50.google.com (mail-pz0-f50.google.com [209.85.210.50]) by ietfa.amsl.com (Postfix) with ESMTP id BF6A511E80BB for <pkix@ietf.org>; Wed, 2 Nov 2011 18:37:41 -0700 (PDT)
Received: by pzk4 with SMTP id 4so920519pzk.9 for <pkix@ietf.org>; Wed, 02 Nov 2011 18:37:41 -0700 (PDT)
Received: by 10.68.28.133 with SMTP id b5mr8381597pbh.28.1320284261444; Wed, 02 Nov 2011 18:37:41 -0700 (PDT)
Received: from penango (c-67-188-178-93.hsd1.ca.comcast.net. [67.188.178.93]) by mx.google.com with ESMTPS id a4sm4998448pbd.7.2011.11.02.18.37.39 (version=SSLv3 cipher=OTHER); Wed, 02 Nov 2011 18:37:40 -0700 (PDT)
From: Kyle Hamilton <kyanha@kyanha.net>
To: Phillip Hallam-Baker <hallam@gmail.com>
Date: Wed, 02 Nov 2011 18:37:37 -0700
Message-ID: <guj35oxmjpkigv004wjezwJv4X.penango@mail.gmail.com>
In-Reply-To: <CAMm+Lwjc=M7h2mTN1AhHPH0LQGO+oN5JSFSG6my5ud5yJezXMA@mail.gmail.com>
References: <CAMm+Lwjc=M7h2mTN1AhHPH0LQGO+oN5JSFSG6my5ud5yJezXMA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="gmsm1.8.9.2eqguj35p0aaelehsho1x2"
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] An alternative proposal Was: Fwd: New Version Notification for draft-hamilton-cmr-00.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 01:37:42 -0000

On Wed, Nov 2, 2011 at 6:01 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> Corporations are not people. No really, they are not.

As long as the state disagrees, I must go with the state definition.  If I don't, then I'm living in a psychotic, delusional fantasy world which has no bearing on reality.

> This country already fought one civil war over the belief that people were
> property. Now there are people thinking that property is people. Both ways
> of thinking are wrong.

In principle, I agree with you.  In practice, I can't.  We must live with the living, and respect the dead who got us to this state.

>> The death of a corporation is not to be taken lightly.  It directly
>> impacts the lives of all of its employees, deprives the state of a taxpayer,
>> and reduces the amount of tax revenue the state can extract from that
>> corporation's employees.
>
> In this case we have real people's lives at stake. 
> Confusing the issue with hyperbole trivializes the issue.

Given that the IETF was set up under state contracts (DARPA), I must go with the state definition, because that's how the law works.  Don't like it?  Make political change in your sovereign, not the IETF.  NOTHING will be changed by your complaining that it's wrong.

Also, corporation-as-person has a really nice side effect profile: it permits discussion of "the RP's OCSP responder" which is instituted by corporate governance.  Until a trustworthy (with issuance data) publicly-available subscription OCSP service exists, I'm going to assume that the reason for RP-based OCSP is to spread revocation information throughout the corporate body like an inoculation.

That is where the disconnect between known-issued and known-revoked certificates is least obvious and particularly damaging.  The DigiNotar incident showed that the PKIX mechanisms were insufficient to meet the needs of the end-user.  Corporate risk managers had to instantly get new certificates, and thousands if not hundreds of thousands of guilders were spent by people (including corporations, via their paychecks to the natural people who perform the corporation's work) who were certified and had to do a new enrollment as a result.

Now, DigiNotar has really gotten people's attention because now it's not just the corporations who are hurt by this.

Hyperbole or not, I prefer to live in reality, where (however regrettably) the law says that corporations are people.  I'm not going to labor under any psychotic delusion that they have no standing under the law and cannot bring suit in their own names (which is part of the state definition of 'person', incidentally).  They are people, with birth (filing of articles of incorporation) and death (dissolution of corporation), until the law does not recognize them as such.

-Kyle H

v2.23.0 | Report a Bug | By Email