IETF Logo Mail Archive

Comments on draft-ietf-pkix-ipki-part4-03.txt

Stefan Santesson <stefan@accurata.se> Wed, 27 May 1998 21:54 UTC

Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id OAA19790 for ietf-pkix-bks; Wed, 27 May 1998 14:54:33 -0700 (PDT)
Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id OAA19786 for <ietf-pkix@imc.org>; Wed, 27 May 1998 14:54:32 -0700 (PDT)
Received: from d1o26.telia.com (root@d1o26.telia.com [195.198.156.241]) by mailb.telia.com (8.8.8/8.8.8) with ESMTP id XAA22040 for <ietf-pkix@imc.org>; Wed, 27 May 1998 23:58:45 +0200 (CEST)
Received: from stefans (t8o26p22.telia.com [195.198.157.202]) by d1o26.telia.com (8.8.8/8.8.5) with SMTP id XAA20934 for <ietf-pkix@imc.org>; Wed, 27 May 1998 23:58:43 +0200 (MET DST)
Message-Id: <3.0.32.19980527234754.00956d20@m1.404.telia.com>
X-Sender: u40400192@m1.404.telia.com
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Wed, 27 May 1998 23:47:56 +0200
To: ietf-pkix@imc.org
From: Stefan Santesson <stefan@accurata.se>
Subject: Comments on draft-ietf-pkix-ipki-part4-03.txt
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id OAA19787
Sender: owner-ietf-pkix@imc.org
Precedence: bulk

I'm project leader of a joint Swedish project with the
purpose to form a certificate policy for a Swedish national 
"bas-ID" certificate.

The project is formed by the Swedish non-profit organization
SEIS (Secured Electronic Information in Society) which is 
formed by members from Government, Banking, Industry, Military,
Post and Health care sectors.

The policy can be obtain from SEIS WWW at:

http://www.seis.se/regler/normer/S10_v093.doc

This policy is now ready for official approval on June 16
by the SEIS board.

The policy almost follows the structure of draft-ietf-pkix-ipki-part4-03.txt 
We have, however, been forced to expand the structure with the 
following sections.

2.10 Contractual agreements.
In the policy we state requirements on the CA to establish a 
number of contractual agreements according to some minimum 
standards. This is contracts with the subscriber, employer of the 
subscriber with which the subscriber is affiliated in the 
certificate, Subcontractors (such as RA:s), etc. We could not find 
any suitable sections in the PKIX draft to put such requirements.

5.1.9 Physical Security Controls for Registration Authorities
A section like this was originally formed by ABA. We know that 
physical security for RA:s can be defined in sections 5.1 to 5.8 
but it is much easier to define some general exception rules for 
RA:s in a section of its own.

5.2.1.2 Trusted Roles for Registration Authorities
This section was formed by the same reason as 5.1.9 above.

5.3.9 Personal Security Controls for Registration Authorities
The same as for 5.1.9


Could someone comment on this. Have we misunderstood anything.
Should we have acted differently or should the PKIX draft be 
expanded.

Thank you in advance.

Stefan



----------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB     
Lotsgatan 27 D                  Tel. +46-40 152211              
216 42  Malmö                   Fax. +46-40 150790              
Sweden                        Mobile +46-70 5247799
----------------------------------------------------------------

v2.23.0 | Report a Bug | By Email