RE: Comments on draft-ietf-pkix-ipki-part4-03.txt
Santosh Chokhani <chokhani@cygnacom.com> Thu, 28 May 1998 12:55 UTC
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id FAA11801 for ietf-pkix-bks; Thu, 28 May 1998 05:55:57 -0700 (PDT)
Received: from wuher.cygnacom.com (endor.cygnacom.com [205.177.169.102]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id FAA11792 for <ietf-pkix@imc.org>; Thu, 28 May 1998 05:55:49 -0700 (PDT)
Received: by WUHER with Internet Mail Service (5.0.1458.49) id <2R2GQJPS>; Thu, 28 May 1998 08:58:19 -0400
Message-ID: <51BF55C30B4FD1118B4900207812701E0BA03B@WUHER>
From: Santosh Chokhani <chokhani@cygnacom.com>
To: 'Stefan Santesson' <stefan@accurata.se>, ietf-pkix@imc.org
Subject: RE: Comments on draft-ietf-pkix-ipki-part4-03.txt
Date: Thu, 28 May 1998 08:58:17 -0400
X-Priority: 3
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.0.1458.49)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id FAA11798
Sender: owner-ietf-pkix@imc.org
Precedence: bulk
Please note that the PKIX Part 4 allows for the security controls, roles, etc. to be defined for the various PKI entities, including issuing CA, subject CAs, RAs, subscribers, repositories, etc (see section 4.5 and 4.6 of the framework) Thus, all of Stefan's inclusions in Section 5 are within the scope of the framework. > -----Original Message----- > From: Stefan Santesson [SMTP:stefan@accurata.se] > Sent: Wednesday, May 27, 1998 5:48 PM > To: ietf-pkix@imc.org > Subject: Comments on draft-ietf-pkix-ipki-part4-03.txt > > I'm project leader of a joint Swedish project with the > purpose to form a certificate policy for a Swedish national > "bas-ID" certificate. > > The project is formed by the Swedish non-profit organization > SEIS (Secured Electronic Information in Society) which is > formed by members from Government, Banking, Industry, Military, > Post and Health care sectors. > > The policy can be obtain from SEIS WWW at: > > http://www.seis.se/regler/normer/S10_v093.doc > > This policy is now ready for official approval on June 16 > by the SEIS board. > > The policy almost follows the structure of > draft-ietf-pkix-ipki-part4-03.txt > We have, however, been forced to expand the structure with the > following sections. > > 2.10 Contractual agreements. > In the policy we state requirements on the CA to establish a > number of contractual agreements according to some minimum > standards. This is contracts with the subscriber, employer of the > subscriber with which the subscriber is affiliated in the > certificate, Subcontractors (such as RA:s), etc. We could not find > any suitable sections in the PKIX draft to put such requirements. > > 5.1.9 Physical Security Controls for Registration Authorities > A section like this was originally formed by ABA. We know that > physical security for RA:s can be defined in sections 5.1 to 5.8 > but it is much easier to define some general exception rules for > RA:s in a section of its own. > > 5.2.1.2 Trusted Roles for Registration Authorities > This section was formed by the same reason as 5.1.9 above. > > 5.3.9 Personal Security Controls for Registration Authorities > The same as for 5.1.9 > > > Could someone comment on this. Have we misunderstood anything. > Should we have acted differently or should the PKIX draft be > expanded. > > Thank you in advance. > > Stefan > > > > ---------------------------------------------------------------- > Stefan Santesson <stefan@accurata.se> > Accurata Systemsäkerhet AB > Lotsgatan 27 D Tel. +46-40 152211 > 216 42 Malmö Fax. +46-40 150790 > Sweden Mobile +46-70 5247799 > ----------------------------------------------------------------
- RE: Comments on draft-ietf-pkix-ipki-part4-03.txt Stefan Santesson
- RE: Comments on draft-ietf-pkix-ipki-part4-03.txt Santosh Chokhani
- Comments on draft-ietf-pkix-ipki-part4-03.txt Stefan Santesson