RE: Meaning of Non-repudiation
"Housley, Russ" <rhousley@rsasecurity.com> Wed, 01 May 2002 01:19 UTC
Received: from above.proper.com (mail.imc.org [208.184.76.43]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA14148 for <pkix-archive@odin.ietf.org>; Tue, 30 Apr 2002 21:19:01 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g410gYZ22871 for ietf-pkix-bks; Tue, 30 Apr 2002 17:42:34 -0700 (PDT)
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g410gXa22867 for <ietf-pkix@imc.org>; Tue, 30 Apr 2002 17:42:33 -0700 (PDT)
Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 1 May 2002 00:41:11 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id UAA10023; Tue, 30 Apr 2002 20:40:45 -0400 (EDT)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g410gR207256; Tue, 30 Apr 2002 20:42:27 -0400 (EDT)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1ZV7P>; Tue, 30 Apr 2002 20:39:52 -0400
Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.134]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1ZV7L; Tue, 30 Apr 2002 20:39:49 -0400
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: azb@llnl.gov, kent@bbn.com
Cc: ietf-pkix@imc.org
Message-Id: <5.1.0.14.2.20020430154229.02d99810@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 30 Apr 2002 15:49:39 -0400
Subject: RE: Meaning of Non-repudiation
In-Reply-To: <p05100303b8ef7d15f2c9@[128.89.88.34]>
References: <4.3.2.7.2.20020426103400.00b51910@poptop.llnl.gov> <4.3.2.7.2.20020426103400.00b51910@poptop.llnl.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Steve & Tony: >>To my view of things, the "existence" of NR=1 in a certificate is no more >>than a statement, by the issuing CA, that "they will not stand in the way >>of this certificate being used as a component in some form of NR scheme >>(and will happily accept your Visa or Mastercard, thank you.) >> >>If one limits the presence of an NR bit to this weak assertion, it >>becomes clear that the NR bit "means almost nothing." Thus there is >>little left to debate about it on the list. >> >>(As I recall, Tom Ginden's "Technical Non-Repudiation" document was about >>as far as one could reasonably take application of the NR bit. It was >>time for everyone else to put-up or shut-up, and everyone shut-up.) >> >>____tony____ > >Tony, > >I think the PKIX list discussion ended with the observation that there >might be more benefit to the NR bit in the other direction, i.e., when it >is NOT asserted. In that case the interpretation is that the CA is >signalling that the cert was not issued for use in transactions requiring >NR. Thus one would normally set the NR bit to 0 in certs to be used for >signing authentication data exchanges, vs. binding documents, etc. When >the bit is asserted, it is best viewed as a necessary, but not sufficient, >condition for NR. > >Steve Son-of-2459 says: Further distinctions between the digitalSignature and nonRepudiation bits may be provided in specific certificate policies. This allows the CA to state what additional meaning is associated with the nonRepudiation bit. Russ Received: by above.proper.com (8.11.6/8.11.3) id g410gYZ22871 for ietf-pkix-bks; Tue, 30 Apr 2002 17:42:34 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g410gXa22867 for <ietf-pkix@imc.org>; Tue, 30 Apr 2002 17:42:33 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 1 May 2002 00:41:11 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id UAA10023; Tue, 30 Apr 2002 20:40:45 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g410gR207256; Tue, 30 Apr 2002 20:42:27 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1ZV7P>; Tue, 30 Apr 2002 20:39:52 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.134]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1ZV7L; Tue, 30 Apr 2002 20:39:49 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: azb@llnl.gov, kent@bbn.com Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020430154229.02d99810@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 30 Apr 2002 15:49:39 -0400 Subject: RE: Meaning of Non-repudiation In-Reply-To: <p05100303b8ef7d15f2c9@[128.89.88.34]> References: <4.3.2.7.2.20020426103400.00b51910@poptop.llnl.gov> <4.3.2.7.2.20020426103400.00b51910@poptop.llnl.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve & Tony: >>To my view of things, the "existence" of NR=1 in a certificate is no more >>than a statement, by the issuing CA, that "they will not stand in the way >>of this certificate being used as a component in some form of NR scheme >>(and will happily accept your Visa or Mastercard, thank you.) >> >>If one limits the presence of an NR bit to this weak assertion, it >>becomes clear that the NR bit "means almost nothing." Thus there is >>little left to debate about it on the list. >> >>(As I recall, Tom Ginden's "Technical Non-Repudiation" document was about >>as far as one could reasonably take application of the NR bit. It was >>time for everyone else to put-up or shut-up, and everyone shut-up.) >> >>____tony____ > >Tony, > >I think the PKIX list discussion ended with the observation that there >might be more benefit to the NR bit in the other direction, i.e., when it >is NOT asserted. In that case the interpretation is that the CA is >signalling that the cert was not issued for use in transactions requiring >NR. Thus one would normally set the NR bit to 0 in certs to be used for >signing authentication data exchanges, vs. binding documents, etc. When >the bit is asserted, it is best viewed as a necessary, but not sufficient, >condition for NR. > >Steve Son-of-2459 says: Further distinctions between the digitalSignature and nonRepudiation bits may be provided in specific certificate policies. This allows the CA to state what additional meaning is associated with the nonRepudiation bit. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3UF7IR10200 for ietf-pkix-bks; Tue, 30 Apr 2002 08:07:18 -0700 (PDT) Received: from mailgate5.cinetic.de (mailgate5.cinetic.de [217.72.192.165]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3UF7Ga10195 for <ietf-pkix@imc.org>; Tue, 30 Apr 2002 08:07:16 -0700 (PDT) Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46]) by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id g3UF71X20056 for ietf-pkix@imc.org; Tue, 30 Apr 2002 17:07:01 +0200 Date: Tue, 30 Apr 2002 17:07:01 +0200 Message-Id: <200204301507.g3UF71X20056@mailgate5.cinetic.de> MIME-Version: 1.0 Organization: http://freemail.web.de/ From: <yameogo@web.de> To: ietf-pkix@imc.org Subject: ASN.1 Compiler for Java Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3UF7Ha10196 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi PKIXers, Does anybody have some experience with an ASN.1 Compiler/Toolkit for Java? It should be different from Snacc4j. This one I have already checked it out and I m not satisfied with the licensing situation. Thx ____________________________________________________ Berufsunfähigskeitversicherung von Mamax bei WEB.DE. Jetzt informieren! http://bu.web.de Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3UCxja04826 for ietf-pkix-bks; Tue, 30 Apr 2002 05:59:45 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3UCxha04822 for <ietf-pkix@imc.org>; Tue, 30 Apr 2002 05:59:43 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA15768 for <ietf-pkix@imc.org>; Tue, 30 Apr 2002 15:02:33 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002043014590662:569 ; Tue, 30 Apr 2002 14:59:06 +0200 Message-ID: <3CCE9519.7CB28DE8@bull.net> Date: Tue, 30 Apr 2002 14:59:05 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: Re: I-D ACTION:draft-ietf-pkix-warranty-extn-00.txt References: <200204191123.HAA16015@ietf.org> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 30/04/2002 14:59:06, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 30/04/2002 14:59:38, Serialize complete at 30/04/2002 14:59:38 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Comments on the Warranty certificate extension Before looking at the technical details of the warranty, it is important to make sure that practical cases can be solved. Since a warranty is mentioned, legal considerations cannot be left aside. The current proposal states that "the certificate warranty provides an extended monetary coverage for the legal liability of the CA, in favor of the *subscriber*". The problem is that the warranty should also apply in favor of one or more *relying parties*. Are the relaying parties going to complain to the subscriber only and will then the subscriber makes arrangement with the CA only ? For the extreme cases where there are, let us say, 10.000 plaintiffs each one claiming for a damage of 1.000 $ and when the upper limit of the warranty will be altogether, for example, 100.000 $ (called "aggregated damage" in the draft). What would be the criteria to reimburse the plaintiffs ? Since the total damage is 10.000.000 $, are only 10 % of the first plaintiffs to be reimbursed ? or will a random choice will be done among the 10.000 plaintiffs ? Since the warranty is for the subscriber and not for the plaintiffs, will the subscriber deal with the 10.000 plaintiffs directly ? The second point is that no conditions to get advantage of the warranty are mentioned. Should a relying party only check the revocation status of the certificate ? Should the relying party check the certificate against a validation policy ? What kind of proof of its checking should the relying party present to the CA; or to the subscriber ? An OSCP response? A DPV response ? Should the details of the transaction involved be provided ? For all these reasons, the difficulty of use of such an extension is very questionable. Now, it should be noticed that such a similar extension has already been defined in ETSI TS 101 862. This extension takes advantage of the qcStatement defined in RFC 3039 and specifies a statement regarding limits on the value of transactions. This optional statement contains: - an identifier of this statement (represented by an OID); - a monetary value expressing the limit on the value of transactions. This statement is a statement by the issuer which impose a limitation on the value of transaction for which this certificate can be used to the specified amount (MonetaryValue), according to the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. In fact the Directive is requiring (in Annex I) a field to specify "limits on the value of transactions for which the certificate can be used, if applicable". The reason for that field is specified in the Directive in these terms: "The certification-service-provider shall not be liable for damage arising from use of a qualified certificate which exceeds the limitations placed on it". The text does *not* say: "The certification-service-provider *shall be* liable for damage arising from use of a qualified certificate which *meets* the limitations placed on it". So it is more a *disclaimer of warranty* rather than a warranty. If the proposal was for a warranty disclaimer extension, then it would be more appropriate. In such a case it would not be necessary to indicate the conditions to meet to get the warranty since there would be no warranty. It is doubtful that an off-line indication in a certificate will be the right answer to a problem that is commonly solved using an on-line protocol (e.g. money withdrawal on an ATM). Denis > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. > > Title : Warranty Certificate Extension > Author(s) : D. Linsenbardt, S. Pontius > Filename : draft-ietf-pkix-warranty-extn-00.txt > Pages : 7 > Date : 18-Apr-02 > > This document describes a certificate extension to explicitly state > the warranty offered by a Certificate Authority (CA) for a the > certificate containing the extension. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-pkix-warranty-extn-00.txt Received: by above.proper.com (8.11.6/8.11.3) id g3UAYD625868 for ietf-pkix-bks; Tue, 30 Apr 2002 03:34:13 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3UAYCa25860 for <ietf-pkix@imc.org>; Tue, 30 Apr 2002 03:34:12 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA22260; Tue, 30 Apr 2002 12:37:04 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002043012333743:529 ; Tue, 30 Apr 2002 12:33:37 +0200 Message-ID: <3CCE7300.BD3CA872@bull.net> Date: Tue, 30 Apr 2002 12:33:36 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204291506.RAA13799@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 30/04/2002 12:33:37, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 30/04/2002 12:34:09, Serialize complete at 30/04/2002 12:34:09 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > " When the request is authenticated, the requestor SHOULD be able, upon > > request, to indicate an identifier to be included in the response. > > How this identifier is matched with the authenticated identity depends > > on local server conditions and/or the validation policy. The server > > MAY choose to refuse to include an identifier in the response, or MAY > > refuse to create a response." > > > > I do not see that there is a need to add "claimed" in it. > > > > Ok. > > The text 'requestor SHOULD be able' is not good as I said in a > previous message. 'the protocol MUST provide a means to optionally > allow ..' Granted. Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3U384H10942 for ietf-pkix-bks; Mon, 29 Apr 2002 20:08:04 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3U382a10937 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 20:08:02 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3U37xui026906; Mon, 29 Apr 2002 20:08:00 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Housley, Russ" <rhousley@rsasecurity.com>, <stephen.farrell@baltimore.ie> Cc: <ietf-pkix@imc.org> Subject: RE: Multiple paths in DPD Date: Mon, 29 Apr 2002 20:05:07 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEFMCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <5.1.0.14.2.20020429190949.02d15a70@exna07.securitydynamics.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I am as well. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Housley, Russ > Sent: Monday, April 29, 2002 4:10 PM > > All: > > I am comfortable with the approach that Steve suggests. > > Russ > > At 12:31 PM 4/29/2002 +0100, Stephen Farrell wrote: > > >Mike, Russ, > > > >Firstly, I also like the "cookie" approach to > >handling multiple paths so add me to the list > >of those who'd like the requirements document > >not to preclude this (I hadn't spotted that > > it did so). > > > >I would though agree with Russ that the requirements > >document must not require that protocols take this > >approach. So, basically, the text "Therefore the > >client MUST be able to indicate the maximum number > >of certification paths to be returned (provided > >that they can be found)." is another example of the > >requirements being overly prescriptive and the usual > >fix can be applied. > > > >Second, I did manage to find a message [1] about > >this in a relevant thread [2]. I wouldn't say that > >messaage represents concensus, but OTOH I didn't > >find anything about what's currently in the > >requirements draft (though it may be there of course). > > > >Third, in looking for those, I noticed that my > >earliest on-list mail on this topic was Paul Hoffman's > >of May 23rd 2000 [3], so we can mark the 2nd > >anniversary of this discussion soon, > > > >Sigh, > >Stephen. > > > >[1] http://www.imc.org/ietf-pkix/old-archive-00/msg02286.html > >[2] http://www.imc.org/ietf-pkix/old-archive-00/msg02220.html > >[3] http://www.imc.org/ietf-pkix/old-archive-00/msg00840.html > > > >Michael Myers wrote: > > > > > > > -----Original Message----- > > > > From: owner-ietf-pkix@mail.imc.org > > > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > > > Housley, Russ > > > > Sent: Friday, April 26, 2002 8:04 AM > > > > > > > > Mike: > > > > > > > > I am strongly opposed to an approach that would > > > > require the server to maintain state. Unless other > > > > people are willing to speak up and support such an > > > > approach, I am not willing to make changes in this > > > > area. In my view, the current consensus is for > > > > a stateless server. > > > > > > > > Russ > > > > > > Russ, > > > > > > I'm probably just digging me a deeper hole but I > thought to > > > entertain myself in determining precisely where > consensus was > > > reached in the WG regarding stateless servers. > > > > > > It turns out that I can't find one. I looked at > two sources: > > > the list back for this full year (2002) and the > minutes of the > > > meetings as recorded on the IETF web site. I searched for > > > "state", "stateless" and "stateful". > > > > > > I found nothing in the 2002 minutes with respect > to these search > > > targets. It's only in Minneapolis, 14 March 2001 > where the > > > minutes record a briefing by Denis: > > > > > > "DPD/DPV - Denis Pinkas (Bull) > > > . . . > > > Finally, argues for stateless servers, i.e., > > > no retry facility in DPD. (slides)" > > > > > > On the list, there's only two hits on "stateful", > both in a > > > single message from me querying Tim on an issue > regarding relay. > > > A search for "stateless" for this entire calendar > year only > > > found the message of today asserting consensus on > the stateless > > > approach. Of the 328 hits for "state" in the > list for 2002 most > > > relate either to discussions of response states, the state > > > machine design model on the server, or expository > use of the > > > word. With respect to anything that might be construed as > > > consensus on stateless servers, Peter Sylvester > made a comment > > > and Denis Pinas responded: > > > > > > [Answer 9] This would create the maintenance of state > > > information which should be avoided. . . . > > > > > > So I think at best we have consensus by silent > affirmation. > > > > > > Mike > > > >-- > >____________________________________________________________ > >Stephen Farrell > >Baltimore Technologies, tel: (direct line) +353 1 881 6716 > >39 Parkgate Street, fax: +353 1 881 7000 > >Dublin 8. mailto:stephen.farrell@baltimore.ie > >Ireland http://www.baltimore.com > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TNBip02366 for ietf-pkix-bks; Mon, 29 Apr 2002 16:11:44 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3TNBfa02357 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 16:11:42 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 29 Apr 2002 23:10:20 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id TAA29913 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 19:10:05 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3TNBmp29073 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 19:11:48 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1ZF6C>; Mon, 29 Apr 2002 19:09:14 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.45]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1ZF6A; Mon, 29 Apr 2002 19:09:10 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: stephen.farrell@baltimore.ie Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020429190949.02d15a70@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 29 Apr 2002 19:10:23 -0400 Subject: Re: Multiple paths in DPD In-Reply-To: <3CCD2F05.2B4DCD35@baltimore.ie> References: <EOEGJNFMMIBDKGFONJJDAEEMCKAA.myers@coastside.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All: I am comfortable with the approach that Steve suggests. Russ At 12:31 PM 4/29/2002 +0100, Stephen Farrell wrote: >Mike, Russ, > >Firstly, I also like the "cookie" approach to handling multiple >paths so add me to the list of those who'd like the requirements >document not to preclude this (I hadn't spotted that it did so). >I would though agree with Russ that the requirements document must >not require that protocols take this approach. So, basically, the >text "Therefore the client MUST be able to indicate the maximum >number of certification paths to be returned (provided that >they can be found)." is another example of the requirements >being overly prescriptive and the usual fix can be applied. > >Second, I did manage to find a message [1] about this in a >relevant thread [2]. I wouldn't say that messaage represents >concensus, but OTOH I didn't find anything about what's currently >in the requirements draft (though it may be there of course). > >Third, in looking for those, I noticed that my earliest on-list >mail on this topic was Paul Hoffman's of May 23rd 2000 [3], so we >can mark the 2nd anniversary of this discussion soon, > >Sigh, >Stephen. > >[1] http://www.imc.org/ietf-pkix/old-archive-00/msg02286.html >[2] http://www.imc.org/ietf-pkix/old-archive-00/msg02220.html >[3] http://www.imc.org/ietf-pkix/old-archive-00/msg00840.html > >Michael Myers wrote: > > > > > -----Original Message----- > > > From: owner-ietf-pkix@mail.imc.org > > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > > Housley, Russ > > > Sent: Friday, April 26, 2002 8:04 AM > > > > > > Mike: > > > > > > I am strongly opposed to an approach that would > > > require the server to maintain state. Unless other > > > people are willing to speak up and support such an > > > approach, I am not willing to make changes in this > > > area. In my view, the current consensus is for > > > a stateless server. > > > > > > Russ > > > > Russ, > > > > I'm probably just digging me a deeper hole but I thought to > > entertain myself in determining precisely where consensus was > > reached in the WG regarding stateless servers. > > > > It turns out that I can't find one. I looked at two sources: > > the list back for this full year (2002) and the minutes of the > > meetings as recorded on the IETF web site. I searched for > > "state", "stateless" and "stateful". > > > > I found nothing in the 2002 minutes with respect to these search > > targets. It's only in Minneapolis, 14 March 2001 where the > > minutes record a briefing by Denis: > > > > "DPD/DPV - Denis Pinkas (Bull) > > . . . > > Finally, argues for stateless servers, i.e., > > no retry facility in DPD. (slides)" > > > > On the list, there's only two hits on "stateful", both in a > > single message from me querying Tim on an issue regarding relay. > > A search for "stateless" for this entire calendar year only > > found the message of today asserting consensus on the stateless > > approach. Of the 328 hits for "state" in the list for 2002 most > > relate either to discussions of response states, the state > > machine design model on the server, or expository use of the > > word. With respect to anything that might be construed as > > consensus on stateless servers, Peter Sylvester made a comment > > and Denis Pinas responded: > > > > [Answer 9] This would create the maintenance of state > > information which should be avoided. . . . > > > > So I think at best we have consensus by silent affirmation. > > > > Mike > >-- >____________________________________________________________ >Stephen Farrell >Baltimore Technologies, tel: (direct line) +353 1 881 6716 >39 Parkgate Street, fax: +353 1 881 7000 >Dublin 8. mailto:stephen.farrell@baltimore.ie >Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TN95N02229 for ietf-pkix-bks; Mon, 29 Apr 2002 16:09:05 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3TN8wa02225 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 16:08:58 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 29 Apr 2002 23:07:37 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id TAA29782 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 19:07:22 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3TN95j28909 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 19:09:05 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1ZF51>; Mon, 29 Apr 2002 19:06:31 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.45]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1ZF5C; Mon, 29 Apr 2002 19:06:26 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Michael Myers <myers@coastside.net> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020429190656.02d5fe00@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 29 Apr 2002 19:08:52 -0400 Subject: RE: Multiple paths in DPD In-Reply-To: <EOEGJNFMMIBDKGFONJJDAEEMCKAA.myers@coastside.net> References: <5.1.0.14.2.20020426110136.033fb5c0@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike: No. We have a document in Working Group Last Call, and a section in the document that has not had any significant change since the initial draft. You have raised your point, and now we will see if there is support for such a change. Russ At 12:59 PM 4/26/2002 -0700, Michael Myers wrote: > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > Housley, Russ > > Sent: Friday, April 26, 2002 8:04 AM > > > > Mike: > > > > I am strongly opposed to an approach that would > > require the server to maintain state. Unless other > > people are willing to speak up and support such an > > approach, I am not willing to make changes in this > > area. In my view, the current consensus is for > > a stateless server. > > > > Russ > > >Russ, > >I'm probably just digging me a deeper hole but I thought to >entertain myself in determining precisely where consensus was >reached in the WG regarding stateless servers. > >It turns out that I can't find one. I looked at two sources: >the list back for this full year (2002) and the minutes of the >meetings as recorded on the IETF web site. I searched for >"state", "stateless" and "stateful". > >I found nothing in the 2002 minutes with respect to these search >targets. It's only in Minneapolis, 14 March 2001 where the >minutes record a briefing by Denis: > > "DPD/DPV - Denis Pinkas (Bull) > . . . > Finally, argues for stateless servers, i.e., > no retry facility in DPD. (slides)" > >On the list, there's only two hits on "stateful", both in a >single message from me querying Tim on an issue regarding relay. >A search for "stateless" for this entire calendar year only >found the message of today asserting consensus on the stateless >approach. Of the 328 hits for "state" in the list for 2002 most >relate either to discussions of response states, the state >machine design model on the server, or expository use of the >word. With respect to anything that might be construed as >consensus on stateless servers, Peter Sylvester made a comment >and Denis Pinas responded: > > [Answer 9] This would create the maintenance of state > information which should be avoided. . . . > >So I think at best we have consensus by silent affirmation. > >Mike Received: by above.proper.com (8.11.6/8.11.3) id g3TLTo700168 for ietf-pkix-bks; Mon, 29 Apr 2002 14:29:50 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TLTla00163 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 14:29:48 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3TLTTui026955; Mon, 29 Apr 2002 14:29:29 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Hal Lockhart" <hal.lockhart@entegrity.com>, "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>, <rhousley@rsasecurity.com> Cc: <ietf-pkix@imc.org> Subject: RE: Multiple paths in DPD Date: Mon, 29 Apr 2002 14:26:36 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDEEFJCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <899128A30EEDD1118FC900A0C9C74A340103403D@bigbird.gradient.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] > Sent: Monday, April 29, 2002 2:00 PM > To: 'Michael Myers'; Hal Lockhart; 'Peter Sylvester'; rhousley@rsasecurity.com > Cc: ietf-pkix@imc.org > Subject: RE: Multiple paths in DPD > > > > > I was not talking about the client providing different > > > inputs, but the fact that server's based of information > > > will be updated from time to reflect revocations, > > > expirations, new authorities, etc. I assume this service > > > will be in continuous operation. > > > > > > > I understand your point better now. But would not the effects > > of these dynamics apply equally well in both the enumerated and > > iterated approaches? I don't yet see how it is a discriminator > > between the two. > My understanding of the other approach is that the set > of paths is generated afresh each time. (although only > the first N may be sent) Therefore each response is > inherently consistent with itself and independant of > any other response. BTW, I hold no brief for stateful > or stateless. I am just trying to help clarify for the > list, the tradeoffs involved. > > Hal Hal, Interesting. My assumption was that in either case there exists between 1 and N paths defined by the initial context of the client's query. Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TL3Po26068 for ietf-pkix-bks; Mon, 29 Apr 2002 14:03:25 -0700 (PDT) Received: from dymwsm05.mailwatch.com (dymwsm05.mailwatch.com [204.253.83.41]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TL3Na26061 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 14:03:23 -0700 (PDT) Received: from mwsc0214.mw4.mailwatch.com (mwsc0214.mw4.mailwatch.com [204.253.83.253]) by dymwsm05.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3TL3FA11786 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 17:03:15 -0400 Received: from mail pickup service by mwsc0214.mw4.mailwatch.com with Microsoft SMTPSVC; Mon, 29 Apr 2002 17:03:15 -0400 Received: from 204.253.83.39 ([204.253.83.39]) by MWSC0214 with SMTP id 0002000e3a22514d-d3a9-40bd-9308-281bb63bb660; Mon, 29 Apr 2002 17:03:15 -0500 Received: from bigbird.entegrity.com (bigbird.gradient.com [192.92.110.50]) by dymwsm15.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3TL3Fd13204; Mon, 29 Apr 2002 17:03:15 -0400 Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <JC4CDFDX>; Mon, 29 Apr 2002 16:59:39 -0400 Message-ID: <899128A30EEDD1118FC900A0C9C74A340103403D@bigbird.gradient.com> From: Hal Lockhart <hal.lockhart@entegrity.com> To: "'Michael Myers'" <myers@coastside.net>, Hal Lockhart <hal.lockhart@entegrity.com>, "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>, rhousley@rsasecurity.com Cc: ietf-pkix@imc.org Subject: RE: Multiple paths in DPD Date: Mon, 29 Apr 2002 16:59:39 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1EFC0.C6FB8EFE" HOP-COUNT: 1 X-MAILWATCH-INSTANCEID: 0102000e3a22514d-d3a9-40bd-9308-281bb63bb660 X-OriginalArrivalTime: 29 Apr 2002 21:03:15.0639 (UTC) FILETIME=[47DBAC70:01C1EFC1] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1EFC0.C6FB8EFE Content-Type: text/plain; charset="ISO-8859-1" > > I was not talking about the client providing different > > inputs, but the fact that server's based of information > > will be updated from time to reflect revocations, > > expirations, new authorities, etc. I assume this service > > will be in continuous operation. > > > > I understand your point better now. But would not the effects > of these dynamics apply equally well in both the enumerated and > iterated approaches? I don't yet see how it is a discriminator > between the two. My understanding of the other approach is that the set of paths is generated afresh each time. (although only the first N may be sent) Therefore each response is inherently consistent with itself and independant of any other response. BTW, I hold no brief for stateful or stateless. I am just trying to help clarify for the list, the tradeoffs involved. Hal ------_=_NextPart_001_01C1EFC0.C6FB8EFE Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DISO-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2448.0"> <TITLE>RE: Multiple paths in DPD</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2> > > I was not talking about the client = providing different</FONT> <BR><FONT SIZE=3D2>> > inputs, but the fact that server's based = of information</FONT> <BR><FONT SIZE=3D2>> > will be updated from time to reflect = revocations,</FONT> <BR><FONT SIZE=3D2>> > expirations, new authorities, etc. I = assume this service</FONT> <BR><FONT SIZE=3D2>> > will be in continuous operation.</FONT> <BR><FONT SIZE=3D2>> ></FONT> </P> <P><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> I understand your point better now. But = would not the effects</FONT> <BR><FONT SIZE=3D2>> of these dynamics apply equally well in both = the enumerated and</FONT> <BR><FONT SIZE=3D2>> iterated approaches? I don't yet see how = it is a discriminator</FONT> <BR><FONT SIZE=3D2>> between the two.</FONT> </P> <P><FONT SIZE=3D2>My understanding of the other approach is that the = set of paths is generated afresh each time. (although only the first N = may be sent) Therefore each response is inherently consistent with = itself and independant of any other response.</FONT></P> <P><FONT SIZE=3D2>BTW, I hold no brief for stateful or stateless. I am = just trying to help clarify for the list, the tradeoffs = involved.</FONT> </P> <P><FONT SIZE=3D2>Hal</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1EFC0.C6FB8EFE-- Received: by above.proper.com (8.11.6/8.11.3) id g3TJhRu18346 for ietf-pkix-bks; Mon, 29 Apr 2002 12:43:27 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TJhPa18340 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 12:43:25 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3TJhCui016836; Mon, 29 Apr 2002 12:43:12 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Hal Lockhart" <hal.lockhart@entegrity.com>, "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>, <rhousley@rsasecurity.com> Cc: <ietf-pkix@imc.org> Subject: RE: Multiple paths in DPD Date: Mon, 29 Apr 2002 12:40:18 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDOEFHCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <899128A30EEDD1118FC900A0C9C74A340103403B@bigbird.gradient.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Hal Lockhart > Sent: Monday, April 29, 2002 7:44 AM > To: 'Michael Myers'; 'Peter Sylvester'; rhousley@rsasecurity.com > Cc: ietf-pkix@imc.org > Subject: RE: Multiple paths in DPD > > > Handling this protocol when the information used to > > > construct the paths changes between requests seems > > > particularly challenging to me. > > > > No. One of the underlying assumptions is that no > > paramters change from the client. The client is > > seeking a path compliant to a given set of parameters. > > As it may turn out, the server may have several > > such that qualify. The iterative approach enables > > a client to acquire these in serial query fashion > > until it either finds the precise record/path > > it's looking for or the server runs out of data. > I was not talking about the client providing different > inputs, but the fact that server's based of information > will be updated from time to reflect revocations, > expirations, new authorities, etc. I assume this service > will be in continuous operation. > > Hal Hal, I understand your point better now. But would not the effects of these dynamics apply equally well in both the enumerated and iterated approaches? I don't yet see how it is a discriminator between the two. Mike Received: by above.proper.com (8.11.6/8.11.3) id g3TFUur08388 for ietf-pkix-bks; Mon, 29 Apr 2002 08:30:56 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TFUsa08382 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 08:30:54 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA04438; Mon, 29 Apr 2002 17:30:52 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Mon, 29 Apr 2002 17:30:52 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA18516; Mon, 29 Apr 2002 17:30:51 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA13804; Mon, 29 Apr 2002 17:30:51 +0200 (MET DST) Date: Mon, 29 Apr 2002 17:30:51 +0200 (MET DST) Message-Id: <200204291530.RAA13804@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > > Are you asking for a requirement to be included in the > > text that indicates: > > > > " A protocol that implements the requirements of this document > > MUST NOT, never ever, implement other features, even optional ones. " > > I do not think that we need any sentence. Now, if we really needed one, here > is a proposal: > > The basic protocol SHOULD NOT support any additional requirement besides the > requirements listed in this document. Any additional feature not listed > SHOULD only be supported using extension fields. > At least you start accepting that other features MAY be implemented by a protocol. We are therefore a little bit further than: > No. We would not make the effort of writing these requirements if we were > going to allow a protocol that supports many other features that are *not* > required. Nevertheless, I consider your proposition as overspecification and unjustified. - You make the assumption that there is something like an extensions mechanism. - You restrict ALL features to that extension mechanism without leaving the possibility of 'devine inspiration' that leads to an obvious feature of a protocol implemented in an obvious way immediately. I would agree that additional features that are supported by a protocol need to have consensus since they may create additional development effort and interoperability problems. Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TF6eL07174 for ietf-pkix-bks; Mon, 29 Apr 2002 08:06:40 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TF6ca07169 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 08:06:38 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA04310; Mon, 29 Apr 2002 17:06:27 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Mon, 29 Apr 2002 17:06:27 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA18426; Mon, 29 Apr 2002 17:06:26 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA13799; Mon, 29 Apr 2002 17:06:26 +0200 (MET DST) Date: Mon, 29 Apr 2002 17:06:26 +0200 (MET DST) Message-Id: <200204291506.RAA13799@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: tgindin@us.ibm.com, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > " When the request is authenticated, the requestor SHOULD be able, upon > request, to indicate an identifier to be included in the response. > How this identifier is matched with the authenticated identity depends > on local server conditions and/or the validation policy. The server > MAY choose to refuse to include an identifier in the response, or MAY > refuse to create a response." > > I do not see that there is a need to add "claimed" in it. > Ok. The text 'requestor SHOULD be able' is not good as I said in a previous message. 'the protocol MUST provide a means to optionally allow ..' Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TEm7J04525 for ietf-pkix-bks; Mon, 29 Apr 2002 07:48:07 -0700 (PDT) Received: from dymwsm17.mailwatch.com (dymwsm17.mailwatch.com [204.253.83.165]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TEm6a04519 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 07:48:06 -0700 (PDT) Received: from MWSC0215.mw4.mailwatch.com (mwsc0215.mw4.mailwatch.com [204.253.83.251]) by dymwsm17.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3TElxB32411 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 10:48:01 -0400 Received: from mail pickup service by MWSC0215.mw4.mailwatch.com with Microsoft SMTPSVC; Mon, 29 Apr 2002 10:47:59 -0400 Received: from 204.253.83.34 ([204.253.83.34]) by MWSC0215 with SMTP id 000200021a1e0b7f-356a-4eb0-883b-9c533143c5ed; Mon, 29 Apr 2002 10:47:58 -0500 Received: from bigbird.entegrity.com (bigbird.gradient.com [192.92.110.50]) by dymwsm12.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3TElwL24113; Mon, 29 Apr 2002 10:47:58 -0400 Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <JC4CD11B>; Mon, 29 Apr 2002 10:44:23 -0400 Message-ID: <899128A30EEDD1118FC900A0C9C74A340103403B@bigbird.gradient.com> From: Hal Lockhart <hal.lockhart@entegrity.com> To: "'Michael Myers'" <myers@coastside.net>, "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>, rhousley@rsasecurity.com Cc: ietf-pkix@imc.org Subject: RE: Multiple paths in DPD Date: Mon, 29 Apr 2002 10:44:22 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1EF8C.5A36EDF6" HOP-COUNT: 1 X-MAILWATCH-INSTANCEID: 010200021a1e0b7f-356a-4eb0-883b-9c533143c5ed X-OriginalArrivalTime: 29 Apr 2002 14:47:59.0251 (UTC) FILETIME=[DB0B8630:01C1EF8C] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1EF8C.5A36EDF6 Content-Type: text/plain; charset="ISO-8859-1" > > Handling this protocol when the information used to > > construct the paths changes between requests seems > > particularly challenging to me. > > No. One of the underlying assumptions is that no > paramters change from the client. The client is > seeking a path compliant to a given set of parameters. > As it may turn out, the server may have several > such that qualify. The iterative approach enables > a client to acquire these in serial query fashion > until it either finds the precise record/path > it's looking for or the server runs out of data. I was not talking about the client providing different inputs, but the fact that server's based of information will be updated from time to reflect revocations, expirations, new authorities, etc. I assume this service will be in continuous operation. Hal ------_=_NextPart_001_01C1EF8C.5A36EDF6 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DISO-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2448.0"> <TITLE>RE: Multiple paths in DPD</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>> > Handling this protocol when the information = used to</FONT> <BR><FONT SIZE=3D2>> > construct the paths changes between = requests seems</FONT> <BR><FONT SIZE=3D2>> > particularly challenging to me.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> No. One of the underlying assumptions is = that no</FONT> <BR><FONT SIZE=3D2>> paramters change from the client. The = client is</FONT> <BR><FONT SIZE=3D2>> seeking a path compliant to a given set of = parameters.</FONT> <BR><FONT SIZE=3D2>> As it may turn out, the server may have = several</FONT> <BR><FONT SIZE=3D2>> such that qualify. The iterative approach = enables</FONT> <BR><FONT SIZE=3D2>> a client to acquire these in serial query = fashion</FONT> <BR><FONT SIZE=3D2>> until it either finds the precise = record/path</FONT> <BR><FONT SIZE=3D2>> it's looking for or the server runs out of = data.</FONT> </P> <P><FONT SIZE=3D2>I was not talking about the client providing = different inputs, but the fact that server's based of information will = be updated from time to reflect revocations, expirations, new = authorities, etc. I assume this service will be in continuous = operation. </FONT></P> <P><FONT SIZE=3D2>Hal</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1EF8C.5A36EDF6-- Received: by above.proper.com (8.11.6/8.11.3) id g3TEk3G04053 for ietf-pkix-bks; Mon, 29 Apr 2002 07:46:03 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TEk1a04045 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 07:46:01 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA17134; Mon, 29 Apr 2002 16:48:54 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042916452953:445 ; Mon, 29 Apr 2002 16:45:29 +0200 Message-ID: <3CCD5C8E.D26F849E@bull.net> Date: Mon, 29 Apr 2002 16:45:34 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: tgindin@us.ibm.com, ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204291312.PAA13765@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:45:29, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:46:00, Serialize complete at 29/04/2002 16:46:00 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > Tim Gindin reminded me that I didn't respond to his mail > from April 16 where he suggested to add the word 'claimed' > to create "requester's claimed identity" allowing the > a server to honour or not the information before returning > it. > I would accept this way to formulate the requirement. The text fix that has been proposed is as follows: " When the request is authenticated, the requestor SHOULD be able, upon request, to indicate an identifier to be included in the response. How this identifier is matched with the authenticated identity depends on local server conditions and/or the validation policy. The server MAY choose to refuse to include an identifier in the response, or MAY refuse to create a response." I do not see that there is a need to add "claimed" in it. Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TEeVE02843 for ietf-pkix-bks; Mon, 29 Apr 2002 07:40:31 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TEeTa02834 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 07:40:29 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id QAA04166 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 16:40:30 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Mon, 29 Apr 2002 16:40:30 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id QAA18297 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 16:40:29 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id QAA13790 for ietf-pkix@imc.org; Mon, 29 Apr 2002 16:40:28 +0200 (MET DST) Date: Mon, 29 Apr 2002 16:40:28 +0200 (MET DST) Message-Id: <200204291440.QAA13790@emeriau.edelweb.fr> To: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-rfc3161bis-00.txt Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The text contains a changement that fixes some text concerning a MUST requirement of the TSA policy to be returned, by changing some SHOULD to a 'should'. I would like to know whether this text corresponds to group consensus. As far as I remember there are some group members that say that the MUST should be a SHOULD. I think the conflict can be summarizes with two paragraphs: Actual: The policy field MUST indicate the TSA's policy under which the response was produced. If a similar field was present in the TimeStampReq, then it MUST have the same value, otherwise an error (unacceptedPolicy) MUST be returned. Proposed: The 'policy' field MUST indicate the TSA's policy under which the response was produced. If the field 'reqPolicy' was present in the TimeStampReq, then 'policy' SHOULD have the same value, or an error (unacceptedPolicy) SHOULD be returned. Unfortunately it seems difficult to get a common opinion between those who specify and those who implement. ------------------------ I think that the following text " In that case, at any future time, the tokens signed with the corresponding key will be considered as invalid, but tokens generated before the revocation time will remain valid. " should be accompagnied by something like: It is difficult for a user to claim validity of a token that have a date inferior to the revocation date without additional means, e.g. cooperation of the TSA. It is necessary to provide evidence that the time stamp had been created before revocation BY THE TSA. Received: by above.proper.com (8.11.6/8.11.3) id g3TEdXT02639 for ietf-pkix-bks; Mon, 29 Apr 2002 07:39:33 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TEdVa02630 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 07:39:32 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA12864; Mon, 29 Apr 2002 16:42:25 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042916391802:441 ; Mon, 29 Apr 2002 16:39:18 +0200 Message-ID: <3CCD5B1A.9144C65E@bull.net> Date: Mon, 29 Apr 2002 16:39:22 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204290943.LAA13719@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:39:18, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:39:31, Serialize complete at 29/04/2002 16:39:31 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > Denis, > > Are you asking for a requirement to be included in the > text that indicates: > > " A protocol that implements the requirements of this document > MUST NOT, never ever, implement other features, even optional ones. " I do not think that we need any sentence. Now, if we really needed one, here is a proposal: The basic protocol SHOULD NOT support any additional requirement besides the requirements listed in this document. Any additional feature not listed SHOULD only be supported using extension fields. Denis > > > The list of potential useful additional feature is as endless as the > > > list of useless features. > > > > No. We would not make the effort of writing these requirements if we were > > going to allow a protocol that supports many other features that are *not* > > required. > > Received: by above.proper.com (8.11.6/8.11.3) id g3TEQL600920 for ietf-pkix-bks; Mon, 29 Apr 2002 07:26:21 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TEQKa00916 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 07:26:20 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA23830; Mon, 29 Apr 2002 16:29:12 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042916254888:436 ; Mon, 29 Apr 2002 16:25:48 +0200 Message-ID: <3CCD57F2.740AE195@bull.net> Date: Mon, 29 Apr 2002 16:25:54 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204261740.TAA12798@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:25:49, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:26:18, Serialize complete at 29/04/2002 16:26:18 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > > The list of potential useful additional feature is as endless as the > > > list of useless features. > > > > No. We would not make the effort of writing these requirements if we were > > going to allow a protocol that supports many other features that are *not* > > required. > > > > Denis > > Steve Kent said a few days ago: > > " We agreed > to allow competing protocol submissions which would be evaluated > against the requirements. " > This does not mean IMO, that it is forbidden to have more features > than those specified in the requirement doc. The two statements you quote are simply unrelated. So this is not a demonstration of your claim. Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TEGis00553 for ietf-pkix-bks; Mon, 29 Apr 2002 07:16:44 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TEGga00549 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 07:16:42 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA17146; Mon, 29 Apr 2002 16:19:34 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042916160886:435 ; Mon, 29 Apr 2002 16:16:08 +0200 Message-ID: <3CCD55AE.2A90CD61@bull.net> Date: Mon, 29 Apr 2002 16:16:14 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: roadmap References: <200204261736.TAA12795@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:16:08, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 29/04/2002 16:16:41, Serialize complete at 29/04/2002 16:16:41 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I believe that we fixed the wording of the roadmap. So the original goal of this thread is met. On the other topic whereas OCSP could be extended to support DPV requirements, we have different views. Let wait until the DPV requirement document is finished and come back to that topic later on, if needed. Denis > > > - A "trusted" OCSP responder which is not a CA or an authorized responder > > > can also issue status information based on his own local policy not > > > established by a CA, it can have its own 'revocation service' based > > > on the needs of the relying party. > > So a trusted OCSP responder provides the revocation status information of a > > *single* certificate and has nothing to do with a DPV server that does much > > more on a *chain* of certificates. > The point was that the structure of OCSP trust delegations, i.e., the modes > of CA, authorized responder and trusted responder provide sufficient possibilities > so that trust among a DPV client and services can be establish in a same way. > A potential addition to the OCSP protocol you turn a server which was is trusted > by the client using one of the existing OCSP trust mechanism into a service that > is implmenting the DPV requirements, i.e. into a DPV server that youses an enhanced > OCSP protocol. > > > - An 'authorised' CA DPV responder can create status information about > > An " 'authorised' CA DPV responder" is not a correct wording: either it is a > > CA or a DPV responder. > I am talking about an extended OCSP protocol implementing the DPV > requirements operated by an authorized OCSP responder. > > > its immediately subordinate certs, i;e. the single OCSP response that you > > > mention, and at the same time include some DPV response that validate > > > the path from the intermediate CA to the trusted root, either > > > as an entity extension or as a global extension. > > > - An OCSP server can also be any entity, and not just an authorised > > > CA responder. An OCSP responder can respond to whatever the service > > > provider likes to provide to its clients or what they need. OCSP is > > > not a 'A CS service'. > > An OCSP server basically provides the revocation status of a certificate and > > may support extensions in addition to that basic response. Up to now, such > > extensions have not been defined. > Obviously not, since we are not at the point of defining a protocol. As far > as I have understood, Mike is waiting until the DPV reqs get settled. > > Since a DPV response is far richer than a DPV response, it would be quite > > strange to use the content of the extension and to discard the main > > response. > Who has proposed to discard something? > > Picky-backing the DPV structure in an extension of the OCSP structure would > > also lead to a strange behaviour. You could get a "valid OCSP answer" with > > an "invalid DPV answer" (e.g. because a certificate from the chain is > > revoked). These two statuses do not match together. > Why do you think that the DPV server should indicate that the > certificate is good. Again, I am not advocating OCSPv2 which some people > may consider as repaied/enhanced by technique to similar as for > the Hubble telescope. Received: by above.proper.com (8.11.6/8.11.3) id g3TDCGi26633 for ietf-pkix-bks; Mon, 29 Apr 2002 06:12:16 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TDCEa26629 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 06:12:14 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id PAA03747; Mon, 29 Apr 2002 15:12:11 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Mon, 29 Apr 2002 15:12:12 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id PAA17932; Mon, 29 Apr 2002 15:12:10 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id PAA13765; Mon, 29 Apr 2002 15:12:10 +0200 (MET DST) Date: Mon, 29 Apr 2002 15:12:10 +0200 (MET DST) Message-Id: <200204291312.PAA13765@emeriau.edelweb.fr> To: tgindin@us.ibm.com Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim Gindin reminded me that I didn't respond to his mail from April 16 where he suggested to add the word 'claimed' to create "requester's claimed identity" allowing the a server to honour or not the information before returning it. I would accept this way to formulate the requirement. Received: by above.proper.com (8.11.6/8.11.3) id g3TBrWs24384 for ietf-pkix-bks; Mon, 29 Apr 2002 04:53:32 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TBrVa24379 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 04:53:31 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA25116; Mon, 29 Apr 2002 07:53:29 -0400 (EDT) Message-Id: <200204291153.HAA25116@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-rfc3161bis-00.txt Date: Mon, 29 Apr 2002 07:53:27 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) Author(s) : C. Adams, P. Cain, D. Pinkas, R. Zuccherato Filename : draft-ietf-pkix-rfc3161bis-00.txt Pages : 26 Date : 26-Apr-02 This document describes the format of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. It also establishes several security-relevant requirements for TSA operation, with regards to processing requests to generate responses. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3161bis-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-rfc3161bis-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-rfc3161bis-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020426141037.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-rfc3161bis-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-rfc3161bis-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020426141037.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3TBVRi23911 for ietf-pkix-bks; Mon, 29 Apr 2002 04:31:27 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3TBVOa23907 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 04:31:25 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3TBVOb19777 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 12:31:24 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a8e1a5ad40a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 12:25:48 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id MAA14157; Mon, 29 Apr 2002 12:31:17 +0100 Message-ID: <3CCD2F05.2B4DCD35@baltimore.ie> Date: Mon, 29 Apr 2002 12:31:17 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Michael Myers <myers@coastside.net>, "Housley, Russ" <rhousley@rsasecurity.com> CC: ietf-pkix@imc.org Subject: Re: Multiple paths in DPD References: <EOEGJNFMMIBDKGFONJJDAEEMCKAA.myers@coastside.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, Russ, Firstly, I also like the "cookie" approach to handling multiple paths so add me to the list of those who'd like the requirements document not to preclude this (I hadn't spotted that it did so). I would though agree with Russ that the requirements document must not require that protocols take this approach. So, basically, the text "Therefore the client MUST be able to indicate the maximum number of certification paths to be returned (provided that they can be found)." is another example of the requirements being overly prescriptive and the usual fix can be applied. Second, I did manage to find a message [1] about this in a relevant thread [2]. I wouldn't say that messaage represents concensus, but OTOH I didn't find anything about what's currently in the requirements draft (though it may be there of course). Third, in looking for those, I noticed that my earliest on-list mail on this topic was Paul Hoffman's of May 23rd 2000 [3], so we can mark the 2nd anniversary of this discussion soon, Sigh, Stephen. [1] http://www.imc.org/ietf-pkix/old-archive-00/msg02286.html [2] http://www.imc.org/ietf-pkix/old-archive-00/msg02220.html [3] http://www.imc.org/ietf-pkix/old-archive-00/msg00840.html Michael Myers wrote: > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > Housley, Russ > > Sent: Friday, April 26, 2002 8:04 AM > > > > Mike: > > > > I am strongly opposed to an approach that would > > require the server to maintain state. Unless other > > people are willing to speak up and support such an > > approach, I am not willing to make changes in this > > area. In my view, the current consensus is for > > a stateless server. > > > > Russ > > Russ, > > I'm probably just digging me a deeper hole but I thought to > entertain myself in determining precisely where consensus was > reached in the WG regarding stateless servers. > > It turns out that I can't find one. I looked at two sources: > the list back for this full year (2002) and the minutes of the > meetings as recorded on the IETF web site. I searched for > "state", "stateless" and "stateful". > > I found nothing in the 2002 minutes with respect to these search > targets. It's only in Minneapolis, 14 March 2001 where the > minutes record a briefing by Denis: > > "DPD/DPV - Denis Pinkas (Bull) > . . . > Finally, argues for stateless servers, i.e., > no retry facility in DPD. (slides)" > > On the list, there's only two hits on "stateful", both in a > single message from me querying Tim on an issue regarding relay. > A search for "stateless" for this entire calendar year only > found the message of today asserting consensus on the stateless > approach. Of the 328 hits for "state" in the list for 2002 most > relate either to discussions of response states, the state > machine design model on the server, or expository use of the > word. With respect to anything that might be construed as > consensus on stateless servers, Peter Sylvester made a comment > and Denis Pinas responded: > > [Answer 9] This would create the maintenance of state > information which should be avoided. . . . > > So I think at best we have consensus by silent affirmation. > > Mike -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: by above.proper.com (8.11.6/8.11.3) id g3T9hDh14048 for ietf-pkix-bks; Mon, 29 Apr 2002 02:43:13 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3T9hAa14044 for <ietf-pkix@imc.org>; Mon, 29 Apr 2002 02:43:10 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id LAA03127; Mon, 29 Apr 2002 11:43:08 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Mon, 29 Apr 2002 11:43:08 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id LAA17295; Mon, 29 Apr 2002 11:43:07 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id LAA13719; Mon, 29 Apr 2002 11:43:07 +0200 (MET DST) Date: Mon, 29 Apr 2002 11:43:07 +0200 (MET DST) Message-Id: <200204290943.LAA13719@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Are you asking for a requirement to be included in the text that indicates: " A protocol that implements the requirements of this document MUST NOT, never ever, implement other features, even optional ones. " > > > > The list of potential useful additional feature is as endless as the > > list of useless features. > > No. We would not make the effort of writing these requirements if we were > going to allow a protocol that supports many other features that are *not* > required. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3RKnVq18165 for ietf-pkix-bks; Sat, 27 Apr 2002 13:49:31 -0700 (PDT) Received: from mtiwmhc24.worldnet.att.net (mtiwmhc24.worldnet.att.net [204.127.131.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3RKnTa18159 for <ietf-pkix@imc.org>; Sat, 27 Apr 2002 13:49:29 -0700 (PDT) Received: from tsg1 ([12.81.70.70]) by mtiwmhc24.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020427204926.HFEC18857.mtiwmhc24.worldnet.att.net@tsg1>; Sat, 27 Apr 2002 20:49:26 +0000 Message-ID: <020c01c1ee2c$ca06a790$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "PKIX-IETF" <ietf-pkix@imc.org>, "LISTS - IETF-IESG" <IESG@IETF.ORG>, <poised@lists.tislabs.com> References: <200204261740.TAA12798@emeriau.edelweb.fr> Subject: Re: Open issue: requester identifier in DPV response Date: Sat, 27 Apr 2002 13:46:23 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stephen - I think that it is very likely that ANY involvement by a WG Chair in ANY protocol at any level is a conflict of interest and actionable as such. It shows a predudicial predisposition towards that protocol and favors it over all others. This is why I am demanding the rewriting of the WG's charter as well as the approriate sections of RFC2026 et al.. What this means is that you,a WG Chiar CANNOT make any agreements as what you will and wont allow in the WG. In fact what it really means is that a WG Chair cannot make any arbitrary decsions regarding one protocol over another, and it further mandates a uniform process for all. That means definging the term "vetting" for this WG and how many participants have to be involved and whether they have to represent separate interests or not... So the IETF is shooting 0% on keeping the playing field level IMHO... Todd ----- Original Message ----- From: "Peter Sylvester" <Peter.Sylvester@edelweb.fr> To: <Peter.Sylvester@edelweb.fr>; <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Sent: Friday, April 26, 2002 10:40 AM Subject: Re: Open issue: requester identifier in DPV response > > > > > > > The list of potential useful additional feature is as endless as the > > > list of useless features. > > > > No. We would not make the effort of writing these requirements if we were > > going to allow a protocol that supports many other features that are *not* > > required. > > > > Denis > > > Steve Kent said a few days ago: > > " We agreed > to allow competing protocol submissions which would be evaluated > against the requirements. " > > This does not mean IMO, that it is forbidden to have more features > than those specified in the requirement doc. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3RKaaV18045 for ietf-pkix-bks; Sat, 27 Apr 2002 13:36:36 -0700 (PDT) Received: from mtiwmhc25.worldnet.att.net (mtiwmhc25.worldnet.att.net [204.127.131.50]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3RKaYa18041 for <ietf-pkix@imc.org>; Sat, 27 Apr 2002 13:36:34 -0700 (PDT) Received: from tsg1 ([12.81.70.186]) by mtiwmhc25.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020427203629.GVXA2855.mtiwmhc25.worldnet.att.net@tsg1>; Sat, 27 Apr 2002 20:36:29 +0000 Message-ID: <01ec01c1ee2a$fac02ca0$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Hal Lockhart" <hal.lockhart@entegrity.com>, "PKIX-IETF" <ietf-pkix@imc.org>, <harald@Alvestrand.no>, "Tim Polk" <tim.polk@nist.gov> References: <899128A30EEDD1118FC900A0C9C74A3401034038@bigbird.gradient.com> Subject: Re: Meaning of Non-repudiation Date: Sat, 27 Apr 2002 13:34:46 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01E9_01C1EDF0.4BED4760" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_01E9_01C1EDF0.4BED4760 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Meaning of Non-repudiationHal - ----- Original Message -----=20 From: Hal Lockhart=20 To: 'Tony Bartoletti' ; Aisenberg, Michael ; = 'todd.glassey@worldnet.att.net' ; 'tgindin@us.ibm.com'=20 Cc: 'ietf-pkix@imc.org'=20 Sent: Friday, April 26, 2002 11:24 AM Subject: RE: Meaning of Non-repudiation I believe the terms non-repudiation and signature date back to a time = (1980's) when nobody was talking about this stuff except a few = mathematicians.=20 You mean as far as Computer Scientists and researchers are concerned? = because Banking and other Trust-impinged computer operations have had = these concepts operating as self-proofing feature for considerably = longer that the last 20 years. NR here was implemented as an external = process. But when you look at them from a logic model stanpoint the NR = is the same. What is amusing here is that the PKI world thinks it invented NR. = Personally what I think that this is more grist for the mill 'that the = commercial processes require commercial inputs'.=20 They probably realized they were using analogies to name mathematical = concepts, which did have precise meanings in that limited scope. It is = now recognized that neither analogy holds up to close scrutiny. Unfortunately, the terminology got picked up and used very loosely by = the rest of the world. I have gotten used to hearing marketing types = using "non-repudiation" to mean any use of digital signatures. (Don't = get me started on "Trust." ;-)=20 I just point them at Tom's document. I agree with Tony. What else can = we do?=20 Hal=20 > -----Original Message-----=20 > From: Tony Bartoletti [mailto:azb@llnl.gov]=20 > Sent: Friday, April 26, 2002 2:50 PM=20 > To: Aisenberg, Michael; 'todd.glassey@worldnet.att.net';=20 > 'tgindin@us.ibm.com'=20 > Cc: 'ietf-pkix@imc.org'=20 > Subject: RE: Meaning of Non-repudiation=20 >=20 >=20 >=20 >=20 > At the risk of incurring PKIX list-wrath ...=20 >=20 > To my view of things, the "existence" of NR=3D1 in a=20 > certificate is no more=20 > than a statement, by the issuing CA, that "they will not=20 > stand in the way=20 > of this certificate being used as a component in some form of=20 > NR scheme=20 > (and will happily accept your Visa or Mastercard, thank you.)=20 >=20 > If one limits the presence of an NR bit to this weak=20 > assertion, it becomes=20 > clear that the NR bit "means almost nothing." Thus there is=20 > little left to=20 > debate about it on the list.=20 >=20 > (As I recall, Tom Ginden's "Technical Non-Repudiation"=20 > document was about=20 > as far as one could reasonably take application of the NR=20 > bit. It was time=20 > for everyone else to put-up or shut-up, and everyone shut-up.)=20 >=20 >=20 > ____tony____=20 >=20 > Tony Bartoletti 925-422-3881 <azb@llnl.gov>=20 > Information Operations, Warfare and Assurance Center=20 > Lawrence Livermore National Laboratory=20 > Livermore, CA 94551-9900=20 >=20 >=20 >=20 >=20 ------=_NextPart_000_01E9_01C1EDF0.4BED4760 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>RE: Meaning of Non-repudiation</TITLE> <META content=3D"text/html; charset=3DISO-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hal -</FONT></DIV> <BLOCKQUOTE=20 style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: = 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A href=3D"mailto:hal.lockhart@entegrity.com"=20 title=3Dhal.lockhart@entegrity.com>Hal Lockhart</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A = href=3D"mailto:azb@llnl.gov"=20 title=3Dazb@llnl.gov>'Tony Bartoletti'</A> ; <A=20 href=3D"mailto:maisenberg@verisign.com" = title=3Dmaisenberg@verisign.com>Aisenberg,=20 Michael</A> ; <A href=3D"mailto:'todd.glassey@worldnet.att.net'"=20 = title=3Dtodd.glassey@worldnet.att.net>'todd.glassey@worldnet.att.net'</A>= ; <A=20 href=3D"mailto:'tgindin@us.ibm.com'"=20 title=3Dtgindin@us.ibm.com>'tgindin@us.ibm.com'</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>Cc:</B> <A = href=3D"mailto:'ietf-pkix@imc.org'"=20 title=3Dietf-pkix@imc.org>'ietf-pkix@imc.org'</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, April 26, 2002 = 11:24=20 AM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: Meaning of=20 Non-repudiation</DIV> <DIV><BR></DIV> <P><FONT size=3D2>I believe the terms non-repudiation and signature = date back to=20 a time (1980's) when nobody was talking about this stuff except a few=20 mathematicians. </FONT></P> <P><FONT size=3D2></FONT> </P></BLOCKQUOTE> <P><FONT face=3DArial size=3D2>You mean as far as Computer Scientists = and=20 researchers are concerned? because Banking and other = Trust-impinged=20 computer operations have had these concepts operating as self-proofing = feature=20 for considerably longer that the last 20 years. NR here was=20 implemented as an external process. But when you look at them from a = logic model=20 stanpoint the NR is the same.</FONT></P> <P><FONT face=3DArial size=3D2>What is amusing here is that the PKI = world thinks it=20 invented NR. Personally what I think that this is more grist for = the mill=20 'that the commercial processes require commercial = inputs</FONT><FONT=20 face=3DArial size=3D2>'. </FONT></P> <BLOCKQUOTE=20 style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: = 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px"> <P><FONT size=3D2></FONT> </P> <P><FONT size=3D2>They probably realized they were using analogies to = name=20 mathematical concepts, which did have precise meanings in that limited = scope.=20 It is now recognized that neither analogy holds up to close=20 scrutiny.</FONT></P> <P><FONT size=3D2>Unfortunately, the terminology got picked up and = used very=20 loosely by the rest of the world. I have gotten used to hearing = marketing=20 types using "non-repudiation" to mean any use of digital signatures. = (Don't=20 get me started on "Trust." ;-) </FONT></P> <P><FONT size=3D2>I just point them at Tom's document. I agree with = Tony. What=20 else can we do?</FONT> </P> <P><FONT size=3D2>Hal</FONT> </P> <P><FONT size=3D2>> -----Original Message-----</FONT> <BR><FONT = size=3D2>>=20 From: Tony Bartoletti [<A=20 href=3D"mailto:azb@llnl.gov">mailto:azb@llnl.gov</A>]</FONT> <BR><FONT = size=3D2>> Sent: Friday, April 26, 2002 2:50 PM</FONT> <BR><FONT = size=3D2>>=20 To: Aisenberg, Michael; 'todd.glassey@worldnet.att.net';</FONT> = <BR><FONT=20 size=3D2>> 'tgindin@us.ibm.com'</FONT> <BR><FONT size=3D2>> Cc:=20 'ietf-pkix@imc.org'</FONT> <BR><FONT size=3D2>> Subject: RE: = Meaning of=20 Non-repudiation</FONT> <BR><FONT size=3D2>> </FONT><BR><FONT = size=3D2>>=20 </FONT><BR><FONT size=3D2>> </FONT><BR><FONT size=3D2>> = </FONT><BR><FONT=20 size=3D2>> At the risk of incurring PKIX list-wrath ...</FONT> = <BR><FONT=20 size=3D2>> </FONT><BR><FONT size=3D2>> To my view of things, the = "existence"=20 of NR=3D1 in a </FONT><BR><FONT size=3D2>> certificate is no more=20 </FONT><BR><FONT size=3D2>> than a statement, by the issuing CA, = that "they=20 will not </FONT><BR><FONT size=3D2>> stand in the way = </FONT><BR><FONT=20 size=3D2>> of this certificate being used as a component in some = form of=20 </FONT><BR><FONT size=3D2>> NR scheme </FONT><BR><FONT = size=3D2>> (and will=20 happily accept your Visa or Mastercard, thank you.)</FONT> <BR><FONT=20 size=3D2>> </FONT><BR><FONT size=3D2>> If one limits the = presence of an NR=20 bit to this weak </FONT><BR><FONT size=3D2>> assertion, it becomes=20 </FONT><BR><FONT size=3D2>> clear that the NR bit "means almost=20 nothing." Thus there is </FONT><BR><FONT size=3D2>> little = left to=20 </FONT><BR><FONT size=3D2>> debate about it on the list.</FONT> = <BR><FONT=20 size=3D2>> </FONT><BR><FONT size=3D2>> (As I recall, Tom = Ginden's "Technical=20 Non-Repudiation" </FONT><BR><FONT size=3D2>> document was about=20 </FONT><BR><FONT size=3D2>> as far as one could reasonably take = application=20 of the NR </FONT><BR><FONT size=3D2>> bit. It was time = </FONT><BR><FONT=20 size=3D2>> for everyone else to put-up or shut-up, and everyone=20 shut-up.)</FONT> <BR><FONT size=3D2>> </FONT><BR><FONT = size=3D2>>=20 </FONT><BR><FONT size=3D2>> ____tony____</FONT> <BR><FONT = size=3D2>>=20 </FONT><BR><FONT size=3D2>> Tony Bartoletti 925-422-3881=20 <azb@llnl.gov></FONT> <BR><FONT size=3D2>> Information = Operations,=20 Warfare and Assurance Center</FONT> <BR><FONT size=3D2>> Lawrence = Livermore=20 National Laboratory</FONT> <BR><FONT size=3D2>> Livermore, CA=20 94551-9900</FONT> <BR><FONT size=3D2>> </FONT><BR><FONT = size=3D2>>=20 </FONT><BR><FONT size=3D2>> </FONT><BR><FONT size=3D2>>=20 </FONT></P></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_01E9_01C1EDF0.4BED4760-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3RI32f15780 for ietf-pkix-bks; Sat, 27 Apr 2002 11:03:02 -0700 (PDT) Received: from mtiwmhc24.worldnet.att.net (mtiwmhc24.worldnet.att.net [204.127.131.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3RI30a15776 for <ietf-pkix@imc.org>; Sat, 27 Apr 2002 11:03:00 -0700 (PDT) Received: from tsg1 ([12.81.70.186]) by mtiwmhc24.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020427180256.DRST18857.mtiwmhc24.worldnet.att.net@tsg1>; Sat, 27 Apr 2002 18:02:56 +0000 Message-ID: <013f01c1ee15$87ee4d70$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "PKIX" <ietf-pkix@imc.org>, "Aram Perez" <aramperez@mac.com> Cc: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> References: <BB8CD9CC-5944-11D6-8D8D-0005024964AD@mac.com> Subject: Re: Meaning of Non-repudiation Date: Sat, 27 Apr 2002 10:58:33 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Aram - yes you are rignt in your commentary regarding the analog and needing a metric to measure the verying state of NR with.What I would suggest is that these are states that are based in "grade of reliability" and that these are technologies that that need to be codified in concert with the audit community since they will really be the source of the metric. What this will allow to occur is that stateful information as to the integrity of the surrounding system can be made part ofthe trust negotiation process (one of those Mythical "Transaction Service Models" that Stephen is so fond of hammering me for)... The end point of this is that it brings to light something critical and that is the concept that Audit and Audit Process (or state data) needs to be included inside of the PKI process so that total machine processing of PKI enhanced transactions can take place. This is another argument for all of the concepts that I proposed: 1) Adding a need for a use model to all I-D/RFC/Standards Drafts 2) Building bridges between us and the other standards groups affected by PKI... especially to the auditors. 3) And finally the realization that it is the Audit Process and its model that determines the end makeup of the PKI product - Not us. Todd ----- Original Message ----- From: "Aram Perez" <aramperez@mac.com> To: "PKIX" <ietf-pkix@imc.org> Cc: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> Sent: Friday, April 26, 2002 11:37 AM Subject: Re: Meaning of Non-repudiation Maybe Hoyt can comment. If I understood him correctly, he mentioned to me that he had talked to a few people during the RSA Conference and that there was a consensus to have the NR bit renamed at the X.509 level. Regards, Aram Perez On Friday, April 26, 2002, at 09:37 AM, Aisenberg, Michael wrote: > As an under-initiated tech-wanabe lawyer who has observed the > 'non-repudiation' > debate for several years, it occurs to me that, not only do I concur in > Todd's observation > regarding the use of NR {as a technical bit-descriptor being problematic > vis-à-vis > his described more 'comprehensive' view of NR as a 'condition' achieved > through the > deployment of an IA environment}, but would further suggest that even > THAT interpretation requires > calibration against the generally accepted legal concept of > non-repudiation > inherent in the construct and case law around UCC secs. 2-609/2-610. > > Todd's analysis suggests a non-statutory analog --based on a description > of a > complex of conditions existing simultaneously-- that provides a > technology-grounded basis for asserting > the same absolute of 'undeniability of existence' that the > legal/statutory phrase implies (but, lawyers would never > assert with the same absolutism as, say, a law of physics, unless a > court of last resort had > ruled!)--but it is of course still different from, and therefore capable > of being confused with the > bit descriptor. All of which is a long-winded way of stating the > obvious--that the importation > of 'terms of art' from one discipline to another is risky--absent > precise equality of > definition, intent and usage--which we obviously don't have here...... > > > Michael Aisenberg > --VeriSign/D.C.-- > > > -----Original Message----- > From: todd glassey [mailto:todd.glassey@worldnet.att.net] > Sent: Friday, April 26, 2002 11:49 AM > To: Tom Gindin > Cc: PKIX-IETF > Subject: Re: Meaning of Non-repudiation > > > > Tom, > I agree with you - the X.509 model is broken too. NR is a bigger thing > than > a bit in a data structure and using the term NR causes problems for > auditors > and other professionals that would have to use these protocols. > > I and many others define NR as the sum-total of all the Information > Assurance technologies, techniques, and practices that make up and > operating > environment. Thus NR is a state specific to a totality of condition and > maybe needs essentially gradiant levels rather than a binary on or off > state. Thats why a single bit alone without the accompanying OID is of > questionable value here. > > Todd > > ----- Original Message ----- > From: "Tom Gindin" <tgindin@us.ibm.com> > To: "Stephen Kent" <kent@bbn.com> > Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>; <ietf-pkix@imc.org> > Sent: Wednesday, April 11, 2001 3:50 PM > Subject: Re: Meaning of Non-repudiation > > >> >> IMHO, if X.509 had not been calling the bit in KeyUsage >> "non-repudiation" for some years, I would prefer to put "Persistent > Data >> Authentication" into KeyUsage and define several different flavors of >> non-repudiation in ExtendedKeyUsage, profiling non-repudiation > services in >> parallel with those ExtendedKeyUsage values. This would also allow us > to >> define different levels of NR and put them into certificates in a > natural >> way. However, they have been calling the bit "non-repudiation", and > I'm >> not sure we can change its meaning on the installed base of > certificates >> and on the X.509 group without an unusual level of unanimity and >> near-certainty that it won't break anything. >> >> Tom Gindin >> >> >> > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3R2TRw23710 for ietf-pkix-bks; Fri, 26 Apr 2002 19:29:27 -0700 (PDT) Received: from hotmail.com (dav20.sea1.hotmail.com [207.68.162.124]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3R2TPa23705 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 19:29:25 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 26 Apr 2002 19:29:24 -0700 X-Originating-IP: [213.158.176.47] From: "osama farook" <osamafarook@hotmail.com> To: <ietf-pkix@imc.org> Subject: choose between different CA vendors Date: Thu, 25 Apr 2002 23:05:38 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0014_01C1ECAD.B6B5F540" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <DAV20Nzq6xEfhzL1f6Y00000a40@hotmail.com> X-OriginalArrivalTime: 27 Apr 2002 02:29:24.0881 (UTC) FILETIME=[58CBC810:01C1ED93] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_0014_01C1ECAD.B6B5F540 Content-Type: text/plain; charset="windows-1256" Content-Transfer-Encoding: quoted-printable What is the criteria (technichally) to choose between different CA = vendors to build my security server? I want to know this to help me in my project " Building CA Serve" . ------=_NextPart_000_0014_01C1ECAD.B6B5F540 Content-Type: text/html; charset="windows-1256" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dwindows-1256"> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV align=3Dleft><FONT face=3DArial size=3D4><STRONG>What is the = criteria=20 (technichally) to choose between different CA vendors to build my = security=20 server?<BR>I want to know this to help me in my project " Building CA = Serve"=20 .</STRONG></FONT></DIV></BODY></HTML> ------=_NextPart_000_0014_01C1ECAD.B6B5F540-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3R0xtB22552 for ietf-pkix-bks; Fri, 26 Apr 2002 17:59:55 -0700 (PDT) Received: from phnxpop6.phnx.uswest.net (phnxpop6.phnx.uswest.net [206.80.192.6]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3R0xra22548 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 17:59:54 -0700 (PDT) Received: (qmail 19880 invoked by uid 0); 27 Apr 2002 00:59:58 -0000 Received: from vdsl-130-13-126-42.phnx.uswest.net (HELO ?192.168.2.12?) (130.13.126.42) by phnxpop6.phnx.uswest.net with SMTP; 27 Apr 2002 00:59:58 -0000 Date: Fri, 26 Apr 2002 17:58:42 -0700 Message-Id: <a0510030bb8ef9ab3016a@[192.168.2.12]> From: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> To: "PKIX" <ietf-pkix@imc.org> Mime-Version: 1.0 X-Sender: hoytkesterson@mail.earthlink.net In-Reply-To: <BB8CD9CC-5944-11D6-8D8D-0005024964AD@mac.com> References: <BB8CD9CC-5944-11D6-8D8D-0005024964AD@mac.com> Subject: Re: Meaning of Non-repudiation Content-Type: text/plain; charset="iso-8859-1" ; format="flowed" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3R0xsa22549 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> i have been talking to people about this bit for sometime. we did discuss it at the meeting in geneva in early march and i did discuss the issue at the american bar association meeting information security meeting just before that (and yes at the rsa meeting also) the choice of non-repudiation for the name of the bit so long ago is unfortunate since so many interpretations have sprung up. i still believe that the intent was to signal "more" than just providing a signature for proof of origin. at the time i suggested that what "more" is would be understood from policy. i still argue that a bit is not enough to convey all the shades of meaning desired. i think that "more" means some sort of "not only is this proof of who i am, but also,scout's honor, i really mean what i say in this message". i argue that the text that in 509 that that the nonRepudiation bit does not have to be set in certificates used to support signing a crl shows our intent when we wrote this text 10 years ago, albeit poorly. that is, one doesn't have to signal "more" when signing a crl because cRLsign = digitalSignature + nonRepudiation - not only can it be proven that the proper entity signed the message but that it intends to stand by the content of the message. it's clear that when one talks to lawyers long enough, an agreement that looks rock solid to engineers looks like swiss cheese to lawyers. even if the systems could be made so unbuggerable that one could honestly swear in court that what was signed was what was presented to the reader, a lawyer could still argue about intent (i.e., i meant to do it and i understood the consequences of doing it). i firmly believe it's still a good goal to try to build that unbuggerable system because improved systems should focus the legal argument (but i suspect a lawyer will still try to throw everything into question if that helps the client). if this stuff gets used frequently and the public accepts its correct operation as an everyday tool of life, then focus on the technology may go away. today it would take a rare lawyer to drag in telephone service providers and experts in order to convince a judge or jury that there is no proof that the plaintiff's telephone call to the client actually went to the client (of course internet telephony may make this an arguable point again). maybe after a 100 years the public will consider electronic contracts and agreements just another tool of everyday life. so, if we really cannot declare something nor-reputable with just the stroke of a bit, should we just forget the whole thing? i think that it might be useful to signal that the ca expects this certificate to be used as more than just source of origin authentication. can such a signal be a two state flag? maybe, but it could be a lot of semantics to put on one small bit. however, the bit could be used to signal the "more" status with an understanding that the precise conditions and constraints will be specified elsewhere, e.g. policy. a lawyer i work with on the isc suggests the phrase "necessary but not sufficient condition". does this need to be fixed in x.509? YES. however, i suspect that changing the name would be merely a placebo and later on, we will still find that all is not well. i have suggested to the directory group that, even though the discussion will probably be painful, we should clarify the text 509. however, i don't think this is something to fix by defect processing but in the new edition currently under development. i hope that you people and the isc would be very active in the development of that text. hoyt At 11:37 AM -0700 4/26/02, Aram Perez wrote: >Maybe Hoyt can comment. If I understood him correctly, he mentioned >to me that he had talked to a few people during the RSA Conference >and that there was a consensus to have the NR bit renamed at the >X.509 level. > >Regards, >Aram Perez > > >On Friday, April 26, 2002, at 09:37 AM, Aisenberg, Michael wrote: > >>As an under-initiated tech-wanabe lawyer who has observed the >>'non-repudiation' >>debate for several years, it occurs to me that, not only do I concur in >>Todd's observation >>regarding the use of NR {as a technical bit-descriptor being problematic >>vis-à-vis >>his described more 'comprehensive' view of NR as a 'condition' achieved >>through the >>deployment of an IA environment}, but would further suggest that even >>THAT interpretation requires >>calibration against the generally accepted legal concept of >>non-repudiation >>inherent in the construct and case law around UCC secs. 2-609/2-610. >> >>Todd's analysis suggests a non-statutory analog --based on a description >>of a >>complex of conditions existing simultaneously-- that provides a >>technology-grounded basis for asserting >>the same absolute of 'undeniability of existence' that the >>legal/statutory phrase implies (but, lawyers would never >>assert with the same absolutism as, say, a law of physics, unless a >>court of last resort had >>ruled!)--but it is of course still different from, and therefore capable >>of being confused with the >>bit descriptor. All of which is a long-winded way of stating the >>obvious--that the importation >>of 'terms of art' from one discipline to another is risky--absent >>precise equality of >>definition, intent and usage--which we obviously don't have here...... >> >> >>Michael Aisenberg >>--VeriSign/D.C.-- >> >> >>-----Original Message----- >>From: todd glassey [mailto:todd.glassey@worldnet.att.net] >>Sent: Friday, April 26, 2002 11:49 AM >>To: Tom Gindin >>Cc: PKIX-IETF >>Subject: Re: Meaning of Non-repudiation >> >> >> >>Tom, >>I agree with you - the X.509 model is broken too. NR is a bigger thing >>than >>a bit in a data structure and using the term NR causes problems for >>auditors >>and other professionals that would have to use these protocols. >> >>I and many others define NR as the sum-total of all the Information >>Assurance technologies, techniques, and practices that make up and >>operating >>environment. Thus NR is a state specific to a totality of condition and >>maybe needs essentially gradiant levels rather than a binary on or off >>state. Thats why a single bit alone without the accompanying OID is of >>questionable value here. >> >>Todd >> >>----- Original Message ----- >>From: "Tom Gindin" <tgindin@us.ibm.com> >>To: "Stephen Kent" <kent@bbn.com> >>Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>; <ietf-pkix@imc.org> >>Sent: Wednesday, April 11, 2001 3:50 PM >>Subject: Re: Meaning of Non-repudiation >> >>> >>> IMHO, if X.509 had not been calling the bit in KeyUsage >>>"non-repudiation" for some years, I would prefer to put "Persistent >>Data >>>Authentication" into KeyUsage and define several different flavors of >>>non-repudiation in ExtendedKeyUsage, profiling non-repudiation >>services in >>>parallel with those ExtendedKeyUsage values. This would also allow us >>to >>>define different levels of NR and put them into certificates in a >>natural >>>way. However, they have been calling the bit "non-repudiation", and >>I'm >>>not sure we can change its meaning on the installed base of >>certificates >>>and on the X.509 group without an unusual level of unanimity and >>>near-certainty that it won't break anything. >>> >>> Tom Gindin Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QNKnP21178 for ietf-pkix-bks; Fri, 26 Apr 2002 16:20:49 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QNKla21174 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 16:20:47 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3QNKims346880; Fri, 26 Apr 2002 19:20:45 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.1) with ESMTP id g3QNKfL46436; Fri, 26 Apr 2002 19:20:41 -0400 Importance: Normal Sensitivity: To: "Aisenberg, Michael" <maisenberg@verisign.com> Cc: "'todd.glassey@worldnet.att.net'" <todd.glassey@worldnet.att.net>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF4D35888B.134E0594-ON85256BA7.005D68C6@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Fri, 26 Apr 2002 16:46:00 -0400 Subject: RE: Meaning of Non-repudiation X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/26/2002 07:20:43 PM MIME-Version: 1.0 Content-type: multipart/mixed; Boundary="0__=0ABBE134DF13BA6B8f9e8a93df938690918c0ABBE134DF13BA6B" Content-Disposition: inline Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --0__=0ABBE134DF13BA6B8f9e8a93df938690918c0ABBE134DF13BA6B Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable I hope that everyone understands that whatever else the KeyUsage non-repudiation bit might do, it does NOT imply that everything signed = with a certificate containing it meets UCC sections 2-609/2-610, or any simi= lar provisions. The exact limit of what it does has been controversial on = this list in the past, and I see no reason to go over it in this context. Tom Gindin "Aisenberg, Michael" <maisenberg@verisign.com>@mail.imc.org on 04/26/20= 02 12:37:08 PM Sent by: owner-ietf-pkix@mail.imc.org To: "'todd.glassey@worldnet.att.net'" <todd.glassey@worldnet.att.net= >, Tom Gindin/Watson/IBM@IBMUS cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Meaning of Non-repudiation As an under-initiated tech-wanabe lawyer who has observed the 'non-repudiation' debate for several years, it occurs to me that, not only do I concur in= Todd's observation regarding the use of NR {as a technical bit-descriptor being problemati= c vis-=E0-vis his described more 'comprehensive' view of NR as a 'condition' achieve= d through the deployment of an IA environment}, but would further suggest that even THAT interpretation requires calibration against the generally accepted legal concept of non-repudiation inherent in the construct and case law around UCC secs. 2-609/2-610. Todd's analysis suggests a non-statutory analog --based on a descriptio= n of a complex of conditions existing simultaneously-- that provides a technology-grounded basis for asserting the same absolute of 'undeniability of existence' that the legal/statutory phrase implies (but, lawyers would never assert with the same absolutism as, say, a law of physics, unless a court of last resort had ruled!)--but it is of course still different from, and therefore capabl= e of being confused with the bit descriptor. All of which is a long-winded way of stating the obvious--that the importation of 'terms of art' from one discipline to another is risky--absent precise equality of definition, intent and usage--which we obviously don't have here...... Michael Aisenberg --VeriSign/D.C.-- -----Original Message----- From: todd glassey [mailto:todd.glassey@worldnet.att.net] Sent: Friday, April 26, 2002 11:49 AM To: Tom Gindin Cc: PKIX-IETF Subject: Re: Meaning of Non-repudiation Tom, I agree with you - the X.509 model is broken too. NR is a bigger thing than a bit in a data structure and using the term NR causes problems for auditors and other professionals that would have to use these protocols. I and many others define NR as the sum-total of all the Information Assurance technologies, techniques, and practices that make up and operating environment. Thus NR is a state specific to a totality of condition and= maybe needs essentially gradiant levels rather than a binary on or off state. Thats why a single bit alone without the accompanying OID is of questionable value here. Todd ----- Original Message ----- From: "Tom Gindin" <tgindin@us.ibm.com> To: "Stephen Kent" <kent@bbn.com> Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>; <ietf-pkix@imc.org> Sent: Wednesday, April 11, 2001 3:50 PM Subject: Re: Meaning of Non-repudiation > > IMHO, if X.509 had not been calling the bit in KeyUsage > "non-repudiation" for some years, I would prefer to put "Persistent Data > Authentication" into KeyUsage and define several different flavors of= > non-repudiation in ExtendedKeyUsage, profiling non-repudiation services in > parallel with those ExtendedKeyUsage values. This would also allow u= s to > define different levels of NR and put them into certificates in a natural > way. However, they have been calling the bit "non-repudiation", and I'm > not sure we can change its meaning on the installed base of certificates > and on the X.509 group without an unusual level of unanimity and > near-certainty that it won't break anything. > > Tom Gindin > > > = --0__=0ABBE134DF13BA6B8f9e8a93df938690918c0ABBE134DF13BA6B Content-type: application/octet-stream; name="=?iso-8859-1?Q?smime.p7s?=" Content-Disposition: attachment; filename="=?iso-8859-1?Q?smime.p7s?