PKIX Part 3...

[Carlisle Adams <Cadams@entrust.com>]

Hi,

Well it turns out that with IETF's new automated process, missing the
submission deadline by half an hour was significant.  Maybe next time I
won't lose half a day from computer troubles at a critical time...   Ha.

In any case, there is a revised version of PKIX-3 and I have posted it
on our website so that people have access to it prior to Memphis.  It
can be found at  http://www.entrust.com/library.htm  (just keep
scrolling down until you get to the PKIX section).

On the list, the main topics debated were:

   - PKCS #10 versus the original certification request message;
   - PKCS #7 (or any other external mechanism) versus the original
message protection scheme;
   - POP of private key being optional or mandatory.

Other issues that came up (either publicly or privately) included making
POP for decryption keys an extended exchange (i.e., longer than 3
messages) in order to accommodate the presence of an RA, and
generalizing the information request/response messages to accommodate
future needs/extensions.

I would strongly encourage all who were involved in those debates (and
all who were interested observers) to take a look (especially at pages
10-11, 17-18, 25-27, 31, 44, 46-47, 53-55) in preparation for Memphis.
Is the new draft something we can all live with?  My hope is that this
draft will satisfy enough people to generate the obligatory "rough
consensus" on these issues so that we can progress to other things
(i.e., any other issues, or Last Call).

Let me know if you have any trouble downloading the document; I would be
happy to e-mail copies if necessary.


--------------------------------------------
Carlisle Adams
Entrust Technologies
cadams@entrust.com
--------------------------------------------

>