=" Content-transfer-encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINdzCCAj0w ggGmAhEAulrJTAU7ktantt9O0FOSDTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMDQwMTA3MjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBALZai6MNaiODgGvPOYf0IRMzBkwlou1VEpfFp4C5+oPBIKD6LxUNfKFga355LPoGDzqu 9htvsdL/LyhSX4N9S8R6t/hmH4BU/LfCjllKFFdG0ZqTvkGRA7sVgJNc6+fMCGw/PrNK/P9LbCPV UIImRBmOI8Nx6hkkRwSedb/IpgAfAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAtgAfk1ekB6dAzmVA P1Ve7e/6VEmlMNYhfGGH7oOTC7+0M/KYrJ8Gv06ozhSBTMsETljDz1/ufNeab8tBird/gbj/hGHG J0NlHQzssQAK3Ruku8d4ICiyot02lS7hVE+/YLl3aBGZI+jqUuiqAE5nTruQtUWbRuuOFu/EM1sz PdUwggNDMIICrKADAgECAhAffl/nA9Hgv5kg3GuJDUsEMA0GCSqGSIb3DQEBBAUAMF8xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTAyMjUwMDAwMDBaFw0wNDAxMDUy MzU5NTlaMIGtMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTEmMCQGA1UEAxMdVmVyaVNpZ24gQ2xhc3MgMiBQ ZXJzb25uZWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKcEbA+icrdKBi741yksNJ2C vEiRSses+en8uVl4sVXAU1ixz28WO8FJ1cv0bszhzMu1xy5OiKo06bbQW3w+FVc04Ri8/931r2dZ IArlPeqIikDSmokTKam21dunfuHnNyST/ZR0TXrkMm1M6FwWl6/dktlmihRm5OpaA6g9X/sLAgMB AAGjgbAwga0wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMi5j cmwwEQYJYIZIAYb4QgEBBAQDAgEGMEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEF BQcCARYfaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rcjAPBgNVHRMECDAGAQH/AgEBMAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQB59xXN6GhRWWv8qaa94B77vPQ/kN/n+u3kVPdh PVSLBrqXMloeqyzur3Orx13TP4/0zstOSGCiqGC2ON6gpvePKegRrMw5dlA83TlsC/Fa/QhUdt0W bPcxcLi/CPfJJgaO37svGbG2uLToPEjoJ7GXKSBXA5ybZ/p9QMQ4fxiqmjCCA8QwggMtoAMCAQIC EQCEzvIOADm1dVXaGYePUu2JMA0GCSqGSIb3DQEBBAUAMIGtMRcwFQYDVQQKEw5WZXJpU2lnbiwg SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1 YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTEm MCQGA1UEAxMdVmVyaVNpZ24gQ2xhc3MgMiBQZXJzb25uZWwgQ0EwHhcNOTkwMjI1MDAwMDAwWhcN MDQwMTA0MjM1OTU5WjCBrDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxSTBHBgNVBAsTQFVzZSBpcyBzdWJqZWN0IHRvIHRlcm1zIGF0IGh0 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEta3IgKGMpOTkxJTAjBgNVBAMTHFZlcmlTaWduIENs YXNzIDIgRW1wbG95ZWUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCK0YdhouowA1Vr CDbwl/oaVDUkH+h9ncjDc9PYRvWRLdk47ZTXsCZzKt6XUE3/Ihy9cACYDFgqsaRyj6W59y18YOO1 3+l9TiEhYdX8O1TJpAmcuyL5orpwYU+GRqL9BWTsCj+mWHZXuxZzRHzwpQ2XwGym8WMIJbEEF5Wg jf5/AgMBAAGjgeIwgd8wKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMTE4 MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1ZTQ2xhc3MySW50LmNy bDARBglghkgBhvhCAQEEBAMCAQYwRwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUF BwIBFh9odHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyMA8GA1UdEwQIMAYBAf8CAQAwCwYD VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBABlGztRrcI5YXIhCNa0WfaUJLKhTkPH2PYbX8M5y FD0ivPLDM+3U/AWa4GMgdaMb71UZDwZzIQJhrqaeUSt43FvIhIvV17bP1fg+l5ixRIujmI6gS/aY MZOz8AzdUXbKl+RWRMb7lKFIfSJDzKDGXHlV9WeBG2iYNCREsZjBOiheMIIEIzCCA4ygAwIBAgIQ C4Pe+b9ZzSY6cFoTNpDgKTANBgkqhkiG9w0BAQQFADCBrDEXMBUGA1UEChMOVmVyaVNpZ24sIElu Yy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxSTBHBgNVBAsTQFVzZSBpcyBzdWJq ZWN0IHRvIHRlcm1zIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEta3IgKGMpOTkxJTAj BgNVBAMTHFZlcmlTaWduIENsYXNzIDIgRW1wbG95ZWUgQ0EwHhcNMDExMDExMDAwMDAwWhcNMDIx MDExMjM1OTU5WjBzMREwDwYDVQQKEwhWRVJJU0lHTjEQMA4GA1UECxMHVkEtRUFTVDETMBEGA1UE AxMKUmVjaXBpZW50czE3MDUGA1UEAxMubWFpc2VuYmVyZyAoQWlzZW5iZXJnIE1pY2hhZWwsIFZl cmlTaWduLCBJbmMuKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvUXjng0fglmjCF7bE23A cpGiPS0Ci+9Ws6i/NDsGOYt21EbGOT1B+u6wazYjy29sKJkR5cicvJfyylRJ2Zl1Fc5sgewN+a88 g9x7hxQXITWaAlCPKUD/KB4qNeZvGSj1hu+ZdZvIm7N+/cUKT5W5Lvfd41B7bxlnQyADZHy3u8UC AwEAAaOCAXwwggF4MAkGA1UdEwQCMAAwWQYDVR0fBFIwUDBOoEygSoZIaHR0cDovL29uc2l0ZWNy bC52ZXJpc2lnbi5jb20vVmVyaVNpZ25JbmNFeGNoYW5nZUVtcGxveWVlcy9MYXRlc3RDUkwuY3Js MAsGA1UdDwQEAwIFoDAiBgNVHREEGzAZgRdtYWlzZW5iZXJnQHZlcmlzaWduLmNvbTCBrAYDVR0g BIGkMIGhMIGeBgtghkgBhvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNp Z24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWdu J3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJ YIZIAYb4QgEBBAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjANBgkqhkiG9w0B AQQFAAOBgQA8lpyvzHVxE92Tr9AX/8HdW2dKffNef2wIZXCd43hsblythAXOmU78nW4+W54zEonQ jUoicXgE+oQZd/PVHLfEm8f67IZlrl38/wMJoNNqaaWJiCSH0qsGtNvxhNOKaspYIP5nyiT1gKcy 0F8WRd+fYUF6pq0IDxUClzkLftrxRzGCA94wggPaAgEBMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2ln biwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlz IHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5 OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBDQQIQC4Pe+b9ZzSY6cFoTNpDg KTAJBgUrDgMCGgUAoIICcjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wMjA0MjYxNjM1MTNaMCMGCSqGSIb3DQEJBDEWBBSVdF19mxIMHXndqUL4/wSib1ZBJjBnBgkq hkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAH BgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTCB0gYJKwYBBAGCNxAE MYHEMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xhc3MgMiBF bXBsb3llZSBDQQIQC4Pe+b9ZzSY6cFoTNpDgKTCB1AYLKoZIhvcNAQkQAgsxgcSggcEwgawxFzAV BgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUkw RwYDVQQLE0BVc2UgaXMgc3ViamVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j b20vcnBhLWtyIChjKTk5MSUwIwYDVQQDExxWZXJpU2lnbiBDbGFzcyAyIEVtcGxveWVlIENBAhAL g975v1nNJjpwWhM2kOApMA0GCSqGSIb3DQEBAQUABIGAeBBRzPiU/xNbCFJjZH/5FYJ8x9nmfD9E cbh+RqoRGzlTf+rCE/t8jUhrFi9HASzXsNhvFxJTmhtwjyd3ybXFPQ3ve7ZJ0ummszcdSYRchq/n yvswcsF00QxdxQIBOWT0XkXrj6mLKrEzUtnEH5AbT5daG9N63dqrwKRknZcdsRMAAAAAAAAA --0__=0ABBE134DF13BA6B8f9e8a93df938690918c0ABBE134DF13BA6B-- Received: by above.proper.com (8.11.6/8.11.3) id g3QM3AB19270 for ietf-pkix-bks; Fri, 26 Apr 2002 15:03:10 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QM39a19265 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 15:03:09 -0700 (PDT) Received: from [128.89.88.34] (comsec.bbn.com [128.89.88.34]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id SAA27914; Fri, 26 Apr 2002 18:01:30 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05100303b8ef7d15f2c9@[128.89.88.34]> In-Reply-To: <4.3.2.7.2.20020426103400.00b51910@poptop.llnl.gov> References: <4.3.2.7.2.20020426103400.00b51910@poptop.llnl.gov> Date: Fri, 26 Apr 2002 17:58:37 -0400 To: Tony Bartoletti <azb@llnl.gov> From: Stephen Kent <kent@bbn.com> Subject: RE: Meaning of Non-repudiation Cc: "Aisenberg, Michael" <maisenberg@verisign.com>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 10:50 AM -0800 4/26/02, Tony Bartoletti wrote: >At the risk of incurring PKIX list-wrath ... > >To my view of things, the "existence" of NR=1 in a certificate is no >more than a statement, by the issuing CA, that "they will not stand >in the way of this certificate being used as a component in some >form of NR scheme (and will happily accept your Visa or Mastercard, >thank you.) > >If one limits the presence of an NR bit to this weak assertion, it >becomes clear that the NR bit "means almost nothing." Thus there is >little left to debate about it on the list. > >(As I recall, Tom Ginden's "Technical Non-Repudiation" document was >about as far as one could reasonably take application of the NR bit. >It was time for everyone else to put-up or shut-up, and everyone >shut-up.) > >____tony____ Tony, I think the PKIX list discussion ended with the observation that there might be more benefit to the NR bit in the other direction, i.e., when it is NOT asserted. In that case the interpretation is that the CA is signalling that the cert was not issued for use in transactions requiring NR. Thus one would normally set the NR bit to 0 in certs to be used for signing authentication data exchanges, vs. binding documents, etc. When the bit is asserted, it is best viewed as a necessary, but not sufficient, condition for NR. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QK2Wr16481 for ietf-pkix-bks; Fri, 26 Apr 2002 13:02:32 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QK2Ta16476 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 13:02:30 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3QK2S28024163; Fri, 26 Apr 2002 13:02:28 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Housley, Russ" <rhousley@rsasecurity.com>, <ietf-pkix@imc.org> Subject: RE: Multiple paths in DPD Date: Fri, 26 Apr 2002 12:59:34 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAEEMCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <5.1.0.14.2.20020426110136.033fb5c0@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Housley, Russ > Sent: Friday, April 26, 2002 8:04 AM > > Mike: > > I am strongly opposed to an approach that would > require the server to maintain state. Unless other > people are willing to speak up and support such an > approach, I am not willing to make changes in this > area. In my view, the current consensus is for > a stateless server. > > Russ Russ, I'm probably just digging me a deeper hole but I thought to entertain myself in determining precisely where consensus was reached in the WG regarding stateless servers. It turns out that I can't find one. I looked at two sources: the list back for this full year (2002) and the minutes of the meetings as recorded on the IETF web site. I searched for "state", "stateless" and "stateful". I found nothing in the 2002 minutes with respect to these search targets. It's only in Minneapolis, 14 March 2001 where the minutes record a briefing by Denis: "DPD/DPV - Denis Pinkas (Bull) . . . Finally, argues for stateless servers, i.e., no retry facility in DPD. (slides)" On the list, there's only two hits on "stateful", both in a single message from me querying Tim on an issue regarding relay. A search for "stateless" for this entire calendar year only found the message of today asserting consensus on the stateless approach. Of the 328 hits for "state" in the list for 2002 most relate either to discussions of response states, the state machine design model on the server, or expository use of the word. With respect to anything that might be construed as consensus on stateless servers, Peter Sylvester made a comment and Denis Pinas responded: [Answer 9] This would create the maintenance of state information which should be avoided. . . . So I think at best we have consensus by silent affirmation. Mike Received: by above.proper.com (8.11.6/8.11.3) id g3QJJ0i15584 for ietf-pkix-bks; Fri, 26 Apr 2002 12:19:00 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QJIxa15580 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 12:18:59 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3QJIg28019831; Fri, 26 Apr 2002 12:18:45 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Hal Lockhart" <hal.lockhart@entegrity.com>, "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>, <rhousley@rsasecurity.com> Cc: <ietf-pkix@imc.org> Subject: RE: Multiple paths in DPD Date: Fri, 26 Apr 2002 12:15:49 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEEKCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <899128A30EEDD1118FC900A0C9C74A3401034039@bigbird.gradient.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Hal, A few comments below. Mike -----Original Message----- From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] Sent: Friday, April 26, 2002 11:46 AM > > Peter Sylvester responded, > > > > the server does not need to maintain a state. That had been > > discussed between Steve farrele and me some yearsz ago, in > > order to clarify the meaning of what Mike calls 'state token'. > > > > A server which returns a 'state token' does not turn it into one > > that MUST in a stateful mode. When the 'next request after token' > > comes it, the server sets up it state from the data that had been > > return by the 'cookie'. > The extent to which this is true depends on how easily > the server can go from the token to some persistent > storage. (We are actually debating volatle state, not > state per se.) That was my conclusion. I'm pretty sure there'll be abundant state on that machine anyway. > In Mike's specific proposal, the server has to constuct > multiple paths relevant to a given request, Which is must do anyway in the maxPath design scenario. > in some order and be able to produce the "next" on demand. As in "next record" for an SQL type query. Which is sort of my point. DPD is just a tailored database access mechanism. And database machines have been doing this for years. > It seems unlikely that this can be done without remembering > the list or at least the contents of the last response. That is the key, to be sure. What's the "next" record/path to be returned? > Handling this protocol when the information used to > construct the paths changes between requests seems > particularly challenging to me. No. One of the underlying assumptions is that no paramters change from the client. The client is seeking a path compliant to a given set of parameters. As it may turn out, the server may have several such that qualify. The iterative approach enables a client to acquire these in serial query fashion until it either finds the precise record/path it's looking for or the server runs out of data. Hal Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QInwx14936 for ietf-pkix-bks; Fri, 26 Apr 2002 11:49:58 -0700 (PDT) Received: from dymwsm05.mailwatch.com (dymwsm05.mailwatch.com [204.253.83.41]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QInva14932 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:49:57 -0700 (PDT) Received: from MWSC0208.MW4.MAILWATCH.COM (mwsc0208.mw4.mailwatch.com [204.253.83.244]) by dymwsm05.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3QInso02448 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 14:49:54 -0400 Received: from mail pickup service by MWSC0208.MW4.MAILWATCH.COM with Microsoft SMTPSVC; Fri, 26 Apr 2002 14:49:54 -0400 Received: from 204.253.83.39 ([204.253.83.39]) by MWSC0208 with SMTP id 000200084ad6f883-7082-411e-98bb-2898ce9f0575; Fri, 26 Apr 2002 14:49:54 -0500 Received: from bigbird.entegrity.com (bigbird.gradient.com [192.92.110.50]) by dymwsm15.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3QInsC01108; Fri, 26 Apr 2002 14:49:54 -0400 Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <JC4CDBBV>; Fri, 26 Apr 2002 14:46:23 -0400 Message-ID: <899128A30EEDD1118FC900A0C9C74A3401034039@bigbird.gradient.com> From: Hal Lockhart <hal.lockhart@entegrity.com> To: "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>, myers@coastside.net, rhousley@rsasecurity.com Cc: ietf-pkix@imc.org Subject: RE: Multiple paths in DPD Date: Fri, 26 Apr 2002 14:46:22 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1ED52.A9B0D888" HOP-COUNT: 1 X-MAILWATCH-INSTANCEID: 010200084ad6f883-7082-411e-98bb-2898ce9f0575 X-OriginalArrivalTime: 26 Apr 2002 18:49:54.0722 (UTC) FILETIME=[27B36020:01C1ED53] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1ED52.A9B0D888 Content-Type: text/plain; charset="ISO-8859-1" Russ Housley said: > > I am strongly opposed to an approach that would require the > server to > > maintain state. Unless other people are willing to speak > up and support > > such an approach, I am not willing to make changes in this > area. In my > > view, the current consensus is for a stateless server. > > Peter Sylvester responded, > the server does not need to maintain a state. That had been > discussed between Steve farrele and me some yearsz ago, in > order to clarify the meaning of what Mike calls 'state token'. > > A server which returns a 'state token' does not turn it into one > that MUST in a stateful mode. When the 'next request after token' > comes it, the server sets up it state from the data that had been > return by the 'cookie'. The extent to which this is true depends on how easily the server can go from the token to some persistent storage. (We are actually debating volatle state, not state per se.) In Mike's specific proposal, the server has to constuct multiple paths relevant to a given request, in some order and be able to produce the "next" on demand. It seems unlikely that this can be done without remembering the list or at least the contents of the last response. Handling this protocol when the information used to construct the paths changes between requests seems particularly challenging to me. Hal ------_=_NextPart_001_01C1ED52.A9B0D888 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DISO-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2448.0"> <TITLE>RE: Multiple paths in DPD</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Russ Housley said:</FONT> </P> <P><FONT SIZE=3D2>> > I am strongly opposed to an approach that = would require the </FONT> <BR><FONT SIZE=3D2>> server to </FONT> <BR><FONT SIZE=3D2>> > maintain state. Unless other people = are willing to speak </FONT> <BR><FONT SIZE=3D2>> up and support </FONT> <BR><FONT SIZE=3D2>> > such an approach, I am not willing to make = changes in this </FONT> <BR><FONT SIZE=3D2>> area. In my </FONT> <BR><FONT SIZE=3D2>> > view, the current consensus is for a = stateless server.</FONT> <BR><FONT SIZE=3D2>> > </FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>Peter Sylvester responded,</FONT> <BR><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>> the server does not need to maintain a state. = That had been</FONT> <BR><FONT SIZE=3D2>> discussed between Steve farrele and me some = yearsz ago, in</FONT> <BR><FONT SIZE=3D2>> order to clarify the meaning of what Mike calls = 'state token'.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> A server which returns a 'state token' does not = turn it into one</FONT> <BR><FONT SIZE=3D2>> that MUST in a stateful mode. When the 'next = request after token'</FONT> <BR><FONT SIZE=3D2>> comes it, the server sets up it state from the = data that had been </FONT> <BR><FONT SIZE=3D2>> return by the 'cookie'.</FONT> </P> <P><FONT SIZE=3D2>The extent to which this is true depends on how = easily the server can go from the token to some persistent storage. (We = are actually debating volatle state, not state per se.)</FONT></P> <P><FONT SIZE=3D2>In Mike's specific proposal, the server has to = constuct multiple paths relevant to a given request, in some order and = be able to produce the "next" on demand. It seems unlikely = that this can be done without remembering the list or at least the = contents of the last response. Handling this protocol when the = information used to construct the paths changes between requests seems = particularly challenging to me.</FONT></P> <P><FONT SIZE=3D2>Hal </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1ED52.A9B0D888-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QIbmG14711 for ietf-pkix-bks; Fri, 26 Apr 2002 11:37:48 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.86]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QIbla14707 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:37:47 -0700 (PDT) Received: from smtp-relay02.mac.com (smtp-relay02-qfe3 [10.13.10.225]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g3QIbnW5013260 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:37:49 -0700 (PDT) Received: from asmtp01.mac.com ([10.13.10.65]) by smtp-relay02.mac.com (Netscape Messaging Server 4.15 relay02 Jun 21 2001 23:53:48) with ESMTP id GV6UEV00.4MJ for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:37:43 -0700 Received: from localhost ([63.84.37.127]) by asmtp01.mac.com (Netscape Messaging Server 4.15 asmtp01 Jun 21 2001 23:53:48) with ESMTP id GV6UEU00.K2Y; Fri, 26 Apr 2002 11:37:42 -0700 Date: Fri, 26 Apr 2002 11:37:59 -0700 Subject: Re: Meaning of Non-repudiation Content-Type: text/plain; charset=ISO-8859-1; format=flowed Mime-Version: 1.0 (Apple Message framework v481) Cc: "Hoyt L. Kesterson II" <hoytkesterson@earthlink.net> To: PKIX <ietf-pkix@imc.org> From: Aram Perez <aramperez@mac.com> In-Reply-To: <6953F9859AF8BF45B04729A42264032504084DAC@vsvapostal1.bkup2> Message-Id: <BB8CD9CC-5944-11D6-8D8D-0005024964AD@mac.com> X-Mailer: Apple Mail (2.481) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3QIbla14708 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Maybe Hoyt can comment. If I understood him correctly, he mentioned to me that he had talked to a few people during the RSA Conference and that there was a consensus to have the NR bit renamed at the X.509 level. Regards, Aram Perez On Friday, April 26, 2002, at 09:37 AM, Aisenberg, Michael wrote: > As an under-initiated tech-wanabe lawyer who has observed the > 'non-repudiation' > debate for several years, it occurs to me that, not only do I concur in > Todd's observation > regarding the use of NR {as a technical bit-descriptor being problematic > vis-à-vis > his described more 'comprehensive' view of NR as a 'condition' achieved > through the > deployment of an IA environment}, but would further suggest that even > THAT interpretation requires > calibration against the generally accepted legal concept of > non-repudiation > inherent in the construct and case law around UCC secs. 2-609/2-610. > > Todd's analysis suggests a non-statutory analog --based on a description > of a > complex of conditions existing simultaneously-- that provides a > technology-grounded basis for asserting > the same absolute of 'undeniability of existence' that the > legal/statutory phrase implies (but, lawyers would never > assert with the same absolutism as, say, a law of physics, unless a > court of last resort had > ruled!)--but it is of course still different from, and therefore capable > of being confused with the > bit descriptor. All of which is a long-winded way of stating the > obvious--that the importation > of 'terms of art' from one discipline to another is risky--absent > precise equality of > definition, intent and usage--which we obviously don't have here...... > > > Michael Aisenberg > --VeriSign/D.C.-- > > > -----Original Message----- > From: todd glassey [mailto:todd.glassey@worldnet.att.net] > Sent: Friday, April 26, 2002 11:49 AM > To: Tom Gindin > Cc: PKIX-IETF > Subject: Re: Meaning of Non-repudiation > > > > Tom, > I agree with you - the X.509 model is broken too. NR is a bigger thing > than > a bit in a data structure and using the term NR causes problems for > auditors > and other professionals that would have to use these protocols. > > I and many others define NR as the sum-total of all the Information > Assurance technologies, techniques, and practices that make up and > operating > environment. Thus NR is a state specific to a totality of condition and > maybe needs essentially gradiant levels rather than a binary on or off > state. Thats why a single bit alone without the accompanying OID is of > questionable value here. > > Todd > > ----- Original Message ----- > From: "Tom Gindin" <tgindin@us.ibm.com> > To: "Stephen Kent" <kent@bbn.com> > Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>; <ietf-pkix@imc.org> > Sent: Wednesday, April 11, 2001 3:50 PM > Subject: Re: Meaning of Non-repudiation > > >> >> IMHO, if X.509 had not been calling the bit in KeyUsage >> "non-repudiation" for some years, I would prefer to put "Persistent > Data >> Authentication" into KeyUsage and define several different flavors of >> non-repudiation in ExtendedKeyUsage, profiling non-repudiation > services in >> parallel with those ExtendedKeyUsage values. This would also allow us > to >> define different levels of NR and put them into certificates in a > natural >> way. However, they have been calling the bit "non-repudiation", and > I'm >> not sure we can change its meaning on the installed base of > certificates >> and on the X.509 group without an unusual level of unanimity and >> near-certainty that it won't break anything. >> >> Tom Gindin >> >> >> > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QISTt14484 for ietf-pkix-bks; Fri, 26 Apr 2002 11:28:29 -0700 (PDT) Received: from dymwsm05.mailwatch.com (dymwsm05.mailwatch.com [204.253.83.41]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QISSa14480 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:28:28 -0700 (PDT) Received: from mwsc0207.mw4.mailwatch.com (mwsc0207.mw4.mailwatch.com [204.253.83.129]) by dymwsm05.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3QISKo07161 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 14:28:20 -0400 Received: from mail pickup service by mwsc0207.mw4.mailwatch.com with Microsoft SMTPSVC; Fri, 26 Apr 2002 14:28:20 -0400 Received: from 204.253.83.72 ([204.253.83.72]) by MWSC0207 with SMTP id 00020007387aac24-c198-4ae1-a06d-06390e72c96a; Fri, 26 Apr 2002 14:28:20 -0500 Received: from bigbird.entegrity.com (bigbird.gradient.com [192.92.110.50]) by dymwsm10.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3QISJk13444; Fri, 26 Apr 2002 14:28:19 -0400 Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <JC4CDA04>; Fri, 26 Apr 2002 14:24:48 -0400 Message-ID: <899128A30EEDD1118FC900A0C9C74A3401034038@bigbird.gradient.com> From: Hal Lockhart <hal.lockhart@entegrity.com> To: "'Tony Bartoletti'" <azb@llnl.gov>, "Aisenberg, Michael" <maisenberg@verisign.com>, "'todd.glassey@worldnet.att.net'" <todd.glassey@worldnet.att.net>, "'tgindin@us.ibm.com'" <tgindin@us.ibm.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Meaning of Non-repudiation Date: Fri, 26 Apr 2002 14:24:48 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1ED4F.A5D1E962" HOP-COUNT: 1 X-MAILWATCH-INSTANCEID: 01020007387aac24-c198-4ae1-a06d-06390e72c96a X-OriginalArrivalTime: 26 Apr 2002 18:28:20.0097 (UTC) FILETIME=[240B4710:01C1ED50] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1ED4F.A5D1E962 Content-Type: text/plain; charset="ISO-8859-1" I believe the terms non-repudiation and signature date back to a time (1980's) when nobody was talking about this stuff except a few mathematicians. They probably realized they were using analogies to name mathematical concepts, which did have precise meanings in that limited scope. It is now recognized that neither analogy holds up to close scrutiny. Unfortunately, the terminology got picked up and used very loosely by the rest of the world. I have gotten used to hearing marketing types using "non-repudiation" to mean any use of digital signatures. (Don't get me started on "Trust." ;-) I just point them at Tom's document. I agree with Tony. What else can we do? Hal > -----Original Message----- > From: Tony Bartoletti [mailto:azb@llnl.gov] > Sent: Friday, April 26, 2002 2:50 PM > To: Aisenberg, Michael; 'todd.glassey@worldnet.att.net'; > 'tgindin@us.ibm.com' > Cc: 'ietf-pkix@imc.org' > Subject: RE: Meaning of Non-repudiation > > > > > At the risk of incurring PKIX list-wrath ... > > To my view of things, the "existence" of NR=1 in a > certificate is no more > than a statement, by the issuing CA, that "they will not > stand in the way > of this certificate being used as a component in some form of > NR scheme > (and will happily accept your Visa or Mastercard, thank you.) > > If one limits the presence of an NR bit to this weak > assertion, it becomes > clear that the NR bit "means almost nothing." Thus there is > little left to > debate about it on the list. > > (As I recall, Tom Ginden's "Technical Non-Repudiation" > document was about > as far as one could reasonably take application of the NR > bit. It was time > for everyone else to put-up or shut-up, and everyone shut-up.) > > > ____tony____ > > Tony Bartoletti 925-422-3881 <azb@llnl.gov> > Information Operations, Warfare and Assurance Center > Lawrence Livermore National Laboratory > Livermore, CA 94551-9900 > > > > ------_=_NextPart_001_01C1ED4F.A5D1E962 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DISO-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2448.0"> <TITLE>RE: Meaning of Non-repudiation</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>I believe the terms non-repudiation and signature = date back to a time (1980's) when nobody was talking about this stuff = except a few mathematicians. They probably realized they were using = analogies to name mathematical concepts, which did have precise = meanings in that limited scope. It is now recognized that neither = analogy holds up to close scrutiny.</FONT></P> <P><FONT SIZE=3D2>Unfortunately, the terminology got picked up and used = very loosely by the rest of the world. I have gotten used to hearing = marketing types using "non-repudiation" to mean any use of = digital signatures. (Don't get me started on "Trust." ;-) = </FONT></P> <P><FONT SIZE=3D2>I just point them at Tom's document. I agree with = Tony. What else can we do?</FONT> </P> <P><FONT SIZE=3D2>Hal</FONT> </P> <P><FONT SIZE=3D2>> -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> From: Tony Bartoletti [<A = HREF=3D"mailto:azb@llnl.gov">mailto:azb@llnl.gov</A>]</FONT> <BR><FONT SIZE=3D2>> Sent: Friday, April 26, 2002 2:50 PM</FONT> <BR><FONT SIZE=3D2>> To: Aisenberg, Michael; = 'todd.glassey@worldnet.att.net';</FONT> <BR><FONT SIZE=3D2>> 'tgindin@us.ibm.com'</FONT> <BR><FONT SIZE=3D2>> Cc: 'ietf-pkix@imc.org'</FONT> <BR><FONT SIZE=3D2>> Subject: RE: Meaning of Non-repudiation</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> At the risk of incurring PKIX list-wrath = ...</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> To my view of things, the "existence" = of NR=3D1 in a </FONT> <BR><FONT SIZE=3D2>> certificate is no more </FONT> <BR><FONT SIZE=3D2>> than a statement, by the issuing CA, that = "they will not </FONT> <BR><FONT SIZE=3D2>> stand in the way </FONT> <BR><FONT SIZE=3D2>> of this certificate being used as a component = in some form of </FONT> <BR><FONT SIZE=3D2>> NR scheme </FONT> <BR><FONT SIZE=3D2>> (and will happily accept your Visa or = Mastercard, thank you.)</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> If one limits the presence of an NR bit to this = weak </FONT> <BR><FONT SIZE=3D2>> assertion, it becomes </FONT> <BR><FONT SIZE=3D2>> clear that the NR bit "means almost = nothing." Thus there is </FONT> <BR><FONT SIZE=3D2>> little left to </FONT> <BR><FONT SIZE=3D2>> debate about it on the list.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> (As I recall, Tom Ginden's "Technical = Non-Repudiation" </FONT> <BR><FONT SIZE=3D2>> document was about </FONT> <BR><FONT SIZE=3D2>> as far as one could reasonably take application = of the NR </FONT> <BR><FONT SIZE=3D2>> bit. It was time </FONT> <BR><FONT SIZE=3D2>> for everyone else to put-up or shut-up, and = everyone shut-up.)</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> ____tony____</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Tony Bartoletti 925-422-3881 = <azb@llnl.gov></FONT> <BR><FONT SIZE=3D2>> Information Operations, Warfare and Assurance = Center</FONT> <BR><FONT SIZE=3D2>> Lawrence Livermore National Laboratory</FONT> <BR><FONT SIZE=3D2>> Livermore, CA 94551-9900</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1ED4F.A5D1E962-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QI3M513696 for ietf-pkix-bks; Fri, 26 Apr 2002 11:03:22 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QI3Ka13692 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:03:20 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id UAA27090; Fri, 26 Apr 2002 20:03:07 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 20:03:07 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id UAA11113; Fri, 26 Apr 2002 20:03:06 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id UAA12803; Fri, 26 Apr 2002 20:03:05 +0200 (MET DST) Date: Fri, 26 Apr 2002 20:03:05 +0200 (MET DST) Message-Id: <200204261803.UAA12803@emeriau.edelweb.fr> To: myers@coastside.net, rhousley@rsasecurity.com Subject: Re: Multiple paths in DPD Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > Mike: > > I am strongly opposed to an approach that would require the server to > maintain state. Unless other people are willing to speak up and support > such an approach, I am not willing to make changes in this area. In my > view, the current consensus is for a stateless server. > Russ, the server does not need to maintain a state. That had been discussed between Steve farrele and me some yearsz ago, in order to clarify the meaning of what Mike calls 'state token'. A server which returns a 'state token' does not turn it into one that MUST in a stateful mode. When the 'next request after token' comes it, the server sets up it state from the data that had been return by the 'cookie'. Received: by above.proper.com (8.11.6/8.11.3) id g3QHe6e13230 for ietf-pkix-bks; Fri, 26 Apr 2002 10:40:06 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QHe4a13226 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 10:40:04 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA27032; Fri, 26 Apr 2002 19:40:03 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 19:40:04 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA11039; Fri, 26 Apr 2002 19:40:02 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA12798; Fri, 26 Apr 2002 19:40:02 +0200 (MET DST) Date: Fri, 26 Apr 2002 19:40:02 +0200 (MET DST) Message-Id: <200204261740.TAA12798@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > > The list of potential useful additional feature is as endless as the > > list of useless features. > > No. We would not make the effort of writing these requirements if we were > going to allow a protocol that supports many other features that are *not* > required. > > Denis Steve Kent said a few days ago: " We agreed to allow competing protocol submissions which would be evaluated against the requirements. " This does not mean IMO, that it is forbidden to have more features than those specified in the requirement doc. Received: by above.proper.com (8.11.6/8.11.3) id g3QHcsK13209 for ietf-pkix-bks; Fri, 26 Apr 2002 10:38:54 -0700 (PDT) Received: from smtp-2.llnl.gov (smtp-2.llnl.gov [128.115.250.82]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QHcra13205 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 10:38:54 -0700 (PDT) Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id KAA22878; Fri, 26 Apr 2002 10:38:40 -0700 (PDT) Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id KAA19088; Fri, 26 Apr 2002 10:38:50 -0700 (PDT) Message-Id: <4.3.2.7.2.20020426103400.00b51910@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 26 Apr 2002 10:50:14 -0800 To: "Aisenberg, Michael" <maisenberg@verisign.com>, "'todd.glassey@worldnet.att.net'" <todd.glassey@worldnet.att.net>, "'tgindin@us.ibm.com'" <tgindin@us.ibm.com> From: Tony Bartoletti <azb@llnl.gov> Subject: RE: Meaning of Non-repudiation Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> In-Reply-To: <6953F9859AF8BF45B04729A42264032504084DAC@vsvapostal1.bkup2 > Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At the risk of incurring PKIX list-wrath ... To my view of things, the "existence" of NR=1 in a certificate is no more than a statement, by the issuing CA, that "they will not stand in the way of this certificate being used as a component in some form of NR scheme (and will happily accept your Visa or Mastercard, thank you.) If one limits the presence of an NR bit to this weak assertion, it becomes clear that the NR bit "means almost nothing." Thus there is little left to debate about it on the list. (As I recall, Tom Ginden's "Technical Non-Repudiation" document was about as far as one could reasonably take application of the NR bit. It was time for everyone else to put-up or shut-up, and everyone shut-up.) ____tony____ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QHasl13161 for ietf-pkix-bks; Fri, 26 Apr 2002 10:36:54 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QHaqa13157 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 10:36:52 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA27015; Fri, 26 Apr 2002 19:36:47 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 19:36:47 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA11028; Fri, 26 Apr 2002 19:36:46 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA12795; Fri, 26 Apr 2002 19:36:46 +0200 (MET DST) Date: Fri, 26 Apr 2002 19:36:46 +0200 (MET DST) Message-Id: <200204261736.TAA12795@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: roadmap Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > - A "trusted" OCSP responder which is not a CA or an authorized responder > > can also issue status information based on his own local policy not > > established by a CA, it can have its own 'revocation service' based > > on the needs of the relying party. > > So a trusted OCSP responder provides the revocation status information of a > *single* certificate and has nothing to do with a DPV server that does much > more on a *chain* of certificates. The point was that the structure of OCSP trust delegations, i.e., the modes of CA, authorized responder and trusted responder provide sufficient possibilities so that trust among a DPV client and services can be establish in a same way. A potential addition to the OCSP protocol you turn a server which was is trusted by the client using one of the existing OCSP trust mechanism into a service that is implmenting the DPV requirements, i.e. into a DPV server that youses an enhanced OCSP protocol. > > > - An 'authorised' CA DPV responder can create status information about > > An " 'authorised' CA DPV responder" is not a correct wording: either it is a > CA or a DPV responder. I am talking about an extended OCSP protocol implementing the DPV requirements operated by an authorized OCSP responder. > > > its immediately subordinate certs, i;e. the single OCSP response that you > > mention, and at the same time include some DPV response that validate > > the path from the intermediate CA to the trusted root, either > > as an entity extension or as a global extension. > > > - An OCSP server can also be any entity, and not just an authorised > > CA responder. An OCSP responder can respond to whatever the service > > provider likes to provide to its clients or what they need. OCSP is > > not a 'A CS service'. > > An OCSP server basically provides the revocation status of a certificate and > may support extensions in addition to that basic response. Up to now, such > extensions have not been defined. Obviously not, since we are not at the point of defining a protocol. As far as I have understood, Mike is waiting until the DPV reqs get settled. > > Since a DPV response is far richer than a DPV response, it would be quite > strange to use the content of the extension and to discard the main > response. Who has proposed to discard something? > Picky-backing the DPV structure in an extension of the OCSP structure would > also lead to a strange behaviour. You could get a "valid OCSP answer" with > an "invalid DPV answer" (e.g. because a certificate from the chain is > revoked). These two statuses do not match together. Why do you think that the DPV server should indicate that the certificate is good. Again, I am not advocating OCSPv2 which some people may consider as repaied/enhanced by technique to similar as for the Hubble telescope. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QHX6F13097 for ietf-pkix-bks; Fri, 26 Apr 2002 10:33:06 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QHX4a13093 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 10:33:04 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3QHX428008959; Fri, 26 Apr 2002 10:33:04 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Housley, Russ" <rhousley@rsasecurity.com> Cc: <ietf-pkix@imc.org> Subject: RE: Multiple paths in DPD Date: Fri, 26 Apr 2002 10:30:11 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAEEICKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <5.1.0.14.2.20020426110136.033fb5c0@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, Towards further clarity and FWIW, I have no issue with the stateless server consensus per se. It's the the software and system design implications of the maxPath feature that strongly concerns me. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Housley, Russ > Sent: Friday, April 26, 2002 8:04 AM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: Re: Multiple paths in DPD > > > > Mike: > > I am strongly opposed to an approach that would > require the server to > maintain state. Unless other people are willing to > speak up and support > such an approach, I am not willing to make changes in > this area. In my > view, the current consensus is for a stateless server. > > Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QHNK712918 for ietf-pkix-bks; Fri, 26 Apr 2002 10:23:20 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QHNJa12913 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 10:23:19 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id TAA15682; Fri, 26 Apr 2002 19:26:10 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042619224779:300 ; Fri, 26 Apr 2002 19:22:47 +0200 Message-ID: <3CC98CD4.2FADC4FD@bull.net> Date: Fri, 26 Apr 2002 19:22:28 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204261712.TAA12788@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 19:22:47, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 19:23:20, Serialize complete at 26/04/2002 19:23:20 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > > - This text may be created by the server or requested by the client > > > or modified by the server. > > > > No. See above. > > Thus, you are restricting a potential protocol feature. If a proposal > will allow a client to propose a text, you would consider this > as in conflict with the requirements doc? This feature has *already* been accepted (at least by myself, hopefully by the WG). > > > I am not in favour that the usages of identififers of the clients > > > and responders MUST be related to authentication. > > > > ... otherwise it is a field that has an undefined or an ambiguous > > semantics. > Russ and you have proposed that the ID are derived from authenticated > identifiers, it seems that the main difference is that I prefer that > they are matched against information from authentication. > You propose: > "When the request is authenticated, the requestor SHOULD be able, upon > request, to indicate an identifier to be included in the response. > > What does mean 'SHOULD be able'? We are talking about requirements for > a protocol. Either the protocol has a feature that can be optionally be > used or it hasn't. > > Why should even an anonymous requester not be allowed to specify an identifier? ... because in that case it would not be anymore a field that reflects an identifier, but will be a "blind" field. The same field cannot have two different or even more meanings. > As indicated in the followng sentence, a server can always refuse this > nased on the policy etc. > > How this identifier is matched with the authenticated identity depends > on local server conditions and/or the validation policy. The server > MAY choose to refuse to include an identifier in the response, or MAY > refuse to create a response." > > > > Please read what I have written. You are turning around the argumentation. > > > There are probably some arguments not to have a flower service in a DPV > > > protocol. But they should be indicated. The text does only prohibity someone > > > from saying: "We MUST NOT use this protocol because you can also request > > > flowers and this has not been specified as a requirement." > > > > ... and for that exact reason, I would suppress the flower request. > YOU have proposed the flower feature, not me. > > > It is not appropriate to overload the protocol for whatever extra reason. > "Overloading" or making it too heavy is a judgement that should be > weighted against the argument that would be necessary to support any feature. > > > We are not going to say specifiaclly that flower requests support is > > inappropriate, otherwise the list would be endless. > > The list of potential useful additional feature is as endless as the > list of useless features. No. We would not make the effort of writing these requirements if we were going to allow a protocol that supports many other features that are *not* required. Denis > Since you have not proposed a concreate > protocol feature in a potential protocol, I don't feel that it is > necessary to talk about this. If nobody presents any probably > useless feature in a protocol, why should be waste our time to > establish a list of what would be 'definitely stupid'? > > It seems that you will in the future continue to say: > 'This is not a requrement' with a new justification 'this is > not in a requirements document'. > > > This was one of the problems from RFC 3029 (i.e. Data Certification Server > > Protocols) that had too many features. > > RFC 3029 does not allow to explicitely request flowers, too bad :-) > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QHC6P12615 for ietf-pkix-bks; Fri, 26 Apr 2002 10:12:06 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QHC3a12604 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 10:12:03 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA26939; Fri, 26 Apr 2002 19:12:02 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 19:12:02 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA10912; Fri, 26 Apr 2002 19:12:01 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA12788; Fri, 26 Apr 2002 19:12:01 +0200 (MET DST) Date: Fri, 26 Apr 2002 19:12:01 +0200 (MET DST) Message-Id: <200204261712.TAA12788@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > > - This text may be created by the server or requested by the client > > or modified by the server. > > No. See above. Thus, you are restricting a potential protocol feature. If a proposal will allow a client to propose a text, you would consider this as in conflict with the requirements doc? > > > I am not in favour that the usages of identififers of the clients > > and responders MUST be related to authentication. > > ... otherwise it is a field that has an undefined or an ambiguous > semantics. Russ and you have proposed that the ID are derived from authenticated identifiers, it seems that the main difference is that I prefer that they are matched against information from authentication. You propose: "When the request is authenticated, the requestor SHOULD be able, upon request, to indicate an identifier to be included in the response. What does mean 'SHOULD be able'? We are talking about requirements for a protocol. Either the protocol has a feature that can be optionally be used or it hasn't. Why should even an anonymous requester not be allowed to specify an identifier? As indicated in the followng sentence, a server can always refuse this nased on the policy etc. How this identifier is matched with the authenticated identity depends on local server conditions and/or the validation policy. The server MAY choose to refuse to include an identifier in the response, or MAY refuse to create a response." > > Please read what I have written. You are turning around the argumentation. > > There are probably some arguments not to have a flower service in a DPV > > protocol. But they should be indicated. The text does only prohibity someone > > from saying: "We MUST NOT use this protocol because you can also request > > flowers and this has not been specified as a requirement." > > ... and for that exact reason, I would suppress the flower request. YOU have proposed the flower feature, not me. > It is not appropriate to overload the protocol for whatever extra reason. "Overloading" or making it too heavy is a judgement that should be weighted against the argument that would be necessary to support any feature. > We are not going to say specifiaclly that flower requests support is > inappropriate, otherwise the list would be endless. The list of potential useful additional feature is as endless as the list of useless features. Since you have not proposed a concreate protocol feature in a potential protocol, I don't feel that it is necessary to talk about this. If nobody presents any probably useless feature in a protocol, why should be waste our time to establish a list of what would be 'definitely stupid'? It seems that you will in the future continue to say: 'This is not a requrement' with a new justification 'this is not in a requirements document'. > This was one of the problems from RFC 3029 (i.e. Data Certification Server > Protocols) that had too many features. RFC 3029 does not allow to explicitely request flowers, too bad :-) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QGxEI12028 for ietf-pkix-bks; Fri, 26 Apr 2002 09:59:14 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QGxCa12024 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 09:59:13 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3QGxA28005769; Fri, 26 Apr 2002 09:59:11 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Housley, Russ" <rhousley@rsasecurity.com> Cc: <ietf-pkix@imc.org> Subject: RE: Multiple paths in DPD Date: Fri, 26 Apr 2002 09:56:18 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEEGCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <5.1.0.14.2.20020426110136.033fb5c0@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, I understood your objective, which led then to the max path design feature. Yes, I know the rough consensus seems to favor a stateless server (although it's predictable the server will have abundant lower-level state anyway). But the more I thought about it, the more convinced I became that some of the implications of that consensus and the feature it precipitated warrant a careful analysis before we ship this thing. I'm actuely aware of the need for us to wrap up this work and get on with it and I apologize again for not bringing this up earlier. Twice I stalled producing the note because of those factors. But in the end I figured, we're an engineering working group and this is an engineering question that deserves a modest degree of further review and open dialog. So I spent a good many cycles yesterday doing what I think I should be doing in this WG. I know you're busy and we all want to get this one shipped but may I with respect ask for a brief response in kind and in the context of the analysis? Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Housley, Russ > Sent: Friday, April 26, 2002 8:04 AM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: Re: Multiple paths in DPD > > > > Mike: > > I am strongly opposed to an approach that would > require the server to > maintain state. Unless other people are willing to > speak up and support > such an approach, I am not willing to make changes in > this area. In my > view, the current consensus is for a stateless server. > > Russ > > > At 02:15 PM 4/25/2002 -0700, Michael Myers wrote: > >Russ, Denis: > > > >This analysis and counter-proposal is a bit long > which is why I > >broke it out separately from my other comments. > Apologies for > >the length and not getting to it at the -03 stage. > I had it on > >my list but got sidetracked by my day job. > > > >Anyway, I'm having a hard time agreeing with the following. > > > >----------------------------------------------------- > > The DPD client needs to be able to limit the > > number of paths returned. Therefore the client > > MUST be able to indicate the maximum number of > > certification paths to be returned (provided > > that they can be found). If the client does > > not specify a maximum number, then the DPD > > server MUST return a single certification path. > > > > . . . > > > > If that number cannot be reached by the server, > > an indication SHOULD be returned by the DPD > > server showing that an additional query will > > not return more paths. > > > > If the paths that are returned do not match the > > client's local criteria, then the number of > > number of certification paths to be returned can > > be extended by increasing this value. Previously > > found paths will likely be returned, but the > > client can easily discard them. This avoids > > requirements for state information at the server, > > but does not prevent a server from maintaining > > a cache of previous responses. > > > > Avoiding the maintenance of state information for > > previous requests minimizes potential denial of > > service attacks or other problems associated with > > server crashes. > > > >----------------------------------------------------- > > > >I think an iterated approach based on server-side > state would be > >better. The approach is basically one which, in the > presence of > >multiple paths, the server establishes state and returns the > >first potentially acceptable path (given client > inputs) to the > >client along with a state token. Should that path not be the > >precise one the client is looking for, the client asks again, > >referencing the state token. Upon recognizing the > state token, > >the server then returns the next path and so on > until either the > >client shuts up and goes away or the server returns > noMoreData. > >Doing so would reduce protocol complexity, reduce extraneous > >bits on the wire and reduce client-side and server-side code > >footprints with no loss of security assurances. > > > >Here's why I think so. > > > >Working first from the motivating needs, it's not clear to me > >how reduction of state will minimize potential > denial of service > >attacks. If they come, they're going to come > regardless of the > >internal state of the server. Possibly what you > meant to say is > >that doing so potentially improves the likelihood a > server can > >withstand DOS attacks while maintaining service to legitimate > >requests. I shall assume this for the time being. > > > >But since DOS attacks are largely predicated on throughput > >constraints, one can simply beef up the back end or > buy a bigger > >pipe. Also, to the extent that your concern over DOS attacks > >and server crashes relates to the volatility of > state retention, > >an implementor of the protocol that ultimately results from > >these requirements can choose to write that state to > >non-volatile memory. That is, take a fault-tolerant > >implementation approach in those instances where mission > >criticality is important. They're going to anyway. > > > >Lastly re: DOS, my own experience strongly suggests that > >effective responses to DOS attacks are most often > addressed at > >the router, long before an offending stream from a given IP > >address gets to a back end. I agree that we should take care > >not to enable sensitivity to DOS attacks. I'm just not > >convinced that the max path approach yields much > effect in that > >regard while the iterated approach yeilds clear benefits in > >design simplicity. > > > >To the design simplicity point, it's my estimate that in the > >vast majority of cases where DPD will be used, the first path > >returned will be the one the client wanted. I also estimate > >that there'll be far more instances of only one path vs. > >multiple paths. In my view we should design towards the > >centroid of needs rather than the corner cases. > > > >Is this design simpler? I think so. It's just a > state token. > >The client doesn't even have to know what it is, just send it > >back for another try. The use of noMoreData also provides > >unambiguous protocol closure. The client knows for > certain what > >to do in that instance. Very simple, hence a smaller client. > > > >Regarding extraneous bits on the wire, consider the case of > >maxPath of M from the client and server side numPaths of N, > >where N is larger than M. The client receives N-M > paths and any > >requested revocation data. All of which may be > useless because > >the path the client wants is in the remainder. So the client > >kicks up its M to, say, M' where M' is still less > then N, first > >receives again those useless N-M paths and related > info before > >it gets into the M'-M set. And so on. > > > >I suspect once this scenario comes to the attention of > >client-side developers, they will be tempted to bake > in a very > >large maxPath to ensure that a single query yields all paths. > >Again, a lot of extraneous bits on the wire when in point of > >fact the client just wants one. And as I hypothesized, I > >suspect that in the vast majority of cases that'll > be the first > >one. Thus our requirements threaten to place onto > the Internet > >a bunch of useless bits. I think we should be sensitive to > >needless bandwidth consumption. > > > >Also, in the event multiple paths exist but the > client doesn't > >specify max # of paths, what are the requirements on > the server > >in the event of multiple queries from a client regarding the > >same certificate? The requirement reads "return a single > >certification path" but provides no guidance in the > presence of > >multiple paths at the server, leading one to assume that the > >first one is always sent back. > > > >Thus in the presence of multiple paths, there exists > no means to > >enable a client to get at the one it wants. Absent that > >guidance and any variation from the current draft > requirements, > >I'm sure this issue will be taken up at the protocol > selection > >stage of our work. It's possible those > considerations will lead > >to servers trying their best and silently iterate > through these > >multiple paths in order to address this scenario. That means > >state, just as is needed for the iterated approach > in the first > >place. > > > >So I propose for your consideration the following text: > > > >----------------------------------------------------- > > > >If a DPV server has available to it multiple paths > >conformant to the parameters a client provides, upon > >receipt of an initial query the server MUST respond > >with the first path in this list AND include a token > >for reference by the client in subsequent queries. > > > >In the event of a single path, or a single qualifying > >path, the server MAY exclude the token. > > > >Upon receipt of a DPD response containing a response > >token indicating the existence of multiple qualifying > >paths, in order to acquire the next path in this list > >clients MUST include the previously supplied response > >token in a subsequent query. > > > >Servers MUST then transmit the next path in the > >qualifying list. If the last qualifying path was > >previously transmitted, servers MUST indicate that > >no more data exists. > > > >----------------------------------------------------- > > > >Again, apologies for the length and the delay. > > > >Regards, > > > > > >Mike > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QGbLN11574 for ietf-pkix-bks; Fri, 26 Apr 2002 09:37:21 -0700 (PDT) Received: from heron.verisign.com (heron.verisign.com [216.168.233.95]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QGbJa11570 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 09:37:20 -0700 (PDT) Received: from VSVAPOSTALGW1.prod.netsol.com (vsvapostalgw1.prod.netsol.com [216.168.234.201]) by heron.verisign.com (nsi_0.1/8.9.1) with ESMTP id MAA25730; Fri, 26 Apr 2002 12:37:32 -0400 (EDT) Received: by vsvapostalgw1.bkup1 with Internet Mail Service (5.5.2653.19) id <2WGQ0AMB>; Fri, 26 Apr 2002 12:37:10 -0400 Message-ID: <6953F9859AF8BF45B04729A42264032504084DAC@vsvapostal1.bkup2> From: "Aisenberg, Michael" <maisenberg@verisign.com> To: "'todd.glassey@worldnet.att.net'" <todd.glassey@worldnet.att.net>, "'tgindin@us.ibm.com'" <tgindin@us.ibm.com> Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: RE: Meaning of Non-repudiation Date: Fri, 26 Apr 2002 12:37:08 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_002F_01C1ED1E.D026A580" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_002F_01C1ED1E.D026A580 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable As an under-initiated tech-wanabe lawyer who has observed the 'non-repudiation' debate for several years, it occurs to me that, not only do I concur in Todd's observation regarding the use of NR {as a technical bit-descriptor being problematic vis-=E0-vis his described more 'comprehensive' view of NR as a 'condition' achieved through the deployment of an IA environment}, but would further suggest that even THAT interpretation requires calibration against the generally accepted legal concept of non-repudiation inherent in the construct and case law around UCC secs. 2-609/2-610. Todd's analysis suggests a non-statutory analog --based on a description of a complex of conditions existing simultaneously-- that provides a technology-grounded basis for asserting the same absolute of 'undeniability of existence' that the legal/statutory phrase implies (but, lawyers would never assert with the same absolutism as, say, a law of physics, unless a court of last resort had ruled!)--but it is of course still different from, and therefore capable of being confused with the bit descriptor. All of which is a long-winded way of stating the obvious--that the importation of 'terms of art' from one discipline to another is risky--absent precise equality of definition, intent and usage--which we obviously don't have here...... Michael Aisenberg --VeriSign/D.C.-- -----Original Message----- From: todd glassey [mailto:todd.glassey@worldnet.att.net]=20 Sent: Friday, April 26, 2002 11:49 AM To: Tom Gindin Cc: PKIX-IETF Subject: Re: Meaning of Non-repudiation Tom, I agree with you - the X.509 model is broken too. NR is a bigger thing than a bit in a data structure and using the term NR causes problems for auditors and other professionals that would have to use these protocols. I and many others define NR as the sum-total of all the Information Assurance technologies, techniques, and practices that make up and operating environment. Thus NR is a state specific to a totality of condition and maybe needs essentially gradiant levels rather than a binary on or off state. Thats why a single bit alone without the accompanying OID is of questionable value here. Todd ----- Original Message ----- From: "Tom Gindin" <tgindin@us.ibm.com> To: "Stephen Kent" <kent@bbn.com> Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>; <ietf-pkix@imc.org> Sent: Wednesday, April 11, 2001 3:50 PM Subject: Re: Meaning of Non-repudiation > > IMHO, if X.509 had not been calling the bit in KeyUsage > "non-repudiation" for some years, I would prefer to put "Persistent Data > Authentication" into KeyUsage and define several different flavors of > non-repudiation in ExtendedKeyUsage, profiling non-repudiation services in > parallel with those ExtendedKeyUsage values. This would also allow us to > define different levels of NR and put them into certificates in a natural > way. However, they have been calling the bit "non-repudiation", and I'm > not sure we can change its meaning on the installed base of certificates > and on the X.509 group without an unusual level of unanimity and > near-certainty that it won't break anything. > > Tom Gindin > > > ------=_NextPart_000_002F_01C1ED1E.D026A580 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIINdzCCAj0w ggGmAhEAulrJTAU7ktantt9O0FOSDTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMDQwMTA3MjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBALZai6MNaiODgGvPOYf0IRMzBkwlou1VEpfFp4C5+oPBIKD6LxUNfKFga355LPoGDzqu 9htvsdL/LyhSX4N9S8R6t/hmH4BU/LfCjllKFFdG0ZqTvkGRA7sVgJNc6+fMCGw/PrNK/P9LbCPV UIImRBmOI8Nx6hkkRwSedb/IpgAfAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAtgAfk1ekB6dAzmVA P1Ve7e/6VEmlMNYhfGGH7oOTC7+0M/KYrJ8Gv06ozhSBTMsETljDz1/ufNeab8tBird/gbj/hGHG J0NlHQzssQAK3Ruku8d4ICiyot02lS7hVE+/YLl3aBGZI+jqUuiqAE5nTruQtUWbRuuOFu/EM1sz PdUwggNDMIICrKADAgECAhAffl/nA9Hgv5kg3GuJDUsEMA0GCSqGSIb3DQEBBAUAMF8xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTAyMjUwMDAwMDBaFw0wNDAxMDUy MzU5NTlaMIGtMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTEmMCQGA1UEAxMdVmVyaVNpZ24gQ2xhc3MgMiBQ ZXJzb25uZWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKcEbA+icrdKBi741yksNJ2C vEiRSses+en8uVl4sVXAU1ixz28WO8FJ1cv0bszhzMu1xy5OiKo06bbQW3w+FVc04Ri8/931r2dZ IArlPeqIikDSmokTKam21dunfuHnNyST/ZR0TXrkMm1M6FwWl6/dktlmihRm5OpaA6g9X/sLAgMB AAGjgbAwga0wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMi5j cmwwEQYJYIZIAYb4QgEBBAQDAgEGMEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEF BQcCARYfaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rcjAPBgNVHRMECDAGAQH/AgEBMAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQB59xXN6GhRWWv8qaa94B77vPQ/kN/n+u3kVPdh PVSLBrqXMloeqyzur3Orx13TP4/0zstOSGCiqGC2ON6gpvePKegRrMw5dlA83TlsC/Fa/QhUdt0W bPcxcLi/CPfJJgaO37svGbG2uLToPEjoJ7GXKSBXA5ybZ/p9QMQ4fxiqmjCCA8QwggMtoAMCAQIC EQCEzvIOADm1dVXaGYePUu2JMA0GCSqGSIb3DQEBBAUAMIGtMRcwFQYDVQQKEw5WZXJpU2lnbiwg SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1 YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTEm MCQGA1UEAxMdVmVyaVNpZ24gQ2xhc3MgMiBQZXJzb25uZWwgQ0EwHhcNOTkwMjI1MDAwMDAwWhcN MDQwMTA0MjM1OTU5WjCBrDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxSTBHBgNVBAsTQFVzZSBpcyBzdWJqZWN0IHRvIHRlcm1zIGF0IGh0 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEta3IgKGMpOTkxJTAjBgNVBAMTHFZlcmlTaWduIENs YXNzIDIgRW1wbG95ZWUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCK0YdhouowA1Vr CDbwl/oaVDUkH+h9ncjDc9PYRvWRLdk47ZTXsCZzKt6XUE3/Ihy9cACYDFgqsaRyj6W59y18YOO1 3+l9TiEhYdX8O1TJpAmcuyL5orpwYU+GRqL9BWTsCj+mWHZXuxZzRHzwpQ2XwGym8WMIJbEEF5Wg jf5/AgMBAAGjgeIwgd8wKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMTE4 MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL1ZTQ2xhc3MySW50LmNy bDARBglghkgBhvhCAQEEBAMCAQYwRwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUF BwIBFh9odHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyMA8GA1UdEwQIMAYBAf8CAQAwCwYD VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBABlGztRrcI5YXIhCNa0WfaUJLKhTkPH2PYbX8M5y FD0ivPLDM+3U/AWa4GMgdaMb71UZDwZzIQJhrqaeUSt43FvIhIvV17bP1fg+l5ixRIujmI6gS/aY MZOz8AzdUXbKl+RWRMb7lKFIfSJDzKDGXHlV9WeBG2iYNCREsZjBOiheMIIEIzCCA4ygAwIBAgIQ C4Pe+b9ZzSY6cFoTNpDgKTANBgkqhkiG9w0BAQQFADCBrDEXMBUGA1UEChMOVmVyaVNpZ24sIElu Yy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxSTBHBgNVBAsTQFVzZSBpcyBzdWJq ZWN0IHRvIHRlcm1zIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEta3IgKGMpOTkxJTAj BgNVBAMTHFZlcmlTaWduIENsYXNzIDIgRW1wbG95ZWUgQ0EwHhcNMDExMDExMDAwMDAwWhcNMDIx MDExMjM1OTU5WjBzMREwDwYDVQQKEwhWRVJJU0lHTjEQMA4GA1UECxMHVkEtRUFTVDETMBEGA1UE AxMKUmVjaXBpZW50czE3MDUGA1UEAxMubWFpc2VuYmVyZyAoQWlzZW5iZXJnIE1pY2hhZWwsIFZl cmlTaWduLCBJbmMuKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvUXjng0fglmjCF7bE23A cpGiPS0Ci+9Ws6i/NDsGOYt21EbGOT1B+u6wazYjy29sKJkR5cicvJfyylRJ2Zl1Fc5sgewN+a88 g9x7hxQXITWaAlCPKUD/KB4qNeZvGSj1hu+ZdZvIm7N+/cUKT5W5Lvfd41B7bxlnQyADZHy3u8UC AwEAAaOCAXwwggF4MAkGA1UdEwQCMAAwWQYDVR0fBFIwUDBOoEygSoZIaHR0cDovL29uc2l0ZWNy bC52ZXJpc2lnbi5jb20vVmVyaVNpZ25JbmNFeGNoYW5nZUVtcGxveWVlcy9MYXRlc3RDUkwuY3Js MAsGA1UdDwQEAwIFoDAiBgNVHREEGzAZgRdtYWlzZW5iZXJnQHZlcmlzaWduLmNvbTCBrAYDVR0g BIGkMIGhMIGeBgtghkgBhvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNp Z24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWdu J3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJ YIZIAYb4QgEBBAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjANBgkqhkiG9w0B AQQFAAOBgQA8lpyvzHVxE92Tr9AX/8HdW2dKffNef2wIZXCd43hsblythAXOmU78nW4+W54zEonQ jUoicXgE+oQZd/PVHLfEm8f67IZlrl38/wMJoNNqaaWJiCSH0qsGtNvxhNOKaspYIP5nyiT1gKcy 0F8WRd+fYUF6pq0IDxUClzkLftrxRzGCA94wggPaAgEBMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2ln biwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlz IHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5 OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xhc3MgMiBFbXBsb3llZSBDQQIQC4Pe+b9ZzSY6cFoTNpDg KTAJBgUrDgMCGgUAoIICcjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wMjA0MjYxNjM1MTNaMCMGCSqGSIb3DQEJBDEWBBSVdF19mxIMHXndqUL4/wSib1ZBJjBnBgkq hkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAH BgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTCB0gYJKwYBBAGCNxAE MYHEMIHBMIGsMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFJMEcGA1UECxNAVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OTElMCMGA1UEAxMcVmVyaVNpZ24gQ2xhc3MgMiBF bXBsb3llZSBDQQIQC4Pe+b9ZzSY6cFoTNpDgKTCB1AYLKoZIhvcNAQkQAgsxgcSggcEwgawxFzAV BgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUkw RwYDVQQLE0BVc2UgaXMgc3ViamVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j b20vcnBhLWtyIChjKTk5MSUwIwYDVQQDExxWZXJpU2lnbiBDbGFzcyAyIEVtcGxveWVlIENBAhAL g975v1nNJjpwWhM2kOApMA0GCSqGSIb3DQEBAQUABIGAeBBRzPiU/xNbCFJjZH/5FYJ8x9nmfD9E cbh+RqoRGzlTf+rCE/t8jUhrFi9HASzXsNhvFxJTmhtwjyd3ybXFPQ3ve7ZJ0ummszcdSYRchq/n yvswcsF00QxdxQIBOWT0XkXrj6mLKrEzUtnEH5AbT5daG9N63dqrwKRknZcdsRMAAAAAAAA= ------=_NextPart_000_002F_01C1ED1E.D026A580-- Received: by above.proper.com (8.11.6/8.11.3) id g3QFwl408470 for ietf-pkix-bks; Fri, 26 Apr 2002 08:58:47 -0700 (PDT) Received: from mtiwmhc24.worldnet.att.net (mtiwmhc24.worldnet.att.net [204.127.131.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QFwja08464 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:58:45 -0700 (PDT) Received: from tsg1 ([12.81.72.55]) by mtiwmhc24.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020426155841.YOCK18857.mtiwmhc24.worldnet.att.net@tsg1>; Fri, 26 Apr 2002 15:58:41 +0000 Message-ID: <023501c1ed3b$06c7df20$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Tom Gindin" <tgindin@us.ibm.com> Cc: "PKIX-IETF" <ietf-pkix@imc.org> References: <OF1C0D33B9.A843F12B-ON85256A2B.007CECD7@somers.hqregion.ibm.com> Subject: Re: Meaning of Non-repudiation Date: Fri, 26 Apr 2002 08:48:34 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, I agree with you - the X.509 model is broken too. NR is a bigger thing than a bit in a data structure and using the term NR causes problems for auditors and other professionals that would have to use these protocols. I and many others define NR as the sum-total of all the Information Assurance technologies, techniques, and practices that make up and operating environment. Thus NR is a state specific to a totality of condition and maybe needs essentially gradiant levels rather than a binary on or off state. Thats why a single bit alone without the accompanying OID is of questionable value here. Todd ----- Original Message ----- From: "Tom Gindin" <tgindin@us.ibm.com> To: "Stephen Kent" <kent@bbn.com> Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>; <ietf-pkix@imc.org> Sent: Wednesday, April 11, 2001 3:50 PM Subject: Re: Meaning of Non-repudiation > > IMHO, if X.509 had not been calling the bit in KeyUsage > "non-repudiation" for some years, I would prefer to put "Persistent Data > Authentication" into KeyUsage and define several different flavors of > non-repudiation in ExtendedKeyUsage, profiling non-repudiation services in > parallel with those ExtendedKeyUsage values. This would also allow us to > define different levels of NR and put them into certificates in a natural > way. However, they have been calling the bit "non-repudiation", and I'm > not sure we can change its meaning on the installed base of certificates > and on the X.509 group without an unusual level of unanimity and > near-certainty that it won't break anything. > > Tom Gindin > > > Received: by above.proper.com (8.11.6/8.11.3) id g3QFvVs08295 for ietf-pkix-bks; Fri, 26 Apr 2002 08:57:31 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QFvSa08285 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:57:28 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA26722; Fri, 26 Apr 2002 17:57:27 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 17:57:27 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA10624; Fri, 26 Apr 2002 17:57:26 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA12767; Fri, 26 Apr 2002 17:57:26 +0200 (MET DST) Date: Fri, 26 Apr 2002 17:57:26 +0200 (MET DST) Message-Id: <200204261557.RAA12767@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: <draft-ietf-pkix-dpv-dpd-req-04.txt> Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > > This would lead to : > > In order to obtain the revocation status information of any > > certificate from the certification path, the DPV server might use, > > ... > > or a response from another DPV server. > > > > I proposed: > > > > The DPV server MUST produce certificate status information for > > the validation time in the client request. In order to do this, > > the DPV server might use, ... > > > > or a response from another DPV server. > > > > The first sentence was changed. > > > > In the seceond paragraph the two words indicated by XX above are indeed > > can be deleted. > > There is no basic diffence between the two proposals. The current changed > text is sufficient. We cannot argue at length on the style of the wording. May I remind you that since 4 years you are repeating that 'negative revocation information' is not the same as 'positive status information'. May I also remind you to the lengthy debates about how to interprete "GOOD" in OCSP. Well, if everybody thinks that "obtaining revocation information" is the same as "producing status information", ... > > Validating against one validation policy cert B from the chain (cert B + > cert C) cannot help for validating cert A against a different policy (or > even the same if it could work on a shorter chain) from the chain (cert A + > cert B + cert C). Thus DPV responses on CA certificates would not be > "useful" information. The fact that a French policeman may not be able to read an ID card from country XYZ does not mean that we MUST NOT have a procedure to validate French cards. Who says that this is "another" policy? How do you know that an OCSP response obtained by some server is useful. It may not be one that can be used for the given policy. The DPV server receive a certA plus a DPV response concerning the path certB, certC. The DPV server uses the DPV response to to establish a path to some trusted root. It may, or may not simply trust the DPV response to tell the truth about the current validity, and use other services. At elast, the information had been useful to establish a path. > > > You might also add 'time stamps' to your list (as in ES-F). > > As this is only a list of examples, do we need to say so ? As we already > know a DPV response alone will be insufficient for validating a digital > signature. Let us keep the mention of time-stamp tokens when we will address > DSV requirements , ... which is the next step as soon as we finish this > document. Why do you talk about signature validation. You can for example have time stamp on "encryption cert status information" allowing you to find out whether it was ok to encrypt data at that time or whether you have violated some confidentiality requirement. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QFkMQ07484 for ietf-pkix-bks; Fri, 26 Apr 2002 08:46:22 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QFkKa07480 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:46:20 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA23102; Fri, 26 Apr 2002 17:49:11 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042617461203:288 ; Fri, 26 Apr 2002 17:46:12 +0200 Message-ID: <3CC97636.5CD127F4@bull.net> Date: Fri, 26 Apr 2002 17:45:58 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204261527.RAA12760@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 17:46:12, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 17:46:20, Serialize complete at 26/04/2002 17:46:20 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > > The protocol MUST allow to provide to the requestor and/or the > > > responder a means to indicate a textual description indicating for example > > > the natuer or reason of the request/response to appear in the > > > result of the response. > > > > The text from the client is blindly copied in the response. > > > > Your are now asking for a *new* requirement that has not been mentioned > > earlier: the inclusion of an optional text field from the server. > > > > We do not have such a feature in other protocols, like OCSP. There is also a > > danger to apply different semantics on such a field. So I am not in favour > > of adding it. > > I don't agree that the server MUST blindly copy anything. Please read again the text: "inclusion of an optional text field from the server". This text is not copied from a client field but created by the server. > I don't look at the issue from a procedural standpoint but from > the point of the data being produced. > > - The response may contain a textual indication about the reason etc. > > - This text may be created by the server or requested by the client > or modified by the server. No. See above. > - It is NOT: an opaque token from the client that MUST NOT be inspected > in whatever way by the server. > > > Since you do not propose any specific text change, this text appears to be > > sufficient and in fact is derived from your initial proposed wording. We > > cannot argue for ever about the wording. > > As long as you refuse textual changes (two characters + one word) as in > > " The protocol MUST allow to provide to the requestor and/or the > responder a means to indicate a textual description indicating for example > the nature or reason of the request/response pair to appear in the > result of the response. " > > I don't know what else I can do. It is somewhat difficult to > anticipate your reaction of splitting each proposal into several ones > while adding additional contraints to the pieces and provide a > text change to that before having even seen what you propose. > > I am not in favour of having a requirement that says that something > MUST be blindly copied. > I am not in favour that the usages of identififers of the clients > and responders MUST be related to authentication. ... otherwise it is a field that has an undefined or an ambiguous semantics. > IMO this is an overspecification, and, as Russ turned out, some > uses that do relate this to authentication may create a conflict > with the requirements doc. > > > > This should close the last issue raised during the last call. > > > > > > > > > > I propose that we add somewhere in the introduction a statement like: > > > > > > A protocol feature proposal MUST not be rejected as out of > > > scope for the sole reason of not having been mentioned in this > > > requirements document ". > > > > I would disagree to place such a requirement. If the protocol would allow, > > for example, to ask for flowers at the same time, :-), then I believed that > > such a feature shall be suppressed. > Please read what I have written. You are turning around the argumentation. > There are probably some arguments not to have a flower service in a DPV > protocol. But they should be indicated. The text does only prohibity someone > from saying: "We MUST NOT use this protocol because you can also request > flowers and this has not been specified as a requirement." ... and for that exact reason, I would suppress the flower request. It is not appropriate to overload the protocol for whatever extra reason. We are not going to say specifiaclly that flower requests support is inappropriate, otherwise the list would be endless. This was one of the problems from RFC 3029 (i.e. Data Certification Server Protocols) that had too many features. Denis > Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QFhtI07443 for ietf-pkix-bks; Fri, 26 Apr 2002 08:43:55 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QFhsa07439 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:43:54 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA27340; Fri, 26 Apr 2002 17:46:44 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042617433431:286 ; Fri, 26 Apr 2002 17:43:34 +0200 Message-ID: <3CC97598.A7E6700F@bull.net> Date: Fri, 26 Apr 2002 17:43:20 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: roadmap References: <200204261323.PAA12732@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 17:43:34, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 17:43:54, Serialize complete at 26/04/2002 17:43:54 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > Michael, > > > > > Peter, > > > > > > v2's status mostly tracks that of the DPV and DPD requirements, > > > which have only recently settled down after about a year's worth > > > of effort. > > OCSP *cannot* be the right vector to support DPV requirements since the role > > of a CA is different from the role of a DPV server: a CA is only responsible > > for the certificates that it has issued. A DPV server can be any entity > > provided that it supports the appropriate validation policy which is *not* > > established by a CA. As another argument: having at the same time in the > > same response both a *single* OSCP response and a DPV response would be > > quite odd. The DPV response provides information which would make the > > *single* OCSP response useless. However the DPV response may include > > *several* OCSP responses *and* the full certification path, if requested by > > the client. > Without saying whether I support or not the idea of using OCSP, I > do not exactly understand the reasoning given above: > > I do not see why your comparison a CA role and he possibilities of > an DPV service has any relation with OCSP as a protocol: > - A "trusted" OCSP responder which is not a CA or an authorized responder > can also issue status information based on his own local policy not > established by a CA, it can have its own 'revocation service' based > on the needs of the relying party. So a trusted OCSP responder provides the revocation status information of a *single* certificate and has nothing to do with a DPV server that does much more on a *chain* of certificates. > - An 'authorised' CA DPV responder can create status information about An " 'authorised' CA DPV responder" is not a correct wording: either it is a CA or a DPV responder. > its immediately subordinate certs, i;e. the single OCSP response that you > mention, and at the same time include some DPV response that validate > the path from the intermediate CA to the trusted root, either > as an entity extension or as a global extension. > - An OCSP server can also be any entity, and not just an authorised > CA responder. An OCSP responder can respond to whatever the service > provider likes to provide to its clients or what they need. OCSP is > not a 'A CS service'. An OCSP server basically provides the revocation status of a certificate and may support extensions in addition to that basic response. Up to now, such extensions have not been defined. Since a DPV response is far richer than a DPV response, it would be quite strange to use the content of the extension and to discard the main response. Picky-backing the DPV structure in an extension of the OCSP structure would also lead to a strange behaviour. You could get a "valid OCSP answer" with an "invalid DPV answer" (e.g. because a certificate from the chain is revoked). These two statuses do not match together. Denis > > So my request is the same as made on the mailing list: RFC250bis should only > > be updated to allow to specify a certificate using additional ways. OCSPv2 > > should be discontinued or at least the name "OCSPv2" dropped. This does not > > mean that some ideas from that protocol cannot be re-used to fit with the > > DPV requirements. > > It might be a useful exercise to replace in 2650 all identifiers and structure > names in the ASN1 definitions of RFC 2560 by i1, i2, .. and S1, S2 and see whether > one nderstand the text, in particular reqCert and CertID. > > > > > However, this discussion is not directly related to the roadmap. ;-) > > > > Denis > > > > > As I said before, it didn't make much sense to track > > > that moving target with incremental I-Ds. I once had three > > > separate I-Ds but that got so hard to manage and work due to > > > syntatic and editorial overlap (not to mention review) that I > > > put them all in one. I prefer to keep that structure together > > > while we see how things shake out re: DPV/DPD. Since 2560bis is > > > pretty well on its way, I think we should let that go forward > > > cleanly rather than force a reset due to adding new syntax. > > > > > > Mike > > > > > > Michael Myers > > > t: +415.819.1362 > > > e: mailto:mike@traceroutesecurity.com > > > w: http://www.traceroutesecurity.com > > > > > > > -----Original Message----- > > > > From: owner-ietf-pkix@mail.imc.org > > > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > > > Peter Gutmann > > > > Sent: Tuesday, April 23, 2002 8:33 PM > > > > To: Peter.Sylvester@edelweb.fr > > > > Cc: ietf-pkix@imc.org > > > > Subject: Re: roadmap > > > > > > > > > > > > > > > > Peter Sylvester <Peter.Sylvester@edelweb.fr> writes: > > > > > > > > >Thus, it is not just a question of whether OCSP v2 > > > > being alive or not. > > > > > > > > Can I also add a general complaint about the vague > > > > status of OCSPv2, there's > > > > already software deployed which uses the extended > > > > range of cert IDs in the v2 > > > > draft, which makes it annoying to have it fading in > > > > and out of consciousness > > > > every few months. Perhaps the new cert IDs (which > > > > are a trivial change) could > > > > be moved into 2560-bis, without requiring all the > > > > extra stuff which was added > > > > in the rest of the v2 draft. > > > > > > > > Peter. > > > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QFRmX07148 for ietf-pkix-bks; Fri, 26 Apr 2002 08:27:48 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QFRia07144 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:27:44 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA26550; Fri, 26 Apr 2002 17:27:38 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 17:27:38 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA10458; Fri, 26 Apr 2002 17:27:37 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA12760; Fri, 26 Apr 2002 17:27:37 +0200 (MET DST) Date: Fri, 26 Apr 2002 17:27:37 +0200 (MET DST) Message-Id: <200204261527.RAA12760@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > > The protocol MUST allow to provide to the requestor and/or the > > responder a means to indicate a textual description indicating for example > > the natuer or reason of the request/response to appear in the > > result of the response. > > The text from the client is blindly copied in the response. > > Your are now asking for a *new* requirement that has not been mentioned > earlier: the inclusion of an optional text field from the server. > > We do not have such a feature in other protocols, like OCSP. There is also a > danger to apply different semantics on such a field. So I am not in favour > of adding it. I don't agree that the server MUST blindly copy anything. I don't look at the issue from a procedural standpoint but from the point of the data being produced. - The response may contain a textual indication about the reason etc. - This text may be created by the server or requested by the client or modified by the server. - It is NOT: an opaque token from the client that MUST NOT be inspected in whatever way by the server. > Since you do not propose any specific text change, this text appears to be > sufficient and in fact is derived from your initial proposed wording. We > cannot argue for ever about the wording. As long as you refuse textual changes (two characters + one word) as in " The protocol MUST allow to provide to the requestor and/or the responder a means to indicate a textual description indicating for example the nature or reason of the request/response pair to appear in the result of the response. " I don't know what else I can do. It is somewhat difficult to anticipate your reaction of splitting each proposal into several ones while adding additional contraints to the pieces and provide a text change to that before having even seen what you propose. I am not in favour of having a requirement that says that something MUST be blindly copied. I am not in favour that the usages of identififers of the clients and responders MUST be related to authentication. IMO this is an overspecification, and, as Russ turned out, some uses that do relate this to authentication may create a conflict with the requirements doc. > > > This should close the last issue raised during the last call. > > > > > > > I propose that we add somewhere in the introduction a statement like: > > > > A protocol feature proposal MUST not be rejected as out of > > scope for the sole reason of not having been mentioned in this > > requirements document ". > > I would disagree to place such a requirement. If the protocol would allow, > for example, to ask for flowers at the same time, :-), then I believed that > such a feature shall be suppressed. Please read what I have written. You are turning around the argumentation. There are probably some arguments not to have a flower service in a DPV protocol. But they should be indicated. The text does only prohibity someone from saying: "We MUST NOT use this protocol because you can also request flowers and this has not been specified as a requirement." Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QF42D06432 for ietf-pkix-bks; Fri, 26 Apr 2002 08:04:02 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3QF41a06428 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:04:01 -0700 (PDT) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 26 Apr 2002 15:02:41 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA03421 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:02:27 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3QF45k11859 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 11:04:05 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1XH9M>; Fri, 26 Apr 2002 11:01:32 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.32]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1XH9J; Fri, 26 Apr 2002 11:01:25 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Michael Myers <myers@coastside.net> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020426110136.033fb5c0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 26 Apr 2002 11:03:50 -0400 Subject: Re: Multiple paths in DPD In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEDMCKAA.myers@coastside.net> References: <3CC808F8.26A8DA6E@bull.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike: I am strongly opposed to an approach that would require the server to maintain state. Unless other people are willing to speak up and support such an approach, I am not willing to make changes in this area. In my view, the current consensus is for a stateless server. Russ At 02:15 PM 4/25/2002 -0700, Michael Myers wrote: >Russ, Denis: > >This analysis and counter-proposal is a bit long which is why I >broke it out separately from my other comments. Apologies for >the length and not getting to it at the -03 stage. I had it on >my list but got sidetracked by my day job. > >Anyway, I'm having a hard time agreeing with the following. > >----------------------------------------------------- > The DPD client needs to be able to limit the > number of paths returned. Therefore the client > MUST be able to indicate the maximum number of > certification paths to be returned (provided > that they can be found). If the client does > not specify a maximum number, then the DPD > server MUST return a single certification path. > > . . . > > If that number cannot be reached by the server, > an indication SHOULD be returned by the DPD > server showing that an additional query will > not return more paths. > > If the paths that are returned do not match the > client's local criteria, then the number of > number of certification paths to be returned can > be extended by increasing this value. Previously > found paths will likely be returned, but the > client can easily discard them. This avoids > requirements for state information at the server, > but does not prevent a server from maintaining > a cache of previous responses. > > Avoiding the maintenance of state information for > previous requests minimizes potential denial of > service attacks or other problems associated with > server crashes. > >----------------------------------------------------- > >I think an iterated approach based on server-side state would be >better. The approach is basically one which, in the presence of >multiple paths, the server establishes state and returns the >first potentially acceptable path (given client inputs) to the >client along with a state token. Should that path not be the >precise one the client is looking for, the client asks again, >referencing the state token. Upon recognizing the state token, >the server then returns the next path and so on until either the >client shuts up and goes away or the server returns noMoreData. >Doing so would reduce protocol complexity, reduce extraneous >bits on the wire and reduce client-side and server-side code >footprints with no loss of security assurances. > >Here's why I think so. > >Working first from the motivating needs, it's not clear to me >how reduction of state will minimize potential denial of service >attacks. If they come, they're going to come regardless of the >internal state of the server. Possibly what you meant to say is >that doing so potentially improves the likelihood a server can >withstand DOS attacks while maintaining service to legitimate >requests. I shall assume this for the time being. > >But since DOS attacks are largely predicated on throughput >constraints, one can simply beef up the back end or buy a bigger >pipe. Also, to the extent that your concern over DOS attacks >and server crashes relates to the volatility of state retention, >an implementor of the protocol that ultimately results from >these requirements can choose to write that state to >non-volatile memory. That is, take a fault-tolerant >implementation approach in those instances where mission >criticality is important. They're going to anyway. > >Lastly re: DOS, my own experience strongly suggests that >effective responses to DOS attacks are most often addressed at >the router, long before an offending stream from a given IP >address gets to a back end. I agree that we should take care >not to enable sensitivity to DOS attacks. I'm just not >convinced that the max path approach yields much effect in that >regard while the iterated approach yeilds clear benefits in >design simplicity. > >To the design simplicity point, it's my estimate that in the >vast majority of cases where DPD will be used, the first path >returned will be the one the client wanted. I also estimate >that there'll be far more instances of only one path vs. >multiple paths. In my view we should design towards the >centroid of needs rather than the corner cases. > >Is this design simpler? I think so. It's just a state token. >The client doesn't even have to know what it is, just send it >back for another try. The use of noMoreData also provides >unambiguous protocol closure. The client knows for certain what >to do in that instance. Very simple, hence a smaller client. > >Regarding extraneous bits on the wire, consider the case of >maxPath of M from the client and server side numPaths of N, >where N is larger than M. The client receives N-M paths and any >requested revocation data. All of which may be useless because >the path the client wants is in the remainder. So the client >kicks up its M to, say, M' where M' is still less then N, first >receives again those useless N-M paths and related info before >it gets into the M'-M set. And so on. > >I suspect once this scenario comes to the attention of >client-side developers, they will be tempted to bake in a very >large maxPath to ensure that a single query yields all paths. >Again, a lot of extraneous bits on the wire when in point of >fact the client just wants one. And as I hypothesized, I >suspect that in the vast majority of cases that'll be the first >one. Thus our requirements threaten to place onto the Internet >a bunch of useless bits. I think we should be sensitive to >needless bandwidth consumption. > >Also, in the event multiple paths exist but the client doesn't >specify max # of paths, what are the requirements on the server >in the event of multiple queries from a client regarding the >same certificate? The requirement reads "return a single >certification path" but provides no guidance in the presence of >multiple paths at the server, leading one to assume that the >first one is always sent back. > >Thus in the presence of multiple paths, there exists no means to >enable a client to get at the one it wants. Absent that >guidance and any variation from the current draft requirements, >I'm sure this issue will be taken up at the protocol selection >stage of our work. It's possible those considerations will lead >to servers trying their best and silently iterate through these >multiple paths in order to address this scenario. That means >state, just as is needed for the iterated approach in the first >place. > >So I propose for your consideration the following text: > >----------------------------------------------------- > >If a DPV server has available to it multiple paths >conformant to the parameters a client provides, upon >receipt of an initial query the server MUST respond >with the first path in this list AND include a token >for reference by the client in subsequent queries. > >In the event of a single path, or a single qualifying >path, the server MAY exclude the token. > >Upon receipt of a DPD response containing a response >token indicating the existence of multiple qualifying >paths, in order to acquire the next path in this list >clients MUST include the previously supplied response >token in a subsequent query. > >Servers MUST then transmit the next path in the >qualifying list. If the last qualifying path was >previously transmitted, servers MUST indicate that >no more data exists. > >----------------------------------------------------- > >Again, apologies for the length and the delay. > >Regards, > > >Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QEm3s05911 for ietf-pkix-bks; Fri, 26 Apr 2002 07:48:03 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QEm1a05907 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 07:48:01 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA18350; Fri, 26 Apr 2002 16:50:51 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042616472899:278 ; Fri, 26 Apr 2002 16:47:28 +0200 Message-ID: <3CC96876.5E135A08@bull.net> Date: Fri, 26 Apr 2002 16:47:18 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: <draft-ietf-pkix-dpv-dpd-req-04.txt> References: <200204261117.NAA12703@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 16:47:29, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 16:48:00, Serialize complete at 26/04/2002 16:48:00 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > > > The client can request that the server determine the certificate > > > > validity at a time other than the current time. The DPV server MUST > > > > obtain revocation status information for the validation time > > > > in the client request. > > > > In order to obtain the revocation status information of any > > > > certificate from the certification path, the DPV server might use, in > > > > accordance with the validation policy, different sources of revocation > > > > information, e.g. a combination of OCSP responses, CRLs, or delta-CRLs. > > > > If the revocation status information for the requested validation time > > > > is unavailable, then the DPV server MUST return a status indicating > > > > that the certificate is invalid. > > > > > replace by: > > > > > > The DPV server MUST produce certificate status information for > > > the validation time in the client request. In order to do this, > > > the server might use, in accordance with the validation policy, > > > different sources of external information concerning revocation > > > information, e.g., a combination of OCSP responses, CRLs, or > > > delta-CRLs, or other status information from other DPV servers. > > > > > > If the certificate status information for the requested validation > > > time is cannot be created, then the DPV server MUST return a status > XXX XXXXX > > > indicating that the certificate is invalid. > > > > The last sentence you propose is not English. I simply propose to add to the > > current sentence: "or a response from another DPV server". > > This would lead to : > In order to obtain the revocation status information of any > certificate from the certification path, the DPV server might use, > ... > or a response from another DPV server. > > I proposed: > > The DPV server MUST produce certificate status information for > the validation time in the client request. In order to do this, > the DPV server might use, ... > > or a response from another DPV server. > > The first sentence was changed. > > In the seceond paragraph the two words indicated by XX above are indeed > can be deleted. There is no basic diffence between the two proposals. The current changed text is sufficient. We cannot argue at length on the style of the wording. > > > > The DPV client MUST be able to provide to the validation server, > > > > associated with each certificate to be validated, "useful > > > > certificates", as well as "useful revocation information". Revocation > > > > information includes OCSP responses, CRLs, and delta-CRLs. > > > > > replace by: > > > > > > The DPV client MUST be able to provide to the validation server, > > > associated with each certificate to be validated, "useful > > > certificates", as well as "useful information" e.g., revocation > > > information of OCSP responses, CRLs, and delta-CRLs, or status > > > information from other DPV servers. > > > > No. If there is one DPV answer, then that answer is self-sufficient and > > there is no reason for the client to make another query. > > The client does not trust neither the OCSP response, neither the CRls, > neither the DPV server, it presents all these information to *HIS* > server. > > Furthermore DPV responses may concern parts of the certification path. Validating against one validation policy cert B from the chain (cert B + cert C) cannot help for validating cert A against a different policy (or even the same if it could work on a shorter chain) from the chain (cert A + cert B + cert C). Thus DPV responses on CA certificates would not be "useful" information. > You might also add 'time stamps' to your list (as in ES-F). As this is only a list of examples, do we need to say so ? As we already know a DPV response alone will be insufficient for validating a digital signature. Let us keep the mention of time-stamp tokens when we will address DSV requirements , ... which is the next step as soon as we finish this document. Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QEhpa05832 for ietf-pkix-bks; Fri, 26 Apr 2002 07:43:51 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QEhna05828 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 07:43:49 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA28450; Fri, 26 Apr 2002 16:46:39 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042616432941:276 ; Fri, 26 Apr 2002 16:43:29 +0200 Message-ID: <3CC96787.D7FA179F@bull.net> Date: Fri, 26 Apr 2002 16:43:19 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204261230.OAA12721@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 16:43:29, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 16:43:49, Serialize complete at 26/04/2002 16:43:49 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > So I am prepared to include two paragraphs: > > > > The requestor MUST be able, upon request, to have a text field to be > > copied in the response. As an example, this field may relate to the > > nature or reason of the request/response. > > I was thnking moire to a service like: > > The protocol MUST allow to provide to the requestor and/or the > responder a means to indicate a textual description indicating for example > the natuer or reason of the request/response to appear in the > result of the response. The text from the client is blindly copied in the response. Your are now asking for a *new* requirement that has not been mentioned earlier: the inclusion of an optional text field from the server. We do not have such a feature in other protocols, like OCSP. There is also a danger to apply different semantics on such a field. So I am not in favour of adding it. > > When the request is authenticated, the requestor SHOULD be able, upon > > request, to indicate an identifier to be included in the response. > > How this identifier is matched with the authenticated identity depends > > on local server conditions and/or the validation policy. The server > > MAY choose to refuse to include an identifier in the response, or MAY > > refuse to create a response. > > There are > > - IDs identifying the requesting entity (or entities) or > entities which are entitled to use the response. > > - IDs identifying the responding or responsible entity (or entities) > > I give an example (probably using the wrong rules). > > "We, the President of Unites States, and the General Secretary of > the United Nation", certify to you, President of France, President > of the French General assembly, and president of the French Senate, > the the certificate XXYZ can be used by you as a strong authentication > method to demand deployment of a combined UN ad US forces on May 5 > according to plan LEF". > > The request had been signed by two of three French authorities containg > the name of the persons involved and their roles. The response has > been signed by the two persons occupying the indicated 'role', plus > by the presidents of the congress and senate and by the members of > the UN security council. Since you do not propose any specific text change, this text appears to be sufficient and in fact is derived from your initial proposed wording. We cannot argue for ever about the wording. > > This should close the last issue raised during the last call. > > > > I propose that we add somewhere in the introduction a statement like: > > A protocol feature proposal MUST not be rejected as out of > scope for the sole reason of not having been mentioned in this > requirements document ". I would disagree to place such a requirement. If the protocol would allow, for example, to ask for flowers at the same time, :-), then I believed that such a feature shall be suppressed. This should place a final end to this large set of exchanged e-mails. Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QETpk05326 for ietf-pkix-bks; Fri, 26 Apr 2002 07:29:51 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QETma05319 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 07:29:48 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id QAA26194; Fri, 26 Apr 2002 16:29:40 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 16:29:41 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id QAA10129; Fri, 26 Apr 2002 16:29:39 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id QAA12747; Fri, 26 Apr 2002 16:29:39 +0200 (MET DST) Date: Fri, 26 Apr 2002 16:29:39 +0200 (MET DST) Message-Id: <200204261429.QAA12747@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, rhousley@rsasecurity.com Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > >The protocol MUST allow to provide to the requestor and/or the > >responder a means to indicate a textual description indicating for example > >the natuer or reason of the request/response to appear in the > >result of the response. > > I think you are asking for an optional comment field. Right? Yes, one might call this this way: The USAGE of the field is optional. > > > > When the request is authenticated, the requestor SHOULD be able, upon > > > request, to indicate an identifier to be included in the response. > > > How this identifier is matched with the authenticated identity depends > > > on local server conditions and/or the validation policy. The server > > > MAY choose to refuse to include an identifier in the response, or MAY > > > refuse to create a response. > > > >There are > > > >- IDs identifying the requesting entity (or entities) or > > entities which are entitled to use the response. > > > >- IDs identifying the responding or responsible entity (or entities) > > > >I give an example (probably using the wrong rules). > > > >"We, the President of Unites States, and the General Secretary of > > the United Nation", certify to you, President of France, President > > of the French General assembly, and president of the French Senate, > > the the certificate XXYZ can be used by you as a strong authentication > > method to demand deployment of a combined UN ad US forces on May 5 > > according to plan LEF". > > > >The request had been signed by two of three French authorities containg > >the name of the persons involved and their roles. The response has > >been signed by the two persons occupying the indicated 'role', plus > >by the presidents of the congress and senate and by the members of > >the UN security council. > > I do not think that such rules have anything to do with DPV and DPD. We > are not dealing with multi-party trust. The client trusts the server that > was queried. The client does not care whether the server consulted other > parties to come up with the response. You are already dealing with multipart trust, you trust into each entity in a chain telling the truth about its subordinate certificate. But, note, that there are TWO requirements, one for the 'client identifiers', and another for the 'service identifiers'. For both fields, a similar statement as with the 'optional comment' can be made, with the difference that the syntax of the field is not pur text but "identifiers" which may or may not correspond to some authenticated entity of the request/response. If the DPV response is immediately consumed by the client without storing it elsewhere, then all additional information are somewhat unnecessary since the valid or not response conditions the treatment. But if the response is saved and may be reverified by some other entity years later, identification of the participating entities may be necessary, for different reasons. One example would be that the DPV server takes a response from another relay, authnticated it, but does NOT return the authentication information into the final response, simply because there is none which is permenant (SSL connection), BUT the id of the relayed service allows to find a service that can validate against a journal whether the attestation is valid. Well, see below. > > > > This should close the last issue raised during the last call. > > > >I propose that we add somewhere in the introduction a statement like: > > > > A protocol feature proposal MUST not be rejected as out of > > scope for the sole reason of not having been mentioned in this > > requirements document ". > > I would not mind such a statement as long as it was explanatory (no > MUST). That is, a protocol that conforms to the requirements document can > also meet other requirements so long as they are not in conflict with the > ones in the requirement document. I am not sure about the right wording, by using a MUST in whatever context I would like to be sure that one cannot say: this protocol is not good because it has feature that are not required in the req doc. Of course, conflicts with the requirements is a show stopper. > > Russ > Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QDxC704030 for ietf-pkix-bks; Fri, 26 Apr 2002 06:59:12 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3QDxAa04025 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 06:59:10 -0700 (PDT) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 26 Apr 2002 13:57:51 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA23986 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 09:57:37 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3QDxCj00616 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 09:59:12 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1XF0L>; Fri, 26 Apr 2002 09:56:38 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.73]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1XF0H; Fri, 26 Apr 2002 09:56:33 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Peter Sylvester <Peter.Sylvester@edelweb.fr> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020426091844.03422ef8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 26 Apr 2002 09:58:57 -0400 Subject: Re: Open issue: requester identifier in DPV response In-Reply-To: <200204261230.OAA12721@emeriau.edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: > > So I am prepared to include two paragraphs: > > > > The requestor MUST be able, upon request, to have a text field to be > > copied in the response. As an example, this field may relate to the > > nature or reason of the request/response. > >I was thnking moire to a service like: > >The protocol MUST allow to provide to the requestor and/or the >responder a means to indicate a textual description indicating for example >the natuer or reason of the request/response to appear in the >result of the response. I think you are asking for an optional comment field. Right? > > When the request is authenticated, the requestor SHOULD be able, upon > > request, to indicate an identifier to be included in the response. > > How this identifier is matched with the authenticated identity depends > > on local server conditions and/or the validation policy. The server > > MAY choose to refuse to include an identifier in the response, or MAY > > refuse to create a response. > >There are > >- IDs identifying the requesting entity (or entities) or > entities which are entitled to use the response. > >- IDs identifying the responding or responsible entity (or entities) > >I give an example (probably using the wrong rules). > >"We, the President of Unites States, and the General Secretary of > the United Nation", certify to you, President of France, President > of the French General assembly, and president of the French Senate, > the the certificate XXYZ can be used by you as a strong authentication > method to demand deployment of a combined UN ad US forces on May 5 > according to plan LEF". > >The request had been signed by two of three French authorities containg >the name of the persons involved and their roles. The response has >been signed by the two persons occupying the indicated 'role', plus >by the presidents of the congress and senate and by the members of >the UN security council. I do not think that such rules have anything to do with DPV and DPD. We are not dealing with multi-party trust. The client trusts the server that was queried. The client does not care whether the server consulted other parties to come up with the response. > > This should close the last issue raised during the last call. > >I propose that we add somewhere in the introduction a statement like: > > A protocol feature proposal MUST not be rejected as out of > scope for the sole reason of not having been mentioned in this > requirements document ". I would not mind such a statement as long as it was explanatory (no MUST). That is, a protocol that conforms to the requirements document can also meet other requirements so long as they are not in conflict with the ones in the requirement document. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QDNmq01958 for ietf-pkix-bks; Fri, 26 Apr 2002 06:23:48 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QDNka01954 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 06:23:46 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id PAA25702; Fri, 26 Apr 2002 15:23:36 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 15:23:36 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id PAA09852; Fri, 26 Apr 2002 15:23:29 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id PAA12732; Fri, 26 Apr 2002 15:23:29 +0200 (MET DST) Date: Fri, 26 Apr 2002 15:23:29 +0200 (MET DST) Message-Id: <200204261323.PAA12732@emeriau.edelweb.fr> To: myers@coastside.net, Denis.Pinkas@bull.net Subject: Re: roadmap Cc: pgut001@cs.auckland.ac.nz, Peter.Sylvester@edelweb.fr, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Michael, > > > Peter, > > > > v2's status mostly tracks that of the DPV and DPD requirements, > > which have only recently settled down after about a year's worth > > of effort. > > OCSP *cannot* be the right vector to support DPV requirements since the role > of a CA is different from the role of a DPV server: a CA is only responsible > for the certificates that it has issued. A DPV server can be any entity > provided that it supports the appropriate validation policy which is *not* > established by a CA. As another argument: having at the same time in the > same response both a *single* OSCP response and a DPV response would be > quite odd. The DPV response provides information which would make the > *single* OCSP response useless. However the DPV response may include > *several* OCSP responses *and* the full certification path, if requested by > the client. Without saying whether I support or not the idea of using OCSP, I do not exactly understand the reasoning given above: I do not see why your comparison a CA role and he possibilities of an DPV service has any relation with OCSP as a protocol: - A "trusted" OCSP responder which is not a CA or an authorized responder can also issue status information based on his own local policy not established by a CA, it can have its own 'revocation service' based on the needs of the relying party. - An 'authorised' CA DPV responder can create status information about its immediately subordinate certs, i;e. the single OCSP response that you mention, and at the same time include some DPV response that validate the path from the intermediate CA to the trusted root, either as an entity extension or as a global extension. - An OCSP server can also be any entity, and not just an authorised CA responder. An OCSP responder can respond to whatever the service provider likes to provide to its clients or what they need. OCSP is not a 'A CS service'. > > So my request is the same as made on the mailing list: RFC250bis should only > be updated to allow to specify a certificate using additional ways. OCSPv2 > should be discontinued or at least the name "OCSPv2" dropped. This does not > mean that some ideas from that protocol cannot be re-used to fit with the > DPV requirements. It might be a useful exercise to replace in 2650 all identifiers and structure names in the ASN1 definitions of RFC 2560 by i1, i2, .. and S1, S2 and see whether one nderstand the text, in particular reqCert and CertID. > > However, this discussion is not directly related to the roadmap. ;-) > > Denis > > > As I said before, it didn't make much sense to track > > that moving target with incremental I-Ds. I once had three > > separate I-Ds but that got so hard to manage and work due to > > syntatic and editorial overlap (not to mention review) that I > > put them all in one. I prefer to keep that structure together > > while we see how things shake out re: DPV/DPD. Since 2560bis is > > pretty well on its way, I think we should let that go forward > > cleanly rather than force a reset due to adding new syntax. > > > > Mike > > > > Michael Myers > > t: +415.819.1362 > > e: mailto:mike@traceroutesecurity.com > > w: http://www.traceroutesecurity.com > > > > > -----Original Message----- > > > From: owner-ietf-pkix@mail.imc.org > > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > > Peter Gutmann > > > Sent: Tuesday, April 23, 2002 8:33 PM > > > To: Peter.Sylvester@edelweb.fr > > > Cc: ietf-pkix@imc.org > > > Subject: Re: roadmap > > > > > > > > > > > > Peter Sylvester <Peter.Sylvester@edelweb.fr> writes: > > > > > > >Thus, it is not just a question of whether OCSP v2 > > > being alive or not. > > > > > > Can I also add a general complaint about the vague > > > status of OCSPv2, there's > > > already software deployed which uses the extended > > > range of cert IDs in the v2 > > > draft, which makes it annoying to have it fading in > > > and out of consciousness > > > every few months. Perhaps the new cert IDs (which > > > are a trivial change) could > > > be moved into 2560-bis, without requiring all the > > > extra stuff which was added > > > in the rest of the v2 draft. > > > > > > Peter. > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QChQV29830 for ietf-pkix-bks; Fri, 26 Apr 2002 05:43:26 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3QChPa29826 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 05:43:25 -0700 (PDT) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 26 Apr 2002 12:42:05 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id IAA13565 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:41:51 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3QChRB18135 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 08:43:27 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1XD52>; Fri, 26 Apr 2002 08:40:54 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.73]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1XD51; Fri, 26 Apr 2002 08:40:49 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Peter Williams <peterw@valicert.com> Cc: PKIX <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020426082206.0209bda0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 26 Apr 2002 08:34:42 -0400 Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5CB@polaris.valicert. com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter Williams: >let me ask you to laboriously confirm an example, which >tests your meaning on a critical case. > >Citing to DoD CP 2.0 policy on relying party obligations >for my example: > >(a) If DoD requires DoD RPs to regard a given revoked/expired cert as-if >valid, for some reason, a DPV validation policy may >NOT override 2459 logic to accommodate that CP's >policy rule. > > Is (a) correct? I understand the need for this requirement. In my view, the DPV server should say that the path is invalid and provide the reason as expiration. The client, knowing the context of the query, can allow the grace period or not. >(b) DoD UAs which delegate path >processing to a DPV server CANNOT correctly implement >the DoD CP obligation on RPs re as-if validiaty status - that is >they CANNOT invoke security based on DPV-processed paths that >contain factually invalid/expired certs. > > Is (b) correct? No correct. As above, the DPV server gives the client the status of the path, then the client can proceed to use the public key associated with an invalid path is the situation warrants. For example, the path associated with the signature on an S/MIME message may be invalid, yet the contents is displayed to the human user with a warning that the certificate is expired (or revoked due to affiliation change, or revoked due to key compromise, or whatever). The human needs to factor the reason for invalidity into any decision about the quality of the information in the message. >(c) A DoD UA which does not use DPV and performs its own path >processing CAN follow the DoD CPs obligations on the RP, and use >paths containing factually-invalid certs that have been redesignated >by the CP as-if valid. > > Is (c) correct? Correct. However, this is not the only acceptable implementation architecture. The path validation could be performed in accordance with RFC 2459 (or the soon to be published RFC 3280), then the DoD UA could make a policy decision to proceed with the public key anyway. I would prefer to see grace periods (and other policy driven decisions to proceed with a particular invalid certificate) implemented in the application, not in the certification path processing. In this may, as much application-specific context can be applied to the exceptions. Russ Received: by above.proper.com (8.11.6/8.11.3) id g3QCUKT29619 for ietf-pkix-bks; Fri, 26 Apr 2002 05:30:20 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QCUIa29615 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 05:30:18 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id OAA24426; Fri, 26 Apr 2002 14:30:16 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 14:30:17 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id OAA09325; Fri, 26 Apr 2002 14:30:16 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id OAA12721; Fri, 26 Apr 2002 14:30:15 +0200 (MET DST) Date: Fri, 26 Apr 2002 14:30:15 +0200 (MET DST) Message-Id: <200204261230.OAA12721@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > So I am prepared to include two paragraphs: > > The requestor MUST be able, upon request, to have a text field to be > copied in the response. As an example, this field may relate to the > nature or reason of the request/response. I was thnking moire to a service like: The protocol MUST allow to provide to the requestor and/or the responder a means to indicate a textual description indicating for example the natuer or reason of the request/response to appear in the result of the response. > When the request is authenticated, the requestor SHOULD be able, upon > request, to indicate an identifier to be included in the response. > How this identifier is matched with the authenticated identity depends > on local server conditions and/or the validation policy. The server > MAY choose to refuse to include an identifier in the response, or MAY > refuse to create a response. There are - IDs identifying the requesting entity (or entities) or entities which are entitled to use the response. - IDs identifying the responding or responsible entity (or entities) I give an example (probably using the wrong rules). "We, the President of Unites States, and the General Secretary of the United Nation", certify to you, President of France, President of the French General assembly, and president of the French Senate, the the certificate XXYZ can be used by you as a strong authentication method to demand deployment of a combined UN ad US forces on May 5 according to plan LEF". The request had been signed by two of three French authorities containg the name of the persons involved and their roles. The response has been signed by the two persons occupying the indicated 'role', plus by the presidents of the congress and senate and by the members of the UN security council. > > This should close the last issue raised during the last call. > I propose that we add somewhere in the introduction a statement like: A protocol feature proposal MUST not be rejected as out of scope for the sole reason of not having been mentioned in this requirements document ". Received: by above.proper.com (8.11.6/8.11.3) id g3QCEjr29364 for ietf-pkix-bks; Fri, 26 Apr 2002 05:14:45 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QCEga29360 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 05:14:42 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00738; Fri, 26 Apr 2002 08:14:40 -0400 (EDT) Message-Id: <200204261214.IAA00738@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-new-pkalgs-asn1-01.txt Date: Fri, 26 Apr 2002 08:14:40 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Update for Section 3 in draft-ietf-pkix-ipki-pkalgs-05.txt Author(s) : T. Polk, R. Housley Filename : draft-ietf-pkix-new-pkalgs-asn1-01.txt Pages : 8 Date : 25-Apr-02 As all members of the PKIX Working Group know, draft-ietf-pkix-ipki- pkalgs-05.txt is with the RFC Editor. However, an error in the ASN.1 modules was discovered. The authors are working with the RFC Editor to ensure that the corrected ASN.1 modules are included in the final text, and we are publishing this Internet-Draft to distribute the corrected ASN.1 module as quickly as possible. This Internet-Draft contains only the updated ASN.1 module. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-pkalgs-asn1-01.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-new-pkalgs-asn1-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-new-pkalgs-asn1-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020425140926.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-new-pkalgs-asn1-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-new-pkalgs-asn1-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020425140926.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QBI1s28368 for ietf-pkix-bks; Fri, 26 Apr 2002 04:18:01 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QBHwa28364 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 04:17:58 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA23821; Fri, 26 Apr 2002 13:17:55 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 26 Apr 2002 13:17:56 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA09162; Fri, 26 Apr 2002 13:17:55 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA12703; Fri, 26 Apr 2002 13:17:54 +0200 (MET DST) Date: Fri, 26 Apr 2002 13:17:54 +0200 (MET DST) Message-Id: <200204261117.NAA12703@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: <draft-ietf-pkix-dpv-dpd-req-04.txt> Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > > > > The client can request that the server determine the certificate > > > validity at a time other than the current time. The DPV server MUST > > > obtain revocation status information for the validation time > > > in the client request. > > > In order to obtain the revocation status information of any > > > certificate from the certification path, the DPV server might use, in > > > accordance with the validation policy, different sources of revocation > > > information, e.g. a combination of OCSP responses, CRLs, or delta-CRLs. > > > If the revocation status information for the requested validation time > > > is unavailable, then the DPV server MUST return a status indicating > > > that the certificate is invalid. > > > replace by: > > > > The DPV server MUST produce certificate status information for > > the validation time in the client request. In order to do this, > > the server might use, in accordance with the validation policy, > > different sources of external information concerning revocation > > information, e.g., a combination of OCSP responses, CRLs, or > > delta-CRLs, or other status information from other DPV servers. > > > > If the certificate status information for the requested validation > > time is cannot be created, then the DPV server MUST return a status XXX XXXXX > > indicating that the certificate is invalid. > > The last sentence you propose is not English. I simply propose to add to the > current sentence: "or a response from another DPV server". This would lead to : In order to obtain the revocation status information of any certificate from the certification path, the DPV server might use, ... or a response from another DPV server. I proposed: The DPV server MUST produce certificate status information for the validation time in the client request. In order to do this, the DPV server might use, ... or a response from another DPV server. The first sentence was changed. In the seceond paragraph the two words indicated by XX above are indeed can be deleted. > > > > The DPV client MUST be able to provide to the validation server, > > > associated with each certificate to be validated, "useful > > > certificates", as well as "useful revocation information". Revocation > > > information includes OCSP responses, CRLs, and delta-CRLs. > > > replace by: > > > > The DPV client MUST be able to provide to the validation server, > > associated with each certificate to be validated, "useful > > certificates", as well as "useful information" e.g., revocation > > information of OCSP responses, CRLs, and delta-CRLs, or status > > information from other DPV servers. > > No. If there is one DPV answer, then that answer is self-sufficient and > there is no reason for the client to make another query. The client does not trust neither the OCSP response, neither the CRls, neither the DPV server, it presents all these information to *HIS* server. Furthermore DPV responses may concern parts of the certification path. You might also add 'time stamps' to your list (as in ES-F). Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3QAJd723292 for ietf-pkix-bks; Fri, 26 Apr 2002 03:19:39 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3QAJca23285 for <ietf-pkix@imc.org>; Fri, 26 Apr 2002 03:19:38 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA26684; Fri, 26 Apr 2002 12:22:24 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042612190160:218 ; Fri, 26 Apr 2002 12:19:01 +0200 Message-ID: <3CC92994.FB22BAFA@bull.net> Date: Fri, 26 Apr 2002 12:19:00 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Williams <peterw@valicert.com> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5CA@polaris.valicert.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 12:19:01, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 26/04/2002 12:19:34, Serialize complete at 26/04/2002 12:19:34 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, See my comments below. > We are much closer, Denis. Thankyou for your thoughtful > message on the target issue. > > Let me reformulate a description of the mode that our RP-grade customers > need of DPV, based on our having deployed SCVP and having > got(ten) their feedback on needs and requirements. Lets see if we > are now in agreement tht the model is embraced within the > DPV requirements document. Im looking for an assurance, from you, not > adoption of my phrasing. If the model is unacceptable, > we need to fix the requirements. > > A validation policy is a rule set, executed by a DPV server; > the policy document has no operational function, and makes no assertions: > a validation policy serves as configuration for a DPV server that performs > delegated path processing on behalf of the DPV client - who > is normally an RP. > > The DPV server operator may make (NR) assertions by issuing > a DPV response. For a given DPV request, the DPV server selects the > validation policy from a set of policies, which the operator > has configured it to handle, based on the citation > of required policy by a DPV client. The selected validation policy > indirectly controls the NR assertions that the operator makes. > > If the user cites a validation policy to a DPV server, > and that validation policy rule identifies that a particular > OCSP server is "locally trusted", then revocation I would say: OCSP server is directly trusted under that policy, then revocation > information from that source may be used in 2459 > path processing by the DPV server. > If a DPV user does not wish to use a validation > policy that names a particular OCSP responder as > locally trusted, it should not cite that validation > policy identification. We are very close, but I would say it slightly differently. Before using a validation policy, the user shall make sure that it fits its needs. > If a DPV user does not wish to use a validation > policy that names a particular OCSP responder as > locally trusted, it should not cite that validation > policy identification. Most of the time a RP will be ignorant of the details of the validation policy and thus will take it as a whole or not. Some managers may inspect a policy to that level of details (e.g. look which OCSP responders are locally trusted) and then tell RPs which policies are adequate or not. > Citation of a policy > by a user implies that a user is prepared to > accept the underlying validity of the assurance data > supplied to the requestor by the DPV server alongside > NR assertions, including such assurance > data as OCSP responses. Yes. Denis > >>>>An "OCSP responder that is locally trusted by the DPV > >>>>client through a > >>>>validation policy rule" does not make sense. An OCSP > >>>>responder can be > >>>>trusted under a given validation policy. If an OCSP > >>>>responder is locally > >>>>trusted by a client, then the DPV server is unaware of it. > >>>> > >>>>In the chain of trust: a validation policy does not know > >>>>who the clients are > >>>>and it is a validation policy issuer that defines which > >>>>OCSP responders are > >>>>trusted, not the clients. It is up to the clients to query > >>>>DPV servers they > >>>>trust and then they will accept whatever is defined in the > >>>>validation > >>>>policy. > >>>> > >>>>Denis > >>>> > >>>>> and that the DPV server will accept the OCSP response on the > >>>>> client's behalf in a manner conforming to the rules of > >>>>OCSP standard. > >>>> > >>>>> Given every opportunity to confirm this entailment, todate, Denis > >>>>> has not done so. With confirmation, we can proceed. > >>>> Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PLIXl09025 for ietf-pkix-bks; Thu, 25 Apr 2002 14:18:33 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PLIWa09021 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 14:18:32 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3PLIRTt027966; Thu, 25 Apr 2002 14:18:27 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Housley, Russ" <rhousley@rsasecurity.com>, "'PKIX '" <ietf-pkix@imc.org> Subject: Multiple paths in DPD Date: Thu, 25 Apr 2002 14:15:35 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEDMCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <3CC808F8.26A8DA6E@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, Denis: This analysis and counter-proposal is a bit long which is why I broke it out separately from my other comments. Apologies for the length and not getting to it at the -03 stage. I had it on my list but got sidetracked by my day job. Anyway, I'm having a hard time agreeing with the following. ----------------------------------------------------- The DPD client needs to be able to limit the number of paths returned. Therefore the client MUST be able to indicate the maximum number of certification paths to be returned (provided that they can be found). If the client does not specify a maximum number, then the DPD server MUST return a single certification path. . . . If that number cannot be reached by the server, an indication SHOULD be returned by the DPD server showing that an additional query will not return more paths. If the paths that are returned do not match the client's local criteria, then the number of number of certification paths to be returned can be extended by increasing this value. Previously found paths will likely be returned, but the client can easily discard them. This avoids requirements for state information at the server, but does not prevent a server from maintaining a cache of previous responses. Avoiding the maintenance of state information for previous requests minimizes potential denial of service attacks or other problems associated with server crashes. ----------------------------------------------------- I think an iterated approach based on server-side state would be better. The approach is basically one which, in the presence of multiple paths, the server establishes state and returns the first potentially acceptable path (given client inputs) to the client along with a state token. Should that path not be the precise one the client is looking for, the client asks again, referencing the state token. Upon recognizing the state token, the server then returns the next path and so on until either the client shuts up and goes away or the server returns noMoreData. Doing so would reduce protocol complexity, reduce extraneous bits on the wire and reduce client-side and server-side code footprints with no loss of security assurances. Here's why I think so. Working first from the motivating needs, it's not clear to me how reduction of state will minimize potential denial of service attacks. If they come, they're going to come regardless of the internal state of the server. Possibly what you meant to say is that doing so potentially improves the likelihood a server can withstand DOS attacks while maintaining service to legitimate requests. I shall assume this for the time being. But since DOS attacks are largely predicated on throughput constraints, one can simply beef up the back end or buy a bigger pipe. Also, to the extent that your concern over DOS attacks and server crashes relates to the volatility of state retention, an implementor of the protocol that ultimately results from these requirements can choose to write that state to non-volatile memory. That is, take a fault-tolerant implementation approach in those instances where mission criticality is important. They're going to anyway. Lastly re: DOS, my own experience strongly suggests that effective responses to DOS attacks are most often addressed at the router, long before an offending stream from a given IP address gets to a back end. I agree that we should take care not to enable sensitivity to DOS attacks. I'm just not convinced that the max path approach yields much effect in that regard while the iterated approach yeilds clear benefits in design simplicity. To the design simplicity point, it's my estimate that in the vast majority of cases where DPD will be used, the first path returned will be the one the client wanted. I also estimate that there'll be far more instances of only one path vs. multiple paths. In my view we should design towards the centroid of needs rather than the corner cases. Is this design simpler? I think so. It's just a state token. The client doesn't even have to know what it is, just send it back for another try. The use of noMoreData also provides unambiguous protocol closure. The client knows for certain what to do in that instance. Very simple, hence a smaller client. Regarding extraneous bits on the wire, consider the case of maxPath of M from the client and server side numPaths of N, where N is larger than M. The client receives N-M paths and any requested revocation data. All of which may be useless because the path the client wants is in the remainder. So the client kicks up its M to, say, M' where M' is still less then N, first receives again those useless N-M paths and related info before it gets into the M'-M set. And so on. I suspect once this scenario comes to the attention of client-side developers, they will be tempted to bake in a very large maxPath to ensure that a single query yields all paths. Again, a lot of extraneous bits on the wire when in point of fact the client just wants one. And as I hypothesized, I suspect that in the vast majority of cases that'll be the first one. Thus our requirements threaten to place onto the Internet a bunch of useless bits. I think we should be sensitive to needless bandwidth consumption. Also, in the event multiple paths exist but the client doesn't specify max # of paths, what are the requirements on the server in the event of multiple queries from a client regarding the same certificate? The requirement reads "return a single certification path" but provides no guidance in the presence of multiple paths at the server, leading one to assume that the first one is always sent back. Thus in the presence of multiple paths, there exists no means to enable a client to get at the one it wants. Absent that guidance and any variation from the current draft requirements, I'm sure this issue will be taken up at the protocol selection stage of our work. It's possible those considerations will lead to servers trying their best and silently iterate through these multiple paths in order to address this scenario. That means state, just as is needed for the iterated approach in the first place. So I propose for your consideration the following text: ----------------------------------------------------- If a DPV server has available to it multiple paths conformant to the parameters a client provides, upon receipt of an initial query the server MUST respond with the first path in this list AND include a token for reference by the client in subsequent queries. In the event of a single path, or a single qualifying path, the server MAY exclude the token. Upon receipt of a DPD response containing a response token indicating the existence of multiple qualifying paths, in order to acquire the next path in this list clients MUST include the previously supplied response token in a subsequent query. Servers MUST then transmit the next path in the qualifying list. If the last qualifying path was previously transmitted, servers MUST indicate that no more data exists. ----------------------------------------------------- Again, apologies for the length and the delay. Regards, Mike Received: by above.proper.com (8.11.6/8.11.3) id g3PJDGd06229 for ietf-pkix-bks; Thu, 25 Apr 2002 12:13:16 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PJDFa06225 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 12:13:15 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GV50010118Q16@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 25 Apr 2002 12:10:02 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GV50006I18QS1@ext-mail.valicert.com>; Thu, 25 Apr 2002 12:10:02 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JQL5AWGV>; Thu, 25 Apr 2002 12:13:04 -0700 Content-return: allowed Date: Thu, 25 Apr 2002 12:13:03 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt To: "'Housley, Russ'" <rhousley@rsasecurity.com> Cc: PKIX <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5CB@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, let me ask you to laboriously confirm an example, which tests your meaning on a critical case. Citing to DoD CP 2.0 policy on relying party obligations for my example: (a) If DoD requires DoD RPs to regard a given revoked/expired cert as-if valid, for some reason, a DPV validation policy may NOT override 2459 logic to accommodate that CP's policy rule. Is (a) correct? (b) DoD UAs which delegate path processing to a DPV server CANNOT correctly implement the DoD CP obligation on RPs re as-if validiaty status - that is they CANNOT invoke security based on DPV-processed paths that contain factually invalid/expired certs. Is (b) correct? (c) A DoD UA which does not use DPV and performs its own path processing CAN follow the DoD CPs obligations on the RP, and use paths containing factually-invalid certs that have been redesignated by the CP as-if valid. Is (c) correct? >>>>Mike: >>>> >>>>I think that RFC 2459 (and soon RFC 3280) clearly define a valid >>>>certification path. >>>> >>>>Anything that does not meet this definition is invalid, >>>>regardless of the >>>>reason. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PIpc205735 for ietf-pkix-bks; Thu, 25 Apr 2002 11:51:38 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PIpba05730 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 11:51:37 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GV50000108OVD@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 25 Apr 2002 11:48:24 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GV50001X08NS1@ext-mail.valicert.com>; Thu, 25 Apr 2002 11:48:24 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JQL5AWDK>; Thu, 25 Apr 2002 11:51:26 -0700 Content-return: allowed Date: Thu, 25 Apr 2002 11:51:25 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Open issue: DPV additional information To: "'Denis Pinkas'" <Denis.Pinkas@bull.net> Cc: pkix <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5CA@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> We are much closer, Denis. Thankyou for your thoughtful message on the target issue. Let me reformulate a description of the mode that our RP-grade customers need of DPV, based on our having deployed SCVP and having got(ten) their feedback on needs and requirements. Lets see if we are now in agreement tht the model is embraced within the DPV requirements document. Im looking for an assurance, from you, not adoption of my phrasing. If the model is unacceptable, we need to fix the requirements. A validation policy is a rule set, executed by a DPV server; the policy document has no operational function, and makes no assertions: a validation policy serves as configuration for a DPV server that performs delegated path processing on behalf of the DPV client - who is normally an RP. The DPV server operator may make (NR) assertions by issuing a DPV response. For a given DPV request, the DPV server selects the validation policy from a set of policies, which the operator has configured it to handle, based on the citation of required policy by a DPV client. The selected validation policy indirectly controls the NR assertions that the operator makes. If the user cites a validation policy to a DPV server, and that validation policy rule identifies that a particular OCSP server is "locally trusted", then revocation information from that source may be used in 2459 path processing by the DPV server. If a DPV user does not wish to use a validation policy that names a particular OCSP responder as locally trusted, it should not cite that validation policy identification. Citation of a policy by a user implies that a user is prepared to accept the underlying validity of the assurance data supplied to the requestor by the DPV server alongside NR assertions, including such assurance data as OCSP responses. >>>>An "OCSP responder that is locally trusted by the DPV >>>>client through a >>>>validation policy rule" does not make sense. An OCSP >>>>responder can be >>>>trusted under a given validation policy. If an OCSP >>>>responder is locally >>>>trusted by a client, then the DPV server is unaware of it. >>>> >>>>In the chain of trust: a validation policy does not know >>>>who the clients are >>>>and it is a validation policy issuer that defines which >>>>OCSP responders are >>>>trusted, not the clients. It is up to the clients to query >>>>DPV servers they >>>>trust and then they will accept whatever is defined in the >>>>validation >>>>policy. >>>> >>>>Denis >>>> >>>>> and that the DPV server will accept the OCSP response on the >>>>> client's behalf in a manner conforming to the rules of >>>>OCSP standard. >>>> >>>>> Given every opportunity to confirm this entailment, todate, Denis >>>>> has not done so. With confirmation, we can proceed. >>>> Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PInNo05659 for ietf-pkix-bks; Thu, 25 Apr 2002 11:49:23 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PInMa05655 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 11:49:22 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3PInLTt012738; Thu, 25 Apr 2002 11:49:21 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Williams" <peterw@valicert.com>, "PKIX" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Thu, 25 Apr 2002 11:46:28 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEDLCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5C8@polaris.valicert.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I like what Russ said. With respect to this WG, valid is whatever 2459 or its successors says it is. Invalid means one or more those conditions aren't satisifed. I see you agree. I infer from my reading of the I-D that amendments to this baseline are not necessarily client-driven. -04 clearly states: "If the DPV request does not specify a validation policy, the server response MUST indicate the one that was used." Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: Peter Williams [mailto:peterw@valicert.com] > Sent: Thursday, April 25, 2002 11:19 AM > To: 'Michael Myers'; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > Mike, > > My question was not: what is Mike's/PeterW's opinion > about the nature of > validity (or DoD policy opinion, or the RSA/VeriSign policy > opinion, or the VeriSign CPS 1.2 policy opinion, or > the VeriSign CPS 2.0 policy opinion, or the next > VeriSign v3.0 policy opinion ). > > The question was, do you have a citable, consensus definition > that you can share with us, that is purely "technical" > > (a) Requirement A > > Id be happy to accept RFC 2459 as the definition of > 2459-valid. > Conformance to 2459 defines a reasonable process for > asserting > valid, in a technical sense. > > (b) Requirement B > > Any other amendment by a DPV server to > the result of 2459 path processing must be based on > application > of a rule from a requestor-cited validation policy. > > I provide two examples rules: > > (1) A path that is 2459-valid at one moment > can be cited as invalid, under given validation policy > whose nth policy rule states: all certs within > 6 months of expiry are to be treated as revoked. > > (2) For DoD, a path that is 2459-invalid at one moment > can be cited as valid, under given validation policy > whose nth policy rule statea: all CA certs in a special > exception class, maintained by the validation policy, are to > be treated as if operational, for 36 months beyond the > earlier of their validity-end date or an authorized > CRL-based revocation date > > Can we agree that these basic processing requirements > drive the > protocol design for DPV? Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PIJEv05067 for ietf-pkix-bks; Thu, 25 Apr 2002 11:19:14 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PIJCa05063 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 11:19:12 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GV400001YQDO0@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 25 Apr 2002 11:15:49 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GV40004BYQDL0@ext-mail.valicert.com>; Thu, 25 Apr 2002 11:15:49 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JQL5AV0A>; Thu, 25 Apr 2002 11:18:52 -0700 Content-return: allowed Date: Thu, 25 Apr 2002 11:18:51 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt To: "'Michael Myers'" <myers@coastside.net>, PKIX <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5C8@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, My question was not: what is Mike's/PeterW's opinion about the nature of validity (or DoD policy opinion, or the RSA/VeriSign policy opinion, or the VeriSign CPS 1.2 policy opinion, or the VeriSign CPS 2.0 policy opinion, or the next VeriSign v3.0 policy opinion ). The question was, do you have a citable, consensus definition that you can share with us, that is purely "technical" (a) Requirement A Id be happy to accept RFC 2459 as the definition of 2459-valid. Conformance to 2459 defines a reasonable process for asserting valid, in a technical sense. (b) Requirement B Any other amendment by a DPV server to the result of 2459 path processing must be based on application of a rule from a requestor-cited validation policy. I provide two examples rules: (1) A path that is 2459-valid at one moment can be cited as invalid, under given validation policy whose nth policy rule states: all certs within 6 months of expiry are to be treated as revoked. (2) For DoD, a path that is 2459-invalid at one moment can be cited as valid, under given validation policy whose nth policy rule statea: all CA certs in a special exception class, maintained by the validation policy, are to be treated as if operational, for 36 months beyond the earlier of their validity-end date or an authorized CRL-based revocation date Can we agree that these basic processing requirements drive the protocol design for DPV? >>>>> (1) Can you provide a citation or other professional >>>>> reference for the "precise technical meanings" of "valid" and >>>>> "invalid", please? >>>> >>>>Which of the following do you believe should be eliminated from >>>>such a definition: >>>> >>>>1. Formation of a valid path IAW 2459; >>>> >>>>2. Confirmation of revocation status for each >>>> certificate in said path; >>>> >>>>3. Cryptographic validation of said path IAW 2459. >>>> >>>>4. Other practices as required by policy. >>>> >>>>> (2) Could you also perhaps help me compare >>>>> the definition(s) of "valid" used in the >>>>> VeriSign CPs (1.2 and 2.0)and the US DOD CP v2 (March >>>>> 1999), perhaps, against the recognised >>>>> definition of "valid" (see above (1))? >>>> >>>>Nope. Go for it. >>>> >>>> Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PGS4B02175 for ietf-pkix-bks; Thu, 25 Apr 2002 09:28:04 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PGS3a02171 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 09:28:03 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3PGS1Tt027768; Thu, 25 Apr 2002 09:28:01 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Housley, Russ" <rhousley@rsasecurity.com> Cc: "'PKIX '" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Thu, 25 Apr 2002 09:25:08 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDMEDJCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <3CC8015D.F921B803@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, It is good to see that we can occasionally agree :) Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Thursday, April 25, 2002 6:15 AM > To: Housley, Russ > Cc: Michael Myers; 'PKIX ' > Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > > > DPV REQUIREMENTS > > > > **************** > > > > > > > > Editorial > > > > --------- > > > > "Unless an error is reported, the DPV response MUST > > > > indicate one > > > > of the following two status alternatives:" > > > > > > > > MM3: Change "two" to "three" to reflect {valid, invalid, > > > > unknown} > > > > > > > > [RH] I am having a real problem differentiating > > > > invalid and unknown. To my way of thinking, the > > > > actions taken by a client will be the same in > > > > either case. > > > > > >{valid, invalid, unknown} is the resolution of record and > > >defined in the text. My comment was just pointing out an > > >editorial wrinkle that needs smoothing out. > > > > [RH] I agree that a change was made to add the > "unknown" response in draft > > -04. I am not convinced that we did anything > useful for the client. I > > think the client will treat "invalid" and "unknown" > exactly the same. > > [DP] I do not think that the client will always treat > "invalid" and > "unknown" exactly the same. I provide an example: > > A client queries a DPV server and gets back > "invalid". It does not make > sense for the client to query another DPV server, > since the response will > never be "valid". > > A client queries a DPV server and gets back > "unknown". It makes sense to > query another DPV server, since the response could > then either be "valid", > "invalid" or still "unkown". > > Also "unknown" can be used as a clean way to stop a > loop mechanism, when the > same protocol is used between DPV servers. > > As said later on in an e-mail sent by Tony: > > " Seems you have two choices: > > 1. Go with "Trinary Value", in which case the > semantics are satisfied by > > a. Success_Valid > b. Failure_Invalid > c. Failure_Unknown > > 2. Go with "Binary Value", using either > > a. Valid > b. Invalid (see reason code for details) > > or > > a. Success > b. Failure (see reason codes for details)" > > The two approaches end up with the same result. We > did discussed that point > in Minneapolis and we decided to go with a trinary > status. This mimics the > three OCSP statuses, although the semantics of the > DPV statuses are fully > different. > > Denis > > (text deleted) > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PGL8c02019 for ietf-pkix-bks; Thu, 25 Apr 2002 09:21:08 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PGL7a02015 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 09:21:07 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3PGL4Tt027082; Thu, 25 Apr 2002 09:21:05 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: "Housley, Russ" <rhousley@rsasecurity.com>, "'PKIX '" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Thu, 25 Apr 2002 09:18:11 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEDJCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <3CC808F8.26A8DA6E@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Thursday, April 25, 2002 6:48 AM > > . . . > > > > Multiple paths issue > > > -------------------- > > > MM12: This subset of DPD requirements seems to be leading > > > towards a sub-optimal system design. To be addressed in a > > > separate email. > > > > > > [RH] I will wait for the mail to reply ... > > Please send it soon, since this is the VERY last > comment (not raised during the WG last call period). > However, if this is going to avoid an issue raised > during the IESG Last call period, then we had better > to solve that last one now. Working it. Apologies for not bringing it earlier. It was on my list of -03 issues but I got preoccupied with my day job and overlooked making a post. > > > Signing DPD responses an option > . . . > > I propose to update the text in the following way: > > For the client to be confident that all the elements > from the response originates from the expected DPD > server, an authenticated response MAY be required. > For example, the server might sign the response or data > authentication might also be achieved using a > lower-layer security protocol. > > Denis This works for me. Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PGDbp01800 for ietf-pkix-bks; Thu, 25 Apr 2002 09:13:37 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PGDaa01792 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 09:13:36 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3PGDITt026371; Thu, 25 Apr 2002 09:13:19 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <Peter.Sylvester@edelweb.fr>, <ietf-pkix@imc.org> Subject: RE: roadmap Date: Thu, 25 Apr 2002 09:10:25 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAEDJCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <3CC80129.3ECB8969@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, I agree with Ambarish. This is a reset to interop testing we don't want to incur. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Thursday, April 25, 2002 6:14 AM > > . . . > > So my request is the same as made on the mailing > list: RFC250bis should only be updated to allow > to specify a certificate using additional ways. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PGArN01756 for ietf-pkix-bks; Thu, 25 Apr 2002 09:10:53 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PGApa01752 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 09:10:51 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3PGAoTt026154; Thu, 25 Apr 2002 09:10:51 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Housley, Russ" <rhousley@rsasecurity.com> Cc: "'PKIX '" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Thu, 25 Apr 2002 09:07:57 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEDICKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <5.1.0.14.2.20020425092936.03139200@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, I knew it was something simple. Intersection of policy lists. Got it. I suspect though that in the vast majority of cases, this could better be handled by client-side local configuration logic at the gain of reduced protocol complexity, always a good thing. I'm doubtful many folks are actually going to do this in practice. Where on the wire signalling is relevant, as a design option, one could have a SEQ OF policy OIDs in the request and task the server to do the intersection. That way, one has an equivalent functionality with only a very slight increase in protocol complexity and further reduction in client-side code footprint, an added benefit with respect to the various thin-client arguments that have been made. Only issue I see to this approach is the instance where the intersection yields multiple OIDs. Then the server chooses vs. the client. But then, how's a client going to choose? So I guess I can accept the requirement, but the requirements document seems to constrain the technical approach. Mike > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Thursday, April 25, 2002 6:33 AM > To: Michael Myers > Cc: 'PKIX ' > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > Mike: > > I was not the advocate for this requirement, but the > one of the scenarios > that the advocate had in mind was straightforward. > The client has several > acceptable policies, so the client asks the server > for a list of supported > policies, and the makes the query based on a policy > that is on both lists. > > Russ > > > At 03:14 PM 4/24/2002 -0700, Michael Myers wrote: > >Russ, > > > >Will take up the "unknown" thread via Trevor's > recent posting. > >Good to hear you interpret the text as I do re: DPD > server auth, > >namely there's no prejudice against lower layer mechanisms. > > > >I'm still though trying to understand what needs policy > >discovery truly addresses. What might be called the > use cases. > >To my way of thinking about this, a client is interested in > >*its* policy or the one or ones it is constrained to > use, static > >or otherwise, implicit default or directly signalled in its > >request. Would a discovery query prove this? > Certainly. But > >so would an unsupportedPolicy response back from the server. > > > >I can see that policy discovery could be useful to the > >initialization of a freshly installed client, > especially from an > >enterprise perspective, but then there's a trust > issue there. A > >policy discovery function might also be useful in > developing an > >Internet-wide profile of which servers do which > things, but I'm > >not sure that's the intent. Or is it? > > > >As I said, I'm just trying to understand the driver > behind the > >discovery piece. Maybe like the roots issue, I'm overlooking > >something obvious. > > > >Mike > > > > > > > -----Original Message----- > > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > > Sent: Wednesday, April 24, 2002 11:21 AM > > > To: Michael Myers > > > Cc: 'PKIX ' > > > Subject: RE: Comments on > draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > > > > Mike: > > > > > > > > DPV REQUIREMENTS > > > > > **************** > > > > > > > > > > Editorial > > > > > --------- > > > > > "Unless an error is reported, the DPV response MUST > > > > > indicate one > > > > > of the following two status alternatives:" > > > > > > > > > > MM3: Change "two" to "three" to reflect > {valid, invalid, > > > > > unknown} > > > > > > > > > > [RH] I am having a real problem differentiating > > > > > invalid and unknown. To my way of thinking, the > > > > > actions taken by a client will be the same in > > > > > either case. > > > > > > > >{valid, invalid, unknown} is the resolution of record and > > > >defined in the text. My comment was just pointing out an > > > >editorial wrinkle that needs smoothing out. > > > > > > [RH] I agree that a change was made to add the > > > "unknown" response in draft > > > -04. I am not convinced that we did anything useful > > > for the client. I > > > think the client will treat "invalid" and "unknown" > > > exactly the same. > > > > > > > > > > > Signing DPD responses an option > > > > > ------------------------------- > > > > > "For the client to be confident that the response > > > originates > > > > > from the expected DPD server, the server MAY > provide an > > > > > authenticated response. For example, the server > > > might sign the > > > > > response." > > > > > > > > > > And, > > > > > > > > > > "The DPD server MAY require client > > > authentication, therefore, > > > > > the DPD request MUST be able to be authenticated." > > > > > > > > > > MM14: Signing is an example, not a > requirement, correct? > > > > > Lower-layer security protocols could equally > > > address server auth > > > > > needs. Suggest appending to the last sentence of > > > the first > > > > > requirement " . . . or the client could invoke a > > > lower-layer > > > > > security protocol that authenticates the server > > > (e.g. TLS)." > > > > > This also folds in well with the MUST regarding > > > support for > > > > > client auth. > > > > > > > > > > [RH] DPV requires signature on the response. Why > > > not allow > > > > > some consistency? > > > > > > > >I see no needs-based driver for signed DPD > responses. A DPD > > > >server is simply acting as an aggregation point > for access to > > > >signed data produced by others. As I said before, > > > one of the > > > >potential features of DPD over DPV is that a DPD > > > server arguably > > > >need not be trusted in a certification sense while a > > > DPV server > > > >clearly must (assuming of course that server > does not combine > > > >both functions). A non-normative statement that > where DPD > > > >server auth is relevant lower layer protocols can > > > suffice would > > > >preserve this quality with no loss of security assurance. > > > > > > [RH] Just rereading the text, I think that the text > > > in draft -04 allows > > > either lower layer mechanisms or signatures within > > > the DPD protocol. I do > > > not think that there is a need to change anything here. > > > > > > > > > > > POLICY DISCOVERY REQUIREMENT > > > > > **************************** > > > > > > > > > > Thought we got rid of PDP-type requirements > > > > > ------------------------------------------- > > > > > "The client MUST be able to obtain references for > > > the default > > > > > policy or for all of the policies supported by > > > the server by > > > > > using an additional request/response pair. The > > > response can > > > > > include references to previously defined policies or > > > > > to a priori > > > > > known policies." > > > > > > > > > > MM15: I thought we got rid of all PDP-type > > > requirements in this > > > > > DPV/DPD requirements document. The above text > > > seems to mandate > > > > > that any protocol responsive to this document > > > MUST define a > > > > > request/response pair for policy discovery. > > > > > > > > > > [RH] We want the client to be able to get a list > > > of the policies. > > > > > PDP (in a future document) will address the > > > definition of said > > > > > policies. > > > > > > > >A DPV or DPD server can iterate through its list > of policy > > > >definitions and either execute accordingly or send back > > > >unsupportedPolicy. What's important to the client > > > is that the > > > >server either does or does not support the > policy the client > > > >specifies in its request. > > > > > > The requirement says that the client can ask the > > > server for a list of > > > policy identifiers that it is currently supporting. > > > This does not mean > > > that they were dynamically defined policies. > > > > > > Russ > > > > > > >Mike > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PFmgH28654 for ietf-pkix-bks; Thu, 25 Apr 2002 08:48:42 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PFmea28649 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 08:48:40 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3PFmOTt024206; Thu, 25 Apr 2002 08:48:24 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: <stephen.farrell@baltimore.ie>, "pkix" <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Thu, 25 Apr 2002 08:45:30 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEDHCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <3CC80047.F9A3B8C4@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, In that scenario there are really two questions. First, is the certificate valid in the sense that it is reliable and the circumstances relating to its issuance haven't changed in any material way. Having determined that, the next question is "acceptable for a given purpose"? Clearly the latter case is more in scope of your rental car company. However, your rental car company is then a relying party to the issuer of those certificates it chooses to accept and thus subject to any relying party agreement those CAs may have in force at the time. Maybe none such exists, but it's still a relying party (at least as far as this technologist understands the concept). So I think it's dangerous to promulgate a notion that would lead folks to believe that a certificate can be unilaterally asserted as "valid" without any reference or relationship whatsoever to the party that originally issued the certificate (where "valid" has, or soon will have, a precise technical meaning in this WG). What I hear you saying is, "acceptable for a given purpose" which assertion can certainly lie beyond the scope of a CA. One that basis I agree with you. Note, however, that if your rental car company parses a cert looking for CA identity or equivalent, and tosses it because it's not in the acceptable set without ever bothering to run a path check (which design approach seems likely), it's better to send back "unknown" rather than "invalid". Better yet perhaps, an unsigned error. I suspect the certificate's issuer may take offense at other parties claiming its certificates are invalid when in point of fact they're not. As Hal said, we've probably kicked this one to death but I just wanted to raise that little flag of caution regarding the relying party concept now that I better understand your position. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Thursday, April 25, 2002 6:11 AM > To: Michael Myers > Cc: stephen.farrell@baltimore.ie; pkix > Subject: Re: Open issue: DPV additional information > > > > Michael, > > > Denis, > > > It is precisely that issue of responsibility, in a broader > > sense. I'm quite certain that organizational entities who > > create, issue and maintain the reliability of public key > > certificates will will be the first to claim jursidiction > > regarding their validity. Who is going to claim otherwise? > > Let me provide you with an example: > > Avis Rent a Car (TM) is wishing to accept tourist car > reservations using > public key certificates in France. Avis Rent a Car > (TM) will define the > "Avis Rent a Car (TM) reservation policy in France > for tourism vehicules" > and state that under this policy Microsoft > certificates class X, Verisign > Certificates Class Y and Debis certificates Class Z > are adequate. Microsoft, > Verisign and Debis as CAs, are fully ignorant which > applications are making > use of their certificates. > > There needs not be any relationship between > validation policy issuers and > CAs. > > Validation policy issuers will pick up in their > validation policies which > CAs are appropriate. > > Denis > > > > Mike > > > > > -----Original Message----- > > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > > > Sent: Wednesday, April 17, 2002 8:02 AM > > > > Extract from the road map document: > > > > > > Certification Authority (CA) - An authority > > > trusted by one or more users to create and assign > > > public key certificates. Optionally the CA may > > > create the user's keys. It is important to > > > note that the CA is responsible for the public key > > ^^^^^^^^^^^^^^^ > > > certificates during their whole lifetime, not just > > > for issuing them. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PEU2026126 for ietf-pkix-bks; Thu, 25 Apr 2002 07:30:02 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3PETua26099 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 07:29:56 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 25 Apr 2002 14:28:38 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA14192 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 10:28:24 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3PEU0j21341 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 10:30:00 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1WTN4>; Thu, 25 Apr 2002 10:27:12 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.178]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1WTNK; Thu, 25 Apr 2002 10:26:58 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Michael Myers <myers@coastside.net> Cc: "'PKIX '" <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020425092936.03139200@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 25 Apr 2002 09:32:37 -0400 Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt In-Reply-To: <EOEGJNFMMIBDKGFONJJDIECECKAA.myers@coastside.net> References: <5.1.0.14.2.20020424104338.0209fde8@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike: I was not the advocate for this requirement, but the one of the scenarios that the advocate had in mind was straightforward. The client has several acceptable policies, so the client asks the server for a list of supported policies, and the makes the query based on a policy that is on both lists. Russ At 03:14 PM 4/24/2002 -0700, Michael Myers wrote: >Russ, > >Will take up the "unknown" thread via Trevor's recent posting. >Good to hear you interpret the text as I do re: DPD server auth, >namely there's no prejudice against lower layer mechanisms. > >I'm still though trying to understand what needs policy >discovery truly addresses. What might be called the use cases. >To my way of thinking about this, a client is interested in >*its* policy or the one or ones it is constrained to use, static >or otherwise, implicit default or directly signalled in its >request. Would a discovery query prove this? Certainly. But >so would an unsupportedPolicy response back from the server. > >I can see that policy discovery could be useful to the >initialization of a freshly installed client, especially from an >enterprise perspective, but then there's a trust issue there. A >policy discovery function might also be useful in developing an >Internet-wide profile of which servers do which things, but I'm >not sure that's the intent. Or is it? > >As I said, I'm just trying to understand the driver behind the >discovery piece. Maybe like the roots issue, I'm overlooking >something obvious. > >Mike > > > > -----Original Message----- > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > Sent: Wednesday, April 24, 2002 11:21 AM > > To: Michael Myers > > Cc: 'PKIX ' > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Mike: > > > > > > DPV REQUIREMENTS > > > > **************** > > > > > > > > Editorial > > > > --------- > > > > "Unless an error is reported, the DPV response MUST > > > > indicate one > > > > of the following two status alternatives:" > > > > > > > > MM3: Change "two" to "three" to reflect {valid, invalid, > > > > unknown} > > > > > > > > [RH] I am having a real problem differentiating > > > > invalid and unknown. To my way of thinking, the > > > > actions taken by a client will be the same in > > > > either case. > > > > > >{valid, invalid, unknown} is the resolution of record and > > >defined in the text. My comment was just pointing out an > > >editorial wrinkle that needs smoothing out. > > > > [RH] I agree that a change was made to add the > > "unknown" response in draft > > -04. I am not convinced that we did anything useful > > for the client. I > > think the client will treat "invalid" and "unknown" > > exactly the same. > > > > > > > > Signing DPD responses an option > > > > ------------------------------- > > > > "For the client to be confident that the response > > originates > > > > from the expected DPD server, the server MAY provide an > > > > authenticated response. For example, the server > > might sign the > > > > response." > > > > > > > > And, > > > > > > > > "The DPD server MAY require client > > authentication, therefore, > > > > the DPD request MUST be able to be authenticated." > > > > > > > > MM14: Signing is an example, not a requirement, correct? > > > > Lower-layer security protocols could equally > > address server auth > > > > needs. Suggest appending to the last sentence of > > the first > > > > requirement " . . . or the client could invoke a > > lower-layer > > > > security protocol that authenticates the server > > (e.g. TLS)." > > > > This also folds in well with the MUST regarding > > support for > > > > client auth. > > > > > > > > [RH] DPV requires signature on the response. Why > > not allow > > > > some consistency? > > > > > >I see no needs-based driver for signed DPD responses. A DPD > > >server is simply acting as an aggregation point for access to > > >signed data produced by others. As I said before, > > one of the > > >potential features of DPD over DPV is that a DPD > > server arguably > > >need not be trusted in a certification sense while a > > DPV server > > >clearly must (assuming of course that server does not combine > > >both functions). A non-normative statement that where DPD > > >server auth is relevant lower layer protocols can > > suffice would > > >preserve this quality with no loss of security assurance. > > > > [RH] Just rereading the text, I think that the text > > in draft -04 allows > > either lower layer mechanisms or signatures within > > the DPD protocol. I do > > not think that there is a need to change anything here. > > > > > > > > POLICY DISCOVERY REQUIREMENT > > > > **************************** > > > > > > > > Thought we got rid of PDP-type requirements > > > > ------------------------------------------- > > > > "The client MUST be able to obtain references for > > the default > > > > policy or for all of the policies supported by > > the server by > > > > using an additional request/response pair. The > > response can > > > > include references to previously defined policies or > > > > to a priori > > > > known policies." > > > > > > > > MM15: I thought we got rid of all PDP-type > > requirements in this > > > > DPV/DPD requirements document. The above text > > seems to mandate > > > > that any protocol responsive to this document > > MUST define a > > > > request/response pair for policy discovery. > > > > > > > > [RH] We want the client to be able to get a list > > of the policies. > > > > PDP (in a future document) will address the > > definition of said > > > > policies. > > > > > >A DPV or DPD server can iterate through its list of policy > > >definitions and either execute accordingly or send back > > >unsupportedPolicy. What's important to the client > > is that the > > >server either does or does not support the policy the client > > >specifies in its request. > > > > The requirement says that the client can ask the > > server for a list of > > policy identifiers that it is currently supporting. > > This does not mean > > that they were dynamically defined policies. > > > > Russ > > > >Mike Received: by above.proper.com (8.11.6/8.11.3) id g3PETwG26110 for ietf-pkix-bks; Thu, 25 Apr 2002 07:29:58 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3PETua26098 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 07:29:56 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 25 Apr 2002 14:28:37 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA14189 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 10:28:23 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3PETuj21317 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 10:29:58 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1WTNV>; Thu, 25 Apr 2002 10:27:12 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.178]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1WTNN; Thu, 25 Apr 2002 10:26:59 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Michael Myers <myers@coastside.net> Cc: PKIX <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020425095146.03149468@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 25 Apr 2002 09:57:56 -0400 Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt In-Reply-To: <EOEGJNFMMIBDKGFONJJDAECLCKAA.myers@coastside.net> References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5C7@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike: I think that RFC 2459 (and soon RFC 3280) clearly define a valid certification path. Anything that does not meet this definition is invalid, regardless of the reason. Russ At 07:47 PM 4/24/2002 -0700, Michael Myers wrote: >Peter, > >See below. > >Mike > > > > -----Original Message----- > > From: Peter Williams [mailto:peterw@valicert.com] > > Sent: Wednesday, April 24, 2002 6:51 PM > > To: 'Michael Myers'; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > > > Mike, > > > > (1) Can you provide a citation or other professional > > reference for the "precise technical meanings" of "valid" and > > "invalid", please? > >Which of the following do you believe should be eliminated from >such a definition: > >1. Formation of a valid path IAW 2459; > >2. Confirmation of revocation status for each > certificate in said path; > >3. Cryptographic validation of said path IAW 2459. > >4. Other practices as required by policy. > > > (2) Could you also perhaps help me compare > > the definition(s) of "valid" used in the > > VeriSign CPs (1.2 and 2.0)and the US DOD CP v2 (March > > 1999), perhaps, against the recognised > > definition of "valid" (see above (1))? > >Nope. Go for it. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PETwu26111 for ietf-pkix-bks; Thu, 25 Apr 2002 07:29:58 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3PETua26105 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 07:29:56 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 25 Apr 2002 14:28:38 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA14200 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 10:28:25 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3PEU1j21346 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 10:30:01 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1WTNW>; Thu, 25 Apr 2002 10:27:12 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.178]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1WTN3; Thu, 25 Apr 2002 10:26:59 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Tony Bartoletti <azb@llnl.gov> Cc: PKIX <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020425100456.0313c468@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 25 Apr 2002 10:05:22 -0400 Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt In-Reply-To: <4.3.2.7.2.20020424184334.00b2dad0@poptop.llnl.gov> References: <EOEGJNFMMIBDKGFONJJDGECJCKAA.myers@coastside.net> <4AEE3169443CDD4796CA8A00B02191CD063C4106@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tony: Agree. I like choice 2. Russ At 06:58 PM 4/24/2002 -0800, Tony Bartoletti wrote: >Seems you have two choices: > >1. Go with "Trinary Value", in which case the semantics are satisfied by > > a. Success_Valid > b. Failure_Invalid > c. Failure_Unknown > >2. Go with "Binary Value", using either > > a. Valid > b. Invalid (see reason code for details) > > or > > a. Success > b. Failure (see reason codes for details) > > From a state-machine point of view, even the latter choices are workable, > ASSUMING that the indicated reason-codes are "reasonably > standardized". The only "client-side-reason" I can see for this 3-valued > (or n-valued) response would be a case of clientware capable of > automatically seeking a "second opinion" from another source, where the > trinary "unknown" is returned (or the reason-code associated with the > binary response indicates a possible transient lack of information.) > >The "Server-side" argument for trinary response (not wanting to pronounce >a certificate "invalid" given lack of information or authority) seems >satisfied by Trevor's Success/Failure terminology, correct? > >Cheers! > >____tony____ > >Tony Bartoletti 925-422-3881 <azb@llnl.gov> >Information Operations, Warfare and Assurance Center >Lawrence Livermore National Laboratory >Livermore, CA 94551-9900 > > > >At 06:17 PM 4/24/02 -0700, Michael Myers wrote: > >>Trevor, >> >>It is my firm belief that at a meta level we are faced >>fundamentally with a trinary valued state variable. I've yet to >>hear a needs-based argument that dissuades me from that >>conviction. Maybe we should discuss offlist and spare the WG >>further chatter. My contact info is below. >> >>Mike >> >>Michael Myers >>t: +415.819.1362 >>e: mailto:mike@traceroutesecurity.com >>w: http://www.traceroutesecurity.com >> >> >> >> >> >> > -----Original Message----- >> > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] >> > Sent: Wednesday, April 24, 2002 6:00 PM >> > To: Michael Myers; PKIX >> > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt >> > >> > >> > Michael, >> > Success and failure have precise technical meaning. >> > The client is asking >> > either "can you validate this certificate" or "can >> > you build a path with >> > this certificate" The server can succeed in that task >> > - which implies >> > the certificate is valid or the server build a path, >> > or the server >> > failed. Using these semantics, failure to comply with >> > the clients >> > request on the server's part implies nothing about >> > the certificate only >> > about the server ability, but retains a binary >> > response which is simple >> > for the client to process. >> > We can add specific reasons for the failure in the >> > protocol document >> > which allow the server to express whatever it wants about its >> > inadequacies. >> > Is that OK for now? >> > >> > Trevor >> > >> > -----Original Message----- >> > From: Michael Myers [mailto:myers@coastside.net] >> > Sent: Wednesday, April 24, 2002 5:44 PM >> > To: Trevor Freeman; PKIX >> > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt >> > >> > Trevor, >> > >> > No, what I'm saying is that valid and invalid have precise >> > technical meanings that could be potentially relevant to an >> > arbitration panel if not a court of law. The unknown state >> > affords a service provider or enterprise deploying a >> > server the >> > means to escape out of binding itself into a situation that >> > could possibly put it at financial risk. >> > >> > I could be totally wrong in that perception, but that's what I >> > think. Several years ago it was just crypto and toolkits. >> > Today there's laws and regulations and jurisdictional forums >> > considering how this technology applies to societal >> > factors. I >> > for one think we need to be responsible in this regard. >> > >> > Else maybe what you're talking about is more aligned >> > with Peter >> > Gutman's certOK proposal. >> > >> > Mike >> > >> > >> > >> > Michael Myers >> > t: +415.819.1362 >> > e: mailto:mike@traceroutesecurity.com >> > w: http://www.traceroutesecurity.com >> > >> > > -----Original Message----- >> > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] >> > > Sent: Wednesday, April 24, 2002 4:44 PM >> > > To: Michael Myers; PKIX >> > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt >> > > >> > > >> > > Mike, >> > > All you are saying is that the server needs to >> > > clarity the reason for >> > > the inability to validate the certificate. You >> > > objection seems to be >> > > wording of the return state in the requirement >> > > document implying more >> > > than is intended. Rather that naming them in the >> > > requirements document >> > > valid and invalid, we can name them success and >> > > failure. Success means >> > > the server was able to complete the client request, >> > > and failure means it >> > > did not. >> > > >> > > Trevor >> > > -----Original Message----- >> > > From: Michael Myers [mailto:myers@coastside.net] >> > > Sent: Wednesday, April 24, 2002 3:54 PM >> > > To: Trevor Freeman; PKIX >> > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt >> > > >> > > Trevor, >> > > >> > > I agree with you and Russ that from a state machine >> > > perspective, >> > > a client will probably take the same action in both >> > > the unknown >> > > and invalid cases. However, from a server, or more >> > > importantly >> > > a service perspective, I suspect there exists an appreciable >> > > semantic difference in a legal or liability sense >> > > between these >> > > two states. >> > > >> > > I've had the pleasure over the past few years of abundant >> > > exposure to lawyers, bankers, regulators and other >> > such types >> > > regarding these and related issues. I'm sure many >> > of us share >> > > that experience in one form or another. >> > > >> > > Now, I'm no lawyer but given that exposure it seems >> > > to me that a >> > > service (i.e. that which runs a server) is setting >> > > itself up for >> > > disaster by asserting a digitally signed "invalid" >> > > when in point >> > > of fact that service hasn't the data, jurisdiction or >> > > delegation >> > > to make such an unequivocal assertion. >> > > >> > > As a hypothetical, consider a party seeking damages >> > > to which an >> > > invalid assertion is useful as evidence even though the >> > > certificate in question is provably valid given >> > access to the >> > > relevant data. That plaintiff could arguably find >> > > some service >> > > that doesn't know diddly about the certificate to issue a >> > > digitally signed "invalid" and there you go. That >> > > TTP may have >> > > just stuck its neck out. >> > > >> > > I know that's probably a stretch, but not >> > inconceivable given >> > > some the purposes to which certs and sigs are today being >> > > applied. Better it seems by far to enable an "out" >> > > via unknown >> > > even if at the other end, the client does nothing >> > differently. >> > > >> > > Valid and Invalid mean something very precise to my way of >> > > thinking. It means data was accumulated, a path was >> > > successfully constructed, revocation information was >> > > checked and >> > > the entire dataset checked according to 2459 and >> > whatever else >> > > might specified by the policy in place at the time >> > between the >> > > client and the server/service. Break any one of those >> > > assumptions and one can't assert invalid. Hence we need >> > > unknown. >> > > >> > > Mike >> > > >> > > >> > > > -----Original Message----- >> > > > From: Trevor Freeman >>[mailto:trevorf@windows.microsoft.com] >> > > Sent: Wednesday, April 24, 2002 11:33 AM >> > > To: Michael Myers; PKIX >> > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt >> > > >> > > >> > > Mike, >> > > I realise there has been several mailing on this >> > > topic, but so far no >> > > consensus. >> > > Apart form references to 2560, I have not seen much >> > > in the way of >> > > reasoned justification as to why we need another >> > > return code in DPV/DPD. >> > > All this additional return value is indicating is >> > > some kind of failure >> > > on the part of the server. We have defined the >> > requirement for >> > > additional information on the error to be returned by >> > > the server to >> > > clarify the nature of the failure to the client. If >> > > you want to refine >> > > the defined list of sub-status reasons when we get to >> > > define the >> > > protocol then I am sure we can debate this more >> > > meaningfully then. >> > > However since one of the goals of the DPV protocol is >> > > to address >> > > constrained clients, then we have to be hard core on >> > > not complication >> > > the protocol. >> > > >> > > Trevor >> > >> > > >Tony Bartoletti 925-422-3881 <azb@llnl.gov> >Information Operations, Warfare and Assurance Center >Lawrence Livermore National Laboratory >Livermore, CA 94551-9900 > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PDlt925016 for ietf-pkix-bks; Thu, 25 Apr 2002 06:47:55 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDlra25012 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:47:54 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA19268; Thu, 25 Apr 2002 15:50:39 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515471795:115 ; Thu, 25 Apr 2002 15:47:17 +0200 Message-ID: <3CC808F8.26A8DA6E@bull.net> Date: Thu, 25 Apr 2002 15:47:36 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: "Housley, Russ" <rhousley@rsasecurity.com>, "'PKIX '" <ietf-pkix@imc.org> Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt References: <EOEGJNFMMIBDKGFONJJDKEBFCKAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:47:18, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:47:49, Serialize complete at 25/04/2002 15:47:49 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, > Russ, > > That was quick. Thanks. A few responses below, else I concur. > > Mike > > > -----Original Message----- > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > > > > > DPV REQUIREMENTS > > **************** > > > > Editorial > > --------- > > "Unless an error is reported, the DPV response MUST > > indicate one > > of the following two status alternatives:" > > > > MM3: Change "two" to "three" to reflect {valid, invalid, > > unknown} > > > > [RH] I am having a real problem differentiating > > invalid and unknown. To my way of thinking, the > > actions taken by a client will be the same in > > either case. > > {valid, invalid, unknown} is the resolution of record and > defined in the text. My comment was just pointing out an > editorial wrinkle that needs smoothing out. I have maintained the three states. > > DPD REQUIREMENTS > > **************** > > > > > > Multiple paths issue > > -------------------- > > MM12: This subset of DPD requirements seems to be leading > > towards a sub-optimal system design. To be addressed in a > > separate email. > > > > [RH] I will wait for the mail to reply ... Please send it soon, since this is the VERY last comment (not raised during the WG last call period). However, if this is going to avoid an issue raised during the IESG Last call period, then we had better to solve that last one now. > Forthcoming. > > > Signing DPD responses an option > > ------------------------------- > > "For the client to be confident that the response originates > > from the expected DPD server, the server MAY provide an > > authenticated response. For example, the server might sign the > > response." > > > > And, > > > > "The DPD server MAY require client authentication, therefore, > > the DPD request MUST be able to be authenticated." > > > > MM14: Signing is an example, not a requirement, correct? > > Lower-layer security protocols could equally address > > server auth > > needs. Suggest appending to the last sentence of the first > > requirement " . . . or the client could invoke a lower-layer > > security protocol that authenticates the server (e.g. TLS)." > > This also folds in well with the MUST regarding support for > > client auth. > > > > [RH] DPV requires signature on the response. Why not allow > > some consistency? > > I see no needs-based driver for signed DPD responses. A DPD > server is simply acting as an aggregation point for access to > signed data produced by others. As I said before, one of the > potential features of DPD over DPV is that a DPD server arguably > need not be trusted in a certification sense while a DPV server > clearly must (assuming of course that server does not combine > both functions). A non-normative statement that where DPD > server auth is relevant lower layer protocols can suffice would > preserve this quality with no loss of security assurance. I propose to update the text in the following way: For the client to be confident that all the elements from the response originates from the expected DPD server, an authenticated response MAY be required. For example, the server might sign the response or data authentication might also be achieved using a lower-layer security protocol. Denis > > POLICY DISCOVERY REQUIREMENT > > **************************** > > > > Thought we got rid of PDP-type requirements > > ------------------------------------------- > > "The client MUST be able to obtain references for the default > > policy or for all of the policies supported by the server by > > using an additional request/response pair. The response can > > include references to previously defined policies or > > to a priori > > known policies." > > > > MM15: I thought we got rid of all PDP-type > > requirements in this > > DPV/DPD requirements document. The above text seems > > to mandate > > that any protocol responsive to this document MUST define a > > request/response pair for policy discovery. > > > > [RH] We want the client to be able to get a list of > > the policies. > > PDP (in a future document) will address the definition of said > > policies. > > A DPV or DPD server can iterate through its list of policy > definitions and either execute accordingly or send back > unsupportedPolicy. What's important to the client is that the > server either does or does not support the policy the client > specifies in its request. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PDNov23369 for ietf-pkix-bks; Thu, 25 Apr 2002 06:23:50 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDNna23365 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:23:49 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA14596; Thu, 25 Apr 2002 15:26:38 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515233985:106 ; Thu, 25 Apr 2002 15:23:39 +0200 Message-ID: <3CC8036E.DECB3EA@bull.net> Date: Thu, 25 Apr 2002 15:23:58 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com> CC: ietf-pkix@imc.org Subject: Re: Two more nits re: DPV/DPD rqmts References: <EOEGJNFMMIBDKGFONJJDOEJDCJAA.myers@coastside.net> <3CBB0848.9C19980C@bull.net> <004e01c1e4ee$5e51e7e0$020aff0a@tsg1> <p05100308b8ea318575de@[128.89.88.34]> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:23:40, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:23:49, Serialize complete at 25/04/2002 15:23:49 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve, (...) > In the case of DPV and DPD, the WG discussed the matter some time ago > and agreed that it would be highly desirable to have just one > standard protocol satisfying the requirements we agree upon. We > failed to do this in the case of CMC and CMP and the user and vendor > community suffered as a result. So, yes, the intent in this case is > to have just one standard for DPV and DPD. I would rather say " ... just one protocol for DPV and one protocol for DPD". At this time it is too early to say whether they will described in one document or two. Denis > Steve Received: by above.proper.com (8.11.6/8.11.3) id g3PDIQS23133 for ietf-pkix-bks; Thu, 25 Apr 2002 06:18:26 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDIPa23129 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:18:25 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA09158; Thu, 25 Apr 2002 15:21:14 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515180480:102 ; Thu, 25 Apr 2002 15:18:04 +0200 Message-ID: <3CC8021F.4A5A1A2E@bull.net> Date: Thu, 25 Apr 2002 15:18:23 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204171647.SAA09329@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:18:05, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:18:24, Serialize complete at 25/04/2002 15:18:24 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I believe that we have now achieved consensus for the inclusion of two different requirements for two different purposes: So I am prepared to include two paragraphs: The requestor MUST be able, upon request, to have a text field to be copied in the response. As an example, this field may relate to the nature or reason of the request/response. When the request is authenticated, the requestor SHOULD be able, upon request, to indicate an identifier to be included in the response. How this identifier is matched with the authenticated identity depends on local server conditions and/or the validation policy. The server MAY choose to refuse to include an identifier in the response, or MAY refuse to create a response. This should close the last issue raised during the last call. Denis > > >1. The requestor MUST be able, upon request, to have a field to be copied > > > in the response. > > > > > >2. When the request is authenticated, the requestor SHOULD be able, upon > > > request, to have an identifier to be included in the response. How this > > > identifier is derived from the authenticated identity depends on local > > > server conditions. The server MAY choose to refuse to include an > > > identitier in the response. > > > > > >Opinions ? > > > > I think that the first alternative is too vague to be useful. I nonce > > mechanism that might be included to detect reply would fulfill the requirement. > > > > I think that the second is acceptable. I could live with it in order to > > reach closure, but I do not think that it is necessary. > > 1: > Actually Denis has added a new requirement here which is something that > I had in mind but forgotten during the other discussions. > > 'a field' could mean 'a textual description identifying the nature or reason > of the request/response'. > > This is not nonce processing, I have some tendency to avoid to encourage > people to hide something necessary in a nonce. > > 2: > What about: > > When the request is authenticated, the requestor SHOULD be able, upon > request, to indicate an identifier to be included in the response. How this > identifier is matched with the authenticated identity depends on local > server conditions and/or the validation policy. > The server MAY choose to refuse to include an identitier in the response, > or MAY refuse to create a response. > > > > > Russ > > > Peter Received: by above.proper.com (8.11.6/8.11.3) id g3PDIOV23126 for ietf-pkix-bks; Thu, 25 Apr 2002 06:18:24 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDINa23122 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:18:23 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA09154 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 15:21:14 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515162755:101 ; Thu, 25 Apr 2002 15:16:27 +0200 Message-ID: <3CC801BD.771B5FA8@bull.net> Date: Thu, 25 Apr 2002 15:16:45 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: RFC 3039 changes X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:16:27, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:18:24, Serialize complete at 25/04/2002 15:18:24 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At the last IETF meeting Stefan Santesson announced that he wanted to revise RFC 3039. There was no time to have a discussion during the meeting. One of the points was to change the text about the exclusion of the DS bit with the NR bit. I have very strong reservations for any change in that direction. The second point was to change the scope of the document to cover certificates issued to human beings rather than only Qualified Certificates. When the document was created, the title has been very carefully chosen and that title should stay as it is. Of course, the names of the extensions (QC statement) cannot be changed. Further more, an ETSI TS profiles RFC 3039 and any change to RFC 3039 (or a removal of RFC 3039) would need to update that TS. For these reasons, I have strong reservations for issuing a new document that would obsolete RFC 3039. We need stable documents or otherwise strong reasons to change documents. Denis Received: by above.proper.com (8.11.6/8.11.3) id g3PDH9q23059 for ietf-pkix-bks; Thu, 25 Apr 2002 06:17:09 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDH8a23055 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:17:08 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA16872; Thu, 25 Apr 2002 15:19:54 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515145189:99 ; Thu, 25 Apr 2002 15:14:51 +0200 Message-ID: <3CC8015D.F921B803@bull.net> Date: Thu, 25 Apr 2002 15:15:09 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: Michael Myers <myers@coastside.net>, "'PKIX '" <ietf-pkix@imc.org> Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt References: <F504A8CEE925D411AF4A00508B8BE90A0162D03A@exna07.securitydynamics.com> <5.1.0.14.2.20020424104338.0209fde8@exna07.securitydynamics.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:14:52, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:17:04, Serialize complete at 25/04/2002 15:17:04 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > DPV REQUIREMENTS > > > **************** > > > > > > Editorial > > > --------- > > > "Unless an error is reported, the DPV response MUST > > > indicate one > > > of the following two status alternatives:" > > > > > > MM3: Change "two" to "three" to reflect {valid, invalid, > > > unknown} > > > > > > [RH] I am having a real problem differentiating > > > invalid and unknown. To my way of thinking, the > > > actions taken by a client will be the same in > > > either case. > > > >{valid, invalid, unknown} is the resolution of record and > >defined in the text. My comment was just pointing out an > >editorial wrinkle that needs smoothing out. > > [RH] I agree that a change was made to add the "unknown" response in draft > -04. I am not convinced that we did anything useful for the client. I > think the client will treat "invalid" and "unknown" exactly the same. [DP] I do not think that the client will always treat "invalid" and "unknown" exactly the same. I provide an example: A client queries a DPV server and gets back "invalid". It does not make sense for the client to query another DPV server, since the response will never be "valid". A client queries a DPV server and gets back "unknown". It makes sense to query another DPV server, since the response could then either be "valid", "invalid" or still "unkown". Also "unknown" can be used as a clean way to stop a loop mechanism, when the same protocol is used between DPV servers. As said later on in an e-mail sent by Tony: " Seems you have two choices: 1. Go with "Trinary Value", in which case the semantics are satisfied by a. Success_Valid b. Failure_Invalid c. Failure_Unknown 2. Go with "Binary Value", using either a. Valid b. Invalid (see reason code for details) or a. Success b. Failure (see reason codes for details)" The two approaches end up with the same result. We did discussed that point in Minneapolis and we decided to go with a trinary status. This mimics the three OCSP statuses, although the semantics of the DPV statuses are fully different. Denis (text deleted) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PDH8S23054 for ietf-pkix-bks; Thu, 25 Apr 2002 06:17:08 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDH6a23048 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:17:06 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA16874; Thu, 25 Apr 2002 15:19:55 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515152719:100 ; Thu, 25 Apr 2002 15:15:27 +0200 Message-ID: <3CC80181.F5C4B940@bull.net> Date: Thu, 25 Apr 2002 15:15:45 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: <draft-ietf-pkix-dpv-dpd-req-04.txt> References: <200204191327.PAA10070@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:15:27, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:17:05, Serialize complete at 25/04/2002 15:17:05 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > Here some proposals for a text change. > > > > > The client can request that the server determine the certificate > > validity at a time other than the current time. The DPV server MUST > > obtain revocation status information for the validation time > > in the client request. > > In order to obtain the revocation status information of any > > certificate from the certification path, the DPV server might use, in > > accordance with the validation policy, different sources of revocation > > information, e.g. a combination of OCSP responses, CRLs, or delta-CRLs. > > If the revocation status information for the requested validation time > > is unavailable, then the DPV server MUST return a status indicating > > that the certificate is invalid. > replace by: > > The DPV server MUST produce certificate status information for > the validation time in the client request. In order to do this, > the server might use, in accordance with the validation policy, > different sources of external information concerning revocation > information, e.g., a combination of OCSP responses, CRLs, or > delta-CRLs, or other status information from other DPV servers. > > If the certificate status information for the requested validation > time is cannot be created, then the DPV server MUST return a status > indicating that the certificate is invalid. The last sentence you propose is not English. I simply propose to add to the current sentence: "or a response from another DPV server". > > The DPV client MUST be able to provide to the validation server, > > associated with each certificate to be validated, "useful > > certificates", as well as "useful revocation information". Revocation > > information includes OCSP responses, CRLs, and delta-CRLs. > replace by: > > The DPV client MUST be able to provide to the validation server, > associated with each certificate to be validated, "useful > certificates", as well as "useful information" e.g., revocation > information of OCSP responses, CRLs, and delta-CRLs, or status > information from other DPV servers. No. If there is one DPV answer, then that answer is self-sufficient and there is no reason for the client to make another query. > > The DPV response MUST be bound to the DPV request. This can be > > accomplished by repeating the important components from the request in > > the response or by including a one-way hash of the request in the > > response. > add: > > In some environments it may be necessary to present only a response > to another relying party without the corresponding request. > In this case the response MUST be sufficient self contained. Accepted. > > For the client to be able prove to a third party that trusts the > > same DPV server that the certificate validation was handled correctly, > > the DPV response MUST be digitally signed, unless an error is reported > > (e.g. a badly formatted request, etc.). The certificate from the DPV > > server SHALL be used to identify the DPV server. > > Replace 'identify' with 'authenticate'. Accepted. Denis > > another DPV server. Unlike the original client, the DPV server is > > expected to have moderate computing and memory resources, enabling the > sufficient ??? > > ----- End Included Message ----- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PDEqX22915 for ietf-pkix-bks; Thu, 25 Apr 2002 06:14:52 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDEpa22911 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:14:51 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA09150; Thu, 25 Apr 2002 15:17:37 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515142845:98 ; Thu, 25 Apr 2002 15:14:28 +0200 Message-ID: <3CC80147.72E322D6@bull.net> Date: Thu, 25 Apr 2002 15:14:47 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: "Housley, Russ" <rhousley@rsasecurity.com>, "'PKIX '" <ietf-pkix@imc.org> Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt References: <EOEGJNFMMIBDKGFONJJDIECECKAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:14:28, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:14:47, Serialize complete at 25/04/2002 15:14:47 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, > Russ, > > Will take up the "unknown" thread via Trevor's recent posting. > Good to hear you interpret the text as I do re: DPD server auth, > namely there's no prejudice against lower layer mechanisms. > > I'm still though trying to understand what needs policy > discovery truly addresses. What might be called the use cases. > To my way of thinking about this, a client is interested in > *its* policy or the one or ones it is constrained to use, static > or otherwise, implicit default or directly signalled in its > request. Would a discovery query prove this? Certainly. But > so would an unsupportedPolicy response back from the server. > > I can see that policy discovery could be useful to the > initialization of a freshly installed client, especially from an > enterprise perspective, but then there's a trust issue there. A > policy discovery function might also be useful in developing an > Internet-wide profile of which servers do which things, but I'm > not sure that's the intent. Or is it? > > As I said, I'm just trying to understand the driver behind the > discovery piece. Maybe like the roots issue, I'm overlooking > something obvious. The driver is simple: a client is not constrained to use one validation policy only. Depending of the application, one specific policy may be required. Before sending a full request, it is just easier to know whether that policy is supported. Getting at one time all supported policies is simply an optimisation. Denis > Mike > > > -----Original Message----- > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > Sent: Wednesday, April 24, 2002 11:21 AM > > To: Michael Myers > > Cc: 'PKIX ' > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Mike: > > > > > > DPV REQUIREMENTS > > > > **************** > > > > > > > > Editorial > > > > --------- > > > > "Unless an error is reported, the DPV response MUST > > > > indicate one > > > > of the following two status alternatives:" > > > > > > > > MM3: Change "two" to "three" to reflect {valid, invalid, > > > > unknown} > > > > > > > > [RH] I am having a real problem differentiating > > > > invalid and unknown. To my way of thinking, the > > > > actions taken by a client will be the same in > > > > either case. > > > > > >{valid, invalid, unknown} is the resolution of record and > > >defined in the text. My comment was just pointing out an > > >editorial wrinkle that needs smoothing out. > > > > [RH] I agree that a change was made to add the > > "unknown" response in draft > > -04. I am not convinced that we did anything useful > > for the client. I > > think the client will treat "invalid" and "unknown" > > exactly the same. > > > > > > > > Signing DPD responses an option > > > > ------------------------------- > > > > "For the client to be confident that the response > > originates > > > > from the expected DPD server, the server MAY provide an > > > > authenticated response. For example, the server > > might sign the > > > > response." > > > > > > > > And, > > > > > > > > "The DPD server MAY require client > > authentication, therefore, > > > > the DPD request MUST be able to be authenticated." > > > > > > > > MM14: Signing is an example, not a requirement, correct? > > > > Lower-layer security protocols could equally > > address server auth > > > > needs. Suggest appending to the last sentence of > > the first > > > > requirement " . . . or the client could invoke a > > lower-layer > > > > security protocol that authenticates the server > > (e.g. TLS)." > > > > This also folds in well with the MUST regarding > > support for > > > > client auth. > > > > > > > > [RH] DPV requires signature on the response. Why > > not allow > > > > some consistency? > > > > > >I see no needs-based driver for signed DPD responses. A DPD > > >server is simply acting as an aggregation point for access to > > >signed data produced by others. As I said before, > > one of the > > >potential features of DPD over DPV is that a DPD > > server arguably > > >need not be trusted in a certification sense while a > > DPV server > > >clearly must (assuming of course that server does not combine > > >both functions). A non-normative statement that where DPD > > >server auth is relevant lower layer protocols can > > suffice would > > >preserve this quality with no loss of security assurance. > > > > [RH] Just rereading the text, I think that the text > > in draft -04 allows > > either lower layer mechanisms or signatures within > > the DPD protocol. I do > > not think that there is a need to change anything here. > > > > > > > > POLICY DISCOVERY REQUIREMENT > > > > **************************** > > > > > > > > Thought we got rid of PDP-type requirements > > > > ------------------------------------------- > > > > "The client MUST be able to obtain references for > > the default > > > > policy or for all of the policies supported by > > the server by > > > > using an additional request/response pair. The > > response can > > > > include references to previously defined policies or > > > > to a priori > > > > known policies." > > > > > > > > MM15: I thought we got rid of all PDP-type > > requirements in this > > > > DPV/DPD requirements document. The above text > > seems to mandate > > > > that any protocol responsive to this document > > MUST define a > > > > request/response pair for policy discovery. > > > > > > > > [RH] We want the client to be able to get a list > > of the policies. > > > > PDP (in a future document) will address the > > definition of said > > > > policies. > > > > > >A DPV or DPD server can iterate through its list of policy > > >definitions and either execute accordingly or send back > > >unsupportedPolicy. What's important to the client > > is that the > > >server either does or does not support the policy the client > > >specifies in its request. > > > > The requirement says that the client can ask the > > server for a list of > > policy identifiers that it is currently supporting. > > This does not mean > > that they were dynamically defined policies. > > > > Russ > > > > Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PDELc22892 for ietf-pkix-bks; Thu, 25 Apr 2002 06:14:21 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDEKa22888 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:14:20 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA19762; Thu, 25 Apr 2002 15:16:50 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515135867:97 ; Thu, 25 Apr 2002 15:13:58 +0200 Message-ID: <3CC80129.3ECB8969@bull.net> Date: Thu, 25 Apr 2002 15:14:17 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Peter.Sylvester@edelweb.fr, ietf-pkix@imc.org Subject: Re: roadmap References: <EOEGJNFMMIBDKGFONJJDAEBOCKAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:13:58, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:14:01, Serialize complete at 25/04/2002 15:14:01 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, > Peter, > > v2's status mostly tracks that of the DPV and DPD requirements, > which have only recently settled down after about a year's worth > of effort. OCSP *cannot* be the right vector to support DPV requirements since the role of a CA is different from the role of a DPV server: a CA is only responsible for the certificates that it has issued. A DPV server can be any entity provided that it supports the appropriate validation policy which is *not* established by a CA. As another argument: having at the same time in the same response both a *single* OSCP response and a DPV response would be quite odd. The DPV response provides information which would make the *single* OCSP response useless. However the DPV response may include *several* OCSP responses *and* the full certification path, if requested by the client. So my request is the same as made on the mailing list: RFC250bis should only be updated to allow to specify a certificate using additional ways. OCSPv2 should be discontinued or at least the name "OCSPv2" dropped. This does not mean that some ideas from that protocol cannot be re-used to fit with the DPV requirements. However, this discussion is not directly related to the roadmap. ;-) Denis > As I said before, it didn't make much sense to track > that moving target with incremental I-Ds. I once had three > separate I-Ds but that got so hard to manage and work due to > syntatic and editorial overlap (not to mention review) that I > put them all in one. I prefer to keep that structure together > while we see how things shake out re: DPV/DPD. Since 2560bis is > pretty well on its way, I think we should let that go forward > cleanly rather than force a reset due to adding new syntax. > > Mike > > Michael Myers > t: +415.819.1362 > e: mailto:mike@traceroutesecurity.com > w: http://www.traceroutesecurity.com > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > Peter Gutmann > > Sent: Tuesday, April 23, 2002 8:33 PM > > To: Peter.Sylvester@edelweb.fr > > Cc: ietf-pkix@imc.org > > Subject: Re: roadmap > > > > > > > > Peter Sylvester <Peter.Sylvester@edelweb.fr> writes: > > > > >Thus, it is not just a question of whether OCSP v2 > > being alive or not. > > > > Can I also add a general complaint about the vague > > status of OCSPv2, there's > > already software deployed which uses the extended > > range of cert IDs in the v2 > > draft, which makes it annoying to have it fading in > > and out of consciousness > > every few months. Perhaps the new cert IDs (which > > are a trivial change) could > > be moved into 2560-bis, without requiring all the > > extra stuff which was added > > in the rest of the v2 draft. > > > > Peter. > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3PDDIM22840 for ietf-pkix-bks; Thu, 25 Apr 2002 06:13:18 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDD9a22828 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:13:09 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA13390; Thu, 25 Apr 2002 15:15:50 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515105778:95 ; Thu, 25 Apr 2002 15:10:57 +0200 Message-ID: <3CC80074.331D8B6B@bull.net> Date: Thu, 25 Apr 2002 15:11:16 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Hal Lockhart <hal.lockhart@entegrity.com> CC: "'Michael Myers'" <myers@coastside.net>, stephen.farrell@baltimore.ie, pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <899128A30EEDD1118FC900A0C9C74A3401033FD0@bigbird.gradient.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:10:57, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:13:00, Serialize complete at 25/04/2002 15:13:00 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3PDDAa22831 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hal, > Hal Lockhart a écrit : > > As entertaining as it is to watch you guys talk past each other, this > thread is getting tiresome. Let me take a crack at why I don't think there > is any real disagreement here. > > I think what Denis is saying is that if an entity is a CA, by definition > they are trusted to issue and revoke the certificates they issue, by > virture of being a CA. They can also delegate someone else to do the > revocation, also by virtue of being a CA. If a RP decides to trust their > certs, they must also trust their revocation arrangements. > > In contrast, when somebody sets up a DPV server, whether or not they also > run a CA, there is an independant decision to trust the DPV server. It > does not follow as an automatic consequence of the fact thet the same > organization (or key even) may have issued one or more of the certs in the > chain in question. > > In other words, a CA may run a DPV server, but the server will be trusted > because RPs choose to do so, not because they have previously chosen to > trust certs issued by the CA. > Everybody agree? ;-) In other words, an organisation supporting a CA may also run a DPV server, but the DPV server will be trusted because RPs choose to do so, not because RPS have previously chosen to trust certs issued by the CA hosted by the same organization. Denis > > Hal > > > -----Original Message----- > > From: Michael Myers [mailto:myers@coastside.net] > > Sent: Wednesday, April 17, 2002 11:22 AM > > To: Denis Pinkas; stephen.farrell@baltimore.ie > > Cc: pkix > > Subject: RE: Open issue: DPV additional information > > > > > > > > Denis, > > > > It is precisely that issue of responsibility, in a broader > > sense. I'm quite certain that organizational entities who > > create, issue and maintain the reliability of public key > > certificates will will be the first to claim jursidiction > > regarding their validity. Who is going to claim otherwise? > > > > Mike > > > > > > > -----Original Message----- > > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > > > Sent: Wednesday, April 17, 2002 8:02 AM > > > > Extract from the road map document: > > > > > > Certification Authority (CA) - An authority > > > trusted by one or more users to create and assign > > > public key certificates. Optionally the CA may > > > create the user's keys. It is important to > > > note that the CA is responsible for the public key > > ^^^^^^^^^^^^^^^ > > > certificates during their whole lifetime, not just > > > for issuing them. > > Received: by above.proper.com (8.11.6/8.11.3) id g3PDDBF22836 for ietf-pkix-bks; Thu, 25 Apr 2002 06:13:11 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDD9a22829 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:13:09 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA13396; Thu, 25 Apr 2002 15:15:52 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515121941:96 ; Thu, 25 Apr 2002 15:12:19 +0200 Message-ID: <3CC800C6.3307C050@bull.net> Date: Thu, 25 Apr 2002 15:12:38 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Williams <peterw@valicert.com> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5B5@polaris.valicert.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:12:19, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:13:04, Serialize complete at 25/04/2002 15:13:04 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Providing that Denis and Russ both agree the DPV requirements entail > the following matter (informally expressed), I am happy to proceed, > on this issue: > Without prejudice to other modes of operation, > a DPV server can use an OCSP response issued by an OCSP > responder that is locally trusted by the DPV client through a validation > policy rule) An "OCSP responder that is locally trusted by the DPV client through a validation policy rule" does not make sense. An OCSP responder can be trusted under a given validation policy. If an OCSP responder is locally trusted by a client, then the DPV server is unaware of it. In the chain of trust: a validation policy does not know who the clients are and it is a validation policy issuer that defines which OCSP responders are trusted, not the clients. It is up to the clients to query DPV servers they trust and then they will accept whatever is defined in the validation policy. Denis > and that the DPV server will accept the OCSP response on the > client's behalf in a manner conforming to the rules of OCSP standard. > Given every opportunity to confirm this entailment, todate, Denis > has not done so. With confirmation, we can proceed. Received: by above.proper.com (8.11.6/8.11.3) id g3PDD5P22826 for ietf-pkix-bks; Thu, 25 Apr 2002 06:13:05 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3PDD3a22819 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 06:13:03 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA13386; Thu, 25 Apr 2002 15:15:46 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002042515101248:94 ; Thu, 25 Apr 2002 15:10:12 +0200 Message-ID: <3CC80047.F9A3B8C4@bull.net> Date: Thu, 25 Apr 2002 15:10:31 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: stephen.farrell@baltimore.ie, pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <EOEGJNFMMIBDKGFONJJDKENECJAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:10:12, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 25/04/2002 15:12:56, Serialize complete at 25/04/2002 15:12:56 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, > Denis, > It is precisely that issue of responsibility, in a broader > sense. I'm quite certain that organizational entities who > create, issue and maintain the reliability of public key > certificates will will be the first to claim jursidiction > regarding their validity. Who is going to claim otherwise? Let me provide you with an example: Avis Rent a Car (TM) is wishing to accept tourist car reservations using public key certificates in France. Avis Rent a Car (TM) will define the "Avis Rent a Car (TM) reservation policy in France for tourism vehicules" and state that under this policy Microsoft certificates class X, Verisign Certificates Class Y and Debis certificates Class Z are adequate. Microsoft, Verisign and Debis as CAs, are fully ignorant which applications are making use of their certificates. There needs not be any relationship between validation policy issuers and CAs. Validation policy issuers will pick up in their validation policies which CAs are appropriate. Denis > Mike > > > -----Original Message----- > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > > Sent: Wednesday, April 17, 2002 8:02 AM > > > Extract from the road map document: > > > > Certification Authority (CA) - An authority > > trusted by one or more users to create and assign > > public key certificates. Optionally the CA may > > create the user's keys. It is important to > > note that the CA is responsible for the public key > ^^^^^^^^^^^^^^^ > > certificates during their whole lifetime, not just > > for issuing them. Received: by above.proper.com (8.11.6/8.11.3) id g3PBHcm19460 for ietf-pkix-bks; Thu, 25 Apr 2002 04:17:38 -0700 (PDT) Received: from web20507.mail.yahoo.com (web20507.mail.yahoo.com [216.136.226.142]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3PBHba19455 for <ietf-pkix@imc.org>; Thu, 25 Apr 2002 04:17:37 -0700 (PDT) Message-ID: <20020425111737.70785.qmail@web20507.mail.yahoo.com> Received: from [203.2.208.130] by web20507.mail.yahoo.com via HTTP; Thu, 25 Apr 2002 04:17:37 PDT Date: Thu, 25 Apr 2002 04:17:37 -0700 (PDT) From: Eve Chow <chow_eve@yahoo.com> Subject: code signing To: ietf-pkix@imc.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dear all , I found different code signing cert available in the Verisign site - some for MS Authenticode , some for Netscape object signing , VBA macro / Macromedia flash - are there any difference in the certificate format for different siged object ? While I know the signing method for Authenticode and netscape object signing is different , I am not sure if there is standard for the other objects . If anyone know any reference on this please recommend , thanks ! Eve Chow ===== Eve Chow 1# Rule of Thumb : Something really BAD will come up if nothing is WRONG throughout the project __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3P35io02919 for ietf-pkix-bks; Wed, 24 Apr 2002 20:05:44 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3P35ha02914 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 20:05:43 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3P35hTt013522; Wed, 24 Apr 2002 20:05:44 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Tony Bartoletti" <azb@llnl.gov>, "Trevor Freeman" <trevorf@windows.microsoft.com>, "PKIX " <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 20:02:51 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCECMCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <4.3.2.7.2.20020424184334.00b2dad0@poptop.llnl.gov> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Tony Bartoletti > Sent: Wednesday, April 24, 2002 7:58 PM > > . . . > > The "Server-side" argument for trinary response (not > wanting to pronounce a certificate "invalid" given > lack of information or authority) seems satisfied by > Trevor's Success/Failure terminology, correct? > > Cheers! Hi Tony, I must respectfully disagree for reasons previously cited pending a convincing needs-based argument. Else perhaps what we're really backing ourselves into is a variation of if not precisely the semantics of Peter Gutman's OCSP-based certOK mechanism. Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3P2oV102645 for ietf-pkix-bks; Wed, 24 Apr 2002 19:50:31 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3P2oUa02641 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 19:50:30 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3P2oVTt012442; Wed, 24 Apr 2002 19:50:31 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Williams" <peterw@valicert.com>, "PKIX" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 19:47:39 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAECLCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5C7@polaris.valicert.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, See below. Mike > -----Original Message----- > From: Peter Williams [mailto:peterw@valicert.com] > Sent: Wednesday, April 24, 2002 6:51 PM > To: 'Michael Myers'; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > Mike, > > (1) Can you provide a citation or other professional > reference for the "precise technical meanings" of "valid" and > "invalid", please? Which of the following do you believe should be eliminated from such a definition: 1. Formation of a valid path IAW 2459; 2. Confirmation of revocation status for each certificate in said path; 3. Cryptographic validation of said path IAW 2459. 4. Other practices as required by policy. > (2) Could you also perhaps help me compare > the definition(s) of "valid" used in the > VeriSign CPs (1.2 and 2.0)and the US DOD CP v2 (March > 1999), perhaps, against the recognised > definition of "valid" (see above (1))? Nope. Go for it. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3P1pFq01596 for ietf-pkix-bks; Wed, 24 Apr 2002 18:51:15 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3P1pEa01592 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 18:51:14 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GV300H01P04UH@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 24 Apr 2002 18:48:05 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GV300H3JP04SO@ext-mail.valicert.com>; Wed, 24 Apr 2002 18:48:04 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JQL5ASBW>; Wed, 24 Apr 2002 18:51:07 -0700 Content-return: allowed Date: Wed, 24 Apr 2002 18:51:06 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt To: "'Michael Myers'" <myers@coastside.net>, PKIX <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5C7@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, (1) Can you provide a citation or other professional reference for the "precise technical meanings" of "valid" and "invalid", please? (2) Could you also perhaps help me compare the definition(s) of "valid" used in the VeriSign CPs (1.2 and 2.0)and the US DOD CP v2 (March 1999), perhaps, against the recognised definition of "valid" (see above (1))? In my reading, the two policies seem to offer very different notions of validity: (a1) VeriSign CPS 1.2 (that was effective during issuing of many intermediate CA certs:) "CERTIFICATE MANAGEMENT Certificate management includes, but is not limited to storage, dissemination, publication, revocation, and suspension of certificates. An IA undertakes certificate management functions by serving as a registration authority for subscriber certificates. An IA designates issued and accepted certificates as valid by publication. VALID CERTIFICATE A certificate issued by an IA and accepted by the subscriber listed in it. VALIDATE A CERTIFICATE (i.e., of an END-USER SUBSCRIBER CERTIFICATE) The process performed by a recipient or relying party to confirm that an end-user subscriber certificate is valid and was operational at the date and time a pertinent digital signature was created. VALIDATE A CERTIFICATE CHAIN For each certificate in a chain, the process performed by the recipient or relying party to authenticate the public key (in each certificate), confirm that each certificate is valid, was issued within the operational period of the corresponding IA certificate, and that all parties (IAs, end-user subscribers, recipients, and relying parties) have operated in accordance with this CPS as to all certificates in the chain." (a2) CPS 2.0 - currently effective: This CPS avoids use of the term valid (in respect of certificate) altogether: "Relying Party Agreements also require Relying Parties to check the status of a Certificate on which they wish to rely, as well as all the Certificates in its Certificate Chain in accordance with CPS ?? 4.4.10, 4.4.12. If any of the Certificates in the Certificate Chain have been revoked, according to Relying Party Agreements, the Relying Party must not rely on the end-user Subscriber Certificate or other revoked Certificate in the Certificate Chain. (b) DoD CP v2.0 "2.1.4 Relying party obligations check each certificate for validity, using procedures described in the X.509 standard, and prior to reliance." "The authorized source for information concerning the validity of a certificate shall be the revocation mechanism provided by the CA as defined in its CPS." But note that validity is fungible in DoD CP (and a DOD validation policy by construction) "CA termination will be handled in accordance with section 4.8 above. If the termination is for convenience, contract expiration, re-organization, or other non-security related reason, then certificates may continue to be considered valid at the discretion of the program or relying party (who has been made aware of the termination)." >>>>-----Original Message----- >>>>From: Michael Myers [mailto:myers@coastside.net] >>>>Sent: Wednesday, April 24, 2002 5:44 PM >>>>To: Trevor Freeman; PKIX >>>>Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt >>>> >>>> >>>> >>>>Trevor, >>>> >>>>No, what I'm saying is that valid and invalid have precise >>>>technical meanings that could be potentially relevant to an >>>>arbitration panel if not a court of law. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3P1krK01491 for ietf-pkix-bks; Wed, 24 Apr 2002 18:46:53 -0700 (PDT) Received: from smtp-2.llnl.gov (smtp-2.llnl.gov [128.115.250.82]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3P1kqa01487 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 18:46:52 -0700 (PDT) Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id SAA15640; Wed, 24 Apr 2002 18:46:40 -0700 (PDT) Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id SAA17360; Wed, 24 Apr 2002 18:46:50 -0700 (PDT) Message-Id: <4.3.2.7.2.20020424184334.00b2dad0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 24 Apr 2002 18:58:17 -0800 To: "Michael Myers" <myers@coastside.net>, "Trevor Freeman" <trevorf@windows.microsoft.com>, "PKIX " <ietf-pkix@imc.org> From: Tony Bartoletti <azb@llnl.gov> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt In-Reply-To: <EOEGJNFMMIBDKGFONJJDGECJCKAA.myers@coastside.net> References: <4AEE3169443CDD4796CA8A00B02191CD063C4106@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Seems you have two choices: 1. Go with "Trinary Value", in which case the semantics are satisfied by a. Success_Valid b. Failure_Invalid c. Failure_Unknown 2. Go with "Binary Value", using either a. Valid b. Invalid (see reason code for details) or a. Success b. Failure (see reason codes for details) From a state-machine point of view, even the latter choices are workable, ASSUMING that the indicated reason-codes are "reasonably standardized". The only "client-side-reason" I can see for this 3-valued (or n-valued) response would be a case of clientware capable of automatically seeking a "second opinion" from another source, where the trinary "unknown" is returned (or the reason-code associated with the binary response indicates a possible transient lack of information.) The "Server-side" argument for trinary response (not wanting to pronounce a certificate "invalid" given lack of information or authority) seems satisfied by Trevor's Success/Failure terminology, correct? Cheers! ____tony____ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 At 06:17 PM 4/24/02 -0700, Michael Myers wrote: >Trevor, > >It is my firm belief that at a meta level we are faced >fundamentally with a trinary valued state variable. I've yet to >hear a needs-based argument that dissuades me from that >conviction. Maybe we should discuss offlist and spare the WG >further chatter. My contact info is below. > >Mike > >Michael Myers >t: +415.819.1362 >e: mailto:mike@traceroutesecurity.com >w: http://www.traceroutesecurity.com > > > > > > > -----Original Message----- > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > > Sent: Wednesday, April 24, 2002 6:00 PM > > To: Michael Myers; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Michael, > > Success and failure have precise technical meaning. > > The client is asking > > either "can you validate this certificate" or "can > > you build a path with > > this certificate" The server can succeed in that task > > - which implies > > the certificate is valid or the server build a path, > > or the server > > failed. Using these semantics, failure to comply with > > the clients > > request on the server's part implies nothing about > > the certificate only > > about the server ability, but retains a binary > > response which is simple > > for the client to process. > > We can add specific reasons for the failure in the > > protocol document > > which allow the server to express whatever it wants about its > > inadequacies. > > Is that OK for now? > > > > Trevor > > > > -----Original Message----- > > From: Michael Myers [mailto:myers@coastside.net] > > Sent: Wednesday, April 24, 2002 5:44 PM > > To: Trevor Freeman; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > Trevor, > > > > No, what I'm saying is that valid and invalid have precise > > technical meanings that could be potentially relevant to an > > arbitration panel if not a court of law. The unknown state > > affords a service provider or enterprise deploying a > > server the > > means to escape out of binding itself into a situation that > > could possibly put it at financial risk. > > > > I could be totally wrong in that perception, but that's what I > > think. Several years ago it was just crypto and toolkits. > > Today there's laws and regulations and jurisdictional forums > > considering how this technology applies to societal > > factors. I > > for one think we need to be responsible in this regard. > > > > Else maybe what you're talking about is more aligned > > with Peter > > Gutman's certOK proposal. > > > > Mike > > > > > > > > Michael Myers > > t: +415.819.1362 > > e: mailto:mike@traceroutesecurity.com > > w: http://www.traceroutesecurity.com > > > > > -----Original Message----- > > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > > > Sent: Wednesday, April 24, 2002 4:44 PM > > > To: Michael Myers; PKIX > > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > > > > Mike, > > > All you are saying is that the server needs to > > > clarity the reason for > > > the inability to validate the certificate. You > > > objection seems to be > > > wording of the return state in the requirement > > > document implying more > > > than is intended. Rather that naming them in the > > > requirements document > > > valid and invalid, we can name them success and > > > failure. Success means > > > the server was able to complete the client request, > > > and failure means it > > > did not. > > > > > > Trevor > > > -----Original Message----- > > > From: Michael Myers [mailto:myers@coastside.net] > > > Sent: Wednesday, April 24, 2002 3:54 PM > > > To: Trevor Freeman; PKIX > > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Trevor, > > > > > > I agree with you and Russ that from a state machine > > > perspective, > > > a client will probably take the same action in both > > > the unknown > > > and invalid cases. However, from a server, or more > > > importantly > > > a service perspective, I suspect there exists an appreciable > > > semantic difference in a legal or liability sense > > > between these > > > two states. > > > > > > I've had the pleasure over the past few years of abundant > > > exposure to lawyers, bankers, regulators and other > > such types > > > regarding these and related issues. I'm sure many > > of us share > > > that experience in one form or another. > > > > > > Now, I'm no lawyer but given that exposure it seems > > > to me that a > > > service (i.e. that which runs a server) is setting > > > itself up for > > > disaster by asserting a digitally signed "invalid" > > > when in point > > > of fact that service hasn't the data, jurisdiction or > > > delegation > > > to make such an unequivocal assertion. > > > > > > As a hypothetical, consider a party seeking damages > > > to which an > > > invalid assertion is useful as evidence even though the > > > certificate in question is provably valid given > > access to the > > > relevant data. That plaintiff could arguably find > > > some service > > > that doesn't know diddly about the certificate to issue a > > > digitally signed "invalid" and there you go. That > > > TTP may have > > > just stuck its neck out. > > > > > > I know that's probably a stretch, but not > > inconceivable given > > > some the purposes to which certs and sigs are today being > > > applied. Better it seems by far to enable an "out" > > > via unknown > > > even if at the other end, the client does nothing > > differently. > > > > > > Valid and Invalid mean something very precise to my way of > > > thinking. It means data was accumulated, a path was > > > successfully constructed, revocation information was > > > checked and > > > the entire dataset checked according to 2459 and > > whatever else > > > might specified by the policy in place at the time > > between the > > > client and the server/service. Break any one of those > > > assumptions and one can't assert invalid. Hence we need > > > unknown. > > > > > > Mike > > > > > > > > > > -----Original Message----- > > > > From: Trevor Freeman >[mailto:trevorf@windows.microsoft.com] > > > Sent: Wednesday, April 24, 2002 11:33 AM > > > To: Michael Myers; PKIX > > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > > > > Mike, > > > I realise there has been several mailing on this > > > topic, but so far no > > > consensus. > > > Apart form references to 2560, I have not seen much > > > in the way of > > > reasoned justification as to why we need another > > > return code in DPV/DPD. > > > All this additional return value is indicating is > > > some kind of failure > > > on the part of the server. We have defined the > > requirement for > > > additional information on the error to be returned by > > > the server to > > > clarify the nature of the failure to the client. If > > > you want to refine > > > the defined list of sub-status reasons when we get to > > > define the > > > protocol then I am sure we can debate this more > > > meaningfully then. > > > However since one of the goals of the DPV protocol is > > > to address > > > constrained clients, then we have to be hard core on > > > not complication > > > the protocol. > > > > > > Trevor > > > > Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3P1KYM00992 for ietf-pkix-bks; Wed, 24 Apr 2002 18:20:34 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3P1KWa00988 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 18:20:32 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3P1KXTt006178; Wed, 24 Apr 2002 18:20:33 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Trevor Freeman" <trevorf@windows.microsoft.com>, "PKIX " <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 18:17:40 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDGECJCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <4AEE3169443CDD4796CA8A00B02191CD063C4106@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Trevor, It is my firm belief that at a meta level we are faced fundamentally with a trinary valued state variable. I've yet to hear a needs-based argument that dissuades me from that conviction. Maybe we should discuss offlist and spare the WG further chatter. My contact info is below. Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > Sent: Wednesday, April 24, 2002 6:00 PM > To: Michael Myers; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > Michael, > Success and failure have precise technical meaning. > The client is asking > either "can you validate this certificate" or "can > you build a path with > this certificate" The server can succeed in that task > - which implies > the certificate is valid or the server build a path, > or the server > failed. Using these semantics, failure to comply with > the clients > request on the server's part implies nothing about > the certificate only > about the server ability, but retains a binary > response which is simple > for the client to process. > We can add specific reasons for the failure in the > protocol document > which allow the server to express whatever it wants about its > inadequacies. > Is that OK for now? > > Trevor > > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Wednesday, April 24, 2002 5:44 PM > To: Trevor Freeman; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > Trevor, > > No, what I'm saying is that valid and invalid have precise > technical meanings that could be potentially relevant to an > arbitration panel if not a court of law. The unknown state > affords a service provider or enterprise deploying a > server the > means to escape out of binding itself into a situation that > could possibly put it at financial risk. > > I could be totally wrong in that perception, but that's what I > think. Several years ago it was just crypto and toolkits. > Today there's laws and regulations and jurisdictional forums > considering how this technology applies to societal > factors. I > for one think we need to be responsible in this regard. > > Else maybe what you're talking about is more aligned > with Peter > Gutman's certOK proposal. > > Mike > > > > Michael Myers > t: +415.819.1362 > e: mailto:mike@traceroutesecurity.com > w: http://www.traceroutesecurity.com > > > -----Original Message----- > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > > Sent: Wednesday, April 24, 2002 4:44 PM > > To: Michael Myers; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Mike, > > All you are saying is that the server needs to > > clarity the reason for > > the inability to validate the certificate. You > > objection seems to be > > wording of the return state in the requirement > > document implying more > > than is intended. Rather that naming them in the > > requirements document > > valid and invalid, we can name them success and > > failure. Success means > > the server was able to complete the client request, > > and failure means it > > did not. > > > > Trevor > > -----Original Message----- > > From: Michael Myers [mailto:myers@coastside.net] > > Sent: Wednesday, April 24, 2002 3:54 PM > > To: Trevor Freeman; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > Trevor, > > > > I agree with you and Russ that from a state machine > > perspective, > > a client will probably take the same action in both > > the unknown > > and invalid cases. However, from a server, or more > > importantly > > a service perspective, I suspect there exists an appreciable > > semantic difference in a legal or liability sense > > between these > > two states. > > > > I've had the pleasure over the past few years of abundant > > exposure to lawyers, bankers, regulators and other > such types > > regarding these and related issues. I'm sure many > of us share > > that experience in one form or another. > > > > Now, I'm no lawyer but given that exposure it seems > > to me that a > > service (i.e. that which runs a server) is setting > > itself up for > > disaster by asserting a digitally signed "invalid" > > when in point > > of fact that service hasn't the data, jurisdiction or > > delegation > > to make such an unequivocal assertion. > > > > As a hypothetical, consider a party seeking damages > > to which an > > invalid assertion is useful as evidence even though the > > certificate in question is provably valid given > access to the > > relevant data. That plaintiff could arguably find > > some service > > that doesn't know diddly about the certificate to issue a > > digitally signed "invalid" and there you go. That > > TTP may have > > just stuck its neck out. > > > > I know that's probably a stretch, but not > inconceivable given > > some the purposes to which certs and sigs are today being > > applied. Better it seems by far to enable an "out" > > via unknown > > even if at the other end, the client does nothing > differently. > > > > Valid and Invalid mean something very precise to my way of > > thinking. It means data was accumulated, a path was > > successfully constructed, revocation information was > > checked and > > the entire dataset checked according to 2459 and > whatever else > > might specified by the policy in place at the time > between the > > client and the server/service. Break any one of those > > assumptions and one can't assert invalid. Hence we need > > unknown. > > > > Mike > > > > > > > -----Original Message----- > > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > > Sent: Wednesday, April 24, 2002 11:33 AM > > To: Michael Myers; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Mike, > > I realise there has been several mailing on this > > topic, but so far no > > consensus. > > Apart form references to 2560, I have not seen much > > in the way of > > reasoned justification as to why we need another > > return code in DPV/DPD. > > All this additional return value is indicating is > > some kind of failure > > on the part of the server. We have defined the > requirement for > > additional information on the error to be returned by > > the server to > > clarify the nature of the failure to the client. If > > you want to refine > > the defined list of sub-status reasons when we get to > > define the > > protocol then I am sure we can debate this more > > meaningfully then. > > However since one of the goals of the DPV protocol is > > to address > > constrained clients, then we have to be hard core on > > not complication > > the protocol. > > > > Trevor > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3P13h800632 for ietf-pkix-bks; Wed, 24 Apr 2002 18:03:43 -0700 (PDT) Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3P13fa00628 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 18:03:41 -0700 (PDT) Received: from INET-VRS-03.redmond.corp.microsoft.com ([157.54.5.27]) by mail3.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 18:03:40 -0700 Received: from 157.54.6.197 by INET-VRS-03.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 24 Apr 2002 18:03:40 -0700 Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-06.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 18:03:39 -0700 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 18:03:39 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3604.0); Wed, 24 Apr 2002 17:59:53 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 17:59:52 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CD063C4106@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Thread-Index: AcHr8jddH5rhauP3RsS84FDdK/UNmwAAKfFA From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Michael Myers" <myers@coastside.net>, "PKIX " <ietf-pkix@imc.org> X-OriginalArrivalTime: 25 Apr 2002 00:59:53.0202 (UTC) FILETIME=[82331D20:01C1EBF4] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3P13ga00629 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, Success and failure have precise technical meaning. The client is asking either "can you validate this certificate" or "can you build a path with this certificate" The server can succeed in that task - which implies the certificate is valid or the server build a path, or the server failed. Using these semantics, failure to comply with the clients request on the server's part implies nothing about the certificate only about the server ability, but retains a binary response which is simple for the client to process. We can add specific reasons for the failure in the protocol document which allow the server to express whatever it wants about its inadequacies. Is that OK for now? Trevor -----Original Message----- From: Michael Myers [mailto:myers@coastside.net] Sent: Wednesday, April 24, 2002 5:44 PM To: Trevor Freeman; PKIX Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Trevor, No, what I'm saying is that valid and invalid have precise technical meanings that could be potentially relevant to an arbitration panel if not a court of law. The unknown state affords a service provider or enterprise deploying a server the means to escape out of binding itself into a situation that could possibly put it at financial risk. I could be totally wrong in that perception, but that's what I think. Several years ago it was just crypto and toolkits. Today there's laws and regulations and jurisdictional forums considering how this technology applies to societal factors. I for one think we need to be responsible in this regard. Else maybe what you're talking about is more aligned with Peter Gutman's certOK proposal. Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > Sent: Wednesday, April 24, 2002 4:44 PM > To: Michael Myers; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > Mike, > All you are saying is that the server needs to > clarity the reason for > the inability to validate the certificate. You > objection seems to be > wording of the return state in the requirement > document implying more > than is intended. Rather that naming them in the > requirements document > valid and invalid, we can name them success and > failure. Success means > the server was able to complete the client request, > and failure means it > did not. > > Trevor > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Wednesday, April 24, 2002 3:54 PM > To: Trevor Freeman; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > Trevor, > > I agree with you and Russ that from a state machine > perspective, > a client will probably take the same action in both > the unknown > and invalid cases. However, from a server, or more > importantly > a service perspective, I suspect there exists an appreciable > semantic difference in a legal or liability sense > between these > two states. > > I've had the pleasure over the past few years of abundant > exposure to lawyers, bankers, regulators and other such types > regarding these and related issues. I'm sure many of us share > that experience in one form or another. > > Now, I'm no lawyer but given that exposure it seems > to me that a > service (i.e. that which runs a server) is setting > itself up for > disaster by asserting a digitally signed "invalid" > when in point > of fact that service hasn't the data, jurisdiction or > delegation > to make such an unequivocal assertion. > > As a hypothetical, consider a party seeking damages > to which an > invalid assertion is useful as evidence even though the > certificate in question is provably valid given access to the > relevant data. That plaintiff could arguably find > some service > that doesn't know diddly about the certificate to issue a > digitally signed "invalid" and there you go. That > TTP may have > just stuck its neck out. > > I know that's probably a stretch, but not inconceivable given > some the purposes to which certs and sigs are today being > applied. Better it seems by far to enable an "out" > via unknown > even if at the other end, the client does nothing differently. > > Valid and Invalid mean something very precise to my way of > thinking. It means data was accumulated, a path was > successfully constructed, revocation information was > checked and > the entire dataset checked according to 2459 and whatever else > might specified by the policy in place at the time between the > client and the server/service. Break any one of those > assumptions and one can't assert invalid. Hence we need > unknown. > > Mike > > > > -----Original Message----- > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > > Sent: Wednesday, April 24, 2002 11:33 AM > > To: Michael Myers; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Mike, > > I realise there has been several mailing on this > > topic, but so far no > > consensus. > > Apart form references to 2560, I have not seen much > > in the way of > > reasoned justification as to why we need another > > return code in DPV/DPD. > > All this additional return value is indicating is > > some kind of failure > > on the part of the server. We have defined the > requirement for > > additional information on the error to be returned by > > the server to > > clarify the nature of the failure to the client. If > > you want to refine > > the defined list of sub-status reasons when we get to > > define the > > protocol then I am sure we can debate this more > > meaningfully then. > > However since one of the goals of the DPV protocol is > > to address > > constrained clients, then we have to be hard core on > > not complication > > the protocol. > > > > Trevor > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3P0l2l29963 for ietf-pkix-bks; Wed, 24 Apr 2002 17:47:02 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3P0l1a29959 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 17:47:01 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3P0l2Tt003811; Wed, 24 Apr 2002 17:47:02 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Trevor Freeman" <trevorf@windows.microsoft.com>, "PKIX " <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 17:44:09 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKECHCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <4AEE3169443CDD4796CA8A00B02191CD063C4105@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Trevor, No, what I'm saying is that valid and invalid have precise technical meanings that could be potentially relevant to an arbitration panel if not a court of law. The unknown state affords a service provider or enterprise deploying a server the means to escape out of binding itself into a situation that could possibly put it at financial risk. I could be totally wrong in that perception, but that's what I think. Several years ago it was just crypto and toolkits. Today there's laws and regulations and jurisdictional forums considering how this technology applies to societal factors. I for one think we need to be responsible in this regard. Else maybe what you're talking about is more aligned with Peter Gutman's certOK proposal. Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > Sent: Wednesday, April 24, 2002 4:44 PM > To: Michael Myers; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > Mike, > All you are saying is that the server needs to > clarity the reason for > the inability to validate the certificate. You > objection seems to be > wording of the return state in the requirement > document implying more > than is intended. Rather that naming them in the > requirements document > valid and invalid, we can name them success and > failure. Success means > the server was able to complete the client request, > and failure means it > did not. > > Trevor > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Wednesday, April 24, 2002 3:54 PM > To: Trevor Freeman; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > Trevor, > > I agree with you and Russ that from a state machine > perspective, > a client will probably take the same action in both > the unknown > and invalid cases. However, from a server, or more > importantly > a service perspective, I suspect there exists an appreciable > semantic difference in a legal or liability sense > between these > two states. > > I've had the pleasure over the past few years of abundant > exposure to lawyers, bankers, regulators and other such types > regarding these and related issues. I'm sure many of us share > that experience in one form or another. > > Now, I'm no lawyer but given that exposure it seems > to me that a > service (i.e. that which runs a server) is setting > itself up for > disaster by asserting a digitally signed "invalid" > when in point > of fact that service hasn't the data, jurisdiction or > delegation > to make such an unequivocal assertion. > > As a hypothetical, consider a party seeking damages > to which an > invalid assertion is useful as evidence even though the > certificate in question is provably valid given access to the > relevant data. That plaintiff could arguably find > some service > that doesn't know diddly about the certificate to issue a > digitally signed "invalid" and there you go. That > TTP may have > just stuck its neck out. > > I know that's probably a stretch, but not inconceivable given > some the purposes to which certs and sigs are today being > applied. Better it seems by far to enable an "out" > via unknown > even if at the other end, the client does nothing differently. > > Valid and Invalid mean something very precise to my way of > thinking. It means data was accumulated, a path was > successfully constructed, revocation information was > checked and > the entire dataset checked according to 2459 and whatever else > might specified by the policy in place at the time between the > client and the server/service. Break any one of those > assumptions and one can't assert invalid. Hence we need > unknown. > > Mike > > > > -----Original Message----- > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > > Sent: Wednesday, April 24, 2002 11:33 AM > > To: Michael Myers; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Mike, > > I realise there has been several mailing on this > > topic, but so far no > > consensus. > > Apart form references to 2560, I have not seen much > > in the way of > > reasoned justification as to why we need another > > return code in DPV/DPD. > > All this additional return value is indicating is > > some kind of failure > > on the part of the server. We have defined the > requirement for > > additional information on the error to be returned by > > the server to > > clarify the nature of the failure to the client. If > > you want to refine > > the defined list of sub-status reasons when we get to > > define the > > protocol then I am sure we can debate this more > > meaningfully then. > > However since one of the goals of the DPV protocol is > > to address > > constrained clients, then we have to be hard core on > > not complication > > the protocol. > > > > Trevor > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3ONm9i28854 for ietf-pkix-bks; Wed, 24 Apr 2002 16:48:09 -0700 (PDT) Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3ONm8a28850 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 16:48:08 -0700 (PDT) Received: from INET-VRS-03.redmond.corp.microsoft.com ([157.54.5.27]) by mail3.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 16:48:06 -0700 Received: from 157.54.6.197 by INET-VRS-03.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 24 Apr 2002 16:48:06 -0700 Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-06.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 16:48:06 -0700 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Wed, 24 Apr 2002 16:48:05 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Wed, 24 Apr 2002 16:44:24 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 16:44:23 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CD063C4105@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Thread-Index: AcHr4smZWCdxtQAFQ9iOm/CEGTBsiAABpW2A From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Michael Myers" <myers@coastside.net>, "PKIX " <ietf-pkix@imc.org> X-OriginalArrivalTime: 24 Apr 2002 23:44:24.0049 (UTC) FILETIME=[F69D3610:01C1EBE9] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3ONm8a28851 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, All you are saying is that the server needs to clarity the reason for the inability to validate the certificate. You objection seems to be wording of the return state in the requirement document implying more than is intended. Rather that naming them in the requirements document valid and invalid, we can name them success and failure. Success means the server was able to complete the client request, and failure means it did not. Trevor -----Original Message----- From: Michael Myers [mailto:myers@coastside.net] Sent: Wednesday, April 24, 2002 3:54 PM To: Trevor Freeman; PKIX Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Trevor, I agree with you and Russ that from a state machine perspective, a client will probably take the same action in both the unknown and invalid cases. However, from a server, or more importantly a service perspective, I suspect there exists an appreciable semantic difference in a legal or liability sense between these two states. I've had the pleasure over the past few years of abundant exposure to lawyers, bankers, regulators and other such types regarding these and related issues. I'm sure many of us share that experience in one form or another. Now, I'm no lawyer but given that exposure it seems to me that a service (i.e. that which runs a server) is setting itself up for disaster by asserting a digitally signed "invalid" when in point of fact that service hasn't the data, jurisdiction or delegation to make such an unequivocal assertion. As a hypothetical, consider a party seeking damages to which an invalid assertion is useful as evidence even though the certificate in question is provably valid given access to the relevant data. That plaintiff could arguably find some service that doesn't know diddly about the certificate to issue a digitally signed "invalid" and there you go. That TTP may have just stuck its neck out. I know that's probably a stretch, but not inconceivable given some the purposes to which certs and sigs are today being applied. Better it seems by far to enable an "out" via unknown even if at the other end, the client does nothing differently. Valid and Invalid mean something very precise to my way of thinking. It means data was accumulated, a path was successfully constructed, revocation information was checked and the entire dataset checked according to 2459 and whatever else might specified by the policy in place at the time between the client and the server/service. Break any one of those assumptions and one can't assert invalid. Hence we need unknown. Mike > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > Sent: Wednesday, April 24, 2002 11:33 AM > To: Michael Myers; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > Mike, > I realise there has been several mailing on this > topic, but so far no > consensus. > Apart form references to 2560, I have not seen much > in the way of > reasoned justification as to why we need another > return code in DPV/DPD. > All this additional return value is indicating is > some kind of failure > on the part of the server. We have defined the requirement for > additional information on the error to be returned by > the server to > clarify the nature of the failure to the client. If > you want to refine > the defined list of sub-status reasons when we get to > define the > protocol then I am sure we can debate this more > meaningfully then. > However since one of the goals of the DPV protocol is > to address > constrained clients, then we have to be hard core on > not complication > the protocol. > > Trevor Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3ONBYp27885 for ietf-pkix-bks; Wed, 24 Apr 2002 16:11:34 -0700 (PDT) Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3ONBXa27879 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 16:11:33 -0700 (PDT) Received: from vhqpostal-gw1.verisign.com (verisign.com [65.205.251.55]) by peacock.verisign.com (8.11.3/BCH1.7.5) with ESMTP id g3ON7kD25296; Wed, 24 Apr 2002 16:07:47 -0700 (PDT) Received: by vhqpostal-gw1.verisign.com with Internet Mail Service (5.5.2653.19) id <G4SDJMHN>; Wed, 24 Apr 2002 16:12:57 -0700 Message-ID: <FBDFBCB7591BD611AB4A00D0B79E60B0A79216@vhqpostal2.verisign.com> From: "Deacon, Alex" <alex@verisign.com> To: "'Michael Myers'" <myers@coastside.net>, Trevor Freeman <trevorf@windows.microsoft.com>, PKIX <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 16:12:13 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Thanks Mike, I agree 100%. In addition, the definition of an unknown status maps well to the unknown status defined in 2560. Alex > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Wednesday, April 24, 2002 3:54 PM > To: Trevor Freeman; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > Trevor, > > I agree with you and Russ that from a state machine perspective, > a client will probably take the same action in both the unknown > and invalid cases. However, from a server, or more importantly > a service perspective, I suspect there exists an appreciable > semantic difference in a legal or liability sense between these > two states. > > I've had the pleasure over the past few years of abundant > exposure to lawyers, bankers, regulators and other such types > regarding these and related issues. I'm sure many of us share > that experience in one form or another. > > Now, I'm no lawyer but given that exposure it seems to me that a > service (i.e. that which runs a server) is setting itself up for > disaster by asserting a digitally signed "invalid" when in point > of fact that service hasn't the data, jurisdiction or delegation > to make such an unequivocal assertion. > > As a hypothetical, consider a party seeking damages to which an > invalid assertion is useful as evidence even though the > certificate in question is provably valid given access to the > relevant data. That plaintiff could arguably find some service > that doesn't know diddly about the certificate to issue a > digitally signed "invalid" and there you go. That TTP may have > just stuck its neck out. > > I know that's probably a stretch, but not inconceivable given > some the purposes to which certs and sigs are today being > applied. Better it seems by far to enable an "out" via unknown > even if at the other end, the client does nothing differently. > > Valid and Invalid mean something very precise to my way of > thinking. It means data was accumulated, a path was > successfully constructed, revocation information was checked and > the entire dataset checked according to 2459 and whatever else > might specified by the policy in place at the time between the > client and the server/service. Break any one of those > assumptions and one can't assert invalid. Hence we need > unknown. > > Mike > > > > -----Original Message----- > > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > > Sent: Wednesday, April 24, 2002 11:33 AM > > To: Michael Myers; PKIX > > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > > > > Mike, > > I realise there has been several mailing on this > > topic, but so far no > > consensus. > > Apart form references to 2560, I have not seen much > > in the way of > > reasoned justification as to why we need another > > return code in DPV/DPD. > > All this additional return value is indicating is > > some kind of failure > > on the part of the server. We have defined the requirement for > > additional information on the error to be returned by > > the server to > > clarify the nature of the failure to the client. If > > you want to refine > > the defined list of sub-status reasons when we get to > > define the > > protocol then I am sure we can debate this more > > meaningfully then. > > However since one of the goals of the DPV protocol is > > to address > > constrained clients, then we have to be hard core on > > not complication > > the protocol. > > > > Trevor > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3OMue927562 for ietf-pkix-bks; Wed, 24 Apr 2002 15:56:40 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OMuca27558 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 15:56:38 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3OMubTt024069; Wed, 24 Apr 2002 15:56:38 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Trevor Freeman" <trevorf@windows.microsoft.com>, "PKIX " <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 15:53:46 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDEECFCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <4AEE3169443CDD4796CA8A00B02191CD063C4102@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Trevor, I agree with you and Russ that from a state machine perspective, a client will probably take the same action in both the unknown and invalid cases. However, from a server, or more importantly a service perspective, I suspect there exists an appreciable semantic difference in a legal or liability sense between these two states. I've had the pleasure over the past few years of abundant exposure to lawyers, bankers, regulators and other such types regarding these and related issues. I'm sure many of us share that experience in one form or another. Now, I'm no lawyer but given that exposure it seems to me that a service (i.e. that which runs a server) is setting itself up for disaster by asserting a digitally signed "invalid" when in point of fact that service hasn't the data, jurisdiction or delegation to make such an unequivocal assertion. As a hypothetical, consider a party seeking damages to which an invalid assertion is useful as evidence even though the certificate in question is provably valid given access to the relevant data. That plaintiff could arguably find some service that doesn't know diddly about the certificate to issue a digitally signed "invalid" and there you go. That TTP may have just stuck its neck out. I know that's probably a stretch, but not inconceivable given some the purposes to which certs and sigs are today being applied. Better it seems by far to enable an "out" via unknown even if at the other end, the client does nothing differently. Valid and Invalid mean something very precise to my way of thinking. It means data was accumulated, a path was successfully constructed, revocation information was checked and the entire dataset checked according to 2459 and whatever else might specified by the policy in place at the time between the client and the server/service. Break any one of those assumptions and one can't assert invalid. Hence we need unknown. Mike > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > Sent: Wednesday, April 24, 2002 11:33 AM > To: Michael Myers; PKIX > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > Mike, > I realise there has been several mailing on this > topic, but so far no > consensus. > Apart form references to 2560, I have not seen much > in the way of > reasoned justification as to why we need another > return code in DPV/DPD. > All this additional return value is indicating is > some kind of failure > on the part of the server. We have defined the requirement for > additional information on the error to be returned by > the server to > clarify the nature of the failure to the client. If > you want to refine > the defined list of sub-status reasons when we get to > define the > protocol then I am sure we can debate this more > meaningfully then. > However since one of the goals of the DPV protocol is > to address > constrained clients, then we have to be hard core on > not complication > the protocol. > > Trevor Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3OMHPU27076 for ietf-pkix-bks; Wed, 24 Apr 2002 15:17:25 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OMHOa27070 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 15:17:24 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3OMHLTt020015; Wed, 24 Apr 2002 15:17:24 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Housley, Russ" <rhousley@rsasecurity.com> Cc: "'PKIX '" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 15:14:29 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIECECKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <5.1.0.14.2.20020424104338.0209fde8@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, Will take up the "unknown" thread via Trevor's recent posting. Good to hear you interpret the text as I do re: DPD server auth, namely there's no prejudice against lower layer mechanisms. I'm still though trying to understand what needs policy discovery truly addresses. What might be called the use cases. To my way of thinking about this, a client is interested in *its* policy or the one or ones it is constrained to use, static or otherwise, implicit default or directly signalled in its request. Would a discovery query prove this? Certainly. But so would an unsupportedPolicy response back from the server. I can see that policy discovery could be useful to the initialization of a freshly installed client, especially from an enterprise perspective, but then there's a trust issue there. A policy discovery function might also be useful in developing an Internet-wide profile of which servers do which things, but I'm not sure that's the intent. Or is it? As I said, I'm just trying to understand the driver behind the discovery piece. Maybe like the roots issue, I'm overlooking something obvious. Mike > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Wednesday, April 24, 2002 11:21 AM > To: Michael Myers > Cc: 'PKIX ' > Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt > > > Mike: > > > > DPV REQUIREMENTS > > > **************** > > > > > > Editorial > > > --------- > > > "Unless an error is reported, the DPV response MUST > > > indicate one > > > of the following two status alternatives:" > > > > > > MM3: Change "two" to "three" to reflect {valid, invalid, > > > unknown} > > > > > > [RH] I am having a real problem differentiating > > > invalid and unknown. To my way of thinking, the > > > actions taken by a client will be the same in > > > either case. > > > >{valid, invalid, unknown} is the resolution of record and > >defined in the text. My comment was just pointing out an > >editorial wrinkle that needs smoothing out. > > [RH] I agree that a change was made to add the > "unknown" response in draft > -04. I am not convinced that we did anything useful > for the client. I > think the client will treat "invalid" and "unknown" > exactly the same. > > > > > Signing DPD responses an option > > > ------------------------------- > > > "For the client to be confident that the response > originates > > > from the expected DPD server, the server MAY provide an > > > authenticated response. For example, the server > might sign the > > > response." > > > > > > And, > > > > > > "The DPD server MAY require client > authentication, therefore, > > > the DPD request MUST be able to be authenticated." > > > > > > MM14: Signing is an example, not a requirement, correct? > > > Lower-layer security protocols could equally > address server auth > > > needs. Suggest appending to the last sentence of > the first > > > requirement " . . . or the client could invoke a > lower-layer > > > security protocol that authenticates the server > (e.g. TLS)." > > > This also folds in well with the MUST regarding > support for > > > client auth. > > > > > > [RH] DPV requires signature on the response. Why > not allow > > > some consistency? > > > >I see no needs-based driver for signed DPD responses. A DPD > >server is simply acting as an aggregation point for access to > >signed data produced by others. As I said before, > one of the > >potential features of DPD over DPV is that a DPD > server arguably > >need not be trusted in a certification sense while a > DPV server > >clearly must (assuming of course that server does not combine > >both functions). A non-normative statement that where DPD > >server auth is relevant lower layer protocols can > suffice would > >preserve this quality with no loss of security assurance. > > [RH] Just rereading the text, I think that the text > in draft -04 allows > either lower layer mechanisms or signatures within > the DPD protocol. I do > not think that there is a need to change anything here. > > > > > POLICY DISCOVERY REQUIREMENT > > > **************************** > > > > > > Thought we got rid of PDP-type requirements > > > ------------------------------------------- > > > "The client MUST be able to obtain references for > the default > > > policy or for all of the policies supported by > the server by > > > using an additional request/response pair. The > response can > > > include references to previously defined policies or > > > to a priori > > > known policies." > > > > > > MM15: I thought we got rid of all PDP-type > requirements in this > > > DPV/DPD requirements document. The above text > seems to mandate > > > that any protocol responsive to this document > MUST define a > > > request/response pair for policy discovery. > > > > > > [RH] We want the client to be able to get a list > of the policies. > > > PDP (in a future document) will address the > definition of said > > > policies. > > > >A DPV or DPD server can iterate through its list of policy > >definitions and either execute accordingly or send back > >unsupportedPolicy. What's important to the client > is that the > >server either does or does not support the policy the client > >specifies in its request. > > The requirement says that the client can ask the > server for a list of > policy identifiers that it is currently supporting. > This does not mean > that they were dynamically defined policies. > > Russ > Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3OIb4R22692 for ietf-pkix-bks; Wed, 24 Apr 2002 11:37:04 -0700 (PDT) Received: from mail5.microsoft.com (mail5.microsoft.com [131.107.3.121]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OIb2a22688 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 11:37:02 -0700 (PDT) Received: from inet-vrs-05.redmond.corp.microsoft.com ([157.54.6.148]) by mail5.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 11:36:59 -0700 Received: from 157.54.6.150 by inet-vrs-05.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 24 Apr 2002 11:36:59 -0700 Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 11:36:56 -0700 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 24 Apr 2002 11:36:58 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Wed, 24 Apr 2002 11:33:17 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Wed, 24 Apr 2002 11:33:19 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CD063C4102@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Thread-Index: AcHrP8A+HVauIVKeQuu3KfwQr/YwtwAfVwNA From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Michael Myers" <myers@coastside.net>, "PKIX " <ietf-pkix@imc.org> X-OriginalArrivalTime: 24 Apr 2002 18:33:17.0223 (UTC) FILETIME=[80519B70:01C1EBBE] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3OIb2a22689 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, I realise there has been several mailing on this topic, but so far no consensus. Apart form references to 2560, I have not seen much in the way of reasoned justification as to why we need another return code in DPV/DPD. All this additional return value is indicating is some kind of failure on the part of the server. We have defined the requirement for additional information on the error to be returned by the server to clarify the nature of the failure to the client. If you want to refine the defined list of sub-status reasons when we get to define the protocol then I am sure we can debate this more meaningfully then. However since one of the goals of the DPV protocol is to address constrained clients, then we have to be hard core on not complication the protocol. Trevor -----Original Message----- From: Michael Myers [mailto:myers@coastside.net] Sent: Tuesday, April 23, 2002 8:19 PM To: PKIX Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Trevor, Regarding the existence of the "unknown" state as the resolution of record, the following WG list-based dialogs exist on this point. These yeilded the list-based consensus reflected in -04 modulo that one word I referred to earlier. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Tuesday, February 26, 2002 1:51 AM > > So I would propose the following fix: > > The DPV response MAY indicate one of three status > alternatives: > > 1) the certificate is valid according to the > validation policy. > > 2) the certificate is invalid according to the > validation policy. A secondary status MAY indicate > that the certificate is definitively invalid or > potentially valid. > > In the former case, if another request was made > later on, the certificate will still be determined > as invalid. > > In the later case, if another request could > made later on, the certificate could possibly > be determined as valid. This condition will > occur before a certificate validity period has > begun, while a certificate is suspended, or > when, at the time the server generated the > response, all conditions of the > validation policy could not be met. > > 3) the server cannot determine the validity of the > certificate. This condition will occur when a > certification path cannot be constructed or > some revocation information is unavailable. > > Denis > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Wednesday, February 27, 2002 5:19 AM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: Re: "Potentially valid" response state in > DPV/DPD rqmts I-D > > > > Michael, > > > Denis, > > > > Okay, if I may summarize at a high level my current > > understanding: > > > > We are now effectively back to {valid, invalid, > > unknown}. All responses MUST indicate the relevant > > validation policy. This policy MAY be established out > > of band. An "invalid" response MAY contain reason > > codes or similar information that aids a client in > > determining the likelihood that the same request sent > > at a later time would return "valid". An "unknown" > > response MAY contain reason codes or similar information > > that indicates a failure to acquire all relevant data. > > > > Is that a fair summary? > > Yes, indeed it is. > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Tuesday, February 26, 2002 3:04 AM > To: Peter Sylvester > Cc: myers@coastside.net; ietf-pkix@imc.org > Subject: Re: "Potentially valid" response state in > DPV/DPD rqmts I-D > > > > Peter, > > > > The DPV response MAY indicate one of three status > > > alternatives: > > > > > > 1) the certificate is valid according to the > > > validation policy. > > > > > > 2) the certificate is invalid according to the > > > validation policy. A secondary status MAY > > > indicate that the certificate is > > > definitively invalid or potentially valid. > > > > > > In the former case, if another request was > > > made later on, the certificate will still > > > be determined as invalid. > > > > > > In the later case, if another request could > > > made later on, the certificate could possibly > > > be determined as valid. This condition will > > > occur before a certificate validity period has > > > begun, while a certificate is suspended, or > > > when, at the time the server generated the > > > response, all conditions of the validation > > > policy could not be met. > > > > > > 3) the server cannot determine the validity of > > > the certificate. This condition will occur > > > when a certification path cannot be constructed > > > or some revocation information is unavailable. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3OIMDk22397 for ietf-pkix-bks; Wed, 24 Apr 2002 11:22:13 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3OIM7a22393 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 11:22:07 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 24 Apr 2002 18:20:50 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id OAA07122 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 14:20:33 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3OIM4X22663 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 14:22:04 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1W24N>; Wed, 24 Apr 2002 14:19:31 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.133]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1W242; Wed, 24 Apr 2002 14:19:23 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Michael Myers <myers@coastside.net> Cc: "'PKIX '" <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020424104338.0209fde8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 24 Apr 2002 14:20:48 -0400 Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt In-Reply-To: <EOEGJNFMMIBDKGFONJJDKEBFCKAA.myers@coastside.net> References: <F504A8CEE925D411AF4A00508B8BE90A0162D03A@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike: > > DPV REQUIREMENTS > > **************** > > > > Editorial > > --------- > > "Unless an error is reported, the DPV response MUST > > indicate one > > of the following two status alternatives:" > > > > MM3: Change "two" to "three" to reflect {valid, invalid, > > unknown} > > > > [RH] I am having a real problem differentiating > > invalid and unknown. To my way of thinking, the > > actions taken by a client will be the same in > > either case. > >{valid, invalid, unknown} is the resolution of record and >defined in the text. My comment was just pointing out an >editorial wrinkle that needs smoothing out. [RH] I agree that a change was made to add the "unknown" response in draft -04. I am not convinced that we did anything useful for the client. I think the client will treat "invalid" and "unknown" exactly the same. > > Signing DPD responses an option > > ------------------------------- > > "For the client to be confident that the response originates > > from the expected DPD server, the server MAY provide an > > authenticated response. For example, the server might sign the > > response." > > > > And, > > > > "The DPD server MAY require client authentication, therefore, > > the DPD request MUST be able to be authenticated." > > > > MM14: Signing is an example, not a requirement, correct? > > Lower-layer security protocols could equally address server auth > > needs. Suggest appending to the last sentence of the first > > requirement " . . . or the client could invoke a lower-layer > > security protocol that authenticates the server (e.g. TLS)." > > This also folds in well with the MUST regarding support for > > client auth. > > > > [RH] DPV requires signature on the response. Why not allow > > some consistency? > >I see no needs-based driver for signed DPD responses. A DPD >server is simply acting as an aggregation point for access to >signed data produced by others. As I said before, one of the >potential features of DPD over DPV is that a DPD server arguably >need not be trusted in a certification sense while a DPV server >clearly must (assuming of course that server does not combine >both functions). A non-normative statement that where DPD >server auth is relevant lower layer protocols can suffice would >preserve this quality with no loss of security assurance. [RH] Just rereading the text, I think that the text in draft -04 allows either lower layer mechanisms or signatures within the DPD protocol. I do not think that there is a need to change anything here. > > POLICY DISCOVERY REQUIREMENT > > **************************** > > > > Thought we got rid of PDP-type requirements > > ------------------------------------------- > > "The client MUST be able to obtain references for the default > > policy or for all of the policies supported by the server by > > using an additional request/response pair. The response can > > include references to previously defined policies or > > to a priori > > known policies." > > > > MM15: I thought we got rid of all PDP-type requirements in this > > DPV/DPD requirements document. The above text seems to mandate > > that any protocol responsive to this document MUST define a > > request/response pair for policy discovery. > > > > [RH] We want the client to be able to get a list of the policies. > > PDP (in a future document) will address the definition of said > > policies. > >A DPV or DPD server can iterate through its list of policy >definitions and either execute accordingly or send back >unsupportedPolicy. What's important to the client is that the >server either does or does not support the policy the client >specifies in its request. The requirement says that the client can ask the server for a list of policy identifiers that it is currently supporting. This does not mean that they were dynamically defined policies. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3OHHtH19703 for ietf-pkix-bks; Wed, 24 Apr 2002 10:17:55 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OHHsa19699 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 10:17:54 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GV300D01185SS@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 24 Apr 2002 10:14:29 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GV300D1K185RH@ext-mail.valicert.com>; Wed, 24 Apr 2002 10:14:29 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JQL5APFA>; Wed, 24 Apr 2002 10:17:31 -0700 Content-return: allowed Date: Wed, 24 Apr 2002 10:17:30 -0700 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: roadmap To: "'pgut001@cs.auckland.ac.nz'" <pgut001@cs.auckland.ac.nz>, Peter.Sylvester@edelweb.fr, myers@coastside.net Cc: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E53E3@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Peter, The "small minor syntax changes" are not quite so small and minor. I don't know who else supports them or which subset of them are supported. Getting OCSP through interop testing took an non-trivial amount of time. I would hate to need to go through that work again for changes that don't benefit the OCSP spec at all. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: pgut001@cs.auckland.ac.nz [mailto:pgut001@cs.auckland.ac.nz] > Sent: Wednesday, April 24, 2002 9:28 AM > To: Peter.Sylvester@edelweb.fr; myers@coastside.net; > pgut001@cs.auckland.ac.nz > Cc: ietf-pkix@imc.org > Subject: RE: roadmap > > > > "Michael Myers" <myers@coastside.net> writes: > > >v2's status mostly tracks that of the DPV and DPD > requirements, which have > >only recently settled down after about a year's worth of > effort. As I said > >before, it didn't make much sense to track that moving > target with incremental > >I-Ds. I once had three separate I-Ds but that got so hard > to manage and work > >due to syntatic and editorial overlap (not to mention > review) that I put them > >all in one. I prefer to keep that structure together while > we see how things > >shake out re: DPV/DPD. Since 2560bis is pretty well on its > way, I think we > >should let that go forward cleanly rather than force a reset > due to adding new > >syntax. > > The problem with this is that it ties a small and very > trivial change to 2560 > (a few more IDs added to the CHOICE) to a complex, > controversial, and likely- > to-take-ages-to-sort-out new protocol (DPV/DPD), which more > or less dooms the > small change to 2560 to a completion date of about 2005 or > so. Is it possible > to break out the minor-2560-tweaks (rather than the > completely new protocol > bits) into a small draft of its own? There's probably not > more than a page of > text in there (not counting the usual boilerplate). > > Peter. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3OGjqL17423 for ietf-pkix-bks; Wed, 24 Apr 2002 09:45:52 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OGjpa17417 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 09:45:51 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3OGjdTt015366; Wed, 24 Apr 2002 09:45:45 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <Peter.Sylvester@edelweb.fr> Cc: <ietf-pkix@imc.org> Subject: RE: roadmap Date: Wed, 24 Apr 2002 09:42:47 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDOEBOCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <200204241627.EAA254512@ruru.cs.auckland.ac.nz> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, That's certainly a rational proposal and one well-founded by empirical evidence: break out the v2-ness of v2, which is essentially the cert id stuff, from the proposed definition of extensions that support DPV and DPD. I'll have a chat with my co-authors on this. Mike > -----Original Message----- > From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz] > Sent: Wednesday, April 24, 2002 9:28 AM > To: Peter.Sylvester@edelweb.fr; myers@coastside.net; > pgut001@cs.auckland.ac.nz > Cc: ietf-pkix@imc.org > Subject: RE: roadmap > > > "Michael Myers" <myers@coastside.net> writes: > > >v2's status mostly tracks that of the DPV and DPD > requirements, which have > >only recently settled down after about a year's > worth of effort. As I said > >before, it didn't make much sense to track that > moving target with incremental > >I-Ds. I once had three separate I-Ds but that got > so hard to manage and work > >due to syntatic and editorial overlap (not to > mention review) that I put them > >all in one. I prefer to keep that structure > together while we see how things > >shake out re: DPV/DPD. Since 2560bis is pretty well > on its way, I think we > >should let that go forward cleanly rather than force > a reset due to adding new > >syntax. > > The problem with this is that it ties a small and > very trivial change to 2560 > (a few more IDs added to the CHOICE) to a complex, > controversial, and likely- > to-take-ages-to-sort-out new protocol (DPV/DPD), > which more or less dooms the > small change to 2560 to a completion date of about > 2005 or so. Is it possible > to break out the minor-2560-tweaks (rather than the > completely new protocol > bits) into a small draft of its own? There's > probably not more than a page of > text in there (not counting the usual boilerplate). > > Peter. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3OGSDq16208 for ietf-pkix-bks; Wed, 24 Apr 2002 09:28:13 -0700 (PDT) Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OGSBa16203 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 09:28:11 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g3OGRwK4026180; Thu, 25 Apr 2002 04:27:58 +1200 Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id EAA254512; Thu, 25 Apr 2002 04:27:58 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Thu, 25 Apr 2002 04:27:58 +1200 (NZST) Message-ID: <200204241627.EAA254512@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: Peter.Sylvester@edelweb.fr, myers@coastside.net, pgut001@cs.auckland.ac.nz Subject: RE: roadmap Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Michael Myers" <myers@coastside.net> writes: >v2's status mostly tracks that of the DPV and DPD requirements, which have >only recently settled down after about a year's worth of effort. As I said >before, it didn't make much sense to track that moving target with incremental >I-Ds. I once had three separate I-Ds but that got so hard to manage and work >due to syntatic and editorial overlap (not to mention review) that I put them >all in one. I prefer to keep that structure together while we see how things >shake out re: DPV/DPD. Since 2560bis is pretty well on its way, I think we >should let that go forward cleanly rather than force a reset due to adding new >syntax. The problem with this is that it ties a small and very trivial change to 2560 (a few more IDs added to the CHOICE) to a complex, controversial, and likely- to-take-ages-to-sort-out new protocol (DPV/DPD), which more or less dooms the small change to 2560 to a completion date of about 2005 or so. Is it possible to break out the minor-2560-tweaks (rather than the completely new protocol bits) into a small draft of its own? There's probably not more than a page of text in there (not counting the usual boilerplate). Peter. Received: by above.proper.com (8.11.6/8.11.3) id g3OGDWN15538 for ietf-pkix-bks; Wed, 24 Apr 2002 09:13:32 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OGDUa15534 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 09:13:30 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3OGD3Tt011889; Wed, 24 Apr 2002 09:13:09 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, <Peter.Sylvester@edelweb.fr> Cc: <ietf-pkix@imc.org> Subject: RE: roadmap Date: Wed, 24 Apr 2002 09:10:12 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAEBOCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <200204240332.PAA248493@ruru.cs.auckland.ac.nz> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, v2's status mostly tracks that of the DPV and DPD requirements, which have only recently settled down after about a year's worth of effort. As I said before, it didn't make much sense to track that moving target with incremental I-Ds. I once had three separate I-Ds but that got so hard to manage and work due to syntatic and editorial overlap (not to mention review) that I put them all in one. I prefer to keep that structure together while we see how things shake out re: DPV/DPD. Since 2560bis is pretty well on its way, I think we should let that go forward cleanly rather than force a reset due to adding new syntax. Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Peter Gutmann > Sent: Tuesday, April 23, 2002 8:33 PM > To: Peter.Sylvester@edelweb.fr > Cc: ietf-pkix@imc.org > Subject: Re: roadmap > > > > Peter Sylvester <Peter.Sylvester@edelweb.fr> writes: > > >Thus, it is not just a question of whether OCSP v2 > being alive or not. > > Can I also add a general complaint about the vague > status of OCSPv2, there's > already software deployed which uses the extended > range of cert IDs in the v2 > draft, which makes it annoying to have it fading in > and out of consciousness > every few months. Perhaps the new cert IDs (which > are a trivial change) could > be moved into 2560-bis, without requiring all the > extra stuff which was added > in the rest of the v2 draft. > > Peter. > Received: by above.proper.com (8.11.6/8.11.3) id g3OC4Yg18529 for ietf-pkix-bks; Wed, 24 Apr 2002 05:04:34 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OC4Ya18525 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 05:04:34 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00704; Wed, 24 Apr 2002 08:04:26 -0400 (EDT) Message-Id: <200204241204.IAA00704@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-new-part1-asn1-01.txt Date: Wed, 24 Apr 2002 08:04:25 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Update for Appendix A in draft-ietf-pkix-new-part1-12.txt Author(s) : R. Housley, W. Polk Filename : draft-ietf-pkix-new-part1-asn1-01.txt Pages : 24 Date : 23-Apr-02 As all members of the PKIX Working Group know, draft-ietf-pkix-new- part1-12.txt is with the RFC Editor. However, an error in the ASN.1 modules was discovered. The authors are working with the RFC Editor to ensure that the corrected ASN.1 modules are included in the final text, and we are publishing this Internet-Draft to distribute the corrected ASN.1 modules as quickly as possible. This Internet-Draft contains only the updated Appendix. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-asn1-01.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-new-part1-asn1-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-new-part1-asn1-01.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020423121353.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-new-part1-asn1-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-new-part1-asn1-01.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020423121353.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.6/8.11.3) id g3OC4X418524 for ietf-pkix-bks; Wed, 24 Apr 2002 05:04:33 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3OC4Wa18519 for <ietf-pkix@imc.org>; Wed, 24 Apr 2002 05:04:32 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00722; Wed, 24 Apr 2002 08:04:30 -0400 (EDT) Message-Id: <200204241204.IAA00722@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-new-pkalgs-asn1-00.txt Date: Wed, 24 Apr 2002 08:04:30 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Update for Section 3 in draft-ietf-pkix-ipki-pkalgs-05.txt Author(s) : R. Housley, W. Polk Filename : draft-ietf-pkix-new-pkalgs-asn1-00.txt Pages : 8 Date : 23-Apr-02 As all members of the PKIX Working Group know, draft-ietf-pkix-ipki- pkalgs-05.txt is with the RFC Editor. However, an error in the ASN.1 modules was discovered. The authors are working with the RFC Editor to ensure that the corrected ASN.1 modules are included in the final text, and we are publishing this Internet-Draft to distribute the corrected ASN.1 module as quickly as possible. This Internet-Draft contains only the updated ASN.1 module. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-pkalgs-asn1-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-new-pkalgs-asn1-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-new-pkalgs-asn1-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020423121403.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-new-pkalgs-asn1-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-new-pkalgs-asn1-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020423121403.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.6/8.11.3) id g3O3Xh827125 for ietf-pkix-bks; Tue, 23 Apr 2002 20:33:43 -0700 (PDT) Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3O3Xfa27121 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 20:33:41 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g3O3WwK4014310; Wed, 24 Apr 2002 15:32:58 +1200 Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id PAA248493; Wed, 24 Apr 2002 15:32:57 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Wed, 24 Apr 2002 15:32:57 +1200 (NZST) Message-ID: <200204240332.PAA248493@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: Peter.Sylvester@edelweb.fr Subject: Re: roadmap Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter Sylvester <Peter.Sylvester@edelweb.fr> writes: >Thus, it is not just a question of whether OCSP v2 being alive or not. Can I also add a general complaint about the vague status of OCSPv2, there's already software deployed which uses the extended range of cert IDs in the v2 draft, which makes it annoying to have it fading in and out of consciousness every few months. Perhaps the new cert IDs (which are a trivial change) could be moved into 2560-bis, without requiring all the extra stuff which was added in the rest of the v2 draft. Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3O3M5326913 for ietf-pkix-bks; Tue, 23 Apr 2002 20:22:05 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3O3M4a26909 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 20:22:04 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3O3M5Tt029625 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 20:22:05 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "PKIX " <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Tue, 23 Apr 2002 20:19:14 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCEBMCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <4AEE3169443CDD4796CA8A00B02191CD063C4100@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Trevor, Regarding the existence of the "unknown" state as the resolution of record, the following WG list-based dialogs exist on this point. These yeilded the list-based consensus reflected in -04 modulo that one word I referred to earlier. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Tuesday, February 26, 2002 1:51 AM > > So I would propose the following fix: > > The DPV response MAY indicate one of three status > alternatives: > > 1) the certificate is valid according to the > validation policy. > > 2) the certificate is invalid according to the > validation policy. A secondary status MAY indicate > that the certificate is definitively invalid or > potentially valid. > > In the former case, if another request was made > later on, the certificate will still be determined > as invalid. > > In the later case, if another request could > made later on, the certificate could possibly > be determined as valid. This condition will > occur before a certificate validity period has > begun, while a certificate is suspended, or > when, at the time the server generated the > response, all conditions of the > validation policy could not be met. > > 3) the server cannot determine the validity of the > certificate. This condition will occur when a > certification path cannot be constructed or > some revocation information is unavailable. > > Denis > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Wednesday, February 27, 2002 5:19 AM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: Re: "Potentially valid" response state in > DPV/DPD rqmts I-D > > > > Michael, > > > Denis, > > > > Okay, if I may summarize at a high level my current > > understanding: > > > > We are now effectively back to {valid, invalid, > > unknown}. All responses MUST indicate the relevant > > validation policy. This policy MAY be established out > > of band. An "invalid" response MAY contain reason > > codes or similar information that aids a client in > > determining the likelihood that the same request sent > > at a later time would return "valid". An "unknown" > > response MAY contain reason codes or similar information > > that indicates a failure to acquire all relevant data. > > > > Is that a fair summary? > > Yes, indeed it is. > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Tuesday, February 26, 2002 3:04 AM > To: Peter Sylvester > Cc: myers@coastside.net; ietf-pkix@imc.org > Subject: Re: "Potentially valid" response state in > DPV/DPD rqmts I-D > > > > Peter, > > > > The DPV response MAY indicate one of three status > > > alternatives: > > > > > > 1) the certificate is valid according to the > > > validation policy. > > > > > > 2) the certificate is invalid according to the > > > validation policy. A secondary status MAY > > > indicate that the certificate is > > > definitively invalid or potentially valid. > > > > > > In the former case, if another request was > > > made later on, the certificate will still > > > be determined as invalid. > > > > > > In the later case, if another request could > > > made later on, the certificate could possibly > > > be determined as valid. This condition will > > > occur before a certificate validity period has > > > begun, while a certificate is suspended, or > > > when, at the time the server generated the > > > response, all conditions of the validation > > > policy could not be met. > > > > > > 3) the server cannot determine the validity of > > > the certificate. This condition will occur > > > when a certification path cannot be constructed > > > or some revocation information is unavailable. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3O1oRx24571 for ietf-pkix-bks; Tue, 23 Apr 2002 18:50:27 -0700 (PDT) Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3O1oPa24567 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 18:50:25 -0700 (PDT) Received: from INET-VRS-02.redmond.corp.microsoft.com ([157.54.8.110]) by mail2.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 23 Apr 2002 18:50:23 -0700 Received: from 157.54.8.155 by INET-VRS-02.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Tue, 23 Apr 2002 18:50:23 -0700 Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 23 Apr 2002 18:50:23 -0700 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 23 Apr 2002 18:50:19 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Tue, 23 Apr 2002 18:46:39 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Tue, 23 Apr 2002 18:46:38 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CD063C4100@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Thread-Index: AcHrFa6SdDKEtx4sSVK/iEbI2Tpd+wAFo8Bg From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Michael Myers" <myers@coastside.net>, "Housley, Russ" <rhousley@rsasecurity.com>, "PKIX " <ietf-pkix@imc.org> X-OriginalArrivalTime: 24 Apr 2002 01:46:39.0909 (UTC) FILETIME=[E0B6DD50:01C1EB31] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3O1oPa24568 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Mike, I don't see that this is the resolution of record. 2560 defines unknown as 'The "unknown" state indicates that the responder doesn't know about the certificate being requested.' The requirements document states that "The certificate to be validated MUST either be directly provided in the request or unambiguously referenced". If the client gives the server an unambiguous reference to the certificate to be validated, then unknown is not an appropriate response. The server was either able to establish the validity of the certificate - or it did not and returns invalid with a sub status with further explanation. If you prefer we can change the working of the two states to "valid" and "error". Editorial note: the reference to the client providing an unambiguous reference to the certificate needs to be moved to the common requirements section. Trevor > > MM3: Change "two" to "three" to reflect {valid, invalid, > unknown} > > [RH] I am having a real problem differentiating > invalid and unknown. To my way of thinking, the > actions taken by a client will be the same in > either case. {valid, invalid, unknown} is the resolution of record and defined in the text. My comment was just pointing out an editorial wrinkle that needs smoothing out. Received: by above.proper.com (8.11.6/8.11.3) id g3NNdW319882 for ietf-pkix-bks; Tue, 23 Apr 2002 16:39:32 -0700 (PDT) Received: from tweety (pool-151-200-26-46.res.east.verizon.net [151.200.26.46]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3NNdUa19875 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 16:39:30 -0700 (PDT) Received: from [192.168.0.12] by tweety (ArGoSoft Mail Server, Version 1.61 (1.6.1.9)); Tue, 23 Apr 2002 19:38:02 -0400 Message-ID: <3CC5F059.C963C6FA@ieca.com> Date: Tue, 23 Apr 2002 19:38:01 -0400 From: "Sean P. Turner" <turners@ieca.com> Organization: IECA, Inc. X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com> CC: PKIX <ietf-pkix@imc.org> Subject: Re: roadmap References: <200204221019.MAA11086@emeriau.edelweb.fr> <3CC41463.99380047@ieca.com> <p05100316b8ea532e5e63@[128.89.88.34]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stephen Kent wrote: > At 9:47 AM -0400 4/22/02, Sean P. Turner wrote: > >Peter, > > > >I'll make the changes noted below. > > > >To put the "is SCVP THE protocol" issue to bed. Can we say that > >that was the plan > >before we heard that "OCSPv2 will not be pushed to informational and > >hence we are not in > >the situation to have a defined set of requirements that enables > >selection of one from > >among potentially several technical approaches." (words from Mike Myers)? > > > >spt > > > > Sean, > > SCVP and OCSPv2 were both put forth as candidates for providing > DPV/DVD services, but before we developed suitable requirements for > these services. So, the WG elected to first develop a requirements > document, and then choose a protocol to satisfy those agreed-upon > requirements. I laid out a plan for this process last year, but the > requirements development took longer than expected. This is probably > not so bad, as it has allowed us to focus more on getting agreement > on the requirements, without the added confusion of arguing over a > specific protocol. Nonetheless, I agree with Peter that it is > inappropriate to label SCVP as the protocol at this time. We agreed > to allow competing protocol submissions which would be evaluated > against the requirements. Even if OCSPv2 were not a competitor, there > is no prohibition from another protocol being considered relative to > the requirements doc. > > Steve Steve, Thanks for the input. I'll make sure to change the phrasing so that it doesn't say the SCVP was "the" protocol and positively spin the situation we're in now. This is the problem with the draft that is documenting a moving target - it's just about always wrong. Cheers, spt P.S. Nice job on CNN. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3NMIiP16343 for ietf-pkix-bks; Tue, 23 Apr 2002 15:18:44 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3NMIha16339 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 15:18:43 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3NMIgTt002668; Tue, 23 Apr 2002 15:18:43 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Housley, Russ" <rhousley@rsasecurity.com>, "'PKIX '" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Tue, 23 Apr 2002 15:15:50 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEBFCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <F504A8CEE925D411AF4A00508B8BE90A0162D03A@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, That was quick. Thanks. A few responses below, else I concur. Mike > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > > DPV REQUIREMENTS > **************** > > Editorial > --------- > "Unless an error is reported, the DPV response MUST > indicate one > of the following two status alternatives:" > > MM3: Change "two" to "three" to reflect {valid, invalid, > unknown} > > [RH] I am having a real problem differentiating > invalid and unknown. To my way of thinking, the > actions taken by a client will be the same in > either case. {valid, invalid, unknown} is the resolution of record and defined in the text. My comment was just pointing out an editorial wrinkle that needs smoothing out. > DPD REQUIREMENTS > **************** > > > Multiple paths issue > -------------------- > MM12: This subset of DPD requirements seems to be leading > towards a sub-optimal system design. To be addressed in a > separate email. > > [RH] I will wait for the mail to reply ... Forthcoming. > Signing DPD responses an option > ------------------------------- > "For the client to be confident that the response originates > from the expected DPD server, the server MAY provide an > authenticated response. For example, the server might sign the > response." > > And, > > "The DPD server MAY require client authentication, therefore, > the DPD request MUST be able to be authenticated." > > MM14: Signing is an example, not a requirement, correct? > Lower-layer security protocols could equally address > server auth > needs. Suggest appending to the last sentence of the first > requirement " . . . or the client could invoke a lower-layer > security protocol that authenticates the server (e.g. TLS)." > This also folds in well with the MUST regarding support for > client auth. > > [RH] DPV requires signature on the response. Why not allow > some consistency? I see no needs-based driver for signed DPD responses. A DPD server is simply acting as an aggregation point for access to signed data produced by others. As I said before, one of the potential features of DPD over DPV is that a DPD server arguably need not be trusted in a certification sense while a DPV server clearly must (assuming of course that server does not combine both functions). A non-normative statement that where DPD server auth is relevant lower layer protocols can suffice would preserve this quality with no loss of security assurance. > POLICY DISCOVERY REQUIREMENT > **************************** > > Thought we got rid of PDP-type requirements > ------------------------------------------- > "The client MUST be able to obtain references for the default > policy or for all of the policies supported by the server by > using an additional request/response pair. The response can > include references to previously defined policies or > to a priori > known policies." > > MM15: I thought we got rid of all PDP-type > requirements in this > DPV/DPD requirements document. The above text seems > to mandate > that any protocol responsive to this document MUST define a > request/response pair for policy discovery. > > [RH] We want the client to be able to get a list of > the policies. > PDP (in a future document) will address the definition of said > policies. A DPV or DPD server can iterate through its list of policy definitions and either execute accordingly or send back unsupportedPolicy. What's important to the client is that the server either does or does not support the policy the client specifies in its request. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3NLLUe15420 for ietf-pkix-bks; Tue, 23 Apr 2002 14:21:30 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3NLLSa15416 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 14:21:28 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 23 Apr 2002 21:20:13 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id RAA17545; Tue, 23 Apr 2002 17:20:00 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3NLLXM06812; Tue, 23 Apr 2002 17:21:33 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1V7NM>; Tue, 23 Apr 2002 17:19:00 -0400 Message-ID: <F504A8CEE925D411AF4A00508B8BE90A0162D03A@exna07.securitydynamics.com> From: "Housley, Russ" <rhousley@rsasecurity.com> To: "'Michael Myers '" <myers@coastside.net>, "'PKIX '" <ietf-pkix@imc.org> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Tue, 23 Apr 2002 17:21:07 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike: Thanks for the comprehensive review. See my responses below. They are prefixed by [RH]. Russ = = = = = = = = = = = = = = DPV REQUIREMENTS **************** ESS and ES-F are not rqmts, or are they? ---------------------------------------- "The certificate to be validated MUST either be directly provided in the request or unambiguously referenced, such as the CA distinguished name, certificate serial number, and the hash of the certificate, like ESSCertID as defined in [ESS] or OtherSigningCertificate as defined in [ES-F]." MM1: The text seems to want to suggest that ESS or ES-F are requirements but doesn't come out and say so. I suggest amending the text to provide absolute clarity that these citations are examples of unambiguous referencing mechanisms, NOT requirements. [RH] I think that the word "like" makes it clear that ESS and ES-F are ways to meet the requirement. There are other acceptable ways. Are these obvious operational facts, or rqmts? ---------------------------------------------- "The DPV server MUST have the full certificate to be validated. When the certificate is not provided in the request, the server MUST verify that the certificate is indeed the one being unambiguous[ly] referenced by the client." MM2: These two sentences read more like statements of obvious operational facts rather than BOTW protocol requirements. Suggest using words other than the normative MUST. [RH] I think that the MUST is appropriate. Denis and I had a dialogue that was resolved by realizing that this was needed. Editorial --------- "Unless an error is reported, the DPV response MUST indicate one of the following two status alternatives:" MM3: Change "two" to "three" to reflect {valid, invalid, unknown} [RH] I am having a real problem differentiating invalid and unknown. To my way of thinking, the actions taken by a client will be the same in either case. Clarify minimal set of invalidity reasons ----------------------------------------- "When the certificate is not valid according to the validation policy, then the reason MUST also be indicated. Invalidity reasons include: [bad path, invalid path, not yet valid]." MM4: Are these three reasons normative or exemplary? It makes sense to presume the former. If so, the text should be amended to ensure ample clarity regarding the intent. More to the point, establish a minimally compliant set of reasons for invalid. [RH] Can this wait for protocol specification? I think it can. How to distinguish "invalid" from "not yet valid"? -------------------------------------------------- "c) the certificate is not yet valid at this time. If another request could be made later on, the certificate could possibly be determined as valid. This condition may occur before a certificate validity period has begun or while a certificate is suspended." MM5: This requirement can be eliminated with no loss of functionality. To the extent that the two cases cited above define the totality of what it means for a certificate to be potentially valid, then if a certificate is suspended, I suspect most RPs would prefer "invalid" over "not yet valid" especially since suspension may equally result in permanent revocation. In the second case, why is the RP even attempting to rely on the certificate prior to the onset of the certificate's validity period? Or are we assuming the certificate-as-blob model where RP software (possibly a thin client), just throws the blob to a DPV server without even looking at the cert other than to extract the public key and so it doesn't even bother to consider the validity period? [RH] Denis is the proponent for this requirement. Additional info: rqmts or examples? ------------------------------------ "The DPV request MUST allow the client to request the server to include in its response additional information which will allow relying parties not trusting the requested DPV server to be confident that the certificate validation has correctly been performed. Such information may (not necessarily exclusively) consist of [several examples]." MM6: Are the examples normative or exemplary? The use of lower-case "may" suggests the latter but if normative then an iterated list defining a minimal set of such information and corresponding normative language is needed. [RH] I do not think it is unclear. The may is in lower case. Does a signed response meet the server auth rqmt? ------------------------------------------------- "For the client to be confident that the certificate validation was handled by the expected DPV server, the DPV response MUST be authenticated, unless an error is reported." and "For the client to be able prove to a third party that trusts the same DPV server that the certificate validation was handled correctly, the DPV response MUST be digitally signed, unless an error is reported." MM7: Maybe I'm missing something obvious, but under what circumstances would a client be unable to conclude from a signed response that a certificate validation was NOT handled by the expected DPV server? [RH] If an error is reported, the response does not have to be signed. Otherwise, the response does have to be signed. Support for client auth. ------------------------ "The DPV server MAY require client authentication, therefore, the DPV request MUST be able to be authenticated." MM8: Is is safe to assume that the client-auth feature of TLS or similar lower-layer security protocol is responsive to this rqmt? In that design scenario, there's no need for a specific client-auth feature in a DPV protocol other than to point to such means. [RH] A lower layer protocol authentication scheme could be used, or a signature on the request could be used. Clarification of support for optional relay, etc. ------------------------------------------------- "Protocols designed to satisfy [DPV&DPD-REQ] MAY include optional fields and/or extensions to support relaying, re-direction or multicasting." MM9: I think this means that a protocol responsive to [DPV&DPD-REQ] MAY have these features, but is not required to. Correct? [RH] Yep. DPD REQUIREMENTS **************** Make exclusion of root more normative. -------------------------------------- "If the trust anchor is a self-signed certificate, that self-signed certificate is not included." MM10: An obvious place for a MUST NOT or a SHALL NOT. [RH] Fine. Revocation info rqmt duplicated ------------------------------- "In addition, if requested, the revocation information associated with each certificate in the path MUST also be returned." preceding requirement: "Clients MUST be able to specify whether they want . . . revocation information associated with the path . . ." MM11: Seems to be a duplication here. [RH] Okay, duplication is not necessarily bad. But, one could be deleted. Multiple paths issue -------------------- MM12: This subset of DPD requirements seems to be leading towards a sub-optimal system design. To be addressed in a separate email. [RH] I will wait for the mail to reply ... Which path discovery policy? ---------------------------- "Path discovery MUST be performed according to the path discovery policy." MM13: Suggest appending ". . . in effect at the time between the client and the server. Means by which this policy is established are out of scope of this document." [RH] I do not like this text. If a particular client can make use of more than one policy, then the request needs to include a specification of the policy. Signing DPD responses an option ------------------------------- "For the client to be confident that the response originates from the expected DPD server, the server MAY provide an authenticated response. For example, the server might sign the response." And, "The DPD server MAY require client authentication, therefore, the DPD request MUST be able to be authenticated." MM14: Signing is an example, not a requirement, correct? Lower-layer security protocols could equally address server auth needs. Suggest appending to the last sentence of the first requirement " . . . or the client could invoke a lower-layer security protocol that authenticates the server (e.g. TLS)." This also folds in well with the MUST regarding support for client auth. [RH] DPV requires signature on the response. Why not allow some consistency? POLICY DISCOVERY REQUIREMENT **************************** Thought we got rid of PDP-type requirements ------------------------------------------- "The client MUST be able to obtain references for the default policy or for all of the policies supported by the server by using an additional request/response pair. The response can include references to previously defined policies or to a priori known policies." MM15: I thought we got rid of all PDP-type requirements in this DPV/DPD requirements document. The above text seems to mandate that any protocol responsive to this document MUST define a request/response pair for policy discovery. [RH] We want the client to be able to get a list of the policies. PDP (in a future document) will address the definition of said policies. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3NKUAh12483 for ietf-pkix-bks; Tue, 23 Apr 2002 13:30:10 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3NKU8a12477 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 13:30:08 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3NKU7Tt022170 for <ietf-pkix@imc.org>; Tue, 23 Apr 2002 13:30:08 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "PKIX" <ietf-pkix@imc.org> Subject: Comments on draft-ietf-pkix-dpv-dpd-req-04.txt Date: Tue, 23 Apr 2002 13:27:15 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKEBDCKAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, Denis: Good work. My detailed parse of -04 into discrete rqmts statements yielded several comments, included below. These are identified by [MMn]. Most are minor to only mildly aggravating. I do have an issue with DPD client-side max path specification which I'll take up in a separate email. Mike DPV REQUIREMENTS **************** ESS and ES-F are not rqmts, or are they? ---------------------------------------- "The certificate to be validated MUST either be directly provided in the request or unambiguously referenced, such as the CA distinguished name, certificate serial number, and the hash of the certificate, like ESSCertID as defined in [ESS] or OtherSigningCertificate as defined in [ES-F]." MM1: The text seems to want to suggest that ESS or ES-F are requirements but doesn't come out and say so. I suggest amending the text to provide absolute clarity that these citations are examples of unambiguous referencing mechanisms, NOT requirements. Are these obvious operational facts, or rqmts? ---------------------------------------------- "The DPV server MUST have the full certificate to be validated. When the certificate is not provided in the request, the server MUST verify that the certificate is indeed the one being unambiguous[ly] referenced by the client." MM2: These two sentences read more like statements of obvious operational facts rather than BOTW protocol requirements. Suggest using words other than the normative MUST. Editorial --------- "Unless an error is reported, the DPV response MUST indicate one of the following two status alternatives:" MM3: Change "two" to "three" to reflect {valid, invalid, unknown} Clarify minimal set of invalidity reasons ----------------------------------------- "When the certificate is not valid according to the validation policy, then the reason MUST also be indicated. Invalidity reasons include: [bad path, invalid path, not yet valid]." MM4: Are these three reasons normative or exemplary? It makes sense to presume the former. If so, the text should be amended to ensure ample clarity regarding the intent. More to the point, establish a minimally compliant set of reasons for invalid. How to distinguish "invalid" from "not yet valid"? -------------------------------------------------- "c) the certificate is not yet valid at this time. If another request could be made later on, the certificate could possibly be determined as valid. This condition may occur before a certificate validity period has begun or while a certificate is suspended." MM5: This requirement can be eliminated with no loss of functionality. To the extent that the two cases cited above define the totality of what it means for a certificate to be potentially valid, then if a certificate is suspended, I suspect most RPs would prefer "invalid" over "not yet valid" especially since suspension may equally result in permanent revocation. In the second case, why is the RP even attempting to rely on the certificate prior to the onset of the certificate's validity period? Or are we assuming the certificate-as-blob model where RP software (possibly a thin client), just throws the blob to a DPV server without even looking at the cert other than to extract the public key and so it doesn't even bother to consider the validity period? Additional info: rqmts or examples? ------------------------------------ "The DPV request MUST allow the client to request the server to include in its response additional information which will allow relying parties not trusting the requested DPV server to be confident that the certificate validation has correctly been performed. Such information may (not necessarily exclusively) consist of [several examples]." MM6: Are the examples normative or exemplary? The use of lower-case "may" suggests the latter but if normative then an iterated list defining a minimal set of such information and corresponding normative language is needed. Does a signed response meet the server auth rqmt? ------------------------------------------------- "For the client to be confident that the certificate validation was handled by the expected DPV server, the DPV response MUST be authenticated, unless an error is reported." and "For the client to be able prove to a third party that trusts the same DPV server that the certificate validation was handled correctly, the DPV response MUST be digitally signed, unless an error is reported." MM7: Maybe I'm missing something obvious, but under what circumstances would a client be unable to conclude from a signed response that a certificate validation was NOT handled by the expected DPV server? Support for client auth. ------------------------ "The DPV server MAY require client authentication, therefore, the DPV request MUST be able to be authenticated." MM8: Is is safe to assume that the client-auth feature of TLS or similar lower-layer security protocol is responsive to this rqmt? In that design scenario, there's no need for a specific client-auth feature in a DPV protocol other than to point to such means. Clarification of support for optional relay, etc. ------------------------------------------------- "Protocols designed to satisfy [DPV&DPD-REQ] MAY include optional fields and/or extensions to support relaying, re-direction or multicasting." MM9: I think this means that a protocol responsive to [DPV&DPD-REQ] MAY have these features, but is not required to. Correct? DPD REQUIREMENTS **************** Make exclusion of root more normative. -------------------------------------- "If the trust anchor is a self-signed certificate, that self-signed certificate is not included." MM10: An obvious place for a MUST NOT or a SHALL NOT. Revocation info rqmt duplicated ------------------------------- "In addition, if requested, the revocation information associated with each certificate in the path MUST also be returned." preceding requirement: "Clients MUST be able to specify whether they want . . . revocation information associated with the path . . ." MM11: Seems to be a duplication here. Multiple paths issue -------------------- MM12: This subset of DPD requirements seems to be leading towards a sub-optimal system design. To be addressed in a separate email. Which path discovery policy? ---------------------------- "Path discovery MUST be performed according to the path discovery policy." MM13: Suggest appending ". . . in effect at the time between the client and the server. Means by which this policy is established are out of scope of this document." Signing DPD responses an option ------------------------------- "For the client to be confident that the response originates from the expected DPD server, the server MAY provide an authenticated response. For example, the server might sign the response." And, "The DPD server MAY require client authentication, therefore, the DPD request MUST be able to be authenticated." MM14: Signing is an example, not a requirement, correct? Lower-layer security protocols could equally address server auth needs. Suggest appending to the last sentence of the first requirement " . . . or the client could invoke a lower-layer security protocol that authenticates the server (e.g. TLS)." This also folds in well with the MUST regarding support for client auth. POLICY DISCOVERY REQUIREMENT **************************** Thought we got rid of PDP-type requirements ------------------------------------------- "The client MUST be able to obtain references for the default policy or for all of the policies supported by the server by using an additional request/response pair. The response can include references to previously defined policies or to a priori known policies." MM15: I thought we got rid of all PDP-type requirements in this DPV/DPD requirements document. The above text seems to mandate that any protocol responsive to this document MUST define a request/response pair for policy discovery. Received: by above.proper.com (8.11.6/8.11.3) id g3MNvr914571 for ietf-pkix-bks; Mon, 22 Apr 2002 16:57:53 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3MNvqa14567 for <ietf-pkix@imc.org>; Mon, 22 Apr 2002 16:57:52 -0700 (PDT) Received: from [128.89.88.34] (comsec.bbn.com [128.89.88.34]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id TAA07967; Mon, 22 Apr 2002 19:57:42 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05100316b8ea532e5e63@[128.89.88.34]> In-Reply-To: <3CC41463.99380047@ieca.com> References: <200204221019.MAA11086@emeriau.edelweb.fr> <3CC41463.99380047@ieca.com> Date: Mon, 22 Apr 2002 19:59:30 -0400 To: "Sean P. Turner" <turners@ieca.com> From: Stephen Kent <kent@bbn.com> Subject: Re: roadmap Cc: PKIX <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 9:47 AM -0400 4/22/02, Sean P. Turner wrote: >Peter, > >I'll make the changes noted below. > >To put the "is SCVP THE protocol" issue to bed. Can we say that >that was the plan >before we heard that "OCSPv2 will not be pushed to informational and >hence we are not in >the situation to have a defined set of requirements that enables >selection of one from >among potentially several technical approaches." (words from Mike Myers)? > >spt > Sean, SCVP and OCSPv2 were both put forth as candidates for providing DPV/DVD services, but before we developed suitable requirements for these services. So, the WG elected to first develop a requirements document, and then choose a protocol to satisfy those agreed-upon requirements. I laid out a plan for this process last year, but the requirements development took longer than expected. This is probably not so bad, as it has allowed us to focus more on getting agreement on the requirements, without the added confusion of arguing over a specific protocol. Nonetheless, I agree with Peter that it is inappropriate to label SCVP as the protocol at this time. We agreed to allow competing protocol submissions which would be evaluated against the requirements. Even if OCSPv2 were not a competitor, there is no prohibition from another protocol being considered relative to the requirements doc. Steve Received: by above.proper.com (8.11.6/8.11.3) id g3MM7tl11303 for ietf-pkix-bks; Mon, 22 Apr 2002 15:07:55 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3MM7sa11299 for <ietf-pkix@imc.org>; Mon, 22 Apr 2002 15:07:54 -0700 (PDT) Received: from [128.89.88.34] (comsec.bbn.com [128.89.88.34]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id SAA00241; Mon, 22 Apr 2002 18:07:50 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p0510030db8ea38520ef7@[128.89.88.34]> In-Reply-To: <000201c1e004$5425f7f0$020aff0c@tsg1> References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert.com> <001901c1dd74$8d26a730$020aff0c@tsg1> <p05100300b8d76b579027@[128.33.238.74]> <000201c1e004$5425f7f0$020aff0c@tsg1> Date: Mon, 22 Apr 2002 18:04:49 -0400 To: "todd glassey" <todd.glassey@worldnet.att.net> From: Stephen Kent <kent@bbn.com> Subject: Re: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 1:18 PM -0700 4/9/02, todd glassey wrote: >----- Original Message ----- >From: "Stephen Kent" <kent@bbn.com> >To: "todd glassey" <todd.glassey@worldnet.att.net> >Cc: <ietf-pkix@imc.org> >Sent: Monday, April 08, 2002 9:05 PM >Subject: Re: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay > > >> >> Todd, >> >> >Peter - All - I agree with you to some extent but let me also that there >is >> >another side and its about a bigger picture. And in this bigger picture >> >PKIX is way out of control. What it really needs is to have a thread of >> >commonality drawn through all that PKIX produces. What I mean by that is >> >that the entire process of complex-decision-support and evidentiary >> >processing of x.509 certs is out of control. >> >> As noted in my immediate, previous message, not all the PKI standards >> we address are in support of NR. This it is not reasonable to insist >> that all of these standards have an "evidentiary" flavor to them. > >Why not Stephen? NR is something that only a set of practices can >establish. Your comment above makes no sense relative to my text immediately above. It's not a good use of my time, or of this mailing list, to continue with this thread. And, as Hal observed, if you believe that 100% of Internet traffic is "transaction processing," you are obviously imagining some other Internet, perhaps in some parallel universe ... Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3MLbv609797 for ietf-pkix-bks; Mon, 22 Apr 2002 14:37:57 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3MLbua09793 for <ietf-pkix@imc.org>; Mon, 22 Apr 2002 14:37:56 -0700 (PDT) Received: from [128.89.88.34] (comsec.bbn.com [128.89.88.34]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id RAA27632; Mon, 22 Apr 2002 17:37:56 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05100308b8ea318575de@[128.89.88.34]> In-Reply-To: <004e01c1e4ee$5e51e7e0$020aff0a@tsg1> References: <EOEGJNFMMIBDKGFONJJDOEJDCJAA.myers@coastside.net> <3CBB0848.9C19980C@bull.net> <004e01c1e4ee$5e51e7e0$020aff0a@tsg1> Date: Mon, 22 Apr 2002 17:33:10 -0400 To: "todd glassey" <todd.glassey@worldnet.att.net> From: Stephen Kent <kent@bbn.com> Subject: Re: Two more nits re: DPV/DPD rqmts Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 7:01 PM -0700 4/15/02, todd glassey wrote: >----- Original Message ----- >From: "Denis Pinkas" <Denis.Pinkas@bull.net> >To: "Michael Myers" <myers@coastside.net> >Cc: <ietf-pkix@imc.org> >Sent: Monday, April 15, 2002 10:05 AM >Subject: Re: Two more nits re: DPV/DPD rqmts > > >> >> Mike, >> >> > Russ, Denis: >> > >> > Section 4, Delegated Path Validation Protocol Requirements >> > begins with: >> > "The Delegated Path Validation (DPV) protocol allows . . ." >> > >> > Similarly, Section 5 Delegated Path Discovery Protocol >> > Requirements begins with: >> > "The Delegated Path Discovery (DPD) protocol allows . . ." >> > >> > Since we're defining requirements and not protocols in this I-D, >> > you may wish to consider amending both these phrases towards >> > something along the lines of "DPV protocols allow . . ." and >> > "DPD protocols allow . . ." respectively. >> >> Are we really defining multiple protocols ? >> I was assuming that we would like only one. >> I prefer to keep the current text. > >Denis - are you saying that it is PKIX's operating rule to only allow one of >each protocol type its working on? Is this true Tim and Steve Kent? > >Todd Todd, In the case of DPV and DPD, the WG discussed the matter some time ago and agreed that it would be highly desirable to have just one standard protocol satisfying the requirements we agree upon. We failed to do this in the case of CMC and CMP and the user and vendor community suffered as a result. So, yes, the intent in this case is to have just one standard for DPV and DPD. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3MLANv07565 for ietf-pkix-bks; Mon, 22 Apr 2002 14:10:23 -0700 (PDT) Received: from nwkea-mail-2.sun.com (nwkea-mail-2.sun.com [192.18.42.14]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3MLAKa07559 for <ietf-pkix@imc.org>; Mon, 22 Apr 2002 14:10:21 -0700 (PDT) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by nwkea-mail-2.sun.com (8.9.3+Sun/8.9.3) with ESMTP id OAA06477; Mon, 22 Apr 2002 14:10:18 -0700 (PDT) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.2) with ESMTP id RAA06798; Mon, 22 Apr 2002 17:10:16 -0400 (EDT) Message-ID: <3CC47B7F.A87C946@sun.com> Date: Mon, 22 Apr 2002 17:07:11 -0400 From: Steve Hanna <steve.hanna@sun.com> X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: IETF Transport Layer Security WG <ietf-tls@lists.certicom.com>, PKIX List <ietf-pkix@imc.org> Subject: Re: [ietf-tls] Re: Proposed MIME type application/pkix-pkipath References: <LISTMANAGER-3448442-30940-2002.04.17-09.41.03--steve.hanna#sun.com@lists.certicom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The off-line discussion about how to reference X.509 (2000) and X.509 (2000) TC 1 has been completed. The recommendation is to go with David Hopwood's earlier text, but change the references to the ISO/ITU documents to this: [X509-4th] ITU-T Recommendation X.509(2000) | ISO/IEC 9594-8:2001, Information Technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. [X509-4th-TC1] ITU-T Recommendation X.509(2000) Corrigendum 1(2001) | ISO/IEC 9594-8:2001/Cor.1:2002, Technical Corrigendum 1 to ISO/IEC 9594:8:2001. I have included a full copy of the revised version of David's text at the end of this message. The only changes here are to include the full titles of the documents and change the reference markers from [X509-2000] to [X509-4th] and from [X509-TC1] to [X509-4th-TC1]. Basically, David had everything right in his original text. These are just minor changes to the form of the references. Why make these changes? First, it's best to include the full titles of these documents so that people can be sure they have the right document if they want to download it from ITU or ISO. Second, it's better to refer to the 4th edition of X.509 than to call it X.509 (2000), since the ISO version appeared in 2001 and this can cause confusion. The content of the ITU and ISO versions is exactly the same. Third, it's important to be clear that we mean X.509 (2000) TC 1, not X.509 (1997) TC 1. I apologize for any confusion. I guess that ISO and ITU sometimes have the same sort of last-minute corrections to specs and resulting confusion that the IETF sometimes has. Thanks for your patience, Steve Hanna ---------------- To: ietf-types@iana.org Subject: Registration of MIME media type application/pkix-pkipath MIME media type name: application MIME subtype name: pkix-pkipath Required parameters: none Optional parameters: version (default value is "1") Encoding considerations: This is the DER-encoded ASN.1 type PkiPath, which is defined in [X509-4th-TC1] as follows: PkiPath ::= SEQUENCE OF Certificate PkiPath is used to represent a certification path. Within the sequence, the order of certificates is such that the subject of the first certificate is the issuer of the second certificate, etc. All Certificates MUST conform to [PKIX] (an update to [PKIX] is in preparation, and should be followed when it is published). DER (as opposed to BER) encoding MUST be used. If this type is sent over a 7-bit transport, base64 encoding SHOULD be used. Security considerations: The security considerations of [X509-4th] and [PKIX] (or any update to it) apply, as well as those of any protocol that uses this type (e.g. TLS). Note that this type only specifies a certificate chain that can be assessed for validity according to the relying party's existing configuration of trusted CAs; it is not intended to be used to specify any change to that configuration. Interoperability considerations: No specific interoperability problems are known with this type, but for recommendations relating to X.509 certificates in general, see [PKIX]. Published specification: <draft-ietf-tls-extensions-04.txt>, [X509-4th-TC1], and [PKIX]. Applications which use this media type: TLS. It may also be used by other protocols, or for general interchange of PKIX certificate chains. Additional information: Magic number(s): DER-encoded ASN.1 can be easily recognised (further parsing is required to distinguish from other ASN.1 types) File extension(s): .pkipath Macintosh File Type Code(s): not specified Person & email address to contact for further information: Magnus Nystrom <magnus@rsasecurity.com> Intended usage: COMMON Author/Change controller: Magnus Nystrom <magnus@rsasecurity.com> References: [PKIX] R. Housley, W. Ford, W. Polk, and D. Solo, "Internet Public Key Infrastructure: Part I: X.509 Certificate and CRL Profile", IETF RFC 2459, January 1999. [X509-4th] ITU-T Recommendation X.509(2000) | ISO/IEC 9594-8:2001, Information Technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. [X509-4th-TC1] ITU-T Recommendation X.509(2000) Corrigendum 1(2001) | ISO/IEC 9594-8:2001/Cor.1:2002, Technical Corrigendum 1 to ISO/IEC 9594:8:2001. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3MF3WJ16340 for ietf-pkix-bks; Mon, 22 Apr 2002 08:03:32 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3MF3Ua16336 for <ietf-pkix@imc.org>; Mon, 22 Apr 2002 08:03:30 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA03573; Mon, 22 Apr 2002 17:03:26 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Mon, 22 Apr 2002 17:03:26 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA22987; Mon, 22 Apr 2002 17:03:24 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA11165; Mon, 22 Apr 2002 17:03:24 +0200 (MET DST) Date: Mon, 22 Apr 2002 17:03:24 +0200 (MET DST) Message-Id: <200204221503.RAA11165@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, turners@ieca.com Subject: Re: roadmap Cc: awa1@comcast.net, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Peter, > > I'll make the changes noted below. Good. > > To put the "is SCVP THE protocol" issue to bed. Can we say that that was the plan > before we heard that "OCSPv2 will not be pushed to informational and hence we are not in > the situation to have a defined set of requirements that enables selection of one from > among potentially several technical approaches." (words from Mike Myers)? Somehow everybody seems to have forgotten DVCS as a potential protocol for "DPV". Thus, it is not just a question of whether OCSP v2 being alive or not. There may have been 'a plan' by some people, but 'the plan' agreed by the WG? It seems that Mike also had complained about the document being somewhat misleading. The second issue is that DVCS was not mentioned in the history concerning this 'problem space of certificate validation'. The text below tries to remedy this describing the three existing protocol specifications that address more or less different aspects. The definitions of the protocols is necessarily incomplete since only the overlapping parts are outlined. > In order to more correctly reflect history I propose on page 7: > > > protocol. [OCSP] was developed to address concerns that not all > relying parties want to go through the process checking CRLs from > every CA in the certification path. It defines an on-line mechanism > to determine the status of a given certificate, which may provide > more timely revocation information than is possible with CRLs. > > [DVCS] also contains a service to determine the validity of > public key certificate using a TTP permitting to present the result > of the verification as evidence in a non repudiation context. > > Another approach allowing relying parties to off-load all of > their certification verification to another entity is with the > Simple Certification Verification Protocol (SCVP), for which a > draft exists [SCVP]. Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3MDmrq12707 for ietf-pkix-bks; Mon, 22 Apr 2002 06:48:53 -0700 (PDT) Received: from tweety (pool-151-200-26-46.res.east.verizon.net [151.200.26.46]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3MDmoa12703 for <ietf-pkix@imc.org>; Mon, 22 Apr 2002 06:48:50 -0700 (PDT) Received: from [192.168.0.12] by tweety (ArGoSoft Mail Server, Version 1.61 (1.6.1.9)); Mon, 22 Apr 2002 09:47:21 -0400 Message-ID: <3CC41463.99380047@ieca.com> Date: Mon, 22 Apr 2002 09:47:15 -0400 From: "Sean P. Turner" <turners@ieca.com> Organization: IECA, Inc. X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: awa1@comcast.net, PKIX <ietf-pkix@imc.org> Subject: Re: roadmap References: <200204221019.MAA11086@emeriau.edelweb.fr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I'll make the changes noted below. To put the "is SCVP THE protocol" issue to bed. Can we say that that was the plan before we heard that "OCSPv2 will not be pushed to informational and hence we are not in the situation to have a defined set of requirements that enables selection of one from among potentially several technical approaches." (words from Mike Myers)? spt Peter Sylvester wrote: > >> > > Peter, > > > > (Sorry for the delay in responding. I work for a fairly small company, > > and when the boss wants the next version of the product shipped, he's not > > overly fond of hearing things like "but I gotta keep up on PKIX stuff.) > Thanks for the fast answer. I am well aware of such a situation > of highly volunteer work. (which just happened to change for me since > the beginning of April). :-) > > > > > AWA: That was put in there after the London meeting last August. At that > > time Michael Myers, the "leader" of the OCSP faction, indicated that his > > approach to solving the DPV/DPD - SCVP vs. OCSP battles was to let SCVP > > continue along the standards track, and make the next OCSP version (that > > handled the full DPD/DPV functions) go to experimental status. (This would > > be similar to the PKIX vs SPKI situation.) So, it seemed like SCVP had > > "won". Since then, however, the WG has dropped back to going through the > > entire DPD/DPV requirements discussions; AND Michael has been told (by Steve > > Bellovin) that the IESG will not support pushing OCSPv2 to experimental with > > SCVP being standards track. I guess you're right; this makes the London > > "conclusions" no longer valid and the wording will have to be changed. > > Ok. Just to inform you, as far as I remember there has not been any discussion > in London about *the* protocol. I was there and would have certainly made a comment. > of course, there might have been the usual 'corridor' and 'bar' meetings. :-) > > > > > > > ? specified time. Both [DVCS] and [TSP] use [CMS] as an encapsulating > > > ? (though in [TSP] request for a time stamp are not required to use > > > ? [CMS]). > > > > > > encapsulating what? > > > > > > > AWA: Oops - editing error. That should say "... as an encapsulating > > protocol ..." (or maybe encapsulating mechanism, if you don't consider CMS > > to be a full protocol). > > Indeed, I consider CMS as a 'document format', but that was not > really the point: There is one word missing, 'mechanism' would be fine. > But my proposal 'unfolds' the combined statement into > two independant sentences concenrning the two "protocols" and > clarifies one (because in DVCS everything is optional). > > > > Both [DVCS] and [TSP] define CMS contenttypes to transport protocol > > > information. [TSP] optionally uses CMS SignedData and an encapsulatin > > > security envelope as an option for the requests, and mandatory for > > > the resulting tokens. [DVCS] allow the optional usage of CMS security > > > envelopes permitting to authenticate requests and responses. > > > > > > > I have the feeling that something is wrong in the following: > > > > > > - PKC holders that are issued certificates and can sign digital > > > documents and encrypt documents; > > > > > > - Clients that validate digital signatures and their certification > > > paths from a known public key of a trusted CA; > > Here some idea to clarify: feel free to change this. > > PKC holders are issued certificates and can sign > digital documents and decrypt documents using private keys. > > Clients that validate digital signatures and their certification > paths from a known public key of a trusted CA and that encrypt > document using public key from certificates of PKC holders. > (or should one call them 'relying parties'). > > Regards and thanks again for the response. > > Peter Received: by above.proper.com (8.11.6/8.11.3) id g3L4URI26495 for ietf-pkix-bks; Sat, 20 Apr 2002 21:30:27 -0700 (PDT) Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3L4UG326487 for <ietf-pkix@imc.org>; Sat, 20 Apr 2002 21:30:25 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g3L4U8uc020816; Sun, 21 Apr 2002 16:30:08 +1200 Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id QAA71658; Sun, 21 Apr 2002 16:30:02 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Sun, 21 Apr 2002 16:30:02 +1200 (NZST) Message-ID: <200204210430.QAA71658@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: pgut001@cs.auckland.ac.nz, rhousley@rsasecurity.com Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Cc: Olle.Mulmo@smarttrust.com, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Housley, Russ" <rhousley@rsasecurity.com> writes: >At 03:30 PM 4/19/2002 +1200, Peter Gutmann wrote: >>"Housley, Russ" <rhousley@rsasecurity.com> writes: >> >>>What maximum size do you suggest? >> >>I would say 320x200 *minimum*, for the MPEGs :-). > >We have not allowed MPEGs, just static images in JPEG or GIF format. Actually that was a dual-purpose comment, firstly to reference Bob Jueneman's joke about putting MPEGs in the DN, and secondly to point out that setting arbitrary limits on image sizes is probably pointless given that companies are going to use whatever size and format they feel like, no matter what the spec says. Can you imagine KPMGCoopersPriceLybrandWaterhouseAnderson distributing a single cert without the Official Corporate Logo(tm) with Official Corporate Animation(tm) and Official Corporate Song(tm) playing in the background?. You only need to look at the cert policy text size limit set in RFC 2459 as an example. I used to check the size limit given in the RFC, but after finding the first dozen or so CAs who went way over the limit (some texts were five times the size allowed by the RFC) I changed my code to use 5x the max size as the upper limit. After still getting complaints that certs were being rejected, I removed the check altogether, since no-one seems to pay any attention to the size limits. So I think that while a comment that N x M is a good upper limit would be useful, you'd have to accept that it's going to be ignored by anyone who feels their Corporate Image would be slighted by such a constraint (or, more likely, who doesn't bother to read RFCs). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3K9DZ504642 for ietf-pkix-bks; Sat, 20 Apr 2002 02:13:35 -0700 (PDT) Received: from smtp3.arnet.com.ar (smtp3.arnet.com.ar [200.45.191.14]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3K9DVb04637 for <ietf-pkix@imc.org>; Sat, 20 Apr 2002 02:13:33 -0700 (PDT) Received: (qmail 27129 invoked from network); 20 Apr 2002 09:12:42 -0000 Received: from unknown (HELO mail2.arnet.com.ar) (200.45.0.5) by smtp3.arnet.com.ar with SMTP; 20 Apr 2002 09:12:42 -0000 Received: from mail pickup service by mail2.arnet.com.ar with Microsoft SMTPSVC; Sat, 20 Apr 2002 06:10:02 -0300 Received: from mx1.arnet.com.ar ([200.45.0.2]) by mail2.arnet.com.ar with Microsoft SMTPSVC(5.5.1877.677.67); Thu, 18 Apr 2002 11:20:54 -0300 Received: from smtp-mx-02.ti.local ([200.45.48.21]) by mx1.arnet.com.ar with Microsoft SMTPSVC(5.5.1877.357.35); Thu, 18 Apr 2002 11:20:59 -0300 Received: from loki.ietf.org ([132.151.1.177]) by smtp-mx-02.ti.local with Microsoft SMTPSVC(5.0.2195.4905); Thu, 18 Apr 2002 11:15:51 -0300 Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id KAA20363 for ietf-123-outbound.01@ietf.org; Thu, 18 Apr 2002 10:15:01 -0400 (EDT) Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id IAA19171 for <all-ietf@loki.ietf.org>; Thu, 18 Apr 2002 08:01:01 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA02041; Thu, 18 Apr 2002 08:00:56 -0400 (EDT) Message-Id: <200204181200.IAA02041@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-new-part1-asn1-00.txt Date: Thu, 18 Apr 2002 08:00:56 -0400 X-OriginalArrivalTime: 18 Apr 2002 14:15:56.0281 (UTC) FILETIME=[8E525690:01C1E6E3] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Update for Appendix A in draft-ietf-pkix-new-part1-12.txt Author(s) : R. Housley, W. Polk Filename : draft-ietf-pkix-new-part1-asn1-00.txt Pages : 24 Date : 17-Apr-02 As all members of the PKIX Working Group know, draft-ietf-pkix-new- part1-12.txt is with the RFC Editor. However, an error in the ASN.1 modules was discovered. The authors are working with the RFC Editor to ensure that the corrected ASN.1 modules are included in the final text, and we are publishing this Internet-Draft to distribute the corrected ASN.1 modules as quickly as possible. This Internet-Draft contains only the updated Appendix. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-asn1-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-new-part1-asn1-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-new-part1-asn1-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020417151739.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-new-part1-asn1-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-new-part1-asn1-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020417151739.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.6/8.11.3) id g3JMMHw22690 for ietf-pkix-bks; Fri, 19 Apr 2002 15:22:17 -0700 (PDT) Received: from smtp-1.llnl.gov (smtp-1.llnl.gov [128.115.250.81]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JMMGb22686 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 15:22:16 -0700 (PDT) Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-1.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id PAA16058; Fri, 19 Apr 2002 15:22:14 -0700 (PDT) Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id PAA13505; Fri, 19 Apr 2002 15:22:13 -0700 (PDT) Message-Id: <4.3.2.7.2.20020419153148.00b836a0@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 19 Apr 2002 15:33:49 -0800 To: "Housley, Russ" <rhousley@rsasecurity.com>, pgut001@cs.auckland.ac.nz From: Tony Bartoletti <azb@llnl.gov> Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Cc: Olle.Mulmo@smarttrust.com, ietf-pkix@imc.org In-Reply-To: <5.1.0.14.2.20020419145428.0358b018@exna07.securitydynamics .com> References: <200204190330.PAA45483@ruru.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> What about audible (wav,midi) logotypes for the sight-impaired? ____tony____ At 02:55 PM 4/19/02 -0400, Housley, Russ wrote: >Peter: > >We have not allowed MPEGs, just static images in JPEG or GIF format. > >Russ > >At 03:30 PM 4/19/2002 +1200, Peter Gutmann wrote: >>"Housley, Russ" <rhousley@rsasecurity.com> writes: >> >> >What maximum size do you suggest? >> >>I would say 320x200 *minimum*, for the MPEGs :-). >> >>Peter. Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3JLbGb21146 for ietf-pkix-bks; Fri, 19 Apr 2002 14:37:16 -0700 (PDT) Received: from dymwsm13.mailwatch.com (dymwsm13.mailwatch.com [204.253.83.37]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JLbFb21142 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 14:37:15 -0700 (PDT) Received: from MWSC0208.MW4.MAILWATCH.COM (mwsc0208.mw4.mailwatch.com [204.253.83.244]) by dymwsm13.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3JLaw001900 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 17:36:58 -0400 Received: from mail pickup service by MWSC0208.MW4.MAILWATCH.COM with Microsoft SMTPSVC; Fri, 19 Apr 2002 17:36:57 -0400 Received: from 204.253.83.26 ([204.253.83.26]) by MWSC0208 with SMTP id 0002000878da9616-18a3-4a8a-bd88-85cc6bbf515d; Fri, 19 Apr 2002 17:36:57 -0500 Received: from bigbird.entegrity.com (bigbird.gradient.com [192.92.110.50]) by dymwsm11.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3JLavh07628; Fri, 19 Apr 2002 17:36:57 -0400 Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <JC4CCTPB>; Fri, 19 Apr 2002 17:33:37 -0400 Message-ID: <899128A30EEDD1118FC900A0C9C74A3401033FFD@bigbird.gradient.com> From: Hal Lockhart <hal.lockhart@entegrity.com> To: "'Housley, Russ'" <rhousley@rsasecurity.com>, pgut001@cs.auckland.ac.nz Cc: Olle.Mulmo@smarttrust.com, ietf-pkix@imc.org Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Date: Fri, 19 Apr 2002 17:33:29 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1E7E9.DCDE3692" HOP-COUNT: 1 X-MAILWATCH-INSTANCEID: 0102000878da9616-18a3-4a8a-bd88-85cc6bbf515d X-OriginalArrivalTime: 19 Apr 2002 21:36:57.0849 (UTC) FILETIME=[550EEE90:01C1E7EA] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1E7E9.DCDE3692 Content-Type: text/plain; charset="ISO-8859-1" This is a reference to a historic joke made by Bob Juneneman. See: http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt Hal > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Friday, April 19, 2002 2:55 PM > To: pgut001@cs.auckland.ac.nz > Cc: Olle.Mulmo@smarttrust.com; ietf-pkix@imc.org > Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt > > > > Peter: > > We have not allowed MPEGs, just static images in JPEG or GIF format. > > Russ > > At 03:30 PM 4/19/2002 +1200, Peter Gutmann wrote: > >"Housley, Russ" <rhousley@rsasecurity.com> writes: > > > > >What maximum size do you suggest? > > > >I would say 320x200 *minimum*, for the MPEGs :-). > > > >Peter. > ------_=_NextPart_001_01C1E7E9.DCDE3692 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DISO-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2448.0"> <TITLE>RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>This is a reference to a historic joke made by Bob = Juneneman. </FONT> </P> <P><FONT SIZE=3D2>See: <A = HREF=3D"http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt" = TARGET=3D"_blank">http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.t= xt</A></FONT> </P> <P><FONT SIZE=3D2>Hal</FONT> </P> <P><FONT SIZE=3D2>> -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> From: Housley, Russ [<A = HREF=3D"mailto:rhousley@rsasecurity.com">mailto:rhousley@rsasecurity.com= </A>]</FONT> <BR><FONT SIZE=3D2>> Sent: Friday, April 19, 2002 2:55 PM</FONT> <BR><FONT SIZE=3D2>> To: pgut001@cs.auckland.ac.nz</FONT> <BR><FONT SIZE=3D2>> Cc: Olle.Mulmo@smarttrust.com; = ietf-pkix@imc.org</FONT> <BR><FONT SIZE=3D2>> Subject: RE: I-D = ACTION:draft-ietf-pkix-logotypes-02.txt</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Peter:</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> We have not allowed MPEGs, just static images = in JPEG or GIF format.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Russ</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> At 03:30 PM 4/19/2002 +1200, Peter Gutmann = wrote:</FONT> <BR><FONT SIZE=3D2>> >"Housley, Russ" = <rhousley@rsasecurity.com> writes:</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> > >What maximum size do you = suggest?</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> >I would say 320x200 *minimum*, for the = MPEGs :-).</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> >Peter.</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1E7E9.DCDE3692-- Received: by above.proper.com (8.11.6/8.11.3) id g3JItET10764 for ietf-pkix-bks; Fri, 19 Apr 2002 11:55:14 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3JItCb10757 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 11:55:12 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 19 Apr 2002 18:54:02 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id OAA05535; Fri, 19 Apr 2002 14:53:50 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3JItHG23047; Fri, 19 Apr 2002 14:55:17 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX14T4B>; Fri, 19 Apr 2002 14:52:47 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.179]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX14TT8; Fri, 19 Apr 2002 14:52:42 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: pgut001@cs.auckland.ac.nz Cc: Olle.Mulmo@smarttrust.com, ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020419145428.0358b018@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 19 Apr 2002 14:55:02 -0400 Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt In-Reply-To: <200204190330.PAA45483@ruru.cs.auckland.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: We have not allowed MPEGs, just static images in JPEG or GIF format. Russ At 03:30 PM 4/19/2002 +1200, Peter Gutmann wrote: >"Housley, Russ" <rhousley@rsasecurity.com> writes: > > >What maximum size do you suggest? > >I would say 320x200 *minimum*, for the MPEGs :-). > >Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3JHafP07631 for ietf-pkix-bks; Fri, 19 Apr 2002 10:36:41 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JHaab07625 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 10:36:36 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA23696; Fri, 19 Apr 2002 19:36:27 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 19 Apr 2002 19:36:27 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA15434; Fri, 19 Apr 2002 19:36:22 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA10168; Fri, 19 Apr 2002 19:36:21 +0200 (MET DST) Date: Fri, 19 Apr 2002 19:36:21 +0200 (MET DST) Message-Id: <200204191736.TAA10168@emeriau.edelweb.fr> To: aarsenault@dvnet.com, turners@ieca.com Subject: roadmap Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Since I have not had a response from the editors of the roadmap, I'll repeat some questions thta I have with the raodmap, propose some textual changes, and some small nit-picking. I wonder which writing of Als name is correct. PKIX Working Group A. Aresenault OCSP and CMP are mentioned as 'draft standard', I guess this should be 'proposed standard' In order to more correctly reflect history I propose on page 7: protocol. [OCSP] was developed to address concerns that not all relying parties want to go through the process checking CRLs from every CA in the certification path. It defines an on-line mechanism to determine the status of a given certificate, which may provide more timely revocation information than is possible with CRLs. [DVCS] also contains a service to determine the validity of public key certificate using a TTP permitting to present the result of the verification as evidence in a non repudiation context. Another approach allowing relying parties to off-load all of their certification verification to another entity is the Simple Certification Verification Protocol (SCVP), for which a draft exist actually [SCVP]. I repeat my question to give a reference indicating where SCVP has been selected as "THE" protocol. ? After considerable debate, ? the WG selected SCVP as the PKIX protocol for delegated path ? validation and delegated path discovery. A requirements document has ? been developed, and is currently under WG review. [DPREQ] Upon ? completion of [DPREQ], the SCVP protocol will be completed. ? specified time. Both [DVCS] and [TSP] use [CMS] as an encapsulating ? (though in [TSP] request for a time stamp are not required to use ? [CMS]). encapsulating what? Both [DVCS] and [TSP] define CMS contenttypes to transport protocol information. [TSP] optionally uses CMS SignedData and an encapsulatin security envelope as an option for the requests, and mandatory for the resulting tokens. [DVCS] allow the optional usage of CMS security envelopes permitting to authenticate requests and responses. A draft for extending trust in tokens in time was developed to use [DCVS] to maintain the trust in a token issued by a non- DVCS repudiation Trusted Third Party (NR TTP) after the key initially used to establish trust in the token expires; however, this draft has expired. The [TRNRS] draft was developed to describe those features of a service which processes signed documents that must be present in order for that service to constitute a "technical non- repudiation" service. I have the feeling that something is wrong in the following: - PKC holders that are issued certificates and can sign digital documents and encrypt documents; - Clients that validate digital signatures and their certification paths from a known public key of a trusted CA; Is an OCSP or DPV service part of a PKI? In a previous mail I have proposed an updated descrition of DVCS reflecting the actual status of RFC 3029. DESCRIPTION: This specification builds on the Online Certificate Status Protocol (OSCP) framework's extensibility by defining an OCSP "The lifetime of the object being singed." signed. In the acknowledge list there is "Ed Greck', it should be 'Ed Gerck' as far as I remember. Very interesting alphabetic order :-) please use ASCII characters instead of "ö" several occurences in the References list. some examples: [TECHNR] Gindin, T., ôInternet X.509 Public Key Infrastructure Technical Requirements for a non-Repudiation Service,ö <draft-ietf- pkix-technr-01.txt>, July 2000. [TPCMP] Kapoor , A., Tschal, R., ôTransport Protocols for CMP,ö Received: by above.proper.com (8.11.6/8.11.3) id g3JFghG28319 for ietf-pkix-bks; Fri, 19 Apr 2002 08:42:43 -0700 (PDT) Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JFggb28315 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 08:42:42 -0700 (PDT) Received: from [128.89.89.113] (dhcp089-113.bbn.com [128.89.89.113]) by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id LAA11325; Fri, 19 Apr 2002 11:42:35 -0400 (EDT) Mime-Version: 1.0 X-Sender: karen.seo@po1.bbn.com Message-Id: <p05001932b8e5ed01657e@[128.89.89.113]> Date: Fri, 19 Apr 2002 11:52:27 -0400 To: <ietf-pkix@imc.org> From: Karen Seo <kseo@bbn.com> Subject: Re: draft-ietf-pkix-x509-ipaddr-as-extn-00.txt Cc: clynn@bbn.com, kseo@bbn.com Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Paul Hoffman just added me to the pkix mailing list so that I could cc: this to you... > >From owner-ietf-pkix Fri Apr 19 07:02:12 2002 >Received: from gto-mailer1.bbn.com (cam-mailer1.bbn.com [128.33.0.36]) > by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JE2Bb23080 > for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 07:02:11 -0700 (PDT) >Received: from [128.89.89.113] (dhcp089-113.bbn.com [128.89.89.113]) > by gto-mailer1.bbn.com (8.9.3+Sun/8.9.3) with ESMTP id KAA10777; > Fri, 19 Apr 2002 10:01:24 -0400 (EDT) >Mime-Version: 1.0 >X-Sender: karen.seo@po1.bbn.com >Message-Id: <p0500192cb8e5d5c6f039@[128.89.89.113]> >Date: Fri, 19 Apr 2002 10:11:16 -0400 >To: "Sanjaya" <sanjaya@apnic.net> >From: Karen Seo <kseo@bbn.com> >Subject: Re: draft-ietf-pkix-x509-ipaddr-as-extn-00.txt >Cc: <ietf-pkix@imc.org>, clynn@bbn.com, kseo@bbn.com >Content-Type: text/plain; charset="us-ascii" ; format="flowed" > >Hello Sanjaya, > >Please accept my apologies for taking so long to reply. Steve >forwarded this to me and first I missed it, then I was sidelined by a >rush proposal... > >>I'd like to make 2 comments on this draft: >> >>1. The term 'ownership of address space' is not used in RIR community. >> It implies that the address space is permanently given to somebody, >>while >> in fact it is only temporarily allocated/assigned while the user still >>has >> a relation with the registry (contract with an ISP or a membership with >>RIR). >> Could we replace it with 'delegated to', 'allocated to', or 'assigned >>to'? >> Also 'stewardship' is probably better than 'ownership' (it implies >>responsibility >> as well). > > Good point. We'll revise the document to reflect this. > >>2. The use of attribute certificate (AC) for this purpose is also >>appropriate. >> We can just add an attribute certificate whenever a new allocation is >> made, rather than revoking the PKC and create a new one with >> the new allocation added in the extension. >> However, for practical purpose (speed of authentication and authori- >> sation, for example), it make sense to attach the extension in an PKC. >> With this consideration, I propose that we add a profile of an AC as >>part >> of this draft to ensure consistency in both approach, and to allow >>flexibility >> in the implementation. > > We are considering this. One question that arises is where > to put the IP address and AS number information -- in an > "extension" or as "attributes"? If the latter, what would > we do about the "critical" field? What are your thoughts > on this matter? > >Thank you, Karen Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3JEOHp24092 for ietf-pkix-bks; Fri, 19 Apr 2002 07:24:17 -0700 (PDT) Received: from mail.utfors.se (mail.utfors.se [195.58.103.125]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JEOFb24086 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 07:24:16 -0700 (PDT) Received: from arport ([62.119.75.13]) by mail.utfors.se (8.8.8/8.8.8) with SMTP id QAA01819; Fri, 19 Apr 2002 16:23:18 +0200 (MET DST) Message-ID: <079801c1e7b5$ca4cc450$0500a8c0@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: <povey@wedgetail.com>, "Housley, Russ" <rhousley@rsasecurity.com>, "Stefan Santesson" <stefan@addtrust.com> Cc: "Olle Mulmo" <Olle.Mulmo@smarttrust.com>, <ietf-pkix@imc.org> References: <Your message of "Thu, 18 Apr 2002 15:57:39 -0400." <5.1.0.14.2.20020418154837.02093058@exna07.securitydynamics.com> <5.1.0.14.2.20020419144147.0366f950@mail.addtrust.com> Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Date: Fri, 19 Apr 2002 17:20:45 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stefan, During the 3039 process I suggested using mime-tags instead of inventing new schemes. http://www.imc.org/ietf-pkix/old-archive-99/msg00462.html It seems that the idea has popped up again. Then you may use PNG, AVI whatever. If 3039 is to be revised I would look over this as well. Anders ----- Original Message ----- From: "Stefan Santesson" <stefan@addtrust.com> To: <povey@wedgetail.com>; "Housley, Russ" <rhousley@rsasecurity.com> Cc: "Olle Mulmo" <Olle.Mulmo@smarttrust.com>; <ietf-pkix@imc.org> Sent: Friday, April 19, 2002 14:48 Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Thank you for many useful comments, Just one quick remark for now: The logos are not intended for subjects (i.e. photos). They are intended exclusively for organizational and service branding logos. An image of the subject (photo) can be attached and certified in the cert by using the biometric info extension defined in RFC 3039. The image sizes suggested in the draft was not proposed out of science. It was an initial input to start the discussion. /Stefan At 10:59 2002-04-19 +1000, povey@wedgetail.com wrote: > >Recall that there are two uses of the logos. One use aids in the selection > >of your own certificate from a portfolio. In this case, I envision the logo > >being used as an icon to select a particular certificate. The other use > >provides a logo along with other information about a valid > >certificate. For example, the logo might be displayed along with other > >information for a Web server. In neither case should the logo dominate the > >display. > > > >What maximum size do you suggest? > >Yes but you don't describe the other use which is to aid identification of >the subject. In this case 150x50 may well be insufficient for some uses >(i.e identification of humans). There doesn't seem to be any good reason to >limit the size of the external image. For the use you describe, what is >probably more important is the aspect-ratio, as the application can scale >the image to any size. Also the recommend for a black border seems to be >unnecessary (is there a good reason for this?). Lastly >150x50 (I am assuming this is XxY) seems like a pretty odd aspect-ratio to >pick. I would of thought 100x100 made more sense. A recommended size/ >aspect-ratio for logos with a SHOULD here seems more appropriate. > >Also I would prefer to see a statement in the draft to say "Applications >SHOULD NOT use the embedded version unless offline processing of the >certificate is required". Adding an embedded image will roughly double >the size of the cert, so we want to make sure implementers think carefully >before they do it. The draft should be worded to encourage the use of >external images, and discourage the use of embedded images. > >Also I think the fields highRes and lowRes should be called externalImage and >embeddedImage for this reason. > >Minor nit: In section 3, cashing -> caching > > >>Also, IMHO it would be better to identify GIF & JPEG pictures by their > >>corresponding MIME types than to invent your own way of doing this. Also, > >>if I read it all correctly, you actually require the that the referenced > >>logotype file must have an uppercase suffix? > > > >We should update the file suffix part to indicate that either case is > >acceptable. > > > >We do not want to point to a MIME encoded object. Rather we want to point > >to the GIF or JPEG binary object. In this manner, one could use the same > >file for many different purposes, including display on the organization's > >web page. This size seems appropriate for a logo in a header. > > > >I think what Olle was trying to say was that rather than use the file >extension to identify the image, we should be using the mime type (i.e. >"image/gif", "image/jpeg" instead of GIF, JPG, JPEG). I think this is a >good idea as it means that the images are identified by a managed >identifier. Otherwise how do we define new image formats? All this >requires is changing imageFileExtn to imageMimeType and some words to that >effect. > >Note that this means the reference to the external image should also >contain this mime type. This has the benefit of being an explicit >statement about the image format, rather than an implicit interpretation >of the file extension. Text also should be added to say that the >application should make sure that the retrieved image matches the expected >image format. It is quite easy for a browser to tell you the file with >the extension JPG has the mime type image/gif. Yet another reason to >explicitly use the mime type. > >It may be worth adding a statement to security considerations about why it >is important to include the image format in the certificate (either by mime >type or file extension). The reason is that if the image format is not part >of the signature it may be possible for an attacker to coerce the user into >viewing the image in a different image format (but with the same binary >image). You can conceive that it would possible (but of course difficult) >to construct an image that would view differently in two different image >formats (especially with the various extension and options in image formats >these days) and trick the CA into signing one of them. > >Also note that the specification MANDATES the support of GIF which is >covered by a Unisys patent. I don't think this will fly in the IETF. >At the very least a patent statement is required. A patent free >alternative is PNG which is widely supported. > >Because both JPEG and GIF are allowed for the embedded image maybe wording >should be added to the effect that "an application SHOULD use which ever >image format is smaller"). (GIF is often smaller for simple images with >not many colors, whereas JPEG usually does better on photo type images with >lots of colors). > >Lastly, I think a good restriction to add would be that the images should be >static (i.e. not use any of the animated extensions). >-- >Dean Povey, |em: povey@wedgetail.com | JCSI: Java security >toolkit >Senior S/W Developer |ph: +61 7 3023 5139 | uPKI: Embedded/C PKI >toolkit >Wedgetail Communications |fax: +61 7 3864 1282 | uSSL: Embedded/C SSL >toolkit >Brisbane, Australia |www: www.wedgetail.com | XML Security: XML >Signatures Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3JDuGV22261 for ietf-pkix-bks; Fri, 19 Apr 2002 06:56:16 -0700 (PDT) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JDu4b22241 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 06:56:05 -0700 (PDT) Received: from st25 (st25.ncsl.nist.gov [129.6.54.67]) by email.nist.gov (8.12.2/8.12.2) with ESMTP id g3JDtvvV027846; Fri, 19 Apr 2002 09:55:57 -0400 (EDT) Message-Id: <4.2.0.58.20020419093703.01c55b80@email.nist.gov> X-Sender: wpolk@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 19 Apr 2002 09:54:02 -0400 To: jis@mit.edu, smb@research.att.com From: Tim Polk <tim.polk@nist.gov> Subject: Request for IESG consideration: CP/CPS Framework Cc: kent@bbn.com, ietf-pkix@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Jeff & Steve, The PKIX working group has achieved rough consensus and completed WG Last Call for http://www.ietf.org/internet-drafts/draft-ietf-pkix-ipki-new-rfc2527-01.txt, "Internet X.509 Public Key Infrastructure Certificate Policy and ertification Practices Framework". Please consider this specification for submission to the IESG for advancement to RFC status. This specification is an update to, and obsoletes, the current Informational Standard RFC 2527 (which has the same name). As with the specification it obsoletes, we believe that informational track would be appropriate for this specification. Thanks, Tim Polk Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3JDRLA19269 for ietf-pkix-bks; Fri, 19 Apr 2002 06:27:21 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JDRJb19262 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 06:27:19 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id PAA22157 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 15:27:18 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Fri, 19 Apr 2002 15:27:18 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id PAA14576 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 15:27:17 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id PAA10070 for ietf-pkix@imc.org; Fri, 19 Apr 2002 15:27:17 +0200 (MET DST) Date: Fri, 19 Apr 2002 15:27:17 +0200 (MET DST) Message-Id: <200204191327.PAA10070@emeriau.edelweb.fr> To: ietf-pkix@imc.org Subject: Re: <draft-ietf-pkix-dpv-dpd-req-04.txt> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Here some proposals for a text change. > > The client can request that the server determine the certificate > validity at a time other than the current time. The DPV server MUST > obtain revocation status information for the validation time > in the client request. > In order to obtain the revocation status information of any > certificate from the certification path, the DPV server might use, in > accordance with the validation policy, different sources of revocation > information, e.g. a combination of OCSP responses, CRLs, or delta-CRLs. > If the revocation status information for the requested validation time > is unavailable, then the DPV server MUST return a status indicating > that the certificate is invalid. replace by: The DPV server MUST produce certificate status information for the validation time in the client request. In order to do this, the server might use, in accordance with the validation policy, different sources of external information concerning revocation information, e.g., a combination of OCSP responses, CRLs, or delta-CRLs, or other status information from other DPV servers. If the certificate status information for the requested validation time is cannot be created, then the DPV server MUST return a status indicating that the certificate is invalid. > > The DPV client MUST be able to provide to the validation server, > associated with each certificate to be validated, "useful > certificates", as well as "useful revocation information". Revocation > information includes OCSP responses, CRLs, and delta-CRLs. replace by: The DPV client MUST be able to provide to the validation server, associated with each certificate to be validated, "useful certificates", as well as "useful information" e.g., revocation information of OCSP responses, CRLs, and delta-CRLs, or status information from other DPV servers. > The DPV response MUST be bound to the DPV request. This can be > accomplished by repeating the important components from the request in > the response or by including a one-way hash of the request in the > response. add: In some environments it may be necessary to present only a response to another relying party without the corresponding request. In this case the response MUST be sufficient self contained. > > For the client to be able prove to a third party that trusts the > same DPV server that the certificate validation was handled correctly, > the DPV response MUST be digitally signed, unless an error is reported > (e.g. a badly formatted request, etc.). The certificate from the DPV > server SHALL be used to identify the DPV server. Replace 'identify' with 'authenticate'. > another DPV server. Unlike the original client, the DPV server is > expected to have moderate computing and memory resources, enabling the sufficient ??? ----- End Included Message ----- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3JCnNB17934 for ietf-pkix-bks; Fri, 19 Apr 2002 05:49:23 -0700 (PDT) Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JCnHb17927 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 05:49:21 -0700 (PDT) Received: from stsIBMT20.addtrust.com ([192.168.101.122]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Fri, 19 Apr 2002 14:48:48 +0200 Message-Id: <5.1.0.14.2.20020419144147.0366f950@mail.addtrust.com> X-Sender: sts@mail.addtrust.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 19 Apr 2002 14:48:47 +0200 To: povey@wedgetail.com, "Housley, Russ" <rhousley@rsasecurity.com> From: Stefan Santesson <stefan@addtrust.com> Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Cc: Olle Mulmo <Olle.Mulmo@smarttrust.com>, ietf-pkix@imc.org In-Reply-To: <200204190059.g3J0xl5a022714@osprey.wedgetail.com> References: <Your message of "Thu, 18 Apr 2002 15:57:39 -0400." <5.1.0.14.2.20020418154837.02093058@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-OriginalArrivalTime: 19 Apr 2002 12:48:48.0565 (UTC) FILETIME=[8CC5EE50:01C1E7A0] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Thank you for many useful comments, Just one quick remark for now: The logos are not intended for subjects (i.e. photos). They are intended exclusively for organizational and service branding logos. An image of the subject (photo) can be attached and certified in the cert by using the biometric info extension defined in RFC 3039. The image sizes suggested in the draft was not proposed out of science. It was an initial input to start the discussion. /Stefan At 10:59 2002-04-19 +1000, povey@wedgetail.com wrote: > >Recall that there are two uses of the logos. One use aids in the selection > >of your own certificate from a portfolio. In this case, I envision the logo > >being used as an icon to select a particular certificate. The other use > >provides a logo along with other information about a valid > >certificate. For example, the logo might be displayed along with other > >information for a Web server. In neither case should the logo dominate the > >display. > > > >What maximum size do you suggest? > >Yes but you don't describe the other use which is to aid identification of >the subject. In this case 150x50 may well be insufficient for some uses >(i.e identification of humans). There doesn't seem to be any good reason to >limit the size of the external image. For the use you describe, what is >probably more important is the aspect-ratio, as the application can scale >the image to any size. Also the recommend for a black border seems to be >unnecessary (is there a good reason for this?). Lastly >150x50 (I am assuming this is XxY) seems like a pretty odd aspect-ratio to >pick. I would of thought 100x100 made more sense. A recommended size/ >aspect-ratio for logos with a SHOULD here seems more appropriate. > >Also I would prefer to see a statement in the draft to say "Applications >SHOULD NOT use the embedded version unless offline processing of the >certificate is required". Adding an embedded image will roughly double >the size of the cert, so we want to make sure implementers think carefully >before they do it. The draft should be worded to encourage the use of >external images, and discourage the use of embedded images. > >Also I think the fields highRes and lowRes should be called externalImage and >embeddedImage for this reason. > >Minor nit: In section 3, cashing -> caching > > >>Also, IMHO it would be better to identify GIF & JPEG pictures by their > >>corresponding MIME types than to invent your own way of doing this. Also, > >>if I read it all correctly, you actually require the that the referenced > >>logotype file must have an uppercase suffix? > > > >We should update the file suffix part to indicate that either case is > >acceptable. > > > >We do not want to point to a MIME encoded object. Rather we want to point > >to the GIF or JPEG binary object. In this manner, one could use the same > >file for many different purposes, including display on the organization's > >web page. This size seems appropriate for a logo in a header. > > > >I think what Olle was trying to say was that rather than use the file >extension to identify the image, we should be using the mime type (i.e. >"image/gif", "image/jpeg" instead of GIF, JPG, JPEG). I think this is a >good idea as it means that the images are identified by a managed >identifier. Otherwise how do we define new image formats? All this >requires is changing imageFileExtn to imageMimeType and some words to that >effect. > >Note that this means the reference to the external image should also >contain this mime type. This has the benefit of being an explicit >statement about the image format, rather than an implicit interpretation >of the file extension. Text also should be added to say that the >application should make sure that the retrieved image matches the expected >image format. It is quite easy for a browser to tell you the file with >the extension JPG has the mime type image/gif. Yet another reason to >explicitly use the mime type. > >It may be worth adding a statement to security considerations about why it >is important to include the image format in the certificate (either by mime >type or file extension). The reason is that if the image format is not part >of the signature it may be possible for an attacker to coerce the user into >viewing the image in a different image format (but with the same binary >image). You can conceive that it would possible (but of course difficult) >to construct an image that would view differently in two different image >formats (especially with the various extension and options in image formats >these days) and trick the CA into signing one of them. > >Also note that the specification MANDATES the support of GIF which is >covered by a Unisys patent. I don't think this will fly in the IETF. >At the very least a patent statement is required. A patent free >alternative is PNG which is widely supported. > >Because both JPEG and GIF are allowed for the embedded image maybe wording >should be added to the effect that "an application SHOULD use which ever >image format is smaller"). (GIF is often smaller for simple images with >not many colors, whereas JPEG usually does better on photo type images with >lots of colors). > >Lastly, I think a good restriction to add would be that the images should be >static (i.e. not use any of the animated extensions). >-- >Dean Povey, |em: povey@wedgetail.com | JCSI: Java security >toolkit >Senior S/W Developer |ph: +61 7 3023 5139 | uPKI: Embedded/C PKI >toolkit >Wedgetail Communications |fax: +61 7 3864 1282 | uSSL: Embedded/C SSL >toolkit >Brisbane, Australia |www: www.wedgetail.com | XML Security: XML >Signatures Received: by above.proper.com (8.11.6/8.11.3) id g3JBN7M13023 for ietf-pkix-bks; Fri, 19 Apr 2002 04:23:07 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3JBN5b13015 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 04:23:06 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA16015; Fri, 19 Apr 2002 07:23:04 -0400 (EDT) Message-Id: <200204191123.HAA16015@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-warranty-extn-00.txt Date: Fri, 19 Apr 2002 07:23:04 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Warranty Certificate Extension Author(s) : D. Linsenbardt, S. Pontius Filename : draft-ietf-pkix-warranty-extn-00.txt Pages : 7 Date : 18-Apr-02 This document describes a certificate extension to explicitly state the warranty offered by a Certificate Authority (CA) for a the certificate containing the extension. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-warranty-extn-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-warranty-extn-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-warranty-extn-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020418141028.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-warranty-extn-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-warranty-extn-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020418141028.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.6/8.11.3) id g3J3Us124200 for ietf-pkix-bks; Thu, 18 Apr 2002 20:30:54 -0700 (PDT) Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3J3Uqb24195 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 20:30:52 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g3J3Upuc006072; Fri, 19 Apr 2002 15:30:51 +1200 Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id PAA45483; Fri, 19 Apr 2002 15:30:49 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Fri, 19 Apr 2002 15:30:49 +1200 (NZST) Message-ID: <200204190330.PAA45483@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: Olle.Mulmo@smarttrust.com, rhousley@rsasecurity.com Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> "Housley, Russ" <rhousley@rsasecurity.com> writes: >What maximum size do you suggest? I would say 320x200 *minimum*, for the MPEGs :-). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3J1sEZ20434 for ietf-pkix-bks; Thu, 18 Apr 2002 18:54:14 -0700 (PDT) Received: from mailo.vtcif.telstra.com.au (mailo.vtcif.telstra.com.au [202.12.144.17]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3J1sC720430 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 18:54:12 -0700 (PDT) Received: (from uucp@localhost) by mailo.vtcif.telstra.com.au (8.8.2/8.6.9) id LAA09721 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 11:54:09 +1000 (EST) Received: from maili.vtcif.telstra.com.au(202.12.142.17) via SMTP by mailo.vtcif.telstra.com.au, id smtpdxa_1h_; Fri Apr 19 11:53:30 2002 Received: (from uucp@localhost) by maili.vtcif.telstra.com.au (8.8.2/8.6.9) id LAA03844 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 11:53:29 +1000 (EST) Received: from localhost(127.0.0.1), claiming to be "mail.cdn.telstra.com.au" via SMTP by localhost, id smtpd0xjSxj; Fri Apr 19 11:52:54 2002 Received: from ntmsg0028.corpmail.telstra.com.au (ntmsg0028.corpmail.telstra.com.au [192.168.174.24]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id LAA15649 for <ietf-pkix@imc.org>; Fri, 19 Apr 2002 11:52:53 +1000 (EST) Received: by ntmsg0028.corpmail.telstra.com.au with Internet Mail Service (5.5.2655.55) id <JGFYXZTP>; Fri, 19 Apr 2002 11:52:53 +1000 Message-ID: <73388857A695D31197EF00508B08F29806EE1594@ntmsg0131.corpmail.telstra.com.au> From: "Manger, James H" <James.H.Manger@team.telstra.com> To: ietf-pkix@imc.org Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Date: Fri, 19 Apr 2002 11:52:44 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> A referenced logo WILL be identified by a MIME-type. Dereferencing the URI will (presumably) result in something like the following (with various other header fields omitted): HTTP/1.1 200 OK Content-Length: 177 Last-Modified: Thu, 18 Sep 1997 04:22:02 GMT Content-Type: image/gif GIF89aJH&^%&^b6TB^(&... A ".gif" extension in the URL may suggest a "image/gif" MIME-type will be returned, but a web server is actually free to return any MIME-type it wants. I think browsers will (and should) process the result based on the MIME-type instead of the URI extension. So perhaps it would be better for the 'imageFileExtn' field to be 'imageContentType' and hold a MIME-type. (might you ever what to include other MIME header fields? in which case a 'imageMIMEHeaders' field might be needed instead.) There is no description of the 'logotypeHash' field. I suspect the authors intention is to hash the bytes of the *.gif (or *.jpeg) file, excluding any MIME or HTTP headers fields delivered with the image. Presumably any transfer encoding (but not Content-Encoding?) is also removed before hashing? Such a hash does not bind the content to the MIME-type. This maybe acceptable, though it might warrant a paragraph in the security considerations section. Change the 'highRes' and 'lowRes' field names to, say, 'reference' and 'embedded' (or 'indirect' and 'direct'). Which resolutions are appropriate is a matter of judgement, policy, environment or best practise -- so it should be discussed in the document, but not hard-wired into the syntax. > ---------- > From: Housley, Russ [SMTP:rhousley@rsasecurity.com] > Sent: Friday, 19 April 2002 5:58 am > > >..Also, IMHO it would be better to identify GIF & JPEG pictures by their > >corresponding MIME types than to invent your own way of doing this.. > ..We do not want to point to a MIME encoded object. Rather we want to point > to the GIF or JPEG binary object. In this manner, one could use the same > file for many different purposes, including display on the organization's > web page. This size seems appropriate for a logo in a header. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3J0xrS19428 for ietf-pkix-bks; Thu, 18 Apr 2002 17:59:53 -0700 (PDT) Received: from osprey.wedgetail.com (starling.wedgetail.com [202.83.95.124]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3J0xp719424 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 17:59:51 -0700 (PDT) Received: from wedgetail.com (coot.wedgetail.com [10.10.10.4]) by osprey.wedgetail.com (8.12.2/8.12.2) with ESMTP id g3J0xl5a022714; Fri, 19 Apr 2002 10:59:48 +1000 (EST) Message-Id: <200204190059.g3J0xl5a022714@osprey.wedgetail.com> X-Mailer: exmh exmh 2.5 (2001-07-13) with nmh-1.0.4 From: povey@wedgetail.com To: "Housley, Russ" <rhousley@rsasecurity.com> cc: Olle Mulmo <Olle.Mulmo@smarttrust.com>, ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-02.txt In-reply-to: Your message of "Thu, 18 Apr 2002 15:57:39 -0400." <5.1.0.14.2.20020418154837.02093058@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 19 Apr 2002 10:59:47 +1000 X-Scanned-By: MIMEDefang 2.6 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> >Recall that there are two uses of the logos. One use aids in the selection >of your own certificate from a portfolio. In this case, I envision the logo >being used as an icon to select a particular certificate. The other use >provides a logo along with other information about a valid >certificate. For example, the logo might be displayed along with other >information for a Web server. In neither case should the logo dominate the >display. > >What maximum size do you suggest? Yes but you don't describe the other use which is to aid identification of the subject. In this case 150x50 may well be insufficient for some uses (i.e identification of humans). There doesn't seem to be any good reason to limit the size of the external image. For the use you describe, what is probably more important is the aspect-ratio, as the application can scale the image to any size. Also the recommend for a black border seems to be unnecessary (is there a good reason for this?). Lastly 150x50 (I am assuming this is XxY) seems like a pretty odd aspect-ratio to pick. I would of thought 100x100 made more sense. A recommended size/ aspect-ratio for logos with a SHOULD here seems more appropriate. Also I would prefer to see a statement in the draft to say "Applications SHOULD NOT use the embedded version unless offline processing of the certificate is required". Adding an embedded image will roughly double the size of the cert, so we want to make sure implementers think carefully before they do it. The draft should be worded to encourage the use of external images, and discourage the use of embedded images. Also I think the fields highRes and lowRes should be called externalImage and embeddedImage for this reason. Minor nit: In section 3, cashing -> caching >>Also, IMHO it would be better to identify GIF & JPEG pictures by their >>corresponding MIME types than to invent your own way of doing this. Also, >>if I read it all correctly, you actually require the that the referenced >>logotype file must have an uppercase suffix? > >We should update the file suffix part to indicate that either case is >acceptable. > >We do not want to point to a MIME encoded object. Rather we want to point >to the GIF or JPEG binary object. In this manner, one could use the same >file for many different purposes, including display on the organization's >web page. This size seems appropriate for a logo in a header. > I think what Olle was trying to say was that rather than use the file extension to identify the image, we should be using the mime type (i.e. "image/gif", "image/jpeg" instead of GIF, JPG, JPEG). I think this is a good idea as it means that the images are identified by a managed identifier. Otherwise how do we define new image formats? All this requires is changing imageFileExtn to imageMimeType and some words to that effect. Note that this means the reference to the external image should also contain this mime type. This has the benefit of being an explicit statement about the image format, rather than an implicit interpretation of the file extension. Text also should be added to say that the application should make sure that the retrieved image matches the expected image format. It is quite easy for a browser to tell you the file with the extension JPG has the mime type image/gif. Yet another reason to explicitly use the mime type. It may be worth adding a statement to security considerations about why it is important to include the image format in the certificate (either by mime type or file extension). The reason is that if the image format is not part of the signature it may be possible for an attacker to coerce the user into viewing the image in a different image format (but with the same binary image). You can conceive that it would possible (but of course difficult) to construct an image that would view differently in two different image formats (especially with the various extension and options in image formats these days) and trick the CA into signing one of them. Also note that the specification MANDATES the support of GIF which is covered by a Unisys patent. I don't think this will fly in the IETF. At the very least a patent statement is required. A patent free alternative is PNG which is widely supported. Because both JPEG and GIF are allowed for the embedded image maybe wording should be added to the effect that "an application SHOULD use which ever image format is smaller"). (GIF is often smaller for simple images with not many colors, whereas JPEG usually does better on photo type images with lots of colors). Lastly, I think a good restriction to add would be that the images should be static (i.e. not use any of the animated extensions). -- Dean Povey, |em: povey@wedgetail.com | JCSI: Java security toolkit Senior S/W Developer |ph: +61 7 3023 5139 | uPKI: Embedded/C PKI toolkit Wedgetail Communications |fax: +61 7 3864 1282 | uSSL: Embedded/C SSL toolkit Brisbane, Australia |www: www.wedgetail.com | XML Security: XML Signatures Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3IJvpm05614 for ietf-pkix-bks; Thu, 18 Apr 2002 12:57:51 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3IJvo705608 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 12:57:50 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 18 Apr 2002 19:56:40 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id PAA09653 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 15:56:28 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3IJvsT02999 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 15:57:54 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX14G27>; Thu, 18 Apr 2002 15:55:24 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.60]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX14G26; Thu, 18 Apr 2002 15:55:22 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Olle Mulmo <Olle.Mulmo@smarttrust.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020418154837.02093058@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 18 Apr 2002 15:57:39 -0400 Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt In-Reply-To: <EC8E5015850DFB42B5CDFD0E4DCF662B0B8301@sek43.smarttrust.co m> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Olle: >I couldn't help but noticing the logotype "format restrictions" table... I >don't think a Marketing dept will ever be satisfied with a 150x50 >limitation on a "hi-resolution" logotype: especially not those that have >circular logos... From where does this limit originate? Is there any >deeper reasoning or motivation behind, or is it there just to give me a >good laugh? I am glad you got a good laugh, but it was not intended as a joke. Recall that there are two uses of the logos. One use aids in the selection of your own certificate from a portfolio. In this case, I envision the logo being used as an icon to select a particular certificate. The other use provides a logo along with other information about a valid certificate. For example, the logo might be displayed along with other information for a Web server. In neither case should the logo dominate the display. What maximum size do you suggest? >Also, IMHO it would be better to identify GIF & JPEG pictures by their >corresponding MIME types than to invent your own way of doing this. Also, >if I read it all correctly, you actually require the that the referenced >logotype file must have an uppercase suffix? We should update the file suffix part to indicate that either case is acceptable. We do not want to point to a MIME encoded object. Rather we want to point to the GIF or JPEG binary object. In this manner, one could use the same file for many different purposes, including display on the organization's web page. This size seems appropriate for a logo in a header. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3IHahs26741 for ietf-pkix-bks; Thu, 18 Apr 2002 10:36:43 -0700 (PDT) Received: from mail.smarttrust.com ([213.212.5.232]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3IHafm26737 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 10:36:41 -0700 (PDT) Received: from sek43.smarttrust.com ([172.16.0.43]) by mail.smarttrust.com with Microsoft SMTPSVC(5.0.2195.2966); Thu, 18 Apr 2002 19:36:37 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Date: Thu, 18 Apr 2002 19:36:37 +0200 Message-ID: <EC8E5015850DFB42B5CDFD0E4DCF662B0B8301@sek43.smarttrust.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Thread-Index: AcHm31F5Jt321iSBS6GuAH72U89viwAHeJbA From: "Olle Mulmo" <Olle.Mulmo@smarttrust.com> To: <ietf-pkix@imc.org> X-OriginalArrivalTime: 18 Apr 2002 17:36:37.0243 (UTC) FILETIME=[974B54B0:01C1E6FF] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3IHafm26738 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dear authors, I couldn't help but noticing the logotype "format restrictions" table... I don't think a Marketing dept will ever be satisfied with a 150x50 limitation on a "hi-resolution" logotype: especially not those that have circular logos... From where does this limit originate? Is there any deeper reasoning or motivation behind, or is it there just to give me a good laugh? Also, IMHO it would be better to identify GIF & JPEG pictures by their corresponding MIME types than to invent your own way of doing this. Also, if I read it all correctly, you actually require the that the referenced logotype file must have an uppercase suffix? I sincerely hope for a (heavily) revised update of this draft. Regards, /Olle -----Original Message----- From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] Sent: Thursday, April 18, 2002 2:01 PM Cc: ietf-pkix@imc.org Subject: I-D ACTION:draft-ietf-pkix-logotypes-02.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Logotypes in X.509 certificates Author(s) : S. Santesson, R. Housley, T. Freeman Filename : draft-ietf-pkix-logotypes-02.txt Pages : 16 Date : 17-Apr-02 This document specifies a certificate extension for including logotypes in public key certificates and attribute certificates. Please send comments on this document to the ietf-pkix@imc.org mailing list. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-02.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-logotypes-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-logotypes-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. Received: by above.proper.com (8.11.6/8.11.3) id g3IJEUZ03237 for ietf-pkix-bks; Thu, 18 Apr 2002 12:14:30 -0700 (PDT) Received: from edelweb.fr ([212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3IJEH703212 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 12:14:18 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id VAA18148; Thu, 18 Apr 2002 21:13:55 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.4); Thu, 18 Apr 2002 21:13:56 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id VAA11256; Thu, 18 Apr 2002 21:13:47 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id VAA09759; Thu, 18 Apr 2002 21:13:47 +0200 (MET DST) Date: Thu, 18 Apr 2002 21:13:47 +0200 (MET DST) Message-Id: <200204181913.VAA09759@emeriau.edelweb.fr> To: myers@coastside.net, Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net, stephen.farrell@baltimore.ie, hal.lockhart@entegrity.com, peterw@valicert.com Subject: RE: Open issue: DPV additional information Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Currently, there are assumed models and/or > statements about the relationships. If > they stay, they must become more coherent. > > Currently a DPV server is a mystical NR-supporting > server (Denis), that (somehow) will enforce a CA > authorization over CRL and OCSP issuers (Denis), but > will itself will not be authorized by a CA (Denis), but > the service may be provided by a CA using a CAs cert/CRL > signing key (Mike) that uses validation policies of > unknown rules (not limited to trust-anchors and X.509 path > processing parameters) to indicate to a relying party > that a given chain is valid under the policy, and will > supply its sources of asurnace (certs, CRLS, OCSP responses) to the RP to > maintain > as evidence alongside the DPV response. > > And somewhere in all this, there is something > about signature policies. Is this so mystical? One could also resume some functions of DPV like: A DPV server is a Trusted Third Party (TTP) providing a validation service, asserting validity of public key certificates. As a result of the validation, a DPV generates a DPV attestation. The DPV attestation can be used for constructing evidence of non-repudiation related to the validity of an entity's public key certificate. The presence of a DPV attestation supports non-repudiation by providing evidence that a public key certificate was valid at the time indicated in the DPV attestation. A DPV response can for example be used even after the public key certificate expires and its revocation information is no longer or not easily available. Received: by above.proper.com (8.11.6/8.11.3) id g3IC10Z06459 for ietf-pkix-bks; Thu, 18 Apr 2002 05:01:00 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3IC0xm06455 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 05:00:59 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA02041; Thu, 18 Apr 2002 08:00:56 -0400 (EDT) Message-Id: <200204181200.IAA02041@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-new-part1-asn1-00.txt Date: Thu, 18 Apr 2002 08:00:56 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Update for Appendix A in draft-ietf-pkix-new-part1-12.txt Author(s) : R. Housley, W. Polk Filename : draft-ietf-pkix-new-part1-asn1-00.txt Pages : 24 Date : 17-Apr-02 As all members of the PKIX Working Group know, draft-ietf-pkix-new- part1-12.txt is with the RFC Editor. However, an error in the ASN.1 modules was discovered. The authors are working with the RFC Editor to ensure that the corrected ASN.1 modules are included in the final text, and we are publishing this Internet-Draft to distribute the corrected ASN.1 modules as quickly as possible. This Internet-Draft contains only the updated Appendix. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-asn1-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-new-part1-asn1-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-new-part1-asn1-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020417151739.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-new-part1-asn1-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-new-part1-asn1-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020417151739.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.6/8.11.3) id g3IC0to06451 for ietf-pkix-bks; Thu, 18 Apr 2002 05:00:55 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3IC0sm06447 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 05:00:54 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA02025; Thu, 18 Apr 2002 08:00:52 -0400 (EDT) Message-Id: <200204181200.IAA02025@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-logotypes-02.txt Date: Thu, 18 Apr 2002 08:00:51 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Internet X.509 Public Key Infrastructure Logotypes in X.509 certificates Author(s) : S. Santesson, R. Housley, T. Freeman Filename : draft-ietf-pkix-logotypes-02.txt Pages : 16 Date : 17-Apr-02 This document specifies a certificate extension for including logotypes in public key certificates and attribute certificates. Please send comments on this document to the ietf-pkix@imc.org mailing list. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-logotypes-02.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-logotypes-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-logotypes-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020417151729.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-logotypes-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-logotypes-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020417151729.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: by above.proper.com (8.11.6/8.11.3) id g3IC0l906436 for ietf-pkix-bks; Thu, 18 Apr 2002 05:00:47 -0700 (PDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3IC0km06430 for <ietf-pkix@imc.org>; Thu, 18 Apr 2002 05:00:46 -0700 (PDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA02009; Thu, 18 Apr 2002 08:00:44 -0400 (EDT) Message-Id: <200204181200.IAA02009@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: ietf-pkix@imc.org From: Internet-Drafts@ietf.org Reply-to: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-04.txt Date: Thu, 18 Apr 2002 08:00:44 -0400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. Title : Delegated Path Validation and Delegated Path Discovery Protocol Requirements (DPV&DPD-REQ) Author(s) : D. Pinkas, R. Housley Filename : draft-ietf-pkix-dpv-dpd-req-04.txt Pages : 12 Date : 17-Apr-02 This document specifies the requirements for Delegated Path Validation (DPV) and Delegated Path Discovery (DPD) for Public Key Certificates. It also specifies the requirements for DPV and DPD policy management. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-req-04.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-pkix-dpv-dpd-req-04.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-04.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <20020417151719.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-04.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-pkix-dpv-dpd-req-04.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <20020417151719.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HMdF307018 for ietf-pkix-bks; Wed, 17 Apr 2002 15:39:15 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HMdEm07014 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 15:39:14 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3HMd4Pm024951; Wed, 17 Apr 2002 15:39:04 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Williams" <peterw@valicert.com> Cc: "pkix" <ietf-pkix@imc.org>, "Denis Pinkas" <Denis.Pinkas@bull.net> Subject: CAs as DPV responders Date: Wed, 17 Apr 2002 15:36:16 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDGEOECJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5B1@polaris.valicert.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I believe we should segregate this discussion from the progression of the requirements document since to my knowledge there exists no normative requirement or advisory text on this point. So I changed the subject line. A few comments below. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Peter Williams > Sent: Wednesday, April 17, 2002 12:41 PM > To: 'Michael Myers' > Cc: pkix; Denis Pinkas > Subject: RE: Open issue: DPV additional information > > > > Mike, > > What Denis is apparently saying is: > > - unlike OCSP (and OCSPv2) which standardizes an > authorization model for CA-authorized "responders", > and a non-CA "local-trust" model for "local responders" > > - DPV requirements do NOT call for standardization > of these two issues (authorization and local trust) > in the DPV protocol to be specified > This is because the DPV/DPD requirements I-D (at least as I see it) is a systems-level requirements document. It defines the boundary conditions. Within that envelope, there's still a lot of wiggle room. That in my mind is the very definition of a good systems requirement document. > - He makes various broad-ranging assumptions on these > very issues, however, that we are determining from > the thread what the assumptions are. This thread will go on for a while I think, in one form or another. But as Hal pointed out, it's possible Denis and I are talking past each other. I accept this as likely. > I think the only 2 substantive points that PeterW, PeterS, and > Denis and others are discussing, include > > 1) Whether the DPV requirements *should* specify means > to address the DPV dependent-services authorization and > trust issues (e.g. these issues as they affect path processing > supporting CRL handling, these issues as they affect OCSP > response acceptance handling, and these issues as they affect > OCSP response chain's own path processing) In my opinion, many of these issues are deployment related and thus out of scope of the specification of a technical protocol, which is where we're headed. > 2) We seek to flush out Denis' assumption about his model > of the authorization and local-trust relations between > CA/AAs, DPV servers, and EE relying-parties, and find out > which entity and protocol state will be responsible for > enforcing the authorization and local-trust rules, once > we get to protocol specification. Somewhat disagree. We ultimately seek the *WG's* consensus on these points. At least that's how I'm approaching it. > If we use your OSCP v2 work as a guide, we can reason thus: > > My (and implicitely your) suggestion is that DPV > handle authorization and local-trust issues in the > way that OCSP does - as the OCSP standard had pragmatically > suceeded to balance both CA-focussed and RP-focussed > relationship models between the CA/AA, OCSP responder, and > EE-RP parties. Well, thank you I guess. I figure our work on OCSP might have had a clue or two, but we shall see. > The OCSP solution to the issues would obviously > come built into DPV, if we specify a DPV using > OCSPv2, lets note. AS Denis seems to deny, however, > the legltimacy of the OCSP way of handling these issues > for DPV needs, we cannot simply do OCSP v2, as is, to > perform a DPV protocol: Why not, as OCSP's standardization > per se contradicts Denis' model of the relationships > between the players. > > Im not saying I agree with Denis. But if I translate his > aphorisms, this is what he seems to be actually stating. My > statement of the implications for OCSP (v2) or any > other protocol design following the OCSP heritage, then > follow. > > Peter. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HM4k506313 for ietf-pkix-bks; Wed, 17 Apr 2002 15:04:46 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HM4jm06309 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 15:04:45 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GUQ00H01FV960@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 17 Apr 2002 15:01:57 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GUQ00H6RFV917@ext-mail.valicert.com>; Wed, 17 Apr 2002 15:01:57 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JACGZTD2>; Wed, 17 Apr 2002 15:04:39 -0700 Content-return: allowed Date: Wed, 17 Apr 2002 15:04:38 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Open issue: DPV additional information To: "'Hal Lockhart'" <hal.lockhart@entegrity.com>, "'Michael Myers'" <myers@coastside.net>, Denis Pinkas <Denis.Pinkas@bull.net>, stephen.farrell@baltimore.ie Cc: pkix <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5B5@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: multipart/alternative; boundary="Boundary_(ID_oAPiua89CznGsrhj404/Fw)" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --Boundary_(ID_oAPiua89CznGsrhj404/Fw) Content-type: text/plain; charset="iso-8859-1" At Mike's suggestion, Ive looked to your mail as a way of exiting the thread. Im happy with your (very informal) statement about one important issue, and agree that it represents what Denis and the requirements document should be conveying. Providing that Denisand Russ both agree the DPV requirements entail the following matter (informally expressed), I am happy to proceed, on this issue: Without prejudice to other modes of operation, a DPV server can use an OCSP response issued by an OCSP responder that is locally trusted by the DPV client through a validation policy rule) and that the DPV server will accept the OCSP response on the client's behalf in a manner conforming to the rules of OCSP standard. Given every opportunity to confirm this entailment, todate, Denis has not done so. With confirmation, we can proceed. -----Original Message----- From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] Sent: Wednesday, April 17, 2002 10:23 AM To: 'Michael Myers'; Denis Pinkas; stephen.farrell@baltimore.ie Cc: pkix Subject: RE: Open issue: DPV additional information As entertaining as it is to watch you guys talk past each other, this thread is getting tiresome. Let me take a crack at why I don't think there is any real disagreement here. I think what Denis is saying is that if an entity is a CA, by definition they are trusted to issue and revoke the certificates they issue, by virture of being a CA. They can also delegate someone else to do the revocation, also by virtue of being a CA. If a RP decides to trust their certs, they must also trust their revocation arrangements. In contrast, when somebody sets up a DPV server, whether or not they also run a CA, there is an independant decision to trust the DPV server. It does not follow as an automatic consequence of the fact thet the same organization (or key even) may have issued one or more of the certs in the chain in question. In other words, a CA may run a DPV server, but the server will be trusted because RPs choose to do so, not because they have previously chosen to trust certs issued by the CA. Everybody agree? ;-) Hal > -----Original Message----- > From: Michael Myers [ mailto:myers@coastside.net <mailto:myers@coastside.net> ] > Sent: Wednesday, April 17, 2002 11:22 AM > To: Denis Pinkas; stephen.farrell@baltimore.ie > Cc: pkix > Subject: RE: Open issue: DPV additional information > > > > Denis, > > It is precisely that issue of responsibility, in a broader > sense. I'm quite certain that organizational entities who > create, issue and maintain the reliability of public key > certificates will will be the first to claim jursidiction > regarding their validity. Who is going to claim otherwise? > > Mike > > > > -----Original Message----- > > From: Denis Pinkas [ mailto:Denis.Pinkas@bull.net <mailto:Denis.Pinkas@bull.net> ] > > Sent: Wednesday, April 17, 2002 8:02 AM > > > Extract from the road map document: > > > > Certification Authority (CA) - An authority > > trusted by one or more users to create and assign > > public key certificates. Optionally the CA may > > create the user's keys. It is important to > > note that the CA is responsible for the public key > ^^^^^^^^^^^^^^^ > > certificates during their whole lifetime, not just > > for issuing them. > --Boundary_(ID_oAPiua89CznGsrhj404/Fw) Content-type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>RE: Open issue: DPV additional information</TITLE> <META content="MSHTML 6.00.2715.400" name=GENERATOR></HEAD> <BODY> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>At Mike's suggestion, Ive looked to your mail as a way of exiting</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>the thread.</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002></SPAN></FONT> </DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>Im happy with your (very informal) statement about one important issue, and agree</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>that it represents what Denis and the requirements document should be conveying.</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002></SPAN></FONT> </DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>Providing </SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>that </SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>Denisand Russ both agree the DPV requirements entail the following</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>matter (informally expressed), I </SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>am happy to proceed, on this issue:</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002></SPAN></FONT> </DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>Without prejudice to other modes of operation, </SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>a DPV server can use an OCSP response issued by an OCSP</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>responder that is locally trusted by </SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>the DPV client through a validation</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>policy rule) and </SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>that the DPV server </SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>will accept the OCSP response on the client's behalf </SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>in a manner conforming to the rules of OCSP </SPAN></FONT><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>standard.</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002></SPAN></FONT> </DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>Given every opportunity to confirm this entailment, todate, Denis</SPAN></FONT></DIV> <DIV><FONT face=Arial color=#0000ff size=2><SPAN class=397075221-17042002>has not done so. With confirmation, we can proceed.</SPAN></FONT></DIV> <BLOCKQUOTE dir=ltr style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Hal Lockhart [mailto:hal.lockhart@entegrity.com]<BR><B>Sent:</B> Wednesday, April 17, 2002 10:23 AM<BR><B>To:</B> 'Michael Myers'; Denis Pinkas; stephen.farrell@baltimore.ie<BR><B>Cc:</B> pkix<BR><B>Subject:</B> RE: Open issue: DPV additional information<BR><BR></FONT></DIV> <P><FONT size=2>As entertaining as it is to watch you guys talk past each other, this thread is getting tiresome. Let me take a crack at why I don't think there is any real disagreement here.</FONT></P> <P><FONT size=2>I think what Denis is saying is that if an entity is a CA, by definition they are trusted to issue and revoke the certificates they issue, by virture of being a CA. They can also delegate someone else to do the revocation, also by virtue of being a CA. If a RP decides to trust their certs, they must also trust their revocation arrangements.</FONT></P> <P><FONT size=2>In contrast, when somebody sets up a DPV server, whether or not they also run a CA, there is an independant decision to trust the DPV server. It does not follow as an automatic consequence of the fact thet the same organization (or key even) may have issued one or more of the certs in the chain in question.</FONT></P> <P><FONT size=2>In other words, a CA may run a DPV server, but the server will be trusted because RPs choose to do so, not because they have previously chosen to trust certs issued by the CA.</FONT></P> <P><FONT size=2>Everybody agree? ;-)</FONT> </P> <P><FONT size=2>Hal</FONT> </P> <P><FONT size=2>> -----Original Message-----</FONT> <BR><FONT size=2>> From: Michael Myers [<A href="mailto:myers@coastside.net">mailto:myers@coastside.net</A>]</FONT> <BR><FONT size=2>> Sent: Wednesday, April 17, 2002 11:22 AM</FONT> <BR><FONT size=2>> To: Denis Pinkas; stephen.farrell@baltimore.ie</FONT> <BR><FONT size=2>> Cc: pkix</FONT> <BR><FONT size=2>> Subject: RE: Open issue: DPV additional information</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> Denis,</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> It is precisely that issue of responsibility, in a broader</FONT> <BR><FONT size=2>> sense. I'm quite certain that organizational entities who</FONT> <BR><FONT size=2>> create, issue and maintain the reliability of public key</FONT> <BR><FONT size=2>> certificates will will be the first to claim jursidiction</FONT> <BR><FONT size=2>> regarding their validity. Who is going to claim otherwise?</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> Mike</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> > -----Original Message-----</FONT> <BR><FONT size=2>> > From: Denis Pinkas [<A href="mailto:Denis.Pinkas@bull.net">mailto:Denis.Pinkas@bull.net</A>]</FONT> <BR><FONT size=2>> > Sent: Wednesday, April 17, 2002 8:02 AM</FONT> <BR><FONT size=2>> > > Extract from the road map document:</FONT> <BR><FONT size=2>> ></FONT> <BR><FONT size=2>> > Certification Authority (CA) - An authority</FONT> <BR><FONT size=2>> > trusted by one or more users to create and assign</FONT> <BR><FONT size=2>> > public key certificates. Optionally the CA may</FONT> <BR><FONT size=2>> > create the user's keys. It is important to</FONT> <BR><FONT size=2>> > note that the CA is responsible for the public key</FONT> <BR><FONT size=2>> ^^^^^^^^^^^^^^^</FONT> <BR><FONT size=2>> > certificates during their whole lifetime, not just</FONT> <BR><FONT size=2>> > for issuing them.</FONT> <BR><FONT size=2>> </FONT></P></BLOCKQUOTE></BODY></HTML> --Boundary_(ID_oAPiua89CznGsrhj404/Fw)-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HLciU05482 for ietf-pkix-bks; Wed, 17 Apr 2002 14:38:44 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HLchm05478 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 14:38:43 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3HLcTPm018625; Wed, 17 Apr 2002 14:38:30 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Williams" <peterw@valicert.com>, "Peter Sylvester" <Peter.Sylvester@edelweb.fr>, <Denis.Pinkas@bull.net>, <stephen.farrell@baltimore.ie>, <hal.lockhart@entegrity.com> Cc: <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Wed, 17 Apr 2002 14:35:41 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDEEOCCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5B4@polaris.valicert.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I think your #2 is about right: state the rqmts and hold designs against them. IMHO, further debates on abstract trust issues only make sense once the technical path forward has been established. I see no reason to continue this thread. Hal Lockhart laid it to rest quite well. Let's save our cycles for what is to come. Mike > -----Original Message----- > From: Peter Williams [mailto:peterw@valicert.com] > Sent: Wednesday, April 17, 2002 2:12 PM > To: 'Michael Myers'; Peter Sylvester; Denis.Pinkas@bull.net; > stephen.farrell@baltimore.ie; hal.lockhart@entegrity.com > Cc: ietf-pkix@imc.org > Subject: RE: Open issue: DPV additional information > > > You seem to be saying: "The requirements document > doesnt need to address > the fundamental relationship between the parties, that > will be built into the protocol design." > > > We have two choices. > > (1) we can agree that DPV requirements > do not address the issues raised: and the design > of the protocol is free to do what > the designers see approriate > > Or > > (2) we can state the requirements, > and hold the protocol designs > to the requirements. > > Currently, there are assumed models and/or > statements about the relationships. If > they stay, they must become more coherent. > > Currently a DPV server is a mystical NR-supporting > server (Denis), that (somehow) will enforce a CA > authorization over CRL and OCSP issuers (Denis), but > will itself will not be authorized by a CA (Denis), but > the service may be provided by a CA using a CAs cert/CRL > signing key (Mike) that uses validation policies of > unknown rules (not limited to trust-anchors and X.509 path > processing parameters) to indicate to a relying party > that a given chain is valid under the policy, and will > supply its sources of asurnace (certs, CRLS, OCSP > responses) to the RP to > maintain > as evidence alongside the DPV response. > > And somewhere in all this, there is something > about signature policies. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HLC4g03753 for ietf-pkix-bks; Wed, 17 Apr 2002 14:12:04 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HLC1m03749 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 14:12:01 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GUQ00G01DFDST@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 17 Apr 2002 14:09:13 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GUQ00GD2DFCEY@ext-mail.valicert.com>; Wed, 17 Apr 2002 14:09:12 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JACGZS6H>; Wed, 17 Apr 2002 14:11:55 -0700 Content-return: allowed Date: Wed, 17 Apr 2002 14:11:54 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Open issue: DPV additional information To: "'Michael Myers'" <myers@coastside.net>, Peter Sylvester <Peter.Sylvester@edelweb.fr>, Denis.Pinkas@bull.net, stephen.farrell@baltimore.ie, hal.lockhart@entegrity.com Cc: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5B4@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> You seem to be saying: "The requirements document doesnt need to address the fundamental relationship between the parties, that will be built into the protocol design." We have two choices. (1) we can agree that DPV requirements do not address the issues raised: and the design of the protocol is free to do what the designers see approriate Or (2) we can state the requirements, and hold the protocol designs to the requirements. Currently, there are assumed models and/or statements about the relationships. If they stay, they must become more coherent. Currently a DPV server is a mystical NR-supporting server (Denis), that (somehow) will enforce a CA authorization over CRL and OCSP issuers (Denis), but will itself will not be authorized by a CA (Denis), but the service may be provided by a CA using a CAs cert/CRL signing key (Mike) that uses validation policies of unknown rules (not limited to trust-anchors and X.509 path processing parameters) to indicate to a relying party that a given chain is valid under the policy, and will supply its sources of asurnace (certs, CRLS, OCSP responses) to the RP to maintain as evidence alongside the DPV response. And somewhere in all this, there is something about signature policies. >>>>-----Original Message----- >>>>From: Michael Myers [mailto:myers@coastside.net] >>>>Sent: Wednesday, April 17, 2002 1:08 PM >>>>To: Peter Sylvester; Denis.Pinkas@bull.net; >>>>stephen.farrell@baltimore.ie; hal.lockhart@entegrity.com >>>>Cc: ietf-pkix@imc.org >>>>Subject: RE: Open issue: DPV additional information >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: owner-ietf-pkix@mail.imc.org >>>>> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of >>>>> Michael Myers >>>>> Sent: Wednesday, April 17, 2002 11:09 AM >>>>> >>>>> Hal, >>>>> >>>>> This works for me. Thanks for stepping in. >>>>> >>>>> Mike >>>> >>>> >>>>However, Peter Sylvester does make some good points. But since >>>>this debate doesn't affect the requirements document Russ and >>>>Denis are working to finalize (at least, I hope it doesn't) we >>>>should probably reserve these cycles for the main event. >>>> >>>>Mike >>>> >>>> >>>>> -----Original Message----- >>>>> From: Peter Sylvester [mailto:Peter.Sylvester@EdelWeb.fr] >>>>> Sent: Wednesday, April 17, 2002 12:54 PM >>>>> To: myers@coastside.net; Denis.Pinkas@bull.net; >>>>> stephen.farrell@baltimore.ie; hal.lockhart@entegrity.com >>>>> Cc: ietf-pkix@imc.org >>>>> Subject: RE: Open issue: DPV additional information >>>>> >>>>> >>>>> >>>>> >>>>> > As entertaining as it is to watch you guys talk >>>>> past each other, this thread >>>>> > is getting tiresome. Let me take a crack at why I >>>>> don't think there is any >>>>> > real disagreement here. >>>>> >>>>> Thanks also for trying to find the core of the >>>>> 'debate'. Debates are >>>>> currently entertainment in France :-) >>>>> >>>>> As far as I remember the claim was 'A CA cannot sign >>>>> DPV responses'. >>>>> And Mike and I disagree with that statement. >>>>> >>>>> I am not sure whether there is a disagreement in your >>>>> following >>>>> description. It may be a language problem, but I >>>>> think there are >>>>> some logical relations which seem inversed or unclear. >>>>> My commenst may even lead to more obscurity. >>>>> >>>>> > >>>>> > I think what Denis is saying is that if an entity >>>>> is a CA, by definition >>>>> > they are trusted to issue and revoke the >>>>> certificates they issue, by virture >>>>> > of being a CA. They can also delegate someone else >>>>> to do the revocation, >>>>> > also by virtue of being a CA. If a RP decides to >>>>> trust their certs, they >>>>> > must also trust their revocation arrangements. >>>>> >>>>> To me, the question is not whether RPs 'MUST' trust >>>>> but whether the CA has set up >>>>> some service for which it can be held responsible. For OCSP, >>>>> the CA can sign the responses itself or delegate to >>>>> an authorised responder >>>>> to assume this responsibility. >>>>> >>>>> Now, since just by adding for example a certificate >>>>> as an extension in an OCSP >>>>> response, you immediately turn an 'revocation >>>>> information' into a >>>>> 'positive status information', I call this a >>>>> particular case of DPV >>>>> (the request consists to ask the status of the cert relative >>>>> to the CA that signed it, no intermediate certs involved). >>>>> >>>>> > In contrast, when somebody sets up a DPV server, >>>>> whether or not they also >>>>> > run a CA, there is an independant decision to trust >>>>> the DPV server. It does >>>>> >>>>> Where is the difference betwwen OCSP and DPV? (OCSP >>>>> trusted responders >>>>> are something set up by 'somebody'. >>>>> >>>>> > not follow as an automatic consequence of the fact >>>>> thet the same >>>>> > organization (or key even) may have issued one or >>>>> more of the certs in the >>>>> > chain in question. >>>>> >>>>> Right, it is not automatic. If the CA itself has >>>>> signed the DPV/OCSP response >>>>> for a directly issued cert, why is is a different >>>>> PROBLEM to trust the CA for >>>>> an OCSP response or for a DPV response for this case. >>>>> >>>>> There is an issue with intermediate CAs for which >>>>> indeed the higher CA >>>>> is generally not responsible. >>>>> >>>>> > In other words, a CA may run a DPV server, but the >>>>> server will be trusted >>>>> > because RPs choose to do so, not because they have >>>>> previously chosen to >>>>> > trust certs issued by the CA. >>>>> >>>>> Well, a RP may always choose whatever it wants to do, >>>>> but IMO t >>>>> for direct subordinate CAs an OCSP or DPV service is >>>>> almost identical. >>>>> if there is a DPV response signed by the CA, why >>>>> should one not believe >>>>> that this is not an authorised statement from the CA >>>>> as soon as the CA >>>>> has indicated in some policy/practise that it >>>>> provides CRLs, OCSP and/or DPV? >>>>> >>>>> For the general case, there may be more >>>>> constellations of trust relations >>>>> for DPV services than just the two defined for OCSP. >>>>> >>>>> Regards >>>>> Peter >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HKBCf28845 for ietf-pkix-bks; Wed, 17 Apr 2002 13:11:12 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HKB5m28838 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 13:11:05 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3HKAtPm010050; Wed, 17 Apr 2002 13:10:56 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Sylvester" <Peter.Sylvester@edelweb.fr>, <Denis.Pinkas@bull.net>, <stephen.farrell@baltimore.ie>, <hal.lockhart@entegrity.com> Cc: <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Wed, 17 Apr 2002 13:08:07 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAENNCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <200204171954.VAA09381@emeriau.edelweb.fr> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Michael Myers > Sent: Wednesday, April 17, 2002 11:09 AM > > Hal, > > This works for me. Thanks for stepping in. > > Mike However, Peter Sylvester does make some good points. But since this debate doesn't affect the requirements document Russ and Denis are working to finalize (at least, I hope it doesn't) we should probably reserve these cycles for the main event. Mike > -----Original Message----- > From: Peter Sylvester [mailto:Peter.Sylvester@EdelWeb.fr] > Sent: Wednesday, April 17, 2002 12:54 PM > To: myers@coastside.net; Denis.Pinkas@bull.net; > stephen.farrell@baltimore.ie; hal.lockhart@entegrity.com > Cc: ietf-pkix@imc.org > Subject: RE: Open issue: DPV additional information > > > > > > As entertaining as it is to watch you guys talk > past each other, this thread > > is getting tiresome. Let me take a crack at why I > don't think there is any > > real disagreement here. > > Thanks also for trying to find the core of the > 'debate'. Debates are > currently entertainment in France :-) > > As far as I remember the claim was 'A CA cannot sign > DPV responses'. > And Mike and I disagree with that statement. > > I am not sure whether there is a disagreement in your > following > description. It may be a language problem, but I > think there are > some logical relations which seem inversed or unclear. > My commenst may even lead to more obscurity. > > > > > I think what Denis is saying is that if an entity > is a CA, by definition > > they are trusted to issue and revoke the > certificates they issue, by virture > > of being a CA. They can also delegate someone else > to do the revocation, > > also by virtue of being a CA. If a RP decides to > trust their certs, they > > must also trust their revocation arrangements. > > To me, the question is not whether RPs 'MUST' trust > but whether the CA has set up > some service for which it can be held responsible. For OCSP, > the CA can sign the responses itself or delegate to > an authorised responder > to assume this responsibility. > > Now, since just by adding for example a certificate > as an extension in an OCSP > response, you immediately turn an 'revocation > information' into a > 'positive status information', I call this a > particular case of DPV > (the request consists to ask the status of the cert relative > to the CA that signed it, no intermediate certs involved). > > > In contrast, when somebody sets up a DPV server, > whether or not they also > > run a CA, there is an independant decision to trust > the DPV server. It does > > Where is the difference betwwen OCSP and DPV? (OCSP > trusted responders > are something set up by 'somebody'. > > > not follow as an automatic consequence of the fact > thet the same > > organization (or key even) may have issued one or > more of the certs in the > > chain in question. > > Right, it is not automatic. If the CA itself has > signed the DPV/OCSP response > for a directly issued cert, why is is a different > PROBLEM to trust the CA for > an OCSP response or for a DPV response for this case. > > There is an issue with intermediate CAs for which > indeed the higher CA > is generally not responsible. > > > In other words, a CA may run a DPV server, but the > server will be trusted > > because RPs choose to do so, not because they have > previously chosen to > > trust certs issued by the CA. > > Well, a RP may always choose whatever it wants to do, > but IMO t > for direct subordinate CAs an OCSP or DPV service is > almost identical. > if there is a DPV response signed by the CA, why > should one not believe > that this is not an authorised statement from the CA > as soon as the CA > has indicated in some policy/practise that it > provides CRLs, OCSP and/or DPV? > > For the general case, there may be more > constellations of trust relations > for DPV services than just the two defined for OCSP. > > Regards > Peter > > > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HJsQO28383 for ietf-pkix-bks; Wed, 17 Apr 2002 12:54:26 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HJsOm28377 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 12:54:24 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id VAA11382; Wed, 17 Apr 2002 21:54:12 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 17 Apr 2002 21:54:12 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id VAA06494; Wed, 17 Apr 2002 21:54:11 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id VAA09381; Wed, 17 Apr 2002 21:54:10 +0200 (MET DST) Date: Wed, 17 Apr 2002 21:54:10 +0200 (MET DST) Message-Id: <200204171954.VAA09381@emeriau.edelweb.fr> To: myers@coastside.net, Denis.Pinkas@bull.net, stephen.farrell@baltimore.ie, hal.lockhart@entegrity.com Subject: RE: Open issue: DPV additional information Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > As entertaining as it is to watch you guys talk past each other, this thread > is getting tiresome. Let me take a crack at why I don't think there is any > real disagreement here. Thanks also for trying to find the core of the 'debate'. Debates are currently entertainment in France :-) As far as I remember the claim was 'A CA cannot sign DPV responses'. And Mike and I disagree with that statement. I am not sure whether there is a disagreement in your following description. It may be a language problem, but I think there are some logical relations which seem inversed or unclear. My commenst may even lead to more obscurity. > > I think what Denis is saying is that if an entity is a CA, by definition > they are trusted to issue and revoke the certificates they issue, by virture > of being a CA. They can also delegate someone else to do the revocation, > also by virtue of being a CA. If a RP decides to trust their certs, they > must also trust their revocation arrangements. To me, the question is not whether RPs 'MUST' trust but whether the CA has set up some service for which it can be held responsible. For OCSP, the CA can sign the responses itself or delegate to an authorised responder to assume this responsibility. Now, since just by adding for example a certificate as an extension in an OCSP response, you immediately turn an 'revocation information' into a 'positive status information', I call this a particular case of DPV (the request consists to ask the status of the cert relative to the CA that signed it, no intermediate certs involved). > In contrast, when somebody sets up a DPV server, whether or not they also > run a CA, there is an independant decision to trust the DPV server. It does Where is the difference betwwen OCSP and DPV? (OCSP trusted responders are something set up by 'somebody'. > not follow as an automatic consequence of the fact thet the same > organization (or key even) may have issued one or more of the certs in the > chain in question. Right, it is not automatic. If the CA itself has signed the DPV/OCSP response for a directly issued cert, why is is a different PROBLEM to trust the CA for an OCSP response or for a DPV response for this case. There is an issue with intermediate CAs for which indeed the higher CA is generally not responsible. > In other words, a CA may run a DPV server, but the server will be trusted > because RPs choose to do so, not because they have previously chosen to > trust certs issued by the CA. Well, a RP may always choose whatever it wants to do, but IMO t for direct subordinate CAs an OCSP or DPV service is almost identical. if there is a DPV response signed by the CA, why should one not believe that this is not an authorised statement from the CA as soon as the CA has indicated in some policy/practise that it provides CRLs, OCSP and/or DPV? For the general case, there may be more constellations of trust relations for DPV services than just the two defined for OCSP. Regards Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HJrwt28362 for ietf-pkix-bks; Wed, 17 Apr 2002 12:53:58 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3HJrrm28357 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 12:53:57 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 17 Apr 2002 19:52:44 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id PAA04772 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 15:52:33 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3HJrwH00643 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 15:53:58 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1TWNF>; Wed, 17 Apr 2002 15:51:28 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.49]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1TWND; Wed, 17 Apr 2002 15:51:24 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: David Hopwood <david.hopwood@zetnet.co.uk> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020417154015.032180a8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 17 Apr 2002 15:42:56 -0400 Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt In-Reply-To: <3CBCC997.160221F4@zetnet.co.uk> References: <5.1.0.14.2.20020415143619.02f76e90@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David: Everywhere else in a certificate, URIs are encoded using the GeneralName construct: GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER} Thus, the URI is encode in ASCII. Do you think that URIs should be encoded differently in this one extension? Russ At 01:02 AM 4/17/2002 +0000, David Hopwood wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >At 12:35 PM 4/10/2002 -0400, Tom Gindin wrote: > >Second, I have reviewed draft-ietf-idn-uri-01.txt (by Martin Duerst) and > >it recommends that internationalized URI strings be converted to UTF-8 > >but then escaped using %HH, so UTF8String is unnecessary. > ><draft-masinter-url-i18n-08.txt> is more applicable: > ># In case the current handling in an API or protocol is based on ># US-ASCII, UTF-8 is recommended as the encoding for IRIs, because ># this is compatible with US-ASCII, is in accordance with the ># recommendations of [RFC 2277], and makes it easy to convert to URIs ># where necessary. [...] >... ># While it might be possible to define IRI references and IRIs merely by ># their transformation to URIs, IRI references and IRIs can also be ># accepted and processed directly. >... ># Also, it is expected that all relevant new W3C formats and protocols ># will be required to handle IRIs [CharMod]. > >I.e. the intent is that escaping using %HH must be done for existing >protocols where URIs are specified as ASCII; not that specifying URIs as >ASCII is desirable for *new* protocols. > >- -- >David Hopwood <david.hopwood@zetnet.co.uk> > >Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/ >RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 >Nothing in this message is intended to be legally binding. If I revoke a >public key but refuse to specify why, it is because the private key has been >seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip > > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3i >Charset: noconv > >iQEVAwUBPLzJYzkCAxeYt5gVAQG4LQf/fVKpiwbvc12r65934MfogBA6S2lOcr+f >ffNIPy76iMHJ3/Z+YWHQLyYPJKebtlpN1rfbPuoaU6LRSqb6r/xWfg6LLoAuHBO/ >+vtJn/oo0YY5L4bZzqDkTle1rjz1cA0lDzZL8FeZ1ZMxN7++PNOupkC23j/TqYrw >7Wf2y/mpgghjZ8Un5b1aaPUtE2yOn87TH/QX2hRytsQTIAe9o2Z53eOvWYoQ3i2I >sUQ9llCtln7kbu03jPUmpr2MduLFPY6KouZ9Mq1gs9j/0w0fJwLcdPFQ3TMGvl2L >lWtc620m4YgsqvXWQR6WluCUi1dxeL+zZSOGvx/mnmFanKc2O22fXQ== >=V/pC >-----END PGP SIGNATURE----- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HJfCJ27665 for ietf-pkix-bks; Wed, 17 Apr 2002 12:41:12 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HJfAm27655 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 12:41:10 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GUQ00G0197K3X@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 17 Apr 2002 12:38:08 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GUQ00F9I97JUV@ext-mail.valicert.com>; Wed, 17 Apr 2002 12:38:07 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <JACGZSM5>; Wed, 17 Apr 2002 12:40:50 -0700 Content-return: allowed Date: Wed, 17 Apr 2002 12:40:49 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Open issue: DPV additional information To: "'Michael Myers'" <myers@coastside.net> Cc: pkix <ietf-pkix@imc.org>, Denis Pinkas <Denis.Pinkas@bull.net> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5B1@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, What Denis is apparently saying is: - unlike OCSP (and OCSPv2) which standardizes an authorization model for CA-authorized "responders", and a non-CA "local-trust" model for "local responders" - DPV requirements do NOT call for standardization of these two issues (authorization and local trust) in the DPV protocol to be specified - He makes various broad-ranging assumptions on these very issues, however, that we are determining from the thread what the assumptions are. I think the only 2 substantive points that PeterW, PeterS, and Denis and others are discussing, include 1) Whether the DPV requirements *should* specify means to address the DPV dependent-services authorization and trust issues (e.g. these issues as they affect path processing supporting CRL handling, these issues as they affect OCSP response acceptance handling, and these issues as they affect OCSP response chain's own path processing) 2) We seek to flush out Denis' assumption about his model of the authorization and local-trust relations between CA/AAs, DPV servers, and EE relying-parties, and find out which entity and protocol state will be responsible for enforcing the authorization and local-trust rules, once we get to protocol specification. If we use your OSCP v2 work as a guide, we can reason thus: My (and implicitely your) suggestion is that DPV handle authorization and local-trust issues in the way that OCSP does - as the OCSP standard had pragmatically suceeded to balance both CA-focussed and RP-focussed relationship models between the CA/AA, OCSP responder, and EE-RP parties. The OCSP solution to the issues would obviously come built into DPV, if we specify a DPV using OCSPv2, lets note. AS Denis seems to deny, however, the legltimacy of the OCSP way of handling these issues for DPV needs, we cannot simply do OCSP v2, as is, to perform a DPV protocol: Why not, as OCSP's standardization per se contradicts Denis' model of the relationships between the players. Im not saying I agree with Denis. But if I translate his aphorisms, this is what he seems to be actually stating. My statement of the implications for OCSP (v2) or any other protocol design following the OCSP heritage, then follow. Peter. >>>>-----Original Message----- >>>>From: Michael Myers [mailto:myers@coastside.net] >>>>Sent: Wednesday, April 17, 2002 7:01 AM >>>>To: Denis Pinkas >>>>Cc: pkix >>>>Subject: RE: Open issue: DPV additional information >>>> >>>> >>>> >>>>Denis, >>>> >>>>Even as explanations, I disagree with the assertions. >>>> >>>>A CA can most certainly sign DPV responses, especially relating >>>>to its own certificates. A CA can also delegate that function >>>>(i.e. authorize a DPV server) to another trusted party. That >>>>party could conceivably itself be a CA. Thus a CA can sign DPV >>>>responses even with respect to certificates it didn't issue. >>>> >>>>In my view, these are deployment and operational issues relating >>>>to specific policies, practices and perhaps even contracts, all >>>>of which seem to be well out of scope of our technical >>>>considerations. But maybe that's just me. >>>> >>>>Mike >>>> >>>>> -----Original Message----- >>>>> From: owner-ietf-pkix@mail.imc.org >>>>> [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas >>>>> Sent: Wednesday, April 17, 2002 2:42 AM >>>>> To: Michael Myers >>>>> Cc: pkix >>>>> Subject: Re: Open issue: DPV additional information >>>>> >>>>> >>>>> >>>>> Michael, >>>>> >>>>> The text you mention is *not* going to be placed in >>>>> the requirement >>>>> document, but was only explanations. >>>>> >>>>> Since there has been many small changes since version >>>>> 03, I will re-issue >>>>> a draft shortly so that everybody can see the result >>>>> of the more than >>>>> * 300 e-mails * that have been exchanged. >>>>> >>>>> Denis >>>>> >>>>> > > -----Original Message----- >>>>> > > From: owner-ietf-pkix@mail.imc.org >>>>> > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of >>>>> Denis Pinkas >>>>> > > >>>>> > > . . . >>>>> > > >>>>> > > No. DPV servers are never authorized by CAs. They >>>>> are either : >>>>> > > >>>>> > > - locally trusted by their requesting clients for any >>>>> > > policy, or/and >>>>> > > - trusted under a given validation policy. >>>>> > > >>>>> > > . . . >>>>> > > >>>>> > > A CA cannot sign DPV responses. >>>>> > >>>>> > Denis, >>>>> > >>>>> > A while back I quite carefully parsed the -03 >>>>> version of the I-D >>>>> > into requirements statements. Nowhere did I see >>>>> these negative >>>>> > requirements asserted. Had they been there, I'm >>>>> quite certain I >>>>> > would've raised an issue on the list. Do you >>>>> really mean to say >>>>> > that a CA can neither directly affirm the validity >>>>> of its own >>>>> > certificates nor delegate that obvious right to >>>>> another party? >>>>> > >>>>> > Mike >>>>> >>>> Received: by above.proper.com (8.11.6/8.11.3) id g3HIT1i22842 for ietf-pkix-bks; Wed, 17 Apr 2002 11:29:01 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HIT0m22837 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:29:00 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3HISvPm028957; Wed, 17 Apr 2002 11:29:00 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: <yameogo@web.de>, <ietf-pkix@imc.org> Subject: RE: Future of OCSP V2 Date: Wed, 17 Apr 2002 11:26:08 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCENICJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <200204171423.g3HENqv03151@mailgate5.cinetic.de> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The OCSPv2 I-D will be updated and submitted for the WG's consideration now that the DPV and DPD requirements work appears to be coming to a close. It didn't make much sense to update it while the requirements were in flux. By the way, the only v2-ness about OCSPv2 has to do with the expansion of the certificate identification syntax to accomodate, among other options, the full certificate or a certificate hash. The extensions for DPV and DPD, which were always there even before all this hoo-hah started, can work equally well within the v1 framework, at least to the extent the v1 certID structure is acceptable. The definition of these extensions will of course be amended according the released version of the requirements document. A premliminary analysis against the -03 requirements showed that very little if any change will be needed. Of course, discussions concerning their acceptability as the technical path forward will doubtless prove lively. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > yameogo@web.de > Sent: Wednesday, April 17, 2002 7:24 AM > To: ietf-pkix@imc.org > Subject: Future of OCSP V2 > > > > Hi PKIXers, > > I would like to know what is the future of OCSP V2, > since the last draft has already expired and I couldn > t find any recent document about it. I m not > following the discussions on this list, so excuse the > fact that I may have missed something. So > -Will there be an OCSP V2 protocol? > -If yes will it be VERY different from the (expired) > draft currently available? > -If no what will happen with DPD and DPV? Will they > possibly be defined as independant protocols? > > Thank you > > WY > > ______________________________________________________ > ________________________ > Für alle, die nicht genug WEB.DE bekommen können. 100 > MB Speicher, SMS Preisvorteil > und noch mehr Kommunikation unter > http://club.web.de/?mc=021101 > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HIFbH22456 for ietf-pkix-bks; Wed, 17 Apr 2002 11:15:37 -0700 (PDT) Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HIFZm22452 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:15:35 -0700 (PDT) Received: from vhqpostal-gw2.verisign.com (verisign.com [65.205.251.56]) by peacock.verisign.com (8.11.3/BCH1.7.5) with ESMTP id g3HIBqO21464 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:11:52 -0700 (PDT) Received: by vhqpostal-gw2.verisign.com with Internet Mail Service (5.5.2653.19) id <G4TAR04H>; Wed, 17 Apr 2002 11:16:58 -0700 Message-ID: <2F3EC696EAEED311BB2D009027C3F4F405869AA7@vhqpostal.verisign.com> From: "Hallam-Baker, Phillip" <pbaker@verisign.com> To: ietf-pkix@imc.org Subject: Comments on the OKID draft Date: Wed, 17 Apr 2002 11:16:40 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> While I like the overall idea I think it can be substantially improved as follows: 1) The initial string is 2 characters, yet the argument is made that we are so short of space that we cannot afford any form of parity check. I suggest that we change this so that the first charater represents the type of OKID and the second is a parity check. This leaves us room for up to 32 different OKID types, and that before we start using bits in the data portion. I suggest that we form the parity check as follows: Let the OKID be WW-XXXX-XXXX-XXXX-XXXX-XXXX WP-AAAA-BBBB-CCCC-DDDD-EEEE W = E, C, A, B as before L to stand for license activation R to stand for one time authentication code P = a 5 bit parity check formed as follows Bit 0 = Parity of W AAAA Bit 1 = Parity of W AAAA BBBB Bit 2 = Parity of W AAAA BBBB CCCC Bit 3 = Parity of W AAAA BBBB CCCC DDDD Bit 4 = Parity of W AAAA BBBB CCCC DDDD EEEE This mechanism gives a 50% chance that an error will be caught in any given block as it is typed and failing that a 50% chance it will be caught in the next block, etc. 2) The format described in the first part of the draft is for a 100 bit OKID, the example describes an 80 bit OKID I prefer the 100 bit format, in fact I would like to have the option of specifying as many blocks as I like, up to 8 if necessary. 3) The use of the OKID in the manner of a PGP fingerprint should be explicitly considered under security considerations. 4) I would suggest that the registry concept should be unnecessary if the hash is large enough. There should be a means of re-using exisitng IANA identifiers, e.g. by combining a hash of an IANA mime type and the hash of the data... H ( H (type), H (data) ) 5) I would also suggest that we try to avoid unnecessary dependence on PKIX data formats here, the probability of collision should be negligible and so the option of using an OKID for PGP or SPKI or PKIX keys is attractive. 6) This technology could provide a means to address the one remaining objection voiced of PGP over S/MIME, the ability to generate short key signing lists. I do not propose the draft address this, but someone should. Phill Received: by above.proper.com (8.11.6/8.11.3) id g3HIBf922339 for ietf-pkix-bks; Wed, 17 Apr 2002 11:11:41 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HIBdm22334 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:11:39 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3HIBVPm027113; Wed, 17 Apr 2002 11:11:31 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Hal Lockhart" <hal.lockhart@entegrity.com>, "Denis Pinkas" <Denis.Pinkas@bull.net>, <stephen.farrell@baltimore.ie> Cc: "pkix" <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Wed, 17 Apr 2002 11:08:44 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDEENHCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <899128A30EEDD1118FC900A0C9C74A3401033FD0@bigbird.gradient.com> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hal, This works for me. Thanks for stepping in. Mike -----Original Message----- From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] Sent: Wednesday, April 17, 2002 10:23 AM To: 'Michael Myers'; Denis Pinkas; stephen.farrell@baltimore.ie Cc: pkix Subject: RE: Open issue: DPV additional information As entertaining as it is to watch you guys talk past each other, this thread is getting tiresome. Let me take a crack at why I don't think there is any real disagreement here. I think what Denis is saying is that if an entity is a CA, by definition they are trusted to issue and revoke the certificates they issue, by virture of being a CA. They can also delegate someone else to do the revocation, also by virtue of being a CA. If a RP decides to trust their certs, they must also trust their revocation arrangements. In contrast, when somebody sets up a DPV server, whether or not they also run a CA, there is an independant decision to trust the DPV server. It does not follow as an automatic consequence of the fact thet the same organization (or key even) may have issued one or more of the certs in the chain in question. In other words, a CA may run a DPV server, but the server will be trusted because RPs choose to do so, not because they have previously chosen to trust certs issued by the CA. Everybody agree? ;-) Hal > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Wednesday, April 17, 2002 11:22 AM > To: Denis Pinkas; stephen.farrell@baltimore.ie > Cc: pkix > Subject: RE: Open issue: DPV additional information > > > > Denis, > > It is precisely that issue of responsibility, in a broader > sense. I'm quite certain that organizational entities who > create, issue and maintain the reliability of public key > certificates will will be the first to claim jursidiction > regarding their validity. Who is going to claim otherwise? > > Mike > > > > -----Original Message----- > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > > Sent: Wednesday, April 17, 2002 8:02 AM > > > Extract from the road map document: > > > > Certification Authority (CA) - An authority > > trusted by one or more users to create and assign > > public key certificates. Optionally the CA may > > create the user's keys. It is important to > > note that the CA is responsible for the public key > ^^^^^^^^^^^^^^^ > > certificates during their whole lifetime, not just > > for issuing them. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HHQWd20705 for ietf-pkix-bks; Wed, 17 Apr 2002 10:26:32 -0700 (PDT) Received: from dymwsm17.mailwatch.com (dymwsm17.mailwatch.com [204.253.83.165]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HHQUm20699 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 10:26:31 -0700 (PDT) Received: from MWSC0208.MW4.MAILWATCH.COM (mwsc0208.mw4.mailwatch.com [204.253.83.244]) by dymwsm17.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3HHQCp16075 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 13:26:12 -0400 Received: from mail pickup service by MWSC0208.MW4.MAILWATCH.COM with Microsoft SMTPSVC; Wed, 17 Apr 2002 13:26:12 -0400 Received: from 204.253.83.39 ([204.253.83.39]) by MWSC0208 with SMTP id 000200087ec4b76d-541a-4b15-870a-73de57bc4454; Wed, 17 Apr 2002 13:26:11 -0500 Received: from bigbird.entegrity.com (bigbird.gradient.com [192.92.110.50]) by dymwsm15.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3HHQAE19292; Wed, 17 Apr 2002 13:26:10 -0400 Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <JC4CCNRR>; Wed, 17 Apr 2002 13:22:54 -0400 Message-ID: <899128A30EEDD1118FC900A0C9C74A3401033FD0@bigbird.gradient.com> From: Hal Lockhart <hal.lockhart@entegrity.com> To: "'Michael Myers'" <myers@coastside.net>, Denis Pinkas <Denis.Pinkas@bull.net>, stephen.farrell@baltimore.ie Cc: pkix <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Wed, 17 Apr 2002 13:22:52 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1E634.818E8B18" HOP-COUNT: 1 X-MAILWATCH-INSTANCEID: 010200087ec4b76d-541a-4b15-870a-73de57bc4454 X-OriginalArrivalTime: 17 Apr 2002 17:26:12.0319 (UTC) FILETIME=[F865BEF0:01C1E634] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1E634.818E8B18 Content-Type: text/plain; charset="ISO-8859-1" As entertaining as it is to watch you guys talk past each other, this thread is getting tiresome. Let me take a crack at why I don't think there is any real disagreement here. I think what Denis is saying is that if an entity is a CA, by definition they are trusted to issue and revoke the certificates they issue, by virture of being a CA. They can also delegate someone else to do the revocation, also by virtue of being a CA. If a RP decides to trust their certs, they must also trust their revocation arrangements. In contrast, when somebody sets up a DPV server, whether or not they also run a CA, there is an independant decision to trust the DPV server. It does not follow as an automatic consequence of the fact thet the same organization (or key even) may have issued one or more of the certs in the chain in question. In other words, a CA may run a DPV server, but the server will be trusted because RPs choose to do so, not because they have previously chosen to trust certs issued by the CA. Everybody agree? ;-) Hal > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Wednesday, April 17, 2002 11:22 AM > To: Denis Pinkas; stephen.farrell@baltimore.ie > Cc: pkix > Subject: RE: Open issue: DPV additional information > > > > Denis, > > It is precisely that issue of responsibility, in a broader > sense. I'm quite certain that organizational entities who > create, issue and maintain the reliability of public key > certificates will will be the first to claim jursidiction > regarding their validity. Who is going to claim otherwise? > > Mike > > > > -----Original Message----- > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > > Sent: Wednesday, April 17, 2002 8:02 AM > > > Extract from the road map document: > > > > Certification Authority (CA) - An authority > > trusted by one or more users to create and assign > > public key certificates. Optionally the CA may > > create the user's keys. It is important to > > note that the CA is responsible for the public key > ^^^^^^^^^^^^^^^ > > certificates during their whole lifetime, not just > > for issuing them. > ------_=_NextPart_001_01C1E634.818E8B18 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DISO-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2448.0"> <TITLE>RE: Open issue: DPV additional information</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>As entertaining as it is to watch you guys talk past = each other, this thread is getting tiresome. Let me take a crack at why = I don't think there is any real disagreement here.</FONT></P> <P><FONT SIZE=3D2>I think what Denis is saying is that if an entity is = a CA, by definition they are trusted to issue and revoke the = certificates they issue, by virture of being a CA. They can also = delegate someone else to do the revocation, also by virtue of being a = CA. If a RP decides to trust their certs, they must also trust their = revocation arrangements.</FONT></P> <P><FONT SIZE=3D2>In contrast, when somebody sets up a DPV server, = whether or not they also run a CA, there is an independant decision to = trust the DPV server. It does not follow as an automatic consequence of = the fact thet the same organization (or key even) may have issued one = or more of the certs in the chain in question.</FONT></P> <P><FONT SIZE=3D2>In other words, a CA may run a DPV server, but the = server will be trusted because RPs choose to do so, not because they = have previously chosen to trust certs issued by the CA.</FONT></P> <P><FONT SIZE=3D2>Everybody agree? ;-)</FONT> </P> <P><FONT SIZE=3D2>Hal</FONT> </P> <P><FONT SIZE=3D2>> -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> From: Michael Myers [<A = HREF=3D"mailto:myers@coastside.net">mailto:myers@coastside.net</A>]</FON= T> <BR><FONT SIZE=3D2>> Sent: Wednesday, April 17, 2002 11:22 AM</FONT> <BR><FONT SIZE=3D2>> To: Denis Pinkas; = stephen.farrell@baltimore.ie</FONT> <BR><FONT SIZE=3D2>> Cc: pkix</FONT> <BR><FONT SIZE=3D2>> Subject: RE: Open issue: DPV additional = information</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Denis,</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> It is precisely that issue of responsibility, = in a broader</FONT> <BR><FONT SIZE=3D2>> sense. I'm quite certain that = organizational entities who</FONT> <BR><FONT SIZE=3D2>> create, issue and maintain the reliability of = public key</FONT> <BR><FONT SIZE=3D2>> certificates will will be the first to claim = jursidiction</FONT> <BR><FONT SIZE=3D2>> regarding their validity. Who is going to claim = otherwise?</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Mike</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> > -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> > From: Denis Pinkas [<A = HREF=3D"mailto:Denis.Pinkas@bull.net">mailto:Denis.Pinkas@bull.net</A>]<= /FONT> <BR><FONT SIZE=3D2>> > Sent: Wednesday, April 17, 2002 8:02 = AM</FONT> <BR><FONT SIZE=3D2>> > > Extract from the road map = document:</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> > Certification Authority (CA) - An = authority</FONT> <BR><FONT SIZE=3D2>> > trusted by one or more users to create and = assign</FONT> <BR><FONT SIZE=3D2>> > public key certificates. Optionally the CA = may</FONT> <BR><FONT SIZE=3D2>> > create the user's keys. It is important = to</FONT> <BR><FONT SIZE=3D2>> > note that the CA is responsible for the = public key</FONT> <BR><FONT = SIZE=3D2>>  = ;  = ; ^^^^^^^^^^^^^^^</FONT> <BR><FONT SIZE=3D2>> > certificates during their whole lifetime, = not just</FONT> <BR><FONT SIZE=3D2>> > for issuing them.</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1E634.818E8B18-- Received: by above.proper.com (8.11.6/8.11.3) id g3HGlY517095 for ietf-pkix-bks; Wed, 17 Apr 2002 09:47:34 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HGlWm17087 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 09:47:32 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA10426; Wed, 17 Apr 2002 18:47:33 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 17 Apr 2002 18:47:33 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA05645; Wed, 17 Apr 2002 18:47:32 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA09329; Wed, 17 Apr 2002 18:47:31 +0200 (MET DST) Date: Wed, 17 Apr 2002 18:47:31 +0200 (MET DST) Message-Id: <200204171647.SAA09329@emeriau.edelweb.fr> To: ietf-pkix@imc.org, rhousley@rsasecurity.com Subject: Re: Open issue: requester identifier in DPV response Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > >1. The requestor MUST be able, upon request, to have a field to be copied > > in the response. > > > >2. When the request is authenticated, the requestor SHOULD be able, upon > > request, to have an identifier to be included in the response. How this > > identifier is derived from the authenticated identity depends on local > > server conditions. The server MAY choose to refuse to include an > > identitier in the response. > > > >Opinions ? > > I think that the first alternative is too vague to be useful. I nonce > mechanism that might be included to detect reply would fulfill the requirement. > > I think that the second is acceptable. I could live with it in order to > reach closure, but I do not think that it is necessary. 1: Actually Denis has added a new requirement here which is something that I had in mind but forgotten during the other discussions. 'a field' could mean 'a textual description identifying the nature or reason of the request/response'. This is not nonce processing, I have some tendency to avoid to encourage people to hide something necessary in a nonce. 2: What about: When the request is authenticated, the requestor SHOULD be able, upon request, to indicate an identifier to be included in the response. How this identifier is matched with the authenticated identity depends on local server conditions and/or the validation policy. The server MAY choose to refuse to include an identitier in the response, or MAY refuse to create a response. > > Russ > Peter Received: by above.proper.com (8.11.6/8.11.3) id g3HGTf715088 for ietf-pkix-bks; Wed, 17 Apr 2002 09:29:41 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HGTdm15084 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 09:29:39 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA10295 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 18:29:31 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 17 Apr 2002 18:29:31 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA05547 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 18:29:30 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA09319 for ietf-pkix@imc.org; Wed, 17 Apr 2002 18:29:30 +0200 (MET DST) Date: Wed, 17 Apr 2002 18:29:30 +0200 (MET DST) Message-Id: <200204171629.SAA09319@emeriau.edelweb.fr> To: ietf-pkix@imc.org Subject: raodmap Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The roadmap draft contains the following text: Another long debated topic in the WG dealt with certificate revocation. Numerous drafts have been developed to address different issues related certificate revocations. CMP supports revocation request, response, revocation announcement, and requests for CRL messages. CMC defines revocation request, revocation response, and requests for CRL messages, but uses CMS as the encapsulating protocol. [OCSP] was developed to address concerns that not all relying parties want to go through the process checking CRLs from every CA in the certification path. It defines an on-line mechanism to determine the status of a given certificate, which may provide more timely revocation information than is possible with CRLs. The Simple Certification Verification Protocol (SCVP) was produced to allow relying parties to off-load all of their certification verification to another entity [SCVP]. The WG was arguably split over whether such a function should be supported and whether it should be its own protocol or included in OCSP. In response, a draft defining OCSP Extensions was produced to include the functions of SCVP. [OCSP] has been a draft standard for more than six months and is in the process of being revised [OCSPv2]. To capture the work from the OCSP Extensions, two drafts were developed: Delegated Path Validation [DPV] and Delegated Path Discovery [DPD]. After considerable debate, the WG selected SCVP as the PKIX protocol for delegated path validation and delegated path discovery. A requirements document has been developed, and is currently under WG review. [DPREQ] Upon completion of [DPREQ], the SCVP protocol will be completed. I am somewhat surprised about this vision of online status protocol history and future. 1 - Since its initial draft in June 4 1998, DVCS has always included certificate validation as one it its service. 2 - At the time when OCSP was discussed DVCS was already mentioned as a protocol to provide certificate 'positive' status information. 1 - The first drafts of SCVP was produced June 25, 1999. At that time the first notary draft from Carlisle was already more than one year old. and DCS and DVCS have always included the function of validation of a public key certificate. 3 - Does someone can tell me in which meeting or decision the working group 'selected' SCVP as the PKIX protocol? Was this a reaction of some information that OCSP-V2 was somehow considered abandoned? 4 - As far as I know, and as far as it is regularily reminded by the editors of the requirements drafts, we are not yet talking about a particular protocol. Why is there a statement that SCVP will be completed? Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HFsib12860 for ietf-pkix-bks; Wed, 17 Apr 2002 08:54:44 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3HFsbm12844 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 08:54:37 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 17 Apr 2002 15:53:28 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA11399 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:53:17 -0400 (EDT) Received: from exeu00.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3HFsgn02838 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:54:42 -0400 (EDT) Received: by exeu00.eu.rsa.net with Internet Mail Service (5.5.2653.19) id <2KMJXJJR>; Wed, 17 Apr 2002 16:54:54 +0100 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.146]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1TS19; Wed, 17 Apr 2002 11:52:04 -0400 Message-Id: <5.1.0.14.2.20020417115048.03264230@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 17 Apr 2002 11:54:24 -0400 To: ietf-pkix@imc.org From: "Housley, Russ" <rhousley@rsasecurity.com> Subject: Re: Open issue: requester identifier in DPV response In-Reply-To: <3CBD7409.BF732004@bull.net> References: <200204171113.NAA09233@emeriau.edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi. My comments are at the bottom .... > > > The text proposal was as follows: > > > > > > "When the request is authenticated, the requestor MUST be able, upon > > > request, to have an identifier to be included in the response. Whether > > > and how the communicated identification(s) are validated against > identities > > > derived by some authentication method depends on local configurations. > > > Depending on that, the server MAY choose to copy, ignore, or replace > > > the identities by some other in the response, or to refuse the > > > request." > > > > > > You said: I did not ask for "when the request is authenticated". > > > > > > In such a case it means that you wanted a field to be sent by the > requestor > > > and to be blindly copied and pasted by the server in the response. In > that > > > case the semantics of this field cannot be verified by the server and > thus > > > cannot bear more semantics than "this is the data that I copied and > pasted > > > from the request". > > > My request is to remove the part "when .. authenticated' > > You still have the second and thrd sentence which cover > > the possibilities that may occur. > > To avoid a misunderstanding, replace "local configurations" by > > "the validation policy". > >This does not help. There is no relationship with the validation policy, >but this has to do with the access conditions to the DPV server. > > > In the following you are combining three actions, the > > indication of what the user specified, a potential authentication, > > what the server sends. You take only one case where the policy says > > no authentication necessary, and just blindly copy. > >The problem is the following: when *another* client sees the DPV response >how can it interpret the semantics of that field ? If there is more than one >interpretation, no one will have the same understanding of the semantics of >that field. > >Unless we provide an unambiguous semantics of that field, no requirement >can be added. > > > > Capturing this requirement would lead to: > > > > > > "The requestor MUST be able, upon request, to have a field to be > copied in > > > the response." > > > > The proposed text allows a server to modify or reject the request > > in whatever way desired. The indication of a requestor identity by > > the client does not mean that the client has an absolute (MUST) right > > to get this back unmodified or untreated. > >This means multiple semantics. > > > > We do not have such a similar facility in an OCSP response and I > wonder why > > > we should support it. > > > > If your question would be 'why do we want this' I'd answer that similar > > features exist in real life, when you ask for some kind of attestation > > given explicitly to you and you are more or less authenticated. > > > > "In reply of your (id of requester) demand from > > date, we certifiy today that you are still alive and can vote". > >In that real life example, the id of requester is verified and is >thus copied from a dully authenticated identifier. > > > "This is an invoice for item XXX for company mycorp". > >In that real life example, the item XX is a field that is blindly copied by >the server. > > > But, if others believe that the first half-sentence should remain > > in order to achieve consensus, I can live with that, too. > >Either a choice has to be made between the various alternatives ... or two >requirements should be incorporated. This would lead to the following text: > >1. The requestor MUST be able, upon request, to have a field to be copied > in the response. > >2. When the request is authenticated, the requestor SHOULD be able, upon > request, to have an identifier to be included in the response. How this > identifier is derived from the authenticated identity depends on local > server conditions. The server MAY choose to refuse to include an > identitier in the response. > >Opinions ? I think that the first alternative is too vague to be useful. I nonce mechanism that might be included to detect reply would fulfill the requirement. I think that the second is acceptable. I could live with it in order to reach closure, but I do not think that it is necessary. Russ Received: by above.proper.com (8.11.6/8.11.3) id g3HFQL911590 for ietf-pkix-bks; Wed, 17 Apr 2002 08:26:21 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HFQKm11586 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 08:26:20 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3HFP1Pm010304; Wed, 17 Apr 2002 08:25:01 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, <stephen.farrell@baltimore.ie> Cc: "pkix" <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Wed, 17 Apr 2002 08:22:12 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDKENECJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <3CBD8E76.7821B57@bull.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, It is precisely that issue of responsibility, in a broader sense. I'm quite certain that organizational entities who create, issue and maintain the reliability of public key certificates will will be the first to claim jursidiction regarding their validity. Who is going to claim otherwise? Mike > -----Original Message----- > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > Sent: Wednesday, April 17, 2002 8:02 AM > > Extract from the road map document: > > Certification Authority (CA) - An authority > trusted by one or more users to create and assign > public key certificates. Optionally the CA may > create the user's keys. It is important to > note that the CA is responsible for the public key ^^^^^^^^^^^^^^^ > certificates during their whole lifetime, not just > for issuing them. Received: by above.proper.com (8.11.6/8.11.3) id g3HFMZc11461 for ietf-pkix-bks; Wed, 17 Apr 2002 08:22:35 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3HFMXm11457 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 08:22:33 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 17 Apr 2002 15:21:24 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA07744 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:21:12 -0400 (EDT) Received: from exno02.dynas.se (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3HFMXG28399 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 11:22:34 -0400 (EDT) Received: by exno02.eu.rsa.net with Internet Mail Service (5.5.2653.19) id <JB1WNQ2F>; Wed, 17 Apr 2002 17:22:25 +0200 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.83]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1TRSK; Wed, 17 Apr 2002 11:19:57 -0400 Message-Id: <5.1.0.14.2.20020417104539.03224148@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 17 Apr 2002 11:14:15 -0400 To: ietf-pkix@imc.org From: "Housley, Russ" <rhousley@rsasecurity.com> Subject: Fixing ASN.1 module error in PKIX-new-part1-12 In-Reply-To: <0B95FB5619B3D411817E006008A59259C050BD@wfhqex06.gfgsi.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Many thanks to Rich Nicholas for detecting a mistake in the ASN.1 modules before Son-of-2459 was published as an RFC. The problem is described in the attached message, and only impacts certificates that include the X.400 ORAddress as an alterative name. I have been working with the RFC Editor to correct this before publication. I am not moving the definition. If I did, then each module would have IMPORTs from the other, and I am not sure that all of the tools could handle this circular situation. At this late date, I did not want to create a third module, so the solution is to insert "IMPLICIT" in each of the tagged definitions associated with the ORAddress. The resulting ASN.1 has been compiled with two different compilers, so I am quite confident that additional errors have not been introduced. One of the compilers reports no errors. The compiler complains about the specification of UNIVERSAL tags. This is not unexpected, as discussed in the introduction to Appendix A. I have submitted a new Internet-Draft (draft-ietf-pkix-new-part1-asn1-00.txt) that contains the updated ASN.1 modules in order to distribute the corrections widely and quickly. Russ At 12:34 PM 2/28/2002 -0500, Nicholas, Richard wrote: >Russ & Tim, > >The ORAddress syntax (and the syntax for its members) included in Appendix A >should have been included in the PKIXImplicit88 module (A.2), rather than >the PKIXExplicit88 module (A.1). > >ORAddress is defined in the MTSAbstractService module from X.411, which uses >IMPLICIT tagging. > >- Rich Received: by above.proper.com (8.11.6/8.11.3) id g3HF2U410387 for ietf-pkix-bks; Wed, 17 Apr 2002 08:02:30 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HF2Sm10382 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 08:02:28 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA17730; Wed, 17 Apr 2002 17:05:05 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041717021731:632 ; Wed, 17 Apr 2002 17:02:17 +0200 Message-ID: <3CBD8E76.7821B57@bull.net> Date: Wed, 17 Apr 2002 17:02:14 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: stephen.farrell@baltimore.ie CC: Michael Myers <myers@coastside.net>, pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <EOEGJNFMMIBDKGFONJJDCENDCJAA.myers@coastside.net> <3CBD8243.3ED8586A@bull.net> <3CBD8B1A.A4B55E5E@baltimore.ie> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 17:02:17, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 17:02:23, Serialize complete at 17/04/2002 17:02:23 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stephen, > Denis, > > > The concept and the functions of a CA and of a DPV server are not related. > > What's the benefit of being (IMO) as pedantic as this? > > Most people are happy enough for the term CA to mean either > the system that does X.509 things or the authority that > runs that system (and can therefore also be properly said > to be doing things like DPV). > Extract from the road map document: Certification Authority (CA) - An authority trusted by one or more users to create and assign public key certificates. Optionally the CA may create the user's keys. It is important to note that the CA is responsible for the public key certificates during their whole lifetime, not just for issuing them. Denis > Stephen. > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com Received: by above.proper.com (8.11.6/8.11.3) id g3HEluD09261 for ietf-pkix-bks; Wed, 17 Apr 2002 07:47:56 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HElsm09256 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 07:47:54 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3HElsb27619 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 15:47:54 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a510210d30a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 15:42:26 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id PAA16115; Wed, 17 Apr 2002 15:47:43 +0100 Message-ID: <3CBD8B1A.A4B55E5E@baltimore.ie> Date: Wed, 17 Apr 2002 15:47:54 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Michael Myers <myers@coastside.net>, pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <EOEGJNFMMIBDKGFONJJDCENDCJAA.myers@coastside.net> <3CBD8243.3ED8586A@bull.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, > The concept and the functions of a CA and of a DPV server are not related. What's the benefit of being (IMO) as pedantic as this? Most people are happy enough for the term CA to mean either the system that does X.509 things or the authority that runs that system (and can therefore also be properly said to be doing things like DPV). Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HEO9B08492 for ietf-pkix-bks; Wed, 17 Apr 2002 07:24:09 -0700 (PDT) Received: from mailgate5.cinetic.de (mailgate5.cinetic.de [217.72.192.165]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HEO7m08486 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 07:24:07 -0700 (PDT) Received: from web.de (fmomail02.dlan.cinetic.de [172.20.1.46]) by mailgate5.cinetic.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) with SMTP id g3HENqv03151 for ietf-pkix@imc.org; Wed, 17 Apr 2002 16:23:52 +0200 Date: Wed, 17 Apr 2002 16:23:52 +0200 Message-Id: <200204171423.g3HENqv03151@mailgate5.cinetic.de> MIME-Version: 1.0 Organization: http://freemail.web.de/ From: <yameogo@web.de> To: ietf-pkix@imc.org Subject: Future of OCSP V2 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3HEO8m08489 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi PKIXers, I would like to know what is the future of OCSP V2, since the last draft has already expired and I couldn t find any recent document about it. I m not following the discussions on this list, so excuse the fact that I may have missed something. So -Will there be an OCSP V2 protocol? -If yes will it be VERY different from the (expired) draft currently available? -If no what will happen with DPD and DPV? Will they possibly be defined as independant protocols? Thank you WY ______________________________________________________________________________ Für alle, die nicht genug WEB.DE bekommen können. 100 MB Speicher, SMS Preisvorteil und noch mehr Kommunikation unter http://club.web.de/?mc=021101 Received: by above.proper.com (8.11.6/8.11.3) id g3HEAMO07836 for ietf-pkix-bks; Wed, 17 Apr 2002 07:10:22 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HEALm07832 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 07:10:21 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA26080; Wed, 17 Apr 2002 16:13:01 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041716101290:622 ; Wed, 17 Apr 2002 16:10:12 +0200 Message-ID: <3CBD8243.3ED8586A@bull.net> Date: Wed, 17 Apr 2002 16:10:11 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <EOEGJNFMMIBDKGFONJJDCENDCJAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 16:10:13, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 16:10:19, Serialize complete at 17/04/2002 16:10:19 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, > Denis, > > Even as explanations, I disagree with the assertions. > > A CA can most certainly sign DPV responses, especially relating > to its own certificates. A CA can also delegate that function > (i.e. authorize a DPV server) to another trusted party. That > party could conceivably itself be a CA. Thus a CA can sign DPV > responses even with respect to certificates it didn't issue. I respectfully disagree with you. The concept and the functions of a CA and of a DPV server are not related. There is no notion of "designated DPV responder" by a CA and we are not going to define new certificate formats for that purpose. Denis > In my view, these are deployment and operational issues relating > to specific policies, practices and perhaps even contracts, all > of which seem to be well out of scope of our technical > considerations. But maybe that's just me. > > Mike > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > > Sent: Wednesday, April 17, 2002 2:42 AM > > To: Michael Myers > > Cc: pkix > > Subject: Re: Open issue: DPV additional information > > > > > > > > Michael, > > > > The text you mention is *not* going to be placed in > > the requirement > > document, but was only explanations. > > > > Since there has been many small changes since version > > 03, I will re-issue > > a draft shortly so that everybody can see the result > > of the more than > > * 300 e-mails * that have been exchanged. > > > > Denis > > > > > > -----Original Message----- > > > > From: owner-ietf-pkix@mail.imc.org > > > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > > Denis Pinkas > > > > > > > > . . . > > > > > > > > No. DPV servers are never authorized by CAs. They > > are either : > > > > > > > > - locally trusted by their requesting clients for any > > > > policy, or/and > > > > - trusted under a given validation policy. > > > > > > > > . . . > > > > > > > > A CA cannot sign DPV responses. > > > > > > Denis, > > > > > > A while back I quite carefully parsed the -03 > > version of the I-D > > > into requirements statements. Nowhere did I see > > these negative > > > requirements asserted. Had they been there, I'm > > quite certain I > > > would've raised an issue on the list. Do you > > really mean to say > > > that a CA can neither directly affirm the validity > > of its own > > > certificates nor delegate that obvious right to > > another party? > > > > > > Mike > > Received: by above.proper.com (8.11.6/8.11.3) id g3HE3Q507644 for ietf-pkix-bks; Wed, 17 Apr 2002 07:03:26 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HE3Pm07636 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 07:03:25 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3HE3LPm004314; Wed, 17 Apr 2002 07:03:21 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: "pkix" <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Wed, 17 Apr 2002 07:00:33 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCENDCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3CBD4374.2B72168C@bull.net> Importance: Normal X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Even as explanations, I disagree with the assertions. A CA can most certainly sign DPV responses, especially relating to its own certificates. A CA can also delegate that function (i.e. authorize a DPV server) to another trusted party. That party could conceivably itself be a CA. Thus a CA can sign DPV responses even with respect to certificates it didn't issue. In my view, these are deployment and operational issues relating to specific policies, practices and perhaps even contracts, all of which seem to be well out of scope of our technical considerations. But maybe that's just me. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Wednesday, April 17, 2002 2:42 AM > To: Michael Myers > Cc: pkix > Subject: Re: Open issue: DPV additional information > > > > Michael, > > The text you mention is *not* going to be placed in > the requirement > document, but was only explanations. > > Since there has been many small changes since version > 03, I will re-issue > a draft shortly so that everybody can see the result > of the more than > * 300 e-mails * that have been exchanged. > > Denis > > > > -----Original Message----- > > > From: owner-ietf-pkix@mail.imc.org > > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Denis Pinkas > > > > > > . . . > > > > > > No. DPV servers are never authorized by CAs. They > are either : > > > > > > - locally trusted by their requesting clients for any > > > policy, or/and > > > - trusted under a given validation policy. > > > > > > . . . > > > > > > A CA cannot sign DPV responses. > > > > Denis, > > > > A while back I quite carefully parsed the -03 > version of the I-D > > into requirements statements. Nowhere did I see > these negative > > requirements asserted. Had they been there, I'm > quite certain I > > would've raised an issue on the list. Do you > really mean to say > > that a CA can neither directly affirm the validity > of its own > > certificates nor delegate that obvious right to > another party? > > > > Mike > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HDA5F02778 for ietf-pkix-bks; Wed, 17 Apr 2002 06:10:05 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HDA2m02772 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 06:10:03 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA14476; Wed, 17 Apr 2002 15:12:44 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041715092992:611 ; Wed, 17 Apr 2002 15:09:29 +0200 Message-ID: <3CBD7409.BF732004@bull.net> Date: Wed, 17 Apr 2002 15:09:29 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204171113.NAA09233@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 15:09:29, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 15:10:01, Serialize complete at 17/04/2002 15:10:01 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > Peter, > > > > The text proposal was as follows: > > > > "When the request is authenticated, the requestor MUST be able, upon > > request, to have an identifier to be included in the response. Whether > > and how the communicated identification(s) are validated against identities > > derived by some authentication method depends on local configurations. > > Depending on that, the server MAY choose to copy, ignore, or replace > > the identities by some other in the response, or to refuse the > > request." > > > > You said: I did not ask for "when the request is authenticated". > > > > In such a case it means that you wanted a field to be sent by the requestor > > and to be blindly copied and pasted by the server in the response. In that > > case the semantics of this field cannot be verified by the server and thus > > cannot bear more semantics than "this is the data that I copied and pasted > > from the request". > My request is to remove the part "when .. authenticated' > You still have the second and thrd sentence which cover > the possibilities that may occur. > To avoid a misunderstanding, replace "local configurations" by > "the validation policy". This does not help. There is no relationship with the validation policy, but this has to do with the access conditions to the DPV server. > In the following you are combining three actions, the > indication of what the user specified, a potential authentication, > what the server sends. You take only one case where the policy says > no authentication necessary, and just blindly copy. The problem is the following: when *another* client sees the DPV response how can it interpret the semantics of that field ? If there is more than one interpretation, no one will have the same understanding of the semantics of that field. Unless we provide an unambiguous semantics of that field, no requirement can be added. > > Capturing this requirement would lead to: > > > > "The requestor MUST be able, upon request, to have a field to be copied in > > the response." > > The proposed text allows a server to modify or reject the request > in whatever way desired. The indication of a requestor identity by > the client does not mean that the client has an absolute (MUST) right > to get this back unmodified or untreated. This means multiple semantics. > > We do not have such a similar facility in an OCSP response and I wonder why > > we should support it. > > If your question would be 'why do we want this' I'd answer that similar > features exist in real life, when you ask for some kind of attestation > given explicitly to you and you are more or less authenticated. > > "In reply of your (id of requester) demand from > date, we certifiy today that you are still alive and can vote". In that real life example, the id of requester is verified and is thus copied from a dully authenticated identifier. > "This is an invoice for item XXX for company mycorp". In that real life example, the item XX is a field that is blindly copied by the server. > But, if others believe that the first half-sentence should remain > in order to achieve consensus, I can live with that, too. Either a choice has to be made between the various alternatives ... or two requirements should be incorporated. This would lead to the following text: 1. The requestor MUST be able, upon request, to have a field to be copied in the response. 2. When the request is authenticated, the requestor SHOULD be able, upon request, to have an identifier to be included in the response. How this identifier is derived from the authenticated identity depends on local server conditions. The server MAY choose to refuse to include an identitier in the response. Opinions ? Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3HCsTQ02274 for ietf-pkix-bks; Wed, 17 Apr 2002 05:54:29 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3HCsNm02268 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 05:54:27 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 17 Apr 2002 12:53:14 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id IAA20180 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 08:53:03 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3HCsQQ07119 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 08:54:26 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1T3JX>; Wed, 17 Apr 2002 08:51:57 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.83]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1T3JV; Wed, 17 Apr 2002 08:51:50 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: vivek saraf <viveksaraf_2000@yahoo.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020417085251.031da3a8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 17 Apr 2002 08:53:54 -0400 Subject: Re: refine ment to question :Where does the certificate go? In-Reply-To: <20020417050540.75615.qmail@web20006.mail.yahoo.com> References: <DAV34mNffVRMXDIYBWZ0001c33b@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Vivek: He said PER, which is the Packed Encoding Rules. He was not talking about the PEM file format. Russ At 10:05 PM 4/16/2002 -0700, vivek saraf wrote: >hello, > >You can use both DER or PEM, the application in which >you are going to use the sertificates that should >support that. The IE accepts both DER and PEM formats. > >If you want to give the user certificates along with >the CA certificate you must use pkcs #7. > >If you are have generated the private and public key >pairs for the end user you must use pkcs #12, in this >you can even put CA certificate also along with user >private key and certificate. > >For open source for CA you can refer openca. > >vivek > >--- osama farook <osamafarook@hotmail.com> wrote: > > ask about format > > is it base64-encoded or der-encoded or pkcs#7 or > > pkcs#12 > > Another question:? > > If there are any project that has been like mine and > > available on internet it is very kind of you to tell > > me about it. > > if there is any resources (not standards or rfcs) > > I'm so tired of RFC and standards.I make like who > > run in a circle. > > I do my project using C#> > > > > >__________________________________________________ >Do You Yahoo!? >Yahoo! Tax Center - online filing with TurboTax >http://taxes.yahoo.com/ Received: by above.proper.com (8.11.6/8.11.3) id g3HBx1K29402 for ietf-pkix-bks; Wed, 17 Apr 2002 04:59:01 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HBx0m29396 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 04:59:00 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA26612 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 14:01:42 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041713585278:592 ; Wed, 17 Apr 2002 13:58:52 +0200 Message-ID: <3CBD637C.5521F523@bull.net> Date: Wed, 17 Apr 2002 13:58:52 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: DPV&DPD-REQ document update X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 13:58:53, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 13:59:00, Serialize complete at 17/04/2002 13:59:00 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Dear all, I have issued the next version of DPV&DPD-REQ document, i.e. draft-ietf-pkix-dpv-dpd-req-04.txt, after reading more than 200 e-mails and responding with more than 90 e-mails. The new version should be placed shortly on the web server. At this time, I believe/hope that I have updated the document in accordance with the discussion. The single remaining issue is a request from Peter Sylvester about the inclusion of an additional field that would be inserted in the response. At the present time, since we have not reached an agreement on that last isssue, the document does not include a requirement along that last issue. Denis Received: by above.proper.com (8.11.6/8.11.3) id g3HBDvM25606 for ietf-pkix-bks; Wed, 17 Apr 2002 04:13:57 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3HBDsm25595 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 04:13:55 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA08626; Wed, 17 Apr 2002 13:13:46 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 17 Apr 2002 13:13:46 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA04148; Wed, 17 Apr 2002 13:13:46 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA09233; Wed, 17 Apr 2002 13:13:45 +0200 (MET DST) Date: Wed, 17 Apr 2002 13:13:45 +0200 (MET DST) Message-Id: <200204171113.NAA09233@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: requester identifier in DPV response Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Peter, > > The text proposal was as follows: > > "When the request is authenticated, the requestor MUST be able, upon > request, to have an identifier to be included in the response. Whether > and how the communicated identification(s) are validated against identities > derived by some authentication method depends on local configurations. > Depending on that, the server MAY choose to copy, ignore, or replace > the identities by some other in the response, or to refuse the > request." > > You said: I did not ask for "when the request is authenticated". > > In such a case it means that you wanted a field to be sent by the requestor > and to be blindly copied and pasted by the server in the response. In that > case the semantics of this field cannot be verified by the server and thus > cannot bear more semantics than "this is the data that I copied and pasted > from the request". My request is to remove the part "when .. authenticated' You still have the second and thrd sentence which cover the possibilities that may occur. To avoid a misunderstanding, replace "local configurations" by "the validation policy". In the following you are combining three actions, the indication of what the user specified, a potential authentication, what the server sends. You take only one case where the policy says no authentication necessary, and just blindly copy. > Capturing this requirement would lead to: > > "The requestor MUST be able, upon request, to have a field to be copied in > the response." The proposed text allows a server to modify or reject the request in whatever way desired. The indication of a requestor identity by the client does not mean that the client has an absolute (MUST) right to get this back unmodified or untreated. > > We do not have such a similar facility in an OCSP response and I wonder why > we should support it. If your question would be 'why do we want this' I'd answer that similar features exist in real life, when you ask for some kind of attestation given explicitly to you and you are more or less authenticated. "In reply of your (id of requester) demand from date, we certifiy today that you are still alive and can vote". "This is an invoice for item XXX for company mycorp". But, if others believe that the first half-sentence should remain in order to achieve consensus, I can live with that, too. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3H9iGP17816 for ietf-pkix-bks; Wed, 17 Apr 2002 02:44:16 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3H9iEm17811 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 02:44:14 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id LAA26172; Wed, 17 Apr 2002 11:46:53 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041711433990:571 ; Wed, 17 Apr 2002 11:43:39 +0200 Message-ID: <3CBD43CB.74462EB9@bull.net> Date: Wed, 17 Apr 2002 11:43:39 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: requester identifier in DPV response References: <200204161836.UAA08931@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 11:43:39, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 11:44:11, Serialize complete at 17/04/2002 11:44:11 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, The text proposal was as follows: "When the request is authenticated, the requestor MUST be able, upon request, to have an identifier to be included in the response. Whether and how the communicated identification(s) are validated against identities derived by some authentication method depends on local configurations. Depending on that, the server MAY choose to copy, ignore, or replace the identities by some other in the response, or to refuse the request." You said: I did not ask for "when the request is authenticated". In such a case it means that you wanted a field to be sent by the requestor and to be blindly copied and pasted by the server in the response. In that case the semantics of this field cannot be verified by the server and thus cannot bear more semantics than "this is the data that I copied and pasted from the request". Capturing this requirement would lead to: "The requestor MUST be able, upon request, to have a field to be copied in the response." We do not have such a similar facility in an OCSP response and I wonder why we should support it. Opinions ? Denis ======================================================================== > > Denis, Peter: > > > > I have one question about this proposal. Is the object to be placed > > into the response a transaction identifier or the RP's identifier? If it's > > the RP's identifier, IMO it should be called something like "requestor's > > claimed identity" and it should not be permitted to be altered by the > > server, although it might be permitted to be dropped. > > "claimed identity" means that you concentrate in some way to > authentication. I rarher see it: The identities which are > destined to be able to present the result. > A relay could ask 'on behalf of another client'. > > Agreed that 'climed identity' may be one of the usage cases defined > in a policy. > > I may agree with something like > 'a server SHOULD not alter arbitrarily the identities'. > > > > > [The DPV server MAY require client authentication, therefore, the DPV > > request MUST be able to be authenticated]. > > > > "When the request is authenticated, the requestor MUST be able, upon > > request, to have an identifier to be included in the response. Whether > > and how the communicated identification(s) are validated against identities > > derived by some authentication method depends on local configurations. > > Depending on that, the server MAY choose to copy, ignore, or replace > > the identities by some other in the response, or to refuse the > > request." > > I did not ask for "when the request is authenticated". > > > > > My personal opinion is that since the server policy (which has nothing to do > > with a validation policy) will be unkown (i.e. not visible in the response > > and not fixed by the protocol), this field would have no value. > 'server policy'? What would this be? > > The point is that the server indicates the 'intended recipient' > of the response. It determines this information using some explicit > information from the client in combination with wahtever should be > necessary as authentication. > Received: by above.proper.com (8.11.6/8.11.3) id g3H9gnv17775 for ietf-pkix-bks; Wed, 17 Apr 2002 02:42:49 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3H9glm17771 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 02:42:47 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id LAA26162; Wed, 17 Apr 2002 11:45:23 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041711421302:570 ; Wed, 17 Apr 2002 11:42:13 +0200 Message-ID: <3CBD4374.2B72168C@bull.net> Date: Wed, 17 Apr 2002 11:42:12 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <EOEGJNFMMIBDKGFONJJDOEMKCJAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 11:42:13, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 17/04/2002 11:42:44, Serialize complete at 17/04/2002 11:42:44 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, The text you mention is *not* going to be placed in the requirement document, but was only explanations. Since there has been many small changes since version 03, I will re-issue a draft shortly so that everybody can see the result of the more than * 300 e-mails * that have been exchanged. Denis > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > > > > . . . > > > > No. DPV servers are never authorized by CAs. They are either : > > > > - locally trusted by their requesting clients for any > > policy, or/and > > - trusted under a given validation policy. > > > > . . . > > > > A CA cannot sign DPV responses. > > Denis, > > A while back I quite carefully parsed the -03 version of the I-D > into requirements statements. Nowhere did I see these negative > requirements asserted. Had they been there, I'm quite certain I > would've raised an issue on the list. Do you really mean to say > that a CA can neither directly affirm the validity of its own > certificates nor delegate that obvious right to another party? > > Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3H55bY09815 for ietf-pkix-bks; Tue, 16 Apr 2002 22:05:37 -0700 (PDT) Received: from web20006.mail.yahoo.com (web20006.mail.yahoo.com [216.136.225.69]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3H55am09809 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 22:05:36 -0700 (PDT) Message-ID: <20020417050540.75615.qmail@web20006.mail.yahoo.com> Received: from [202.144.45.2] by web20006.mail.yahoo.com via HTTP; Tue, 16 Apr 2002 22:05:40 PDT Date: Tue, 16 Apr 2002 22:05:40 -0700 (PDT) From: vivek saraf <viveksaraf_2000@yahoo.com> Subject: Re: refine ment to question :Where does the certificate go? To: osama farook <osamafarook@hotmail.com>, ietf-pkix@imc.org In-Reply-To: <DAV34mNffVRMXDIYBWZ0001c33b@hotmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> hello, You can use both DER or PEM, the application in which you are going to use the sertificates that should support that. The IE accepts both DER and PEM formats. If you want to give the user certificates along with the CA certificate you must use pkcs #7. If you are have generated the private and public key pairs for the end user you must use pkcs #12, in this you can even put CA certificate also along with user private key and certificate. For open source for CA you can refer openca. vivek --- osama farook <osamafarook@hotmail.com> wrote: > ask about format > is it base64-encoded or der-encoded or pkcs#7 or > pkcs#12 > Another question:? > If there are any project that has been like mine and > available on internet it is very kind of you to tell > me about it. > if there is any resources (not standards or rfcs) > I'm so tired of RFC and standards.I make like who > run in a circle. > I do my project using C#> > __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ Received: by above.proper.com (8.11.6/8.11.3) id g3H0uuE03950 for ietf-pkix-bks; Tue, 16 Apr 2002 17:56:56 -0700 (PDT) Received: from zetnet.co.uk (root@irwell.zetnet.co.uk [194.247.47.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3H0usm03946 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 17:56:54 -0700 (PDT) Received: from zetnet.co.uk (bts-0220.dialup.zetnet.co.uk [194.247.48.220]) by zetnet.co.uk (8.11.3/8.11.3/Debian 8.11.2-1) with ESMTP id g3H0ujo26825 for <ietf-pkix@imc.org>; Wed, 17 Apr 2002 01:56:46 +0100 Message-ID: <3CBCC997.160221F4@zetnet.co.uk> Date: Wed, 17 Apr 2002 01:02:15 +0000 From: David Hopwood <david.hopwood@zetnet.co.uk> X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en-GB,en,fr-FR,fr,de-DE,de,ru MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt References: <5.1.0.14.2.20020415143619.02f76e90@exna07.securitydynamics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> -----BEGIN PGP SIGNED MESSAGE----- At 12:35 PM 4/10/2002 -0400, Tom Gindin wrote: >Second, I have reviewed draft-ietf-idn-uri-01.txt (by Martin Duerst) and >it recommends that internationalized URI strings be converted to UTF-8 >but then escaped using %HH, so UTF8String is unnecessary. <draft-masinter-url-i18n-08.txt> is more applicable: # In case the current handling in an API or protocol is based on # US-ASCII, UTF-8 is recommended as the encoding for IRIs, because # this is compatible with US-ASCII, is in accordance with the # recommendations of [RFC 2277], and makes it easy to convert to URIs # where necessary. [...] ... # While it might be possible to define IRI references and IRIs merely by # their transformation to URIs, IRI references and IRIs can also be # accepted and processed directly. ... # Also, it is expected that all relevant new W3C formats and protocols # will be required to handle IRIs [CharMod]. I.e. the intent is that escaping using %HH must be done for existing protocols where URIs are specified as ASCII; not that specifying URIs as ASCII is desirable for *new* protocols. - -- David Hopwood <david.hopwood@zetnet.co.uk> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/ RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Nothing in this message is intended to be legally binding. If I revoke a public key but refuse to specify why, it is because the private key has been seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPLzJYzkCAxeYt5gVAQG4LQf/fVKpiwbvc12r65934MfogBA6S2lOcr+f ffNIPy76iMHJ3/Z+YWHQLyYPJKebtlpN1rfbPuoaU6LRSqb6r/xWfg6LLoAuHBO/ +vtJn/oo0YY5L4bZzqDkTle1rjz1cA0lDzZL8FeZ1ZMxN7++PNOupkC23j/TqYrw 7Wf2y/mpgghjZ8Un5b1aaPUtE2yOn87TH/QX2hRytsQTIAe9o2Z53eOvWYoQ3i2I sUQ9llCtln7kbu03jPUmpr2MduLFPY6KouZ9Mq1gs9j/0w0fJwLcdPFQ3TMGvl2L lWtc620m4YgsqvXWQR6WluCUi1dxeL+zZSOGvx/mnmFanKc2O22fXQ== =V/pC -----END PGP SIGNATURE----- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3H00PZ03069 for ietf-pkix-bks; Tue, 16 Apr 2002 17:00:25 -0700 (PDT) Received: from hudson.vtr.net (mail.vtr.net [164.77.245.136]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3H00Nm03064 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 17:00:23 -0700 (PDT) Received: from casa ([200.83.44.187]) by hudson.vtr.net with SMTP id <20020416235935.RWLF817.hudson@casa> for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 19:59:35 -0400 From: "Juan Carlos Perez A." <jcpereza@vtr.net> To: "pkix" <ietf-pkix@imc.org> Subject: RE: refine ment to question :Where does the certificate go? Date: Tue, 16 Apr 2002 20:02:20 -0400 Message-ID: <ONEOIAKLBOLKKJEDJFODIEPOCCAA.jcpereza@vtr.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01C1E581.9DAFF1A0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <DAV34mNffVRMXDIYBWZ0001c33b@hotmail.com> Importance: Normal X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_0003_01C1E581.9DAFF1A0 Content-Type: text/plain; charset="windows-1256" Content-Transfer-Encoding: 7bit The certificate is in pkcs#7. BAse-64 is a tex-format representation of any binary, as pkcs#7 too. I suggest to you visit: www.pki-page.org, www.sourceforge.net, www.freshmeat.net . and the Getronics's free certificate library http://www.getronicsgov.com/hot/cml_lib.htm regsrds j.c. -----Mensaje original----- De: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org]En nombre de osama farook Enviado el: martes, 16 de abril de 2002 17:23 Para: ietf-pkix@imc.org Asunto: refine ment to question :Where does the certificate go? ask about format is it base64-encoded or der-encoded or pkcs#7 or pkcs#12 Another question:? If there are any project that has been like mine and available on internet it is very kind of you to tell me about it. if there is any resources (not standards or rfcs) I'm so tired of RFC and standards.I make like who run in a circle. I do my project using C#> ------=_NextPart_000_0003_01C1E581.9DAFF1A0 Content-Type: text/html; charset="windows-1256" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dwindows-1256"> <META content=3D"MSHTML 6.00.2715.400" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff size=3D2>The = certificate=20 is in pkcs#7. BAse-64 is a tex-format representation of any binary, as = pkcs#7=20 too.</FONT></SPAN></DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff size=3D2>I = suggest to you=20 visit: <A href=3D"http://www.pki-page.org">www.pki-page.org</A>, <A=20 href=3D"http://www.sourceforge.net">www.sourceforge.net</A>, <A=20 href=3D"http://www.freshmeat.net">www.freshmeat.net</A> . and the = Getronics's free=20 certificate library <A=20 href=3D"http://www.getronicsgov.com/hot/cml_lib.htm">http://www.getronics= gov.com/hot/cml_lib.htm</A></FONT></SPAN></DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff=20 size=3D2>regsrds</FONT></SPAN></DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff=20 size=3D2>j.c.</FONT></SPAN></DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D434245423-16042002><FONT color=3D#0000ff=20 size=3D2></FONT></SPAN> </DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px = solid; MARGIN-RIGHT: 0px"> <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT = face=3DTahoma=20 size=3D2>-----Mensaje original-----<BR><B>De:</B> = owner-ietf-pkix@mail.imc.org=20 [mailto:owner-ietf-pkix@mail.imc.org]<B>En nombre de </B>osama=20 farook<BR><B>Enviado el:</B> martes, 16 de abril de 2002 = 17:23<BR><B>Para:</B>=20 ietf-pkix@imc.org<BR><B>Asunto:</B> refine ment to question :Where = does the=20 certificate go?<BR><BR></FONT></DIV> <DIV><FONT face=3DArial size=3D2>ask about format<BR>is it = base64-encoded or=20 der-encoded or pkcs#7 or pkcs#12<BR>Another question:?<BR>If there are = any=20 project that has been like mine and available on internet it is very = kind of=20 you to tell me about it.<BR>if there is any resources (not standards = or=20 rfcs)<BR>I'm so tired of RFC and standards.I make like who run in a=20 circle.<BR>I do my project using = C#></FONT></DIV></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0003_01C1E581.9DAFF1A0-- Received: by above.proper.com (8.11.6/8.11.3) id g3GLNUb26855 for ietf-pkix-bks; Tue, 16 Apr 2002 14:23:30 -0700 (PDT) Received: from hotmail.com (dav34.sea1.hotmail.com [207.68.162.91]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GLNTm26851 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 14:23:29 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 16 Apr 2002 14:23:27 -0700 X-Originating-IP: [217.139.55.152] From: "osama farook" <osamafarook@hotmail.com> To: <ietf-pkix@imc.org> Subject: refine ment to question :Where does the certificate go? Date: Tue, 16 Apr 2002 23:23:19 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_006B_01C1E59D.B1D0EC90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <DAV34mNffVRMXDIYBWZ0001c33b@hotmail.com> X-OriginalArrivalTime: 16 Apr 2002 21:23:27.0005 (UTC) FILETIME=[F284B4D0:01C1E58C] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_006B_01C1E59D.B1D0EC90 Content-Type: text/plain; charset="windows-1256" Content-Transfer-Encoding: quoted-printable ask about format is it base64-encoded or der-encoded or pkcs#7 or pkcs#12 Another question:? If there are any project that has been like mine and available on = internet it is very kind of you to tell me about it. if there is any resources (not standards or rfcs) I'm so tired of RFC and standards.I make like who run in a circle. I do my project using C#> ------=_NextPart_000_006B_01C1E59D.B1D0EC90 Content-Type: text/html; charset="windows-1256" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dwindows-1256"> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>ask about format<BR>is it = base64-encoded or=20 der-encoded or pkcs#7 or pkcs#12<BR>Another question:?<BR>If there are = any=20 project that has been like mine and available on internet it is very = kind of you=20 to tell me about it.<BR>if there is any resources (not standards or = rfcs)<BR>I'm=20 so tired of RFC and standards.I make like who run in a circle.<BR>I do = my=20 project using C#></FONT></DIV></BODY></HTML> ------=_NextPart_000_006B_01C1E59D.B1D0EC90-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GKaxi22865 for ietf-pkix-bks; Tue, 16 Apr 2002 13:36:59 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GKavm22861 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 13:36:57 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3GKaWms368010; Tue, 16 Apr 2002 16:36:34 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.1) with ESMTP id g3GKaT535078; Tue, 16 Apr 2002 16:36:29 -0400 Importance: Normal Sensitivity: Subject: RE: Open issue: DPV relay To: Peter Sylvester <Peter.Sylvester@edelweb.fr> Cc: peterw@valicert.com, ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF160C56E1.7FCEE8EC-ON85256B9D.00548C55@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Tue, 16 Apr 2002 16:36:31 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/16/2002 04:36:30 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: First, if you don't need an external party to validate the certificate, you don't need to worry about any weaknesses in DPV. Second, unless you can prove that either a TTP or a party with closer links to the signer than to the RP is the actual source of your DPV response, it probably won't help much as evidence. Tom Gindin Peter Sylvester <Peter.Sylvester@EdelWeb.fr> on 04/16/2002 08:02:03 AM To: peterw@valicert.com, Tom Gindin/Watson/IBM@IBMUS cc: Peter.Sylvester@EdelWeb.fr, ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Tom, One question is: 'to prove vis-a-vis which entity': A work flow component may just need a confirmation of the companies internal work flow. If the company needs to prove this vis-a-vis other potential external entities, it sets up a policy ccording to that to do: This may for example include a DPV service operated by 'the other company' in order to prove that 'we have asked you (the other compnay), and your compnay server asserted that the certificate of person XYZ is useful to policy P, and we have validated the status of your servers certificate at our commonly agreed CA validation service. It is up to the 'local DPV service' to ensure to which extend the answer can be considered more or less globally binding. Peter S. > > Peter: > > If nobody disagrees with your statement about an RP providing its own > DPV service, I think that you have provided the conclusive argument against > using DPV responses in NR. After all, in many NR scenarios the RP is > trying to prove that his reliance on a signature was justified. If the RP > provides its own DPV service, the only answer to the question "why did you > consider the signing certificate valid?" which it provides is "because I > thought so at the time". If you assume that single RP's rarely provide DPV > in practice but that organizations which employ many RP's may do so, the > answer is "because my employer thought so at the time". > This does not mean that DPV is not valuable, but it would mean that > it (as opposed to DPD) is not useful for NR. > > Tom Gindin > > > Peter Williams <peterw@valicert.com>@mail.imc.org on 04/11/2002 01:00:53 PM > > Sent by: owner-ietf-pkix@mail.imc.org > > > To: "'Peter Sylvester '" <Peter.Sylvester@edelweb.fr> > cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> > Subject: RE: Open issue: DPV relay > > > > > Peter. > > OCSP has always envisioned and practised a relying party > authorizing an OCSP Responder: no CA/AA involvement > is required and no certificate need be issued, in this > case. > > Carry over this conformance requirement from OCSP to DPV: > > An OCSP client (which includes a client that is a DPV server) > must potentially accept an OCSP response according to ALL the > rules of 4.2.2.2. There are three cases: (1) (2) and (3). > > Lets remember, a relying party can operate its > own DPV service for its own benefit. The relying party > needs no authority from a CA to do so. The operator > of a DPV server is not necessarily a TTP, and > need have no relationship to the cert or CRL > issuer, other than that of performing > relying party obligations or (less stringent) user > obligations according to the CP. > > -----Original Message----- > From: Denis Pinkas > To: Peter Sylvester > Cc: ietf-pkix@imc.org > Sent: 4/11/02 3:18 AM > Subject: Re: Open issue: DPV relay > > > > See the second point and also read 4.2.2.2 > > Which says: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > > Or: You may want a requirement that the DPV responder must ensure > > that the OCSP responses are signed by a CA or an authorised responder > > and not by some locally trusted OCSP responder in order to > > be sure that an 'evidence verifier' finds trustworthy information. > > This is correct. However, it is not necesssary to add this requirement > in > the DPV requirements document since this requirement is already in > section > 4.2.2.2 from RFC 2560 (OCSP). > > > > > To make the simple case, if a DPV response is signed directly by > the CA > > > > (or by an authorised responder), you have the same situation. > > > > > > No. A CA can only assert information about what it is directly > responsible. > > > So, the DPV response made by the CA just talks about the certificates > > it has directly issued. > > No. Talking about the certificates that a DPV server may have issued > does > not make sense. Certificates are only issued by CAs, AFAIK. Once again, > a DPV server MUST answer for one (or more) certificates and must verify > an entire chain of certificates, whoever has issued them. A DPV server > is > *not* a CA. A DPV server can be *any* service provider. An organization > running a CA may also run a DPV server, in the same way as an > organization > running a CA may also provide a Time-Stamping service. > > > > No CA is responsible for all the certifiactes from one path. An OCSP > query > > > is for ONE certificate, while a DPV query involves a CHAIN of > certificates. > > > > The text says: > > > > The Delegated Path Validation (DPV) protocol allows a server to > > validate one or more public key certificates according to a > validation > > policy. > > > > In order to validate a certificate, a chain of multiple > certificates, > > called a certification path, may be needed, comprising a > certificate > > of the public key owner (the end entity) signed by one CA, and zero > or > > more additional certificates of CAs signed by other CAs. > > > In the simple case of only one CA, an OCSP response signed by the CA > > concerning the certificate in question does not say anything the > > validity of the CA cert since when it was signed with the same key. > > > You thus just have on certificate. > > > In a case of one intermediate CA, the DPV response may for example > > contain two OCSP responses, one signed by the intermediate CA > > concerning the revocation status of the end user and another > > concerning the statius of the intermediate CA signed by the > > top CA. > > > If both CAs provide a DPV service instead of an OCSP service > > You mean "If the organisation hosting a CA also provides a DPV service > ... " > > > in the same way, you have exactly the same situation except > > that this is a positive status information. > > > > For example, the initial client asks for a combined status, > > it asks his own trusted service, this server asks the intermediate > > CA either to provide an OCSP status or a DPV status of the > > cert in question and then asks the top CA to provide a status of > > the intermediate CA's cert, and well, even three other OCSP > > responders to provide statement that the top level > > CA's cert is good. > > I believe that you have mis-understood one idea behind DPV. DPV verifies > the > whole path processing. A DPV status about one intermediate certificate > of > the chain does not make sense. The validation policy is not about that > intermediate certificate but about a given certificate and a whole chain > above it. Applying the validation policy on an intermediate certificate > only > does not make sense. > > > DPV would allow to combine the responses differently. > > It can well be that the intermediate CA/DPV responder > > itself asks for a DPV response from the top CA/DPV > > and include this in his DPV response to the initial server. > > > > > > > > There are no similarities. > > "Ok, let's talk." > > > > > > I think that there must be a language problem somewhere because I > > > > fail to see what *not* you are referring, i.e. to see where we are > > > > in disagreement. I have not said that it is necessary for the > client > > > > to gather all information. I have said that the protocol must > provide > > > > a method to allow a client to ask and the server to respond with > that > > > > information. > > > > > > Maybe, since we possibly interpreted diffrently "what has > contributed to the > > > final decision". > > > > > > > > In case of a dispute, testing again the certificate validity, > means that > > > > > certificates, CRLs and OCSP responses must be available. > Anything else is > > > > > useless. > > > > > > > I think that this may be the core of our disagreement. > > > > > > > This is because you only accept that CA can create assertions > about the > > > > validity of their certificates using CRLs and OCSP. > > > > > > Correct. > > > > Unfortunately we may be both wrong. > > > > > > As soon as you would > > > > admit that some new protocol or service is provided that enhances > and in > > > > particular replaces them, the statements obtained via that service > are > > > > necessary. > > > > > > > I would like to know what you would have said 5 years ago when > only > > > > CRLs existed. > > > > > > Basicaly the chain must be verified and no element fom the chain > must be > > > revoked. > > > > > > Five years ago this information was provided off-line, i.e. via > CRLs. OCSP > > > allows to obtain the same information on-line. Between on-line and > off-line > > > I currently see no other mechanism. > > > But you can have different protocols for these characteristics. > Offline > > you could use trees, online you can have DPV, > > No. On-line, to know the revocation status of a single certificate we > only > have OCSP. RFC 2560 states: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > Note that this is true as well for CRLs. Either the CA signs the CRL > directly or designate another authority. > > RFC 2459 RECOMMENDS for the support of the CRL distribution points > extension > which then contains a cRLIssuer field. "If the certificate issuer is not > the > CRL issuer, then the cRLIssuer field MUST be present and contain the > Name of > the CRL issuer. If the certificate issuer is also the CRL issuer, then > the > cRLIssuer field MUST be omitted ..." > > > or other techniques like > > timestamps over CRLs and OCSP responses to have a proof that the > server > > has provided the OCSPresp/CRL at a current date. > > Time-stamping is not needed to prove that the server has provided the > OCSPresp/CRL at a current date. An OCSP response includes such a date. > CRL > checking uses thisUpdate and nextUpdate. Time-stamping may however be > useful > for other reasons. An informational RFC (i.e. RFC 3126 - Electronic > Signature Formats for long term electronic signatures) does however > indicate > such a format in the context of a signature policy. Another format could > be > derived from it in the context of a validation policy. > > > > The basic question is whether first-hand information and second-hand > > > information should be used. In case of a dispute, only first-hand > > > information is useful (certificates and revocation status > information from > > > the CAs responsible for every certificate from the chain). DPV > responses > > > (i.e. the signed "yes" answers) are useless, unless the plaintiff > and the > > > defendant both trust the same DPV server. > > > OCSP responses may also be useless, unless the plaintiff and the > > defendant both trust the same OCSP server. > > Wrong. RFC 2560 sates: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > In either of these cases, the plaintiff and the defendant cannot argue > that > the OCSP response is not valid (unless the OCSP responder has been > revoked > by the CA). They cannot argue that such responses are useless, or if > they > do, > this argumentation will be rejected. > > I have made my best efforts to explain all the rational behind DPV > responses, > which are very different from OCSP responses. I have also made my best > efforts to explain why in the general case a DPV response from a given > server is not necessarilly trusted by all clients, and thus would be > useless > in front of a court. > > The security consideration section is very explicit on this issue: > > "A DPV client must trust a DPV server to provide the correct answer. > However, this does not mean that all DPV clients will trust the same > DPV servers. While a positive answer might be sufficient for one DPV > client, that same positive answer will not necessarily convince > another DPV client." > > Can we finally close this issue ? > > Denis > > > Peter > > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GK8NE20218 for ietf-pkix-bks; Tue, 16 Apr 2002 13:08:23 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3GK8Lm20213 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 13:08:22 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 16 Apr 2002 20:07:14 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA18893 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 09:58:09 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3GDxU911070 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 09:59:30 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1TA1A>; Tue, 16 Apr 2002 09:57:01 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.169]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1TADX; Tue, 16 Apr 2002 09:56:52 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020416095004.03654768@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 16 Apr 2002 09:52:22 -0400 Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt In-Reply-To: <3CBBDDA8.A3CEBECF@bull.net> References: <5.1.0.14.2.20020415143619.02f76e90@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis: Many issues have been raised and resolved. The problem is that the remain ones cannot be discussed efficiently without updating the document. In this way, we will all have the same context for the next phase of the discussion. I think that some of your issues are resolved. I know that others are not. Russ At 10:15 AM 4/16/2002 +0200, Denis Pinkas wrote: >Russ, > > > Tom: > > > We are about to post an update to the draft. Expect to see it in the next > > day or so. > >Isn't it premature ? > >I am still expecting responses to my set of comments and questions. > >Regards, > >Denis > > > I recognize the severe memory constraints of smartcards. > > > > Russ > > > > At 12:35 PM 4/10/2002 -0400, Tom Gindin wrote: > > > > > Russ: > > > > > > Most of the following concerns the data structures of the current > > >draft and of my last posting. First, should the URI really be optional in > > >cases where the binary component is a hash? What good is the logotype > > >field with a hash but no way to reference the image? Second, I have > > >reviewed draft-ietf-idn-uri-01.txt (by Martin Duerst) and it recommends > > >that internationalized URI strings be converted to UTF-8 but then escaped > > >using %HH, so UTF8String is unnecessary. Therefore, we should simplify > > >VerifiedReference as follows: > > > VerifiedReference ::= SEQUENCE { > > > hashAlgorithm AlgorithmIdentifier, > > > dataHash OCTET STRING, > > > uri IA5String, > > > } > > > > > > On a different topic, smart cards and other tokens have the least > > >space of any place certificates are likely to be put, so if in-line > > >logotypes are OK there they're OK anywhere. > > > > > > Tom Gindin > > > > > > > > >"Housley, Russ" <rhousley@rsasecurity.com> on 04/08/2002 01:17:11 PM > > > > > >To: Tom Gindin/Watson/IBM@IBMUS > > >cc: ietf-pkix@imc.org > > >Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt > > > > > > > > >Tom: > > > > > > >The following is just a personal opinion, but one based on fairly > > > >well-understood trends. I don't think that in-line logotypes are > > >CURRENTLY > > > >worth the space that they'd take up on a smart card, but I would guess > > >that > > > >they will be in two more smart-card generations and perhaps only one. > > > >Given the amount of time between standard proposal and deployment, it's > > >not > > > >premature to standardize it. > > > > > >I tend to agree with your assessment of storage on smart > cards. Today, all > > > > > >of the certificates stored on one smart card are likely to be associated > > >with one community. Therefore, a logo will like appear on the smart card > > >itself. > > > > > >Of course, there are other places that certificates and private keys are > > >stored.... > > > > > > > However, I also have a question about the current data structure. > > > >First, why is the URI optional (assuming that the only binary value > is the > > > >digest, as at present)? Second, why would we not permit in-line > logotypes > > > >(in which case the URI is suppressed)? This would require some edits to > > > >LogotypeData, but nothing very difficult. One possibility would be: > > > > LogotypeData ::= SEQUENCE { > > > > typeOfLogotype TypeOfLogotype, > > > > hashAlgorithm AlgorithmIdentifier, -- might be > > >OPTIONAL, > > > >it's not meaningful for GIF's > > > > CHOICE { > > > > logotypeDataHash OCTET STRING, > > > > gif [0] IMPLICIT OCTET STRING > > > > }, > > > > logotypeDataUri IA5String OPTIONAL } > > > > > > > > Another would be: > > > > LogotypeData ::= SEQUENCE { > > > > typeOfLogotype TypeOfLogotype, > > > > CHOICE { > > > > logotypeReference VerifiedReference, > > > > gif OCTET STRING > > > > } > > > > } > > > > VerifiedReference ::= SEQUENCE { > > > > hashAlgorithm AlgorithmIdentifier, > > > > dataHash OCTET STRING, > > > > CHOICE { > > > > uri IA5String, > > > > intlUri UTF8String } > > > > } > > > > > > > > > > > > IMO VerifiedReference is a generally useful type, so its names do > > >not > > > >contain reference to logotypes. My understanding of COMPONENTS OF, > which > > > >may be faulty, is that defining LogotypeData using COMPONENTS OF > > > >VerifiedReference as an element of a CHOICE would not produce a useful > > > >result because each of the elements of VerifiedReference would show > up in > > > >the CHOICE rather than merely hashAlgorithm going into the CHOICE > with the > > > >other fields added to LogotypeData's SEQUENCE. > > > > > >We are in the final steps of an updated I-D. It addresses some of these > > >issues, but not all. > > > > > >Is there a reference for UTF8String URI? > > > > > >Russ Received: by above.proper.com (8.11.6/8.11.3) id g3GIcnN14065 for ietf-pkix-bks; Tue, 16 Apr 2002 11:38:49 -0700 (PDT) Received: from texas.pobox.com (texas.pobox.com [64.49.223.111]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GIcmm14058 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:38:48 -0700 (PDT) Received: from gnosis (12-230-145-100.client.attbi.com [12.230.145.100]) by texas.pobox.com (Postfix) with ESMTP id 4AF7945389 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 14:38:49 -0400 (EDT) From: "L Williams" <eldub@pobox.com> To: <ietf-pkix@imc.org> Subject: Inconsistency in certificate extension profiles leads to deployment nightmares Date: Tue, 16 Apr 2002 11:38:56 -0700 Message-ID: <000201c1e575$f832fcf0$6401a8c0@gnosis> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I've spent the last few years heavily involved in the architecture and deployment of PKI in a wide variety of environments. Recently, I've been running into more and more problems with trying to define certificate profiles that meet the current needs and have a modicum of a chance of being useful for the foreseeable future. I wanted to share some of the issues I'm running into and get people's thoughts and opinions on how we can perhaps standardize a few extension profiles for general end entity use. Most of the customers want to use certificates for some combination of the following: - digital signature - encryption - authentication There is a degenerative case, but it is rare (was asked about it a few times): - non-repudiation certificates This means that if they want a single end-entity profile, it should cover all of these uses. This ends up being the simplest case, although there can be issues with encoding types (e.g., MS requires the UPN value in the subject alternative name field be encoded as UTF8, if you want to be compatible with some of their features). Dual certificates are where we begin to see problems. Something as simple as key usage can be complicated. Take this example: - Certificate 1, Encryption - Should key usage be keyEncipherment, or both keyEncipherment and dataEncipherment? I realize in most implementations keyEncipherment is fine, but I've begun to see eCommerce implementations where database field-level encryption is done using the public key directly. -Certificate 2, Signature verification and Authentication - Since some authentication implementations encrypt keys, should key usage be digitalSignature and keyEncipherment? In a dual certificate environment this can cause applications to break (two certificates with keyEncipherment set) There are many other similar issues. I keep finding that every time I think I have this ironed out, something gets proven wrong. Simply using a "PKIX compliant" profile is usually not enough. So here is the challenge. What do you recommend? Any thoughts on extension profiles that meet the following common business requirements: - Can be generally used for encryption, digital signature and authentication - Since most companies use MS desktops, add support for EFS, AD name mapping (include the UPN value, etc), and potentially PKINIT (MS compatible or not) - Full S/MIME support - Full support as a client-side SSL certificate - Forward looking and future compatible Thanks for any thoughts or input. -Laudon Williams Received: by above.proper.com (8.11.6/8.11.3) id g3GIaUN13705 for ietf-pkix-bks; Tue, 16 Apr 2002 11:36:30 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GIaSm13697 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:36:28 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id UAA04522; Tue, 16 Apr 2002 20:36:26 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 20:36:26 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id UAA01012; Tue, 16 Apr 2002 20:36:23 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id UAA08931; Tue, 16 Apr 2002 20:36:23 +0200 (MET DST) Date: Tue, 16 Apr 2002 20:36:23 +0200 (MET DST) Message-Id: <200204161836.UAA08931@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net, tgindin@us.ibm.com Subject: Re: Open issue: requester identifier in DPV response Cc: Peter.Sylvester@edelweb.fr, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Denis, Peter: > > I have one question about this proposal. Is the object to be placed > into the response a transaction identifier or the RP's identifier? If it's > the RP's identifier, IMO it should be called something like "requestor's > claimed identity" and it should not be permitted to be altered by the > server, although it might be permitted to be dropped. "claimed identity" means that you concentrate in some way to authentication. I rarher see it: The identities which are destined to be able to present the result. A relay could ask 'on behalf of another client'. Agreed that 'climed identity' may be one of the usage cases defined in a policy. I may agree with something like 'a server SHOULD not alter arbitrarily the identities'. > > [The DPV server MAY require client authentication, therefore, the DPV > request MUST be able to be authenticated]. > > "When the request is authenticated, the requestor MUST be able, upon > request, to have an identifier to be included in the response. Whether > and how the communicated identification(s) are validated against identities > derived by some authentication method depends on local configurations. > Depending on that, the server MAY choose to copy, ignore, or replace > the identities by some other in the response, or to refuse the > request." I did not ask for "when the request is authenticated". > > My personal opinion is that since the server policy (which has nothing to do > with a validation policy) will be unkown (i.e. not visible in the response > and not fixed by the protocol), this field would have no value. 'server policy'? What would this be? The point is that the server indicates the 'intended recipient' of the response. It determines this information using some explicit information from the client in combination with wahtever should be necessary as authentication. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GFe3901921 for ietf-pkix-bks; Tue, 16 Apr 2002 08:40:03 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GFe2m01916 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 08:40:02 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3GFdJms158138; Tue, 16 Apr 2002 11:39:20 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.1) with ESMTP id g3GFdG539496; Tue, 16 Apr 2002 11:39:16 -0400 Importance: Normal Sensitivity: Subject: Re: Open issue: requester identifier in DPV response To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: Peter Sylvester <Peter.Sylvester@edelweb.fr>, pkix <ietf-pkix@imc.org> X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF34C485C7.BF85263D-ON85256B9D.0055BAC3@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Tue, 16 Apr 2002 11:39:16 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/16/2002 11:39:16 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Peter: I have one question about this proposal. Is the object to be placed into the response a transaction identifier or the RP's identifier? If it's the RP's identifier, IMO it should be called something like "requestor's claimed identity" and it should not be permitted to be altered by the server, although it might be permitted to be dropped. Tom Gindin Denis Pinkas <Denis.Pinkas@bull.net>@mail.imc.org on 04/16/2002 10:42:18 AM Sent by: owner-ietf-pkix@mail.imc.org To: Peter Sylvester <Peter.Sylvester@edelweb.fr> cc: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: requester identifier in DPV response Peter and the list, I have changed the name of the thread into "requester identifier in DPV response" to reflect the issue. I also believe that it is time to return to the list. Peter is asking to add the following: [The DPV server MAY require client authentication, therefore, the DPV request MUST be able to be authenticated]. "When the request is authenticated, the requestor MUST be able, upon request, to have an identifier to be included in the response. Whether and how the communicated identification(s) are validated against identities derived by some authentication method depends on local configurations. Depending on that, the server MAY choose to copy, ignore, or replace the identities by some other in the response, or to refuse the request." My personal opinion is that since the server policy (which has nothing to do with a validation policy) will be unkown (i.e. not visible in the response and not fixed by the protocol), this field would have no value. Opinions ? Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GFPom01171 for ietf-pkix-bks; Tue, 16 Apr 2002 08:25:50 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GFPnm01167 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 08:25:49 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3GFPePm017682; Tue, 16 Apr 2002 08:25:40 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Peter Sylvester" <Peter.Sylvester@edelweb.fr> Cc: "pkix" <ietf-pkix@imc.org> Subject: RE: Open issue: DPV additional information Date: Tue, 16 Apr 2002 08:22:52 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDOEMKCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <3CBC2690.579459BC@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > > . . . > > No. DPV servers are never authorized by CAs. They are either : > > - locally trusted by their requesting clients for any > policy, or/and > - trusted under a given validation policy. > > . . . > > A CA cannot sign DPV responses. Denis, A while back I quite carefully parsed the -03 version of the I-D into requirements statements. Nowhere did I see these negative requirements asserted. Had they been there, I'm quite certain I would've raised an issue on the list. Do you really mean to say that a CA can neither directly affirm the validity of its own certificates nor delegate that obvious right to another party? Mike Received: by above.proper.com (8.11.6/8.11.3) id g3GFJui00952 for ietf-pkix-bks; Tue, 16 Apr 2002 08:19:56 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GFJrm00947 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 08:19:54 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA03412; Tue, 16 Apr 2002 17:19:52 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 17:19:52 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA29911; Tue, 16 Apr 2002 17:19:51 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA08889; Tue, 16 Apr 2002 17:19:50 +0200 (MET DST) Date: Tue, 16 Apr 2002 17:19:50 +0200 (MET DST) Message-Id: <200204161519.RAA08889@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV additional information Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Peter, > > We need to agree on a common text. So, please focuss on the text. > > Since you made no proposal, but only provided a "hint", what about the new > text below ? I am not sure whether your intend is to give a complete list of all possibilities, or just an example of what can currently be considered as possible responses. If it is the latter, that's ok. To avoid some misunderstanding , I propose: .. Such information may (not necessarily exclusively) consist of a certification path ... Received: by above.proper.com (8.11.6/8.11.3) id g3GFGQn00829 for ietf-pkix-bks; Tue, 16 Apr 2002 08:16:26 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GFGOm00824 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 08:16:24 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3GFFVms285500; Tue, 16 Apr 2002 11:15:33 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.1) with ESMTP id g3GFFS535070; Tue, 16 Apr 2002 11:15:28 -0400 Importance: Normal Sensitivity: Subject: Re: Open issue: DPV relay To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF40855260.1C11C5D5-ON85256B9D.005386A9@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Tue, 16 Apr 2002 11:15:31 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/16/2002 11:15:28 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis: My point was that a DPV response was probably insufficient to support certificate validation in NR. Obviously, it doesn't imply signature verification - but neither does an OCSP response. There is no reason for this issue to hold up sending DPV to the IESG, since the majority of certificate validation does not have the same requirements as NR. Tom Gindin Denis Pinkas <Denis.Pinkas@bull.net> on 04/16/2002 09:32:29 AM To: Tom Gindin/Watson/IBM@IBMUS cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: Re: Open issue: DPV relay Tom, > Peter: > > If nobody disagrees with your statement about an RP providing its own > DPV service, I think that you have provided the conclusive argument against > using DPV responses in NR. The argumentation from Peter (William) has nothing to do with your conclusion. The question is different: can DPV be used for signature validation ? The answer is the following: A DPV response alone will be insufficient, so why there is a need for signature validation. This debate will NOT start before the DPV document is sent to the IESG for last call. Denis > After all, in many NR scenarios the RP is > trying to prove that his reliance on a signature was justified. If the RP > provides its own DPV service, the only answer to the question "why did you > consider the signing certificate valid?" which it provides is "because I > thought so at the time". If you assume that single RP's rarely provide DPV > in practice but that organizations which employ many RP's may do so, the > answer is "because my employer thought so at the time". > This does not mean that DPV is not valuable, but it would mean that > it (as opposed to DPD) is not useful for NR. > > Tom Gindin (snip) Received: by above.proper.com (8.11.6/8.11.3) id g3GEgS328406 for ietf-pkix-bks; Tue, 16 Apr 2002 07:42:28 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GEgQm28402 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 07:42:26 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA17820; Tue, 16 Apr 2002 16:45:07 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041616421905:512 ; Tue, 16 Apr 2002 16:42:19 +0200 Message-ID: <3CBC384A.B5E54F1E@bull.net> Date: Tue, 16 Apr 2002 16:42:18 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: requester identifier in DPV response References: <200204161423.QAA08871@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 16:42:19, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 16:42:26, Serialize complete at 16/04/2002 16:42:26 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter and the list, I have changed the name of the thread into "requester identifier in DPV response" to reflect the issue. I also believe that it is time to return to the list. Peter is asking to add the following: [The DPV server MAY require client authentication, therefore, the DPV request MUST be able to be authenticated]. "When the request is authenticated, the requestor MUST be able, upon request, to have an identifier to be included in the response. Whether and how the communicated identification(s) are validated against identities derived by some authentication method depends on local configurations. Depending on that, the server MAY choose to copy, ignore, or replace the identities by some other in the response, or to refuse the request." My personal opinion is that since the server policy (which has nothing to do with a validation policy) will be unkown (i.e. not visible in the response and not fixed by the protocol), this field would have no value. Opinions ? Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GEQSq27766 for ietf-pkix-bks; Tue, 16 Apr 2002 07:26:28 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GEQQm27756 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 07:26:26 -0700 (PDT) Received: from tsg1 ([12.81.64.7]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020416142620.UQJE28245.mtiwmhc23.worldnet.att.net@tsg1>; Tue, 16 Apr 2002 14:26:20 +0000 Message-ID: <008b01c1e552$8340de30$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Tim Polk" <tim.polk@nist.gov> Cc: <ietf-pkix@imc.org> References: <4.2.0.58.20020415145538.00cb0f00@email.nist.gov> <3CBBE16A.1C512FC9@bull.net> Subject: Re: Open issue: DPV relay Date: Tue, 16 Apr 2002 07:25:01 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> ----- Original Message ----- From: "Denis Pinkas" <Denis.Pinkas@bull.net> To: "Tim Polk" <tim.polk@nist.gov> Cc: <ietf-pkix@imc.org> Sent: Tuesday, April 16, 2002 1:31 AM Subject: Re: Open issue: DPV relay > > Tim, > > I will be leaving my office tomorrow evening for one full week > (both holidays then business), so we had better solve this rapidly > so that I can post a new draft before leaving. :-) > > See my comments embedded. > > > Folks, > > > > Here is my take on the relay/referral fracas, in two parts. > > > > The first part addresses DPV relay includes (1) my assumptions about DPV, > > (2) a little rationale, and (3) a proposed "solution" for DPV replay. The > > second part amounts to four complaints about the impact of adding > > referrals, and my belief that it should not be supported. > > > > Part 1: DPV Relay > > Proposal > > > > Assumption #1: > > > > DPV relay is irrelevant to DPV clients. They request answers from a > > trusted DPV server X, and server X MUST stand behind the response. (That > > is, X can't say "I don't know, but Server Y says this certificate is > > okay." It is up to X whether it can trust that answer.) > > Fine. > > > Assumption #2: > > > > Many DPV servers will not relay requests. > > > > Tim's Theory and what it is, too: > > > > DPV servers that do not relay requests do not care if the request has been > > relayed before they received it. A DPV server that does not relay requests will never see input from another DPV server unless it is the "victim" of a relayed DPV proofing request. This problem-mode is real since this definition this DPV server probably cannot allow its response to be knowingly relayed either... so how does it, a non-relaying server, respond to the relayed request? > > True. > > > That only matters for loop detection/relay limits, etc. > > Wrong. If they do not relay, a loop can never occur. > > > DPV servers that do relay requests MUST be able to detect whether or not > > the request has been previously relayed, So a relay-history list and policy OID or indicator is needed. > > Correct. > > > and the request MUST have the complete list of servers that have received the request. > > No. You are specifying a solution, which would work but there are other > solutions to this problem: a list of servers is not the single way to solve > this issue. Since we are writing requirements we should not impose a > solution. OK, then how could you tell retrospectively where the decision in the DPV chain was made? This is the problem with the current model. No real auditing. > > I believe that this requirement can be captured by the following sentence: > > When a server supports a relay mechanism, a mechanism to detect > loops or repetition MUST be provided. I am more worried about the logging of DPV events which as far as I can tell is still missing from the Drafts. > > Now, to explain in more details: > > When a DPV server relays a request to another DPV server: > > 1) it must copy already present relay history information (if any), > > 2) it must add relay history information in the relayed request. > > As an example, the added information can simply be a nonce and thus no > server name needs to be ever used. A sequence of nonces would thus do the > job nicely and avoid naming problems or naming conventions. Practically > speaking, a sequence of INTEGER would do the job. > > > So, the conformance requirements: > > > > Support for DPV relay is OPTIONAL for DPV servers. DPV servers that do not > > relay requests do not need to process or recognize the relay history > > information. > > Correct. > > > DPV servers that relay requests MUST satisfy all the following conditions: > > (1) recognize and process relay history if present in a DPV request; > > (2) able to generate a relay history > > .. information. Full stop. > > > including the complete list of servers that have already forwarded this request; > > No. As said earlier, the received relay information is blindly copied. Then there is no way to deal with the auditing of the DPV process. Denis would you be willing to build a bridge between the DPV Server's operations and that of a local RFC3161 Server??? If a DPV process could use a TST as a staged proofing model and include a set of or single event histriy token with the response - you have killed two birds with one stone. > > > (3) before relaying a request, the DPV server MUST verify that > > the chosen DPV server > > has not already seen the message. (That is loop detection > > occurs at the requester, Or already responded. Look at a matrix of say 10 DPV servers in a chain. So Server #1 gets a request that it cannot answer so it hands the request off to #4, who in turn passes it to #5, 6, and 7 which is configured to refer back to #2 who then refers to #4 for the second time this "event verification action". So is this a loop? How would you log these actions? > > not the recipient). > > Correct. > > > This proposal does not impact clients, it simplifies the most common DPV > > servers, and it places *all* the burden on DPV servers that relay > > requests. (As it should be, in my opinion.) there is a rudimentary question here as to whether a Trust Provider (the DPV Server) needs to disclose its trust processes in normal uses. If it does not need to then this anonymous model is OK, but otherwise there is some serious logging and query processing to be added here. > > Correct. > > > Part 2: DPV Referrals > > > > Complaint A > > > > Referrals impact *all* DPV clients, significantly increasing their > > complexity. Currently, the requirements indicate whether or not the server > > could build a satisfactory path. It seems to me that referrals force all > > DPV clients to interpret a new class of answers: "I don't know but ask > > Server B". (By itself, this isn't that compelling, I admit. They get > > stronger, IMHO.) > > No. The idea is to send back the referral in a non-critical extension so > that it can be ignored by a client. Clients must be ready to support > extension fields, but are not mandated to understand any non-critical > extension. I think what you have here is actually two (2) different client types. Lightweight and Heavywieght. The lightweight ones dont care about relaying and maybe optionally can say they will or will not accept the relayed and history-embellished CPV sessions, and the heavyweight ones do. This is the easiest way to let the market decide which one is better. > > > Complaint B > > > > One of the nice features of DPV is a single "proof" for archival. This > > feature is broken by the introduction of DPV referrals. Not true if a TST is included at each step of the way and would make me feel better about the RFC3161 use models. > > Assume Alice is > > trusts Server A, but she receives a referral indicating that Server A > > trusts Server B to validate this certificate. > > No. It is not the meaning of the referral. Assume Alice trusts Server A, but > she receives a referral from server A indicating that Server B > might be able to validate this certificate. Alice has to make its own > decision whether she can trust or not server B. > > > Alice will need to maintain both the referral from Server A and the > > answer from Server B. > > No. See above. > > > Complaint C > > > > Referrals for DPV are a very different animal than LDAP referrals. Once again a further justification for the call to simplify PKIX into a standard user interface anc service calling model. > > Once > > again, assume Alice is trusts Server A but she receives a referral > > indicating that Server A trusts Server B to validate this > > certificate. Alice will need to authenticate the identity of Server B > > using information from Server A. I think that means that Server A needs to > > identify Server B by including Server B's public key in the referral. If > > that is true, we just created a parallel key management infrastructure and > > increased the complexity of our universe. > > Not with the trust model that I indicated. > > > Complaint D > > > > If LDAP is any indicator, nobody does referrals anyway. Since DPV > > referrals will be significantly more complex, wouldn't it be better to put > > the load on the server? This is non-sequitor. LDAP is not an Audit Authentication or Event Processing Protocol like the trust services of a DPV server. It is a Directory Access Protocol and that's that. > > The load will be on the servers. Clients may fully ignore that field. > > Denis > > > > Alright, I'm off my soapbox. Flame suit is zipped. What do you all think > > of these proposals? Flaming! > > > > Thanks, > > > > Tim Polk Received: by above.proper.com (8.11.6/8.11.3) id g3GENmw27649 for ietf-pkix-bks; Tue, 16 Apr 2002 07:23:48 -0700 (PDT) Received: from mtiwmhc22.worldnet.att.net (mtiwmhc22.worldnet.att.net [204.127.131.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GENlm27645 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 07:23:47 -0700 (PDT) Received: from tsg1 ([12.81.64.7]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020416142342.DTCN28991.mtiwmhc22.worldnet.att.net@tsg1>; Tue, 16 Apr 2002 14:23:42 +0000 Message-ID: <008a01c1e552$253c1ca0$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Peter Sylvester" <Peter.Sylvester@edelweb.fr>, <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> References: <200204161305.PAA08851@emeriau.edelweb.fr> Subject: Re: Open issue: DPV relay Date: Tue, 16 Apr 2002 06:56:00 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Here is the problem - Loops in the processing mode or loops in the reporting model - they are not necessarily the same and both could have serious effects on the outcome or transactions in a legal stance. Todd ----- Original Message ----- From: "Peter Sylvester" <Peter.Sylvester@edelweb.fr> To: <Peter.Sylvester@edelweb.fr>; <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Sent: Tuesday, April 16, 2002 6:05 AM Subject: Re: Open issue: DPV relay > > > > > Please read again the message. The proposal is to add one sentence > > (i.e. two lines), no more: > > > > When a server supports a relay mechanism, a mechanism to detect > > loops or repetition MUST be provided. > > I fully agree with this. I just wanted to be sure that your > describing text just outlines some possible (mechanisms/ideas of) solutions. > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GEEhe27329 for ietf-pkix-bks; Tue, 16 Apr 2002 07:14:43 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GEEgm27324 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 07:14:42 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA19936; Tue, 16 Apr 2002 16:17:14 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041616140670:508 ; Tue, 16 Apr 2002 16:14:06 +0200 Message-ID: <3CBC31AE.EAC57B7@bull.net> Date: Tue, 16 Apr 2002 16:14:06 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV additional information References: <200204161403.QAA08864@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 16:14:06, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 16:14:34, Serialize complete at 16/04/2002 16:14:34 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, We need to agree on a common text. So, please focuss on the text. Since you made no proposal, but only provided a "hint", what about the new text below ? The DPV request MUST allow the client to request the server to include in its response additional information which will allow relying parties not trusting the requested DPV server to be confident that the certificate validation has correctly been performed. Such information may consist of a certification path, revocation status information from authorised CRL issuers or authorised OCSP responders, revocation status information from CRL issuers or OCSP responders trusted under the validation policy, time-stamp tokens from TSAs responders trusted under the validation policy, or a DPV response from a DPV server that is trusted under the validation policy. When the certificate is valid according to the validation policy, the server MUST, upon request, include that information in the response. However, the server MAY omit that information when the certificate is invalid or when it cannot determine the validity. Denis > > A CA cannot sign DPV responses. > > Is this a statement like 'there is no requirement for relaying'? > > Why is it impossible for a CA to sign DPV responses for the certificates > it has issued, or to delegate this to an 'authorised DPV service'? > > > DPV servers are either : > > > - locally trusted by their requesting clients for any policy, or/and > > - trusted under a given validation policy. > > And nothing prohibits you to have DPV servers that are 'authorised > by a CA'. This is an independant category. > > But since the only reason for this comparisons was to convince you > that a DPV response may also contain a DPV response, and since > you finally agreed with this, I do not really think that it absolutely > necssary at that point to discuss our possible disagreements about > the operational scenarios of OCSP and DPV servers, so you might > ignore to comment the previous questions. > > Thus: > > I don't think that it is necessary in the following to have the > 'authorised' restrictions for OCSP and CRLs. > > Besides you, nobody has asked for this, as far as I remember. > > > > I would propose the following : > > > > The DPV request MUST allow the client to request the server to include > > in its response additional information which will allow relying parties > > not trusting the requested DPV server to be confident that the > > certificate validation has correctly been performed. Such information > > may consist of a certification path, revocation status > > information from authorised CRL issuers or authorised OCSP responders, > > time-stamp tokens, or a DPV response from a DPV server that is trusted > > under the validation policy. When the certificate is valid according > > to the validation policy, the server MUST, upon request, include that > > information in the response. However, the server MAY omit that > > information when the certificate is invalid or when it cannot determine > > the validity. > > > > Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GE3Z026945 for ietf-pkix-bks; Tue, 16 Apr 2002 07:03:35 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GE3Xm26935 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 07:03:33 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id QAA02884; Tue, 16 Apr 2002 16:03:31 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 16:03:31 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id QAA29540; Tue, 16 Apr 2002 16:03:30 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id QAA08864; Tue, 16 Apr 2002 16:03:30 +0200 (MET DST) Date: Tue, 16 Apr 2002 16:03:30 +0200 (MET DST) Message-Id: <200204161403.QAA08864@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV additional information Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > A CA cannot sign DPV responses. Is this a statement like 'there is no requirement for relaying'? Why is it impossible for a CA to sign DPV responses for the certificates it has issued, or to delegate this to an 'authorised DPV service'? > DPV servers are either : > - locally trusted by their requesting clients for any policy, or/and > - trusted under a given validation policy. And nothing prohibits you to have DPV servers that are 'authorised by a CA'. This is an independant category. But since the only reason for this comparisons was to convince you that a DPV response may also contain a DPV response, and since you finally agreed with this, I do not really think that it absolutely necssary at that point to discuss our possible disagreements about the operational scenarios of OCSP and DPV servers, so you might ignore to comment the previous questions. Thus: I don't think that it is necessary in the following to have the 'authorised' restrictions for OCSP and CRLs. Besides you, nobody has asked for this, as far as I remember. > I would propose the following : > > The DPV request MUST allow the client to request the server to include > in its response additional information which will allow relying parties > not trusting the requested DPV server to be confident that the > certificate validation has correctly been performed. Such information > may consist of a certification path, revocation status > information from authorised CRL issuers or authorised OCSP responders, > time-stamp tokens, or a DPV response from a DPV server that is trusted > under the validation policy. When the certificate is valid according > to the validation policy, the server MUST, upon request, include that > information in the response. However, the server MAY omit that > information when the certificate is invalid or when it cannot determine > the validity. > > Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GDpZf26532 for ietf-pkix-bks; Tue, 16 Apr 2002 06:51:35 -0700 (PDT) Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GDoDm26473 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 06:50:14 -0700 (PDT) Received: from stsIBMT20.addtrust.com ([192.168.101.122]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Tue, 16 Apr 2002 15:49:53 +0200 Message-Id: <5.1.0.14.2.20020416153633.02f1b710@mail.addtrust.com> X-Sender: sts@mail.addtrust.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 16 Apr 2002 15:49:52 +0200 To: Denis Pinkas <Denis.Pinkas@bull.net>, "Housley, Russ" <rhousley@rsasecurity.com> From: Stefan Santesson <stefan@addtrust.com> Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt Cc: ietf-pkix@imc.org In-Reply-To: <3CBBDDA8.A3CEBECF@bull.net> References: <5.1.0.14.2.20020415143619.02f76e90@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-OriginalArrivalTime: 16 Apr 2002 13:49:53.0291 (UTC) FILETIME=[95E17DB0:01C1E54D] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, At 10:15 2002-04-16 +0200, Denis Pinkas wrote: >Russ, > > > Tom: > > > We are about to post an update to the draft. Expect to see it in the next > > day or so. > >Isn't it premature ? I don't think so. I do believe that I announced at PKIX that a new draft would be generated that would include the ad-hoc suggestions. >I am still expecting responses to my set of comments and questions. I don't know which questions that you consider not answered. I do believe though that the new draft is a better base for discussions, and just maybe it will make some of your questions go away. I'm however still interested in your general view, with respect to the new draft, whether you think we are solving the wrong problem or if you think we are solving the right problem but in a wrong way. If we can settle that, I belive it will be much easier to sort out the technical issues. /Stefan >Regards, > >Denis > > > I recognize the severe memory constraints of smartcards. > > > > Russ > > > > At 12:35 PM 4/10/2002 -0400, Tom Gindin wrote: > > > > > Russ: > > > > > > Most of the following concerns the data structures of the current > > >draft and of my last posting. First, should the URI really be optional in > > >cases where the binary component is a hash? What good is the logotype > > >field with a hash but no way to reference the image? Second, I have > > >reviewed draft-ietf-idn-uri-01.txt (by Martin Duerst) and it recommends > > >that internationalized URI strings be converted to UTF-8 but then escaped > > >using %HH, so UTF8String is unnecessary. Therefore, we should simplify > > >VerifiedReference as follows: > > > VerifiedReference ::= SEQUENCE { > > > hashAlgorithm AlgorithmIdentifier, > > > dataHash OCTET STRING, > > > uri IA5String, > > > } > > > > > > On a different topic, smart cards and other tokens have the least > > >space of any place certificates are likely to be put, so if in-line > > >logotypes are OK there they're OK anywhere. > > > > > > Tom Gindin > > > > > > > > >"Housley, Russ" <rhousley@rsasecurity.com> on 04/08/2002 01:17:11 PM > > > > > >To: Tom Gindin/Watson/IBM@IBMUS > > >cc: ietf-pkix@imc.org > > >Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt > > > > > > > > >Tom: > > > > > > >The following is just a personal opinion, but one based on fairly > > > >well-understood trends. I don't think that in-line logotypes are > > >CURRENTLY > > > >worth the space that they'd take up on a smart card, but I would guess > > >that > > > >they will be in two more smart-card generations and perhaps only one. > > > >Given the amount of time between standard proposal and deployment, it's > > >not > > > >premature to standardize it. > > > > > >I tend to agree with your assessment of storage on smart > cards. Today, all > > > > > >of the certificates stored on one smart card are likely to be associated > > >with one community. Therefore, a logo will like appear on the smart card > > >itself. > > > > > >Of course, there are other places that certificates and private keys are > > >stored.... > > > > > > > However, I also have a question about the current data structure. > > > >First, why is the URI optional (assuming that the only binary value > is the > > > >digest, as at present)? Second, why would we not permit in-line > logotypes > > > >(in which case the URI is suppressed)? This would require some edits to > > > >LogotypeData, but nothing very difficult. One possibility would be: > > > > LogotypeData ::= SEQUENCE { > > > > typeOfLogotype TypeOfLogotype, > > > > hashAlgorithm AlgorithmIdentifier, -- might be > > >OPTIONAL, > > > >it's not meaningful for GIF's > > > > CHOICE { > > > > logotypeDataHash OCTET STRING, > > > > gif [0] IMPLICIT OCTET STRING > > > > }, > > > > logotypeDataUri IA5String OPTIONAL } > > > > > > > > Another would be: > > > > LogotypeData ::= SEQUENCE { > > > > typeOfLogotype TypeOfLogotype, > > > > CHOICE { > > > > logotypeReference VerifiedReference, > > > > gif OCTET STRING > > > > } > > > > } > > > > VerifiedReference ::= SEQUENCE { > > > > hashAlgorithm AlgorithmIdentifier, > > > > dataHash OCTET STRING, > > > > CHOICE { > > > > uri IA5String, > > > > intlUri UTF8String } > > > > } > > > > > > > > > > > > IMO VerifiedReference is a generally useful type, so its names do > > >not > > > >contain reference to logotypes. My understanding of COMPONENTS OF, > which > > > >may be faulty, is that defining LogotypeData using COMPONENTS OF > > > >VerifiedReference as an element of a CHOICE would not produce a useful > > > >result because each of the elements of VerifiedReference would show > up in > > > >the CHOICE rather than merely hashAlgorithm going into the CHOICE > with the > > > >other fields added to LogotypeData's SEQUENCE. > > > > > >We are in the final steps of an updated I-D. It addresses some of these > > >issues, but not all. > > > > > >Is there a reference for UTF8String URI? > > > > > >Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GDX6d24240 for ietf-pkix-bks; Tue, 16 Apr 2002 06:33:06 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GDX4m24236 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 06:33:04 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA30130; Tue, 16 Apr 2002 15:35:40 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041615322941:496 ; Tue, 16 Apr 2002 15:32:29 +0200 Message-ID: <3CBC27ED.7109AB57@bull.net> Date: Tue, 16 Apr 2002 15:32:29 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: Re: Open issue: DPV relay References: <OFF39E14C6.4B14B61F-ON85256B9D.003E753D@pok.ibm.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 15:32:29, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 15:33:00, Serialize complete at 16/04/2002 15:33:00 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, > Peter: > > If nobody disagrees with your statement about an RP providing its own > DPV service, I think that you have provided the conclusive argument against > using DPV responses in NR. The argumentation from Peter (William) has nothing to do with your conclusion. The question is different: can DPV be used for signature validation ? The answer is the following: A DPV response alone will be insufficient, so why there is a need for signature validation. This debate will NOT start before the DPV document is sent to the IESG for last call. Denis > After all, in many NR scenarios the RP is > trying to prove that his reliance on a signature was justified. If the RP > provides its own DPV service, the only answer to the question "why did you > consider the signing certificate valid?" which it provides is "because I > thought so at the time". If you assume that single RP's rarely provide DPV > in practice but that organizations which employ many RP's may do so, the > answer is "because my employer thought so at the time". > This does not mean that DPV is not valuable, but it would mean that > it (as opposed to DPD) is not useful for NR. > > Tom Gindin > > Peter Williams <peterw@valicert.com>@mail.imc.org on 04/11/2002 01:00:53 PM > > Sent by: owner-ietf-pkix@mail.imc.org > > To: "'Peter Sylvester '" <Peter.Sylvester@edelweb.fr> > cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> > Subject: RE: Open issue: DPV relay > > Peter. > > OCSP has always envisioned and practised a relying party > authorizing an OCSP Responder: no CA/AA involvement > is required and no certificate need be issued, in this > case. > > Carry over this conformance requirement from OCSP to DPV: > > An OCSP client (which includes a client that is a DPV server) > must potentially accept an OCSP response according to ALL the > rules of 4.2.2.2. There are three cases: (1) (2) and (3). > > Lets remember, a relying party can operate its > own DPV service for its own benefit. The relying party > needs no authority from a CA to do so. The operator > of a DPV server is not necessarily a TTP, and > need have no relationship to the cert or CRL > issuer, other than that of performing > relying party obligations or (less stringent) user > obligations according to the CP. > > -----Original Message----- > From: Denis Pinkas > To: Peter Sylvester > Cc: ietf-pkix@imc.org > Sent: 4/11/02 3:18 AM > Subject: Re: Open issue: DPV relay > > > See the second point and also read 4.2.2.2 > > Which says: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > > Or: You may want a requirement that the DPV responder must ensure > > that the OCSP responses are signed by a CA or an authorised responder > > and not by some locally trusted OCSP responder in order to > > be sure that an 'evidence verifier' finds trustworthy information. > > This is correct. However, it is not necesssary to add this requirement > in > the DPV requirements document since this requirement is already in > section > 4.2.2.2 from RFC 2560 (OCSP). > > > > > To make the simple case, if a DPV response is signed directly by > the CA > > > > (or by an authorised responder), you have the same situation. > > > > > > No. A CA can only assert information about what it is directly > responsible. > > > So, the DPV response made by the CA just talks about the certificates > > it has directly issued. > > No. Talking about the certificates that a DPV server may have issued > does > not make sense. Certificates are only issued by CAs, AFAIK. Once again, > a DPV server MUST answer for one (or more) certificates and must verify > an entire chain of certificates, whoever has issued them. A DPV server > is > *not* a CA. A DPV server can be *any* service provider. An organization > running a CA may also run a DPV server, in the same way as an > organization > running a CA may also provide a Time-Stamping service. > > > > No CA is responsible for all the certifiactes from one path. An OCSP > query > > > is for ONE certificate, while a DPV query involves a CHAIN of > certificates. > > > > The text says: > > > > The Delegated Path Validation (DPV) protocol allows a server to > > validate one or more public key certificates according to a > validation > > policy. > > > > In order to validate a certificate, a chain of multiple > certificates, > > called a certification path, may be needed, comprising a > certificate > > of the public key owner (the end entity) signed by one CA, and zero > or > > more additional certificates of CAs signed by other CAs. > > > In the simple case of only one CA, an OCSP response signed by the CA > > concerning the certificate in question does not say anything the > > validity of the CA cert since when it was signed with the same key. > > > You thus just have on certificate. > > > In a case of one intermediate CA, the DPV response may for example > > contain two OCSP responses, one signed by the intermediate CA > > concerning the revocation status of the end user and another > > concerning the statius of the intermediate CA signed by the > > top CA. > > > If both CAs provide a DPV service instead of an OCSP service > > You mean "If the organisation hosting a CA also provides a DPV service > ... " > > > in the same way, you have exactly the same situation except > > that this is a positive status information. > > > > For example, the initial client asks for a combined status, > > it asks his own trusted service, this server asks the intermediate > > CA either to provide an OCSP status or a DPV status of the > > cert in question and then asks the top CA to provide a status of > > the intermediate CA's cert, and well, even three other OCSP > > responders to provide statement that the top level > > CA's cert is good. > > I believe that you have mis-understood one idea behind DPV. DPV verifies > the > whole path processing. A DPV status about one intermediate certificate > of > the chain does not make sense. The validation policy is not about that > intermediate certificate but about a given certificate and a whole chain > above it. Applying the validation policy on an intermediate certificate > only > does not make sense. > > > DPV would allow to combine the responses differently. > > It can well be that the intermediate CA/DPV responder > > itself asks for a DPV response from the top CA/DPV > > and include this in his DPV response to the initial server. > > > > > > > > There are no similarities. > > "Ok, let's talk." > > > > > > I think that there must be a language problem somewhere because I > > > > fail to see what *not* you are referring, i.e. to see where we are > > > > in disagreement. I have not said that it is necessary for the > client > > > > to gather all information. I have said that the protocol must > provide > > > > a method to allow a client to ask and the server to respond with > that > > > > information. > > > > > > Maybe, since we possibly interpreted diffrently "what has > contributed to the > > > final decision". > > > > > > > > In case of a dispute, testing again the certificate validity, > means that > > > > > certificates, CRLs and OCSP responses must be available. > Anything else is > > > > > useless. > > > > > > > I think that this may be the core of our disagreement. > > > > > > > This is because you only accept that CA can create assertions > about the > > > > validity of their certificates using CRLs and OCSP. > > > > > > Correct. > > > > Unfortunately we may be both wrong. > > > > > > As soon as you would > > > > admit that some new protocol or service is provided that enhances > and in > > > > particular replaces them, the statements obtained via that service > are > > > > necessary. > > > > > > > I would like to know what you would have said 5 years ago when > only > > > > CRLs existed. > > > > > > Basicaly the chain must be verified and no element fom the chain > must be > > > revoked. > > > > > > Five years ago this information was provided off-line, i.e. via > CRLs. OCSP > > > allows to obtain the same information on-line. Between on-line and > off-line > > > I currently see no other mechanism. > > > But you can have different protocols for these characteristics. > Offline > > you could use trees, online you can have DPV, > > No. On-line, to know the revocation status of a single certificate we > only > have OCSP. RFC 2560 states: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > Note that this is true as well for CRLs. Either the CA signs the CRL > directly or designate another authority. > > RFC 2459 RECOMMENDS for the support of the CRL distribution points > extension > which then contains a cRLIssuer field. "If the certificate issuer is not > the > CRL issuer, then the cRLIssuer field MUST be present and contain the > Name of > the CRL issuer. If the certificate issuer is also the CRL issuer, then > the > cRLIssuer field MUST be omitted ..." > > > or other techniques like > > timestamps over CRLs and OCSP responses to have a proof that the > server > > has provided the OCSPresp/CRL at a current date. > > Time-stamping is not needed to prove that the server has provided the > OCSPresp/CRL at a current date. An OCSP response includes such a date. > CRL > checking uses thisUpdate and nextUpdate. Time-stamping may however be > useful > for other reasons. An informational RFC (i.e. RFC 3126 - Electronic > Signature Formats for long term electronic signatures) does however > indicate > such a format in the context of a signature policy. Another format could > be > derived from it in the context of a validation policy. > > > > The basic question is whether first-hand information and second-hand > > > information should be used. In case of a dispute, only first-hand > > > information is useful (certificates and revocation status > information from > > > the CAs responsible for every certificate from the chain). DPV > responses > > > (i.e. the signed "yes" answers) are useless, unless the plaintiff > and the > > > defendant both trust the same DPV server. > > > OCSP responses may also be useless, unless the plaintiff and the > > defendant both trust the same OCSP server. > > Wrong. RFC 2560 sates: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > In either of these cases, the plaintiff and the defendant cannot argue > that > the OCSP response is not valid (unless the OCSP responder has been > revoked > by the CA). They cannot argue that such responses are useless, or if > they > do, > this argumentation will be rejected. > > I have made my best efforts to explain all the rational behind DPV > responses, > which are very different from OCSP responses. I have also made my best > efforts to explain why in the general case a DPV response from a given > server is not necessarilly trusted by all clients, and thus would be > useless > in front of a court. > > The security consideration section is very explicit on this issue: > > "A DPV client must trust a DPV server to provide the correct answer. > However, this does not mean that all DPV clients will trust the same > DPV servers. While a positive answer might be sufficient for one DPV > client, that same positive answer will not necessarily convince > another DPV client." > > Can we finally close this issue ? > > Denis > > > Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GDRGG23745 for ietf-pkix-bks; Tue, 16 Apr 2002 06:27:16 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GDREm23734 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 06:27:14 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA10040; Tue, 16 Apr 2002 15:29:52 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041615264068:495 ; Tue, 16 Apr 2002 15:26:40 +0200 Message-ID: <3CBC2690.579459BC@bull.net> Date: Tue, 16 Apr 2002 15:26:40 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV additional information References: <200204161115.NAA08815@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 15:26:40, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 15:27:12, Serialize complete at 16/04/2002 15:27:12 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I changed the name of this thread, since this is not related to DPV relay, but to DPV additional information. Foreword: If you want to save time you can go directly to the end of this (too long) e-mail. > > I agree that there is a difference between an authorized responder > > and a server trusted under a given policy. > > > > So in order to solve this last issue, I propose to replace the current text > > which is: > > The reason why I discussed this was to explain that regarding trust > issues there is no fundamental difference between a DPV responder > and an OCSP responder. There is. See below. > As we see, OCSP responders come in two flavors, either they > are authorised by the CA (respses signed by the CA or > an athorised responder), or are locally trusted. No. DPV servers are never authorized by CAs. They are either : - locally trusted by their requesting clients for any policy, or/and - trusted under a given validation policy. > I do not see why DPV responders are essentially different: It > may be that there are *more* DPV responders that are locally trusted > but I do not see why a CA cannot sign DPV responses for all its > client certs or designate a responders in exactly the same way > as for OCSP. A CA cannot sign DPV responses. > Denis mentioned that a DPV responder indicates the validity of > a path: I slightly disagree: If one does not return the path > and no other information, the DPV responder only indicates the > validity of the cert according to a policy, like OCSP indicates > the "invalidity status". Not exactly, but the "revocation status from a single certificate". > Even, assumung that DPV indicates the validity of a path, I > do not see why it creates harm to include such responses in > DPV responses. The DPV response may include *in addition* to the validity status, all the information that yield to prove that this validity. > For example, a DPV responder that would return OCSP status info for > all certs in the chain (except the top one?) could just return > one DPV response of the first CA chain. A DPV server is a function that shall *not* be confused with the function from another server, like an OCSP server. > Denis replied to Peter; > > > So, the DPV response made by the CA just talks about the certificates > > > it has directly issued. > > > No. Talking about the certificates that a DPV server may have issued does > > not make sense. > It = the CA. > > > Certificates are only issued by CAs, AFAIK. Once again, > > a DPV server MUST answer for one (or more) certificates and must verify > > an entire chain of certificates, whoever has issued them. > No, I claim taht the only thing a DPV server MUST tell is whether the cert is > valid against a validation policy, everything else is optional. The argument from your last sentence is correct and does not contradict my sentences. So it does not explain the "No" placed in front. > > A DPV server is > > *not* a CA. A DPV server can be *any* service provider. An organization > > running a CA may also run a DPV server, in the same way as an organization > > running a CA may also provide a Time-Stamping service. > The agument was, whether this is different to OCSP. It is *NOT* as we > all just found out. As mentioned earlier, OCSP responders come in two flavors: - either they are authorised by the CA, - or are locally trusted. DPV servers are either : - locally trusted by their requesting clients for any policy, or/and - trusted under a given validation policy. > An OCSP respoinder can be *any* service provider. > Denis said: > > > If both CAs provide a DPV service instead of an OCSP service > > You mean "If the organisation hosting a CA also provides a DPV service ... " > I won't tell you whether you attempt to make a telepathic intrusion > test was successful or not. :-) > > Denis said: > > I believe that you have mis-understood one idea behind DPV. DPV verifies the > > whole path processing. A DPV status about one intermediate certificate of > > the chain does not make sense. The validation policy is not about that > > intermediate certificate but about a given certificate and a whole chain > > above it. Applying the validation policy on an intermediate certificate only > > does not make sense. > Thank you for reminding me: > > The rationale paragraph 2 says: > > DPV allows a server to perform a real time certificate validation for > a validation time T, where T may be the current time or a time in the > recent past. > no word about PATH. The next paragraph says > > In order to validate a certificate, a chain of multiple certificates, > called a certification path, may be needed, comprising a certificate > of the public key owner (the end entity) signed by one CA, and zero or > more additional certificates of CAs signed by other CAs. > "may be needed" > > The next paragraphs talk about path validation, BUT: The server is allowed > to return a good/bad answer without giving any information about the path > used, and trusted roots as input are optional. > > But anyway: Where did I say that the same validation policy MUST be used > to validate an intermediate certificates. The question is only that > the actual texts prohibits any other information to be returned. Wrong. There is text to support other information, in particular a DPV response. A proposal to improve that text was included in that same e-mail. > > > But you can have different protocols for these characteristics. Offline > > > you could use trees, online you can have DPV, > > No. On-line, to know the revocation status of a single certificate we only > > have OCSP. RFC 2560 states: > > RFC 3029 for example also provides a service to provide certificate status. > > But your argumentation is completely unacceptable for another reason. > You are completely ignoring that one can make progress in the future. > It is like the people about 100 years ago that argued that the only way > to solve a dangerous problem of horse shit on streets was to create more > services to remove it (completely igoring the arivale of cars .. which created > other problems, but that's another story). > You require that nothing else than OCSP responses and CRL MUST be returned. > never, ever. Next time, please read the whole e-mail before responding or posting. Your assertion is incorrect. See the end of the e-mail you responded to. > IN the following you mention thet time stamps *MAY* be useful for > *other reasons*. Thus, it may be useful to create a time stamp > of the OCSP responses and CRL responses in order to indicate when > the information have been verified. This is just one example of > why other and different information could be returned by a DPV responder. > This information may not dbe directly destined to the DPV client but > to some other relying party. Correct. > > > OCSP responses may also be useless, unless the plaintiff and the > > > defendant both trust the same OCSP server. > > > Wrong. RFC 2560 sates: > I think it is not necessary to repeat why the argumentation that follows > is wrong, in particular the following sentence is true as well for OCSP: > > "A DPV client must trust a DPV server to provide the correct answer. > However, this does not mean that all DPV clients will trust the same > DPV servers. While a positive answer might be sufficient for one DPV > client, that same positive answer will not necessarily convince > another DPV client." > > > The DPV request MUST allow the client to request that the response > > include the certification path and revocation status information used > > by the DPV server to process the request. When requested, the DPV > > server MUST include the certification path and revocation status > > information in the response when the certificate is valid according to > > the validation policy. However, the server MAY omit the certification > > path and revocation status information when the certificate is invalid. > > > > by the following text: > > > > The DPV request MUST allow the client to request the response to > > include either the certification path and the revocation status > > information from authorised CRL issuers or authorised OCSP responders, > > or a DPV response from a DPV server that is trusted under the > > validation policy. This information may allow other clients, not > > trusting the requested DPV server to be confident that the certificate > > validation has correctly be performed. When the certificate is valid > > according to the validation policy, the server MUST, upon request, > > include that information in the response. However, the server MAY > > omit that information when the certificate is invalid or when it > > cannot determine the validity. > > You are turning around a necessary and sufficient property: > Requiring *authorised* issuers may not be necessary in some > circumstances, e.g., when the relying parties are a known > group that trust the same responders. How can it be known the relying parties are a known group that trust the same responder ? Since a DPV responder can support multiple validation policies, this notion depends from the validation policy and the validation policy may thus include the set of trusted DPV responders under that policy. This set may be different from one policy to another. This means that the valid response may include in addition to the response from the *locally* trusted DPV server the response from a *policy* trusted DPV server. This is exactly what the text above was attempting to say. > To summarize: I just repeat my request that : > > ' A DPV responder may return additional information concerning the > status of the certificate in question, such a the selected > certification paths, OCSP responses, CRL responses and other > information about the validity of the certificate, or parts > of the parts. etc., examples are DPV responses, time stamps, .. > which are necessary in order to allow relying parties > (not necessarily the initial DPV client) to determine the > status of the certificate. ' We are not that far. A DPV response was already present in the text. Time-stamp tokens can be added: I would propose the following : The DPV request MUST allow the client to request the server to include in its response additional information which will allow relying parties not trusting the requested DPV server to be confident that the certificate validation has correctly been performed. Such information may consist of a certification path, revocation status information from authorised CRL issuers or authorised OCSP responders, time-stamp tokens, or a DPV response from a DPV server that is trusted under the validation policy. When the certificate is valid according to the validation policy, the server MUST, upon request, include that information in the response. However, the server MAY omit that information when the certificate is invalid or when it cannot determine the validity. Denis > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GD5Fk22047 for ietf-pkix-bks; Tue, 16 Apr 2002 06:05:15 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GD5Dm22040 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 06:05:13 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id PAA02465; Tue, 16 Apr 2002 15:05:11 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 15:05:11 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id PAA29243; Tue, 16 Apr 2002 15:05:10 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id PAA08851; Tue, 16 Apr 2002 15:05:10 +0200 (MET DST) Date: Tue, 16 Apr 2002 15:05:10 +0200 (MET DST) Message-Id: <200204161305.PAA08851@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Please read again the message. The proposal is to add one sentence > (i.e. two lines), no more: > > When a server supports a relay mechanism, a mechanism to detect > loops or repetition MUST be provided. I fully agree with this. I just wanted to be sure that your describing text just outlines some possible (mechanisms/ideas of) solutions. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GCp8e21665 for ietf-pkix-bks; Tue, 16 Apr 2002 05:51:08 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GCp7m21661 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 05:51:07 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA17812; Tue, 16 Apr 2002 14:53:46 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041614503506:487 ; Tue, 16 Apr 2002 14:50:35 +0200 Message-ID: <3CBC1E1A.480448C7@bull.net> Date: Tue, 16 Apr 2002 14:50:34 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204161132.NAA08820@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 14:50:35, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 14:51:06, Serialize complete at 16/04/2002 14:51:06 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > Similar to Stephen, I also almost agree with Denis, > just a few nit-pcking remarks. Please read again the message. The proposal is to add one sentence (i.e. two lines), no more: When a server supports a relay mechanism, a mechanism to detect loops or repetition MUST be provided. Denis > > > DPV servers that do relay requests MUST be able to detect whether or not > > > the request has been previously relayed, > > > > Correct. > > > > > and the request MUST have the complete list of servers that have received the request. > > > > No. You are specifying a solution, which would work but there are other > > solutions to this problem: a list of servers is not the single way to solve > > this issue. Since we are writing requirements we should not impose a > > solution. > > > > I believe that this requirement can be captured by the following sentence: > > > > When a server supports a relay mechanism, a mechanism to detect > > loops or repetition MUST be provided. > > > > Now, to explain in more details: > > > > When a DPV server relays a request to another DPV server: > > > > 1) it must copy already present relay history information (if any), > > > > 2) it must add relay history information in the relayed request. > > > > As an example, the added information can simply be a nonce and thus no > > server name needs to be ever used. A sequence of nonces would thus do the > > job nicely and avoid naming problems or naming conventions. Practically > > speaking, a sequence of INTEGER would do the job. > > You are also trying to describe a solution which in fact does not > necessarily work unless the nonces are selected in a correct way, > they must allow a server that either it had already received the > request or will send it again. > > So let us stick with the first sentence: > > > > > DPV servers that do relay requests MUST be able to detect whether or not > > > the request has been previously relayed, > > > > > > DPV servers that relay requests MUST satisfy all the following conditions: > > > (1) recognize and process relay history if present in a DPV request; > > > (2) able to generate a relay history > > > > > .. information. Full stop. > > > > > including the complete list of servers that have already forwarded this request; > > > > No. As said earlier, the received relay information is blindly copied. > > > > > (3) before relaying a request, the DPV server MUST verify that > > > the chosen DPV server > > > has not already seen the message. (That is loop detection > > > occurs at the requester, > > > not the recipient). > > Instead of (3) a server may also reject a request because it detects that > it has already received it before. > > > > > No. The idea is to send back the referral in a non-critical extension so > > that it can be ignored by a client. Clients must be ready to support > > extension fields, but are not mandated to understand any non-critical > > extension. > > You are specifying a begin of a solution. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GC2EP19204 for ietf-pkix-bks; Tue, 16 Apr 2002 05:02:14 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GC2Bm19198 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 05:02:11 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id OAA02071; Tue, 16 Apr 2002 14:02:04 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 14:02:04 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id OAA28989; Tue, 16 Apr 2002 14:02:03 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id OAA08833; Tue, 16 Apr 2002 14:02:03 +0200 (MET DST) Date: Tue, 16 Apr 2002 14:02:03 +0200 (MET DST) Message-Id: <200204161202.OAA08833@emeriau.edelweb.fr> To: peterw@valicert.com, tgindin@us.ibm.com Subject: RE: Open issue: DPV relay Cc: Peter.Sylvester@edelweb.fr, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, One question is: 'to prove vis-a-vis which entity': A work flow component may just need a confirmation of the companies internal work flow. If the company needs to prove this vis-a-vis other potential external entities, it sets up a policy ccording to that to do: This may for example include a DPV service operated by 'the other company' in order to prove that 'we have asked you (the other compnay), and your compnay server asserted that the certificate of person XYZ is useful to policy P, and we have validated the status of your servers certificate at our commonly agreed CA validation service. It is up to the 'local DPV service' to ensure to which extend the answer can be considered more or less globally binding. Peter S. > > Peter: > > If nobody disagrees with your statement about an RP providing its own > DPV service, I think that you have provided the conclusive argument against > using DPV responses in NR. After all, in many NR scenarios the RP is > trying to prove that his reliance on a signature was justified. If the RP > provides its own DPV service, the only answer to the question "why did you > consider the signing certificate valid?" which it provides is "because I > thought so at the time". If you assume that single RP's rarely provide DPV > in practice but that organizations which employ many RP's may do so, the > answer is "because my employer thought so at the time". > This does not mean that DPV is not valuable, but it would mean that > it (as opposed to DPD) is not useful for NR. > > Tom Gindin > > > Peter Williams <peterw@valicert.com>@mail.imc.org on 04/11/2002 01:00:53 PM > > Sent by: owner-ietf-pkix@mail.imc.org > > > To: "'Peter Sylvester '" <Peter.Sylvester@edelweb.fr> > cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> > Subject: RE: Open issue: DPV relay > > > > > Peter. > > OCSP has always envisioned and practised a relying party > authorizing an OCSP Responder: no CA/AA involvement > is required and no certificate need be issued, in this > case. > > Carry over this conformance requirement from OCSP to DPV: > > An OCSP client (which includes a client that is a DPV server) > must potentially accept an OCSP response according to ALL the > rules of 4.2.2.2. There are three cases: (1) (2) and (3). > > Lets remember, a relying party can operate its > own DPV service for its own benefit. The relying party > needs no authority from a CA to do so. The operator > of a DPV server is not necessarily a TTP, and > need have no relationship to the cert or CRL > issuer, other than that of performing > relying party obligations or (less stringent) user > obligations according to the CP. > > -----Original Message----- > From: Denis Pinkas > To: Peter Sylvester > Cc: ietf-pkix@imc.org > Sent: 4/11/02 3:18 AM > Subject: Re: Open issue: DPV relay > > > > See the second point and also read 4.2.2.2 > > Which says: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > > Or: You may want a requirement that the DPV responder must ensure > > that the OCSP responses are signed by a CA or an authorised responder > > and not by some locally trusted OCSP responder in order to > > be sure that an 'evidence verifier' finds trustworthy information. > > This is correct. However, it is not necesssary to add this requirement > in > the DPV requirements document since this requirement is already in > section > 4.2.2.2 from RFC 2560 (OCSP). > > > > > To make the simple case, if a DPV response is signed directly by > the CA > > > > (or by an authorised responder), you have the same situation. > > > > > > No. A CA can only assert information about what it is directly > responsible. > > > So, the DPV response made by the CA just talks about the certificates > > it has directly issued. > > No. Talking about the certificates that a DPV server may have issued > does > not make sense. Certificates are only issued by CAs, AFAIK. Once again, > a DPV server MUST answer for one (or more) certificates and must verify > an entire chain of certificates, whoever has issued them. A DPV server > is > *not* a CA. A DPV server can be *any* service provider. An organization > running a CA may also run a DPV server, in the same way as an > organization > running a CA may also provide a Time-Stamping service. > > > > No CA is responsible for all the certifiactes from one path. An OCSP > query > > > is for ONE certificate, while a DPV query involves a CHAIN of > certificates. > > > > The text says: > > > > The Delegated Path Validation (DPV) protocol allows a server to > > validate one or more public key certificates according to a > validation > > policy. > > > > In order to validate a certificate, a chain of multiple > certificates, > > called a certification path, may be needed, comprising a > certificate > > of the public key owner (the end entity) signed by one CA, and zero > or > > more additional certificates of CAs signed by other CAs. > > > In the simple case of only one CA, an OCSP response signed by the CA > > concerning the certificate in question does not say anything the > > validity of the CA cert since when it was signed with the same key. > > > You thus just have on certificate. > > > In a case of one intermediate CA, the DPV response may for example > > contain two OCSP responses, one signed by the intermediate CA > > concerning the revocation status of the end user and another > > concerning the statius of the intermediate CA signed by the > > top CA. > > > If both CAs provide a DPV service instead of an OCSP service > > You mean "If the organisation hosting a CA also provides a DPV service > ... " > > > in the same way, you have exactly the same situation except > > that this is a positive status information. > > > > For example, the initial client asks for a combined status, > > it asks his own trusted service, this server asks the intermediate > > CA either to provide an OCSP status or a DPV status of the > > cert in question and then asks the top CA to provide a status of > > the intermediate CA's cert, and well, even three other OCSP > > responders to provide statement that the top level > > CA's cert is good. > > I believe that you have mis-understood one idea behind DPV. DPV verifies > the > whole path processing. A DPV status about one intermediate certificate > of > the chain does not make sense. The validation policy is not about that > intermediate certificate but about a given certificate and a whole chain > above it. Applying the validation policy on an intermediate certificate > only > does not make sense. > > > DPV would allow to combine the responses differently. > > It can well be that the intermediate CA/DPV responder > > itself asks for a DPV response from the top CA/DPV > > and include this in his DPV response to the initial server. > > > > > > > > There are no similarities. > > "Ok, let's talk." > > > > > > I think that there must be a language problem somewhere because I > > > > fail to see what *not* you are referring, i.e. to see where we are > > > > in disagreement. I have not said that it is necessary for the > client > > > > to gather all information. I have said that the protocol must > provide > > > > a method to allow a client to ask and the server to respond with > that > > > > information. > > > > > > Maybe, since we possibly interpreted diffrently "what has > contributed to the > > > final decision". > > > > > > > > In case of a dispute, testing again the certificate validity, > means that > > > > > certificates, CRLs and OCSP responses must be available. > Anything else is > > > > > useless. > > > > > > > I think that this may be the core of our disagreement. > > > > > > > This is because you only accept that CA can create assertions > about the > > > > validity of their certificates using CRLs and OCSP. > > > > > > Correct. > > > > Unfortunately we may be both wrong. > > > > > > As soon as you would > > > > admit that some new protocol or service is provided that enhances > and in > > > > particular replaces them, the statements obtained via that service > are > > > > necessary. > > > > > > > I would like to know what you would have said 5 years ago when > only > > > > CRLs existed. > > > > > > Basicaly the chain must be verified and no element fom the chain > must be > > > revoked. > > > > > > Five years ago this information was provided off-line, i.e. via > CRLs. OCSP > > > allows to obtain the same information on-line. Between on-line and > off-line > > > I currently see no other mechanism. > > > But you can have different protocols for these characteristics. > Offline > > you could use trees, online you can have DPV, > > No. On-line, to know the revocation status of a single certificate we > only > have OCSP. RFC 2560 states: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > Note that this is true as well for CRLs. Either the CA signs the CRL > directly or designate another authority. > > RFC 2459 RECOMMENDS for the support of the CRL distribution points > extension > which then contains a cRLIssuer field. "If the certificate issuer is not > the > CRL issuer, then the cRLIssuer field MUST be present and contain the > Name of > the CRL issuer. If the certificate issuer is also the CRL issuer, then > the > cRLIssuer field MUST be omitted ..." > > > or other techniques like > > timestamps over CRLs and OCSP responses to have a proof that the > server > > has provided the OCSPresp/CRL at a current date. > > Time-stamping is not needed to prove that the server has provided the > OCSPresp/CRL at a current date. An OCSP response includes such a date. > CRL > checking uses thisUpdate and nextUpdate. Time-stamping may however be > useful > for other reasons. An informational RFC (i.e. RFC 3126 - Electronic > Signature Formats for long term electronic signatures) does however > indicate > such a format in the context of a signature policy. Another format could > be > derived from it in the context of a validation policy. > > > > The basic question is whether first-hand information and second-hand > > > information should be used. In case of a dispute, only first-hand > > > information is useful (certificates and revocation status > information from > > > the CAs responsible for every certificate from the chain). DPV > responses > > > (i.e. the signed "yes" answers) are useless, unless the plaintiff > and the > > > defendant both trust the same DPV server. > > > OCSP responses may also be useless, unless the plaintiff and the > > defendant both trust the same OCSP server. > > Wrong. RFC 2560 sates: > > It is necessary however to ensure that the entity signing this > information is authorized to do so. Therefore, a certificate's > issuer MUST either sign the OCSP responses itself or it MUST > explicitly designate this authority to another entity. > > In either of these cases, the plaintiff and the defendant cannot argue > that > the OCSP response is not valid (unless the OCSP responder has been > revoked > by the CA). They cannot argue that such responses are useless, or if > they > do, > this argumentation will be rejected. > > I have made my best efforts to explain all the rational behind DPV > responses, > which are very different from OCSP responses. I have also made my best > efforts to explain why in the general case a DPV response from a given > server is not necessarilly trusted by all clients, and thus would be > useless > in front of a court. > > The security consideration section is very explicit on this issue: > > "A DPV client must trust a DPV server to provide the correct answer. > However, this does not mean that all DPV clients will trust the same > DPV servers. While a positive answer might be sufficient for one DPV > client, that same positive answer will not necessarily convince > another DPV client." > > Can we finally close this issue ? > > Denis > > > Peter > > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GBiCW17851 for ietf-pkix-bks; Tue, 16 Apr 2002 04:44:12 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GBgom17688 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 04:42:51 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA01968; Tue, 16 Apr 2002 13:42:36 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 13:42:36 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA28908; Tue, 16 Apr 2002 13:42:35 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA08828; Tue, 16 Apr 2002 13:42:34 +0200 (MET DST) Date: Tue, 16 Apr 2002 13:42:34 +0200 (MET DST) Message-Id: <200204161142.NAA08828@emeriau.edelweb.fr> To: rhousley@rsasecurity.com, stephen.farrell@baltimore.ie Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > Russ, > > (modulo typos) I'm fine with this text. > > Stephen. > I second (or third, or forth or minute or hour) that. I am glad that most my my requests (and some others, too) concerning relaying seem to get some concensus. There is still one left, currently stuck in a private communication among Russ, Denis and me. Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GBbsD16955 for ietf-pkix-bks; Tue, 16 Apr 2002 04:37:54 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GBbqm16950 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 04:37:53 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3GBbhms004206; Tue, 16 Apr 2002 07:37:43 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.1) with ESMTP id g3GBbfR82112; Tue, 16 Apr 2002 07:37:41 -0400 Importance: Normal Sensitivity: Subject: RE: Open issue: DPV relay To: Peter Williams <peterw@valicert.com> Cc: "'Peter Sylvester '" <Peter.Sylvester@edelweb.fr>, "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OFF39E14C6.4B14B61F-ON85256B9D.003E753D@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Tue, 16 Apr 2002 07:35:16 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/16/2002 07:37:42 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: If nobody disagrees with your statement about an RP providing its own DPV service, I think that you have provided the conclusive argument against using DPV responses in NR. After all, in many NR scenarios the RP is trying to prove that his reliance on a signature was justified. If the RP provides its own DPV service, the only answer to the question "why did you consider the signing certificate valid?" which it provides is "because I thought so at the time". If you assume that single RP's rarely provide DPV in practice but that organizations which employ many RP's may do so, the answer is "because my employer thought so at the time". This does not mean that DPV is not valuable, but it would mean that it (as opposed to DPD) is not useful for NR. Tom Gindin Peter Williams <peterw@valicert.com>@mail.imc.org on 04/11/2002 01:00:53 PM Sent by: owner-ietf-pkix@mail.imc.org To: "'Peter Sylvester '" <Peter.Sylvester@edelweb.fr> cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Subject: RE: Open issue: DPV relay Peter. OCSP has always envisioned and practised a relying party authorizing an OCSP Responder: no CA/AA involvement is required and no certificate need be issued, in this case. Carry over this conformance requirement from OCSP to DPV: An OCSP client (which includes a client that is a DPV server) must potentially accept an OCSP response according to ALL the rules of 4.2.2.2. There are three cases: (1) (2) and (3). Lets remember, a relying party can operate its own DPV service for its own benefit. The relying party needs no authority from a CA to do so. The operator of a DPV server is not necessarily a TTP, and need have no relationship to the cert or CRL issuer, other than that of performing relying party obligations or (less stringent) user obligations according to the CP. -----Original Message----- From: Denis Pinkas To: Peter Sylvester Cc: ietf-pkix@imc.org Sent: 4/11/02 3:18 AM Subject: Re: Open issue: DPV relay > See the second point and also read 4.2.2.2 Which says: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. > Or: You may want a requirement that the DPV responder must ensure > that the OCSP responses are signed by a CA or an authorised responder > and not by some locally trusted OCSP responder in order to > be sure that an 'evidence verifier' finds trustworthy information. This is correct. However, it is not necesssary to add this requirement in the DPV requirements document since this requirement is already in section 4.2.2.2 from RFC 2560 (OCSP). > > > To make the simple case, if a DPV response is signed directly by the CA > > > (or by an authorised responder), you have the same situation. > > > > No. A CA can only assert information about what it is directly responsible. > So, the DPV response made by the CA just talks about the certificates > it has directly issued. No. Talking about the certificates that a DPV server may have issued does not make sense. Certificates are only issued by CAs, AFAIK. Once again, a DPV server MUST answer for one (or more) certificates and must verify an entire chain of certificates, whoever has issued them. A DPV server is *not* a CA. A DPV server can be *any* service provider. An organization running a CA may also run a DPV server, in the same way as an organization running a CA may also provide a Time-Stamping service. > > No CA is responsible for all the certifiactes from one path. An OCSP query > > is for ONE certificate, while a DPV query involves a CHAIN of certificates. > > The text says: > > The Delegated Path Validation (DPV) protocol allows a server to > validate one or more public key certificates according to a validation > policy. > > In order to validate a certificate, a chain of multiple certificates, > called a certification path, may be needed, comprising a certificate > of the public key owner (the end entity) signed by one CA, and zero or > more additional certificates of CAs signed by other CAs. > In the simple case of only one CA, an OCSP response signed by the CA > concerning the certificate in question does not say anything the > validity of the CA cert since when it was signed with the same key. > You thus just have on certificate. > In a case of one intermediate CA, the DPV response may for example > contain two OCSP responses, one signed by the intermediate CA > concerning the revocation status of the end user and another > concerning the statius of the intermediate CA signed by the > top CA. > If both CAs provide a DPV service instead of an OCSP service You mean "If the organisation hosting a CA also provides a DPV service ... " > in the same way, you have exactly the same situation except > that this is a positive status information. > > For example, the initial client asks for a combined status, > it asks his own trusted service, this server asks the intermediate > CA either to provide an OCSP status or a DPV status of the > cert in question and then asks the top CA to provide a status of > the intermediate CA's cert, and well, even three other OCSP > responders to provide statement that the top level > CA's cert is good. I believe that you have mis-understood one idea behind DPV. DPV verifies the whole path processing. A DPV status about one intermediate certificate of the chain does not make sense. The validation policy is not about that intermediate certificate but about a given certificate and a whole chain above it. Applying the validation policy on an intermediate certificate only does not make sense. > DPV would allow to combine the responses differently. > It can well be that the intermediate CA/DPV responder > itself asks for a DPV response from the top CA/DPV > and include this in his DPV response to the initial server. > > > > > There are no similarities. > "Ok, let's talk." > > > > I think that there must be a language problem somewhere because I > > > fail to see what *not* you are referring, i.e. to see where we are > > > in disagreement. I have not said that it is necessary for the client > > > to gather all information. I have said that the protocol must provide > > > a method to allow a client to ask and the server to respond with that > > > information. > > > > Maybe, since we possibly interpreted diffrently "what has contributed to the > > final decision". > > > > > > In case of a dispute, testing again the certificate validity, means that > > > > certificates, CRLs and OCSP responses must be available. Anything else is > > > > useless. > > > > > I think that this may be the core of our disagreement. > > > > > This is because you only accept that CA can create assertions about the > > > validity of their certificates using CRLs and OCSP. > > > > Correct. > > Unfortunately we may be both wrong. > > > > As soon as you would > > > admit that some new protocol or service is provided that enhances and in > > > particular replaces them, the statements obtained via that service are > > > necessary. > > > > > I would like to know what you would have said 5 years ago when only > > > CRLs existed. > > > > Basicaly the chain must be verified and no element fom the chain must be > > revoked. > > > > Five years ago this information was provided off-line, i.e. via CRLs. OCSP > > allows to obtain the same information on-line. Between on-line and off-line > > I currently see no other mechanism. > But you can have different protocols for these characteristics. Offline > you could use trees, online you can have DPV, No. On-line, to know the revocation status of a single certificate we only have OCSP. RFC 2560 states: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. Note that this is true as well for CRLs. Either the CA signs the CRL directly or designate another authority. RFC 2459 RECOMMENDS for the support of the CRL distribution points extension which then contains a cRLIssuer field. "If the certificate issuer is not the CRL issuer, then the cRLIssuer field MUST be present and contain the Name of the CRL issuer. If the certificate issuer is also the CRL issuer, then the cRLIssuer field MUST be omitted ..." > or other techniques like > timestamps over CRLs and OCSP responses to have a proof that the server > has provided the OCSPresp/CRL at a current date. Time-stamping is not needed to prove that the server has provided the OCSPresp/CRL at a current date. An OCSP response includes such a date. CRL checking uses thisUpdate and nextUpdate. Time-stamping may however be useful for other reasons. An informational RFC (i.e. RFC 3126 - Electronic Signature Formats for long term electronic signatures) does however indicate such a format in the context of a signature policy. Another format could be derived from it in the context of a validation policy. > > The basic question is whether first-hand information and second-hand > > information should be used. In case of a dispute, only first-hand > > information is useful (certificates and revocation status information from > > the CAs responsible for every certificate from the chain). DPV responses > > (i.e. the signed "yes" answers) are useless, unless the plaintiff and the > > defendant both trust the same DPV server. > OCSP responses may also be useless, unless the plaintiff and the > defendant both trust the same OCSP server. Wrong. RFC 2560 sates: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. In either of these cases, the plaintiff and the defendant cannot argue that the OCSP response is not valid (unless the OCSP responder has been revoked by the CA). They cannot argue that such responses are useless, or if they do, this argumentation will be rejected. I have made my best efforts to explain all the rational behind DPV responses, which are very different from OCSP responses. I have also made my best efforts to explain why in the general case a DPV response from a given server is not necessarilly trusted by all clients, and thus would be useless in front of a court. The security consideration section is very explicit on this issue: "A DPV client must trust a DPV server to provide the correct answer. However, this does not mean that all DPV clients will trust the same DPV servers. While a positive answer might be sufficient for one DPV client, that same positive answer will not necessarily convince another DPV client." Can we finally close this issue ? Denis > Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GBWas16474 for ietf-pkix-bks; Tue, 16 Apr 2002 04:32:36 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GBWYm16468 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 04:32:34 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA01918; Tue, 16 Apr 2002 13:32:31 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 13:32:31 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA28856; Tue, 16 Apr 2002 13:32:30 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA08820; Tue, 16 Apr 2002 13:32:29 +0200 (MET DST) Date: Tue, 16 Apr 2002 13:32:29 +0200 (MET DST) Message-Id: <200204161132.NAA08820@emeriau.edelweb.fr> To: tim.polk@nist.gov, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Similar to Stephen, I also almost agree with Denis, just a few nit-pcking remarks. > > > DPV servers that do relay requests MUST be able to detect whether or not > > the request has been previously relayed, > > Correct. > > > and the request MUST have the complete list of servers that have received the request. > > No. You are specifying a solution, which would work but there are other > solutions to this problem: a list of servers is not the single way to solve > this issue. Since we are writing requirements we should not impose a > solution. > > I believe that this requirement can be captured by the following sentence: > > When a server supports a relay mechanism, a mechanism to detect > loops or repetition MUST be provided. > > Now, to explain in more details: > > When a DPV server relays a request to another DPV server: > > 1) it must copy already present relay history information (if any), > > 2) it must add relay history information in the relayed request. > > As an example, the added information can simply be a nonce and thus no > server name needs to be ever used. A sequence of nonces would thus do the > job nicely and avoid naming problems or naming conventions. Practically > speaking, a sequence of INTEGER would do the job. You are also trying to describe a solution which in fact does not necessarily work unless the nonces are selected in a correct way, they must allow a server that either it had already received the request or will send it again. So let us stick with the first sentence: > > > DPV servers that do relay requests MUST be able to detect whether or not > > the request has been previously relayed, > > > DPV servers that relay requests MUST satisfy all the following conditions: > > (1) recognize and process relay history if present in a DPV request; > > (2) able to generate a relay history > > .. information. Full stop. > > > including the complete list of servers that have already forwarded this request; > > No. As said earlier, the received relay information is blindly copied. > > > (3) before relaying a request, the DPV server MUST verify that > > the chosen DPV server > > has not already seen the message. (That is loop detection > > occurs at the requester, > > not the recipient). Instead of (3) a server may also reject a request because it detects that it has already received it before. > > No. The idea is to send back the referral in a non-critical extension so > that it can be ignored by a client. Clients must be ready to support > extension fields, but are not mandated to understand any non-critical > extension. You are specifying a begin of a solution. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GBFFK13699 for ietf-pkix-bks; Tue, 16 Apr 2002 04:15:15 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GBFDm13682 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 04:15:13 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA01874; Tue, 16 Apr 2002 13:15:10 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 16 Apr 2002 13:15:11 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA28824; Tue, 16 Apr 2002 13:15:09 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA08815; Tue, 16 Apr 2002 13:15:09 +0200 (MET DST) Date: Tue, 16 Apr 2002 13:15:09 +0200 (MET DST) Message-Id: <200204161115.NAA08815@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > I agree that there is a difference between an authorized responder > and a server trusted under a given policy. > > So in order to solve this last issue, I propose to replace the current text > which is: The reason why I discussed this was to explain that regarding trust issues there is no fundamental difference between a DPV responder and an OCSP responder. As we see, OCSP responders come in two flavors, either they are authorised by the CA (respses signed by the CA or an athorised responder), or are locally trusted. I do not see why DPV responders are essentially different: It may be that there are *more* DPV responders that are locally trusted but I do not see why a CA cannot sign DPV responses for all its client certs or designate a responders in exactly the same way as for OCSP. Denis mentioned that a DPV responder indicates the validity of a path: I slightly disagree: If one does not return the path and no other information, the DPV responder only indicates the validity of the cert according to a policy, like OCSP indicates the "invalidity status". Even, assumung that DPV indicates the validity of a path, I do not see why it creates harm to include such responses in DPV responses. For example, a DPV responder that would return OCSP status info for all certs in the chain (except the top one?) could just return one DPV response of the first CA chain. Denis replied to Peter; > > So, the DPV response made by the CA just talks about the certificates > > it has directly issued. > No. Talking about the certificates that a DPV server may have issued does > not make sense. It = the CA. > Certificates are only issued by CAs, AFAIK. Once again, > a DPV server MUST answer for one (or more) certificates and must verify > an entire chain of certificates, whoever has issued them. No, I claim taht the only thing a DPV server MUST tell is whether the cert is valid against a validation policy, everything else is optional. > A DPV server is > *not* a CA. A DPV server can be *any* service provider. An organization > running a CA may also run a DPV server, in the same way as an organization > running a CA may also provide a Time-Stamping service. The agument was, whether this is different to OCSP. It is *NOT* as we all just found out. An OCSP respoinder can be *any* service provider. Denis said: > > If both CAs provide a DPV service instead of an OCSP service > You mean "If the organisation hosting a CA also provides a DPV service ... " I won't tell you whether you attempt to make a telepathic intrusion test was successful or not. :-) Denis said: > I believe that you have mis-understood one idea behind DPV. DPV verifies the > whole path processing. A DPV status about one intermediate certificate of > the chain does not make sense. The validation policy is not about that > intermediate certificate but about a given certificate and a whole chain > above it. Applying the validation policy on an intermediate certificate only > does not make sense. Thank you for reminding me: The rationale paragraph 2 says: DPV allows a server to perform a real time certificate validation for a validation time T, where T may be the current time or a time in the recent past. no word about PATH. The next paragraph says In order to validate a certificate, a chain of multiple certificates, called a certification path, may be needed, comprising a certificate of the public key owner (the end entity) signed by one CA, and zero or more additional certificates of CAs signed by other CAs. "may be needed" The next paragraphs talk about path validation, BUT: The server is allowed to return a good/bad answer without giving any information about the path used, and trusted roots as input are optional. But anyway: Where did I say that the same validation policy MUST be used to validate an intermediate certificates. The question is only that the actual texts prohibits any other information to be returned. > > But you can have different protocols for these characteristics. Offline > > you could use trees, online you can have DPV, > No. On-line, to know the revocation status of a single certificate we only > have OCSP. RFC 2560 states: RFC 3029 for example also provides a service to provide certificate status. But your argumentation is completely unacceptable for another reason. You are completely ignoring that one can make progress in the future. It is like the people about 100 years ago that argued that the only way to solve a dangerous problem of horse shit on streets was to create more services to remove it (completely igoring the arivale of cars .. which created other problems, but that's another story). You require that nothing else than OCSP responses and CRL MUST be returned. never, ever. IN the following you mention thet time stamps *MAY* be useful for *other reasons*. Thus, it may be useful to create a time stamp of the OCSP responses and CRL responses in order to indicate when the information have been verified. This is just one example of why other and different information could be returned by a DPV responder. This information may not dbe directly destined to the DPV client but to some other relying party. > > OCSP responses may also be useless, unless the plaintiff and the > > defendant both trust the same OCSP server. > Wrong. RFC 2560 sates: I think it is not necessary to repeat why the argumentation that follows is wrong, in particular the following sentence is true as well for OCSP: "A DPV client must trust a DPV server to provide the correct answer. However, this does not mean that all DPV clients will trust the same DPV servers. While a positive answer might be sufficient for one DPV client, that same positive answer will not necessarily convince another DPV client." > The DPV request MUST allow the client to request that the response > include the certification path and revocation status information used > by the DPV server to process the request. When requested, the DPV > server MUST include the certification path and revocation status > information in the response when the certificate is valid according to > the validation policy. However, the server MAY omit the certification > path and revocation status information when the certificate is invalid. > > by the following text: > > The DPV request MUST allow the client to request the response to > include either the certification path and the revocation status > information from authorised CRL issuers or authorised OCSP responders, > or a DPV response from a DPV server that is trusted under the > validation policy. This information may allow other clients, not > trusting the requested DPV server to be confident that the certificate > validation has correctly be performed. When the certificate is valid > according to the validation policy, the server MUST, upon request, > include that information in the response. However, the server MAY > omit that information when the certificate is invalid or when it > cannot determine the validity. You are turning around a necessary and sufficient property: Requiring *authorised* issuers may not be necessary in some circumstances, e.g., when the relying parties are a known group that trust the same responders. To summarize: I just repeat my request that : ' A DPV responder may return additional information concerning the status of the certificate in question, such a the selected certification paths, OCSP responses, CRL responses and other information about the validity of the certificate, or parts of the parts. etc., examples are DPV responses, time stamps, .. which are necessary in order to allow relying parties (not necessarily the initial DPV client) to determine the status of the certificate. ' Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GAOWj08047 for ietf-pkix-bks; Tue, 16 Apr 2002 03:24:32 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GAOUm08039 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 03:24:30 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3GAOUb22876 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:24:30 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a4aea8f7d0a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:19:02 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id LAA25889; Tue, 16 Apr 2002 11:24:27 +0100 Message-ID: <3CBBFBE6.FEF1CE8D@baltimore.ie> Date: Tue, 16 Apr 2002 11:24:38 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Tim Polk <tim.polk@nist.gov>, ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020415145538.00cb0f00@email.nist.gov> <3CBBE16A.1C512FC9@bull.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, I echo almost all of Denis' comments on your mail. In any case, isn't the latest text from Russ ok with you? If not what alternative text would you suggest? Stephen. Denis Pinkas wrote: > > Tim, > > I will be leaving my office tomorrow evening for one full week > (both holidays then business), so we had better solve this rapidly > so that I can post a new draft before leaving. :-) > > See my comments embedded. > > > Folks, > > > > Here is my take on the relay/referral fracas, in two parts. > > > > The first part addresses DPV relay includes (1) my assumptions about DPV, > > (2) a little rationale, and (3) a proposed "solution" for DPV replay. The > > second part amounts to four complaints about the impact of adding > > referrals, and my belief that it should not be supported. > > > > Part 1: DPV Relay > > Proposal > > > > Assumption #1: > > > > DPV relay is irrelevant to DPV clients. They request answers from a > > trusted DPV server X, and server X MUST stand behind the response. (That > > is, X can't say "I don't know, but Server Y says this certificate is > > okay." It is up to X whether it can trust that answer.) > > Fine. > > > Assumption #2: > > > > Many DPV servers will not relay requests. > > > > Tim's Theory and what it is, too: > > > > DPV servers that do not relay requests do not care if the request has been > > relayed before they received it. > > True. > > > That only matters for loop detection/relay limits, etc. > > Wrong. If they do not relay, a loop can never occur. :-( > > > DPV servers that do relay requests MUST be able to detect whether or not > > the request has been previously relayed, > > Correct. > > > and the request MUST have the complete list of servers that have received the request. > > No. You are specifying a solution, which would work but there are other > solutions to this problem: a list of servers is not the single way to solve > this issue. Since we are writing requirements we should not impose a > solution. > > I believe that this requirement can be captured by the following sentence: > > When a server supports a relay mechanism, a mechanism to detect > loops or repetition MUST be provided. > > Now, to explain in more details: > > When a DPV server relays a request to another DPV server: > > 1) it must copy already present relay history information (if any), > > 2) it must add relay history information in the relayed request. > > As an example, the added information can simply be a nonce and thus no > server name needs to be ever used. A sequence of nonces would thus do the > job nicely and avoid naming problems or naming conventions. Practically > speaking, a sequence of INTEGER would do the job. > > > So, the conformance requirements: > > > > Support for DPV relay is OPTIONAL for DPV servers. DPV servers that do not > > relay requests do not need to process or recognize the relay history > > information. > > Correct. > > > DPV servers that relay requests MUST satisfy all the following conditions: > > (1) recognize and process relay history if present in a DPV request; > > (2) able to generate a relay history > > .. information. Full stop. > > > including the complete list of servers that have already forwarded this request; > > No. As said earlier, the received relay information is blindly copied. > > > (3) before relaying a request, the DPV server MUST verify that > > the chosen DPV server > > has not already seen the message. (That is loop detection > > occurs at the requester, > > not the recipient). > > Correct. > > > This proposal does not impact clients, it simplifies the most common DPV > > servers, and it places *all* the burden on DPV servers that relay > > requests. (As it should be, in my opinion.) > > Correct. > > > Part 2: DPV Referrals > > > > Complaint A > > > > Referrals impact *all* DPV clients, significantly increasing their > > complexity. Currently, the requirements indicate whether or not the server > > could build a satisfactory path. It seems to me that referrals force all > > DPV clients to interpret a new class of answers: "I don't know but ask > > Server B". (By itself, this isn't that compelling, I admit. They get > > stronger, IMHO.) > > No. The idea is to send back the referral in a non-critical extension so > that it can be ignored by a client. Clients must be ready to support > extension fields, but are not mandated to understand any non-critical > extension. > > > Complaint B > > > > One of the nice features of DPV is a single "proof" for archival. This > > feature is broken by the introduction of DPV referrals. Assume Alice is > > trusts Server A, but she receives a referral indicating that Server A > > trusts Server B to validate this certificate. > > No. It is not the meaning of the referral. Assume Alice trusts Server A, but > she receives a referral from server A indicating that Server B > might be able to validate this certificate. Alice has to make its own > decision whether she can trust or not server B. > > > Alice will need to maintain both the referral from Server A and the > > answer from Server B. > > No. See above. > > > Complaint C > > > > Referrals for DPV are a very different animal than LDAP referrals. Once > > again, assume Alice is trusts Server A but she receives a referral > > indicating that Server A trusts Server B to validate this > > certificate. Alice will need to authenticate the identity of Server B > > using information from Server A. I think that means that Server A needs to > > identify Server B by including Server B's public key in the referral. If > > that is true, we just created a parallel key management infrastructure and > > increased the complexity of our universe. > > Not with the trust model that I indicated. > > > Complaint D > > > > If LDAP is any indicator, nobody does referrals anyway. Since DPV > > referrals will be significantly more complex, wouldn't it be better to put > > the load on the server? > > The load will be on the servers. Clients may fully ignore that field. > > Denis > > > > Alright, I'm off my soapbox. Flame suit is zipped. What do you all think > > of these proposals? > > > > Thanks, > > > > Tim Polk -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GAJKn07564 for ietf-pkix-bks; Tue, 16 Apr 2002 03:19:20 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GAHvm07448 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 03:17:58 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3GAHvb22701 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:17:57 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a4ae492390a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:12:30 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id LAA25742; Tue, 16 Apr 2002 11:17:54 +0100 Message-ID: <3CBBFA5D.A40F6184@baltimore.ie> Date: Tue, 16 Apr 2002 11:18:05 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Trevor Freeman <trevorf@windows.microsoft.com> CC: "Housley, Russ" <rhousley@rsasecurity.com>, pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV relay References: <4AEE3169443CDD4796CA8A00B02191CDEE5F45@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Trevor, Trevor Freeman wrote: > > Stephen, > There is obviously a relationship between implementation complexity and > protocol design. True. My point was simply that the relative complexity of the protocols that get proposed as meeting these requirements can't be judged yet and, I believe, isn't impacted by Russ' latest text anyway. > We are proposing a simple model where the client only has to consider > two responses from the DPV server, success or failure. No change there then. Read Russ' latest text and see if you agree with it. > Nothing in that > model excludes a DPV server for accessing or requesting any resource it > chooses. Good. > A DPV server can therefore act as a DPC client to other DPV > servers. What is not clear is why you seem to be so keen for the > original PDV client to do this work of contacting other DPV servers > instead of the client's original DPV server. I'm not. Once again, the scenario in which I like referrals is the one I gave in a message back on the 8th: Alice -> Bob - is this a good key? Robert -> Charlie - is this a good key? (relaying) Chaz -> Robert - I dunno, ask Denis (re-direct/referral) Robbie -> Denis - is this a good key? Denis -> Rob - I strongly disagree (with apologies:-) Robert -> Alice - Nope > If the DPV server truly > believes that an answer can be obtained from anther resource - why can't > it go get that answer for the client? What does the client know that the > server does not which would make that work? See above. > What piece of information is > missing from the DPV server that by returning a DPV referral to the > client, something will be accomplished that it could not do itself? In the above example, Charlie is a kind of "gateway" server that tells Bob which of the other servers that exist (with which they can establish a good answer via the ultimately WG-selected DPV protocol:-). Bob often won't know that, and sometimes Charlie won't be able to connect to Denis due to firewalls. Stephen. > > Trevor > > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: Monday, April 15, 2002 6:54 AM > To: Housley, Russ > Cc: pkix > Subject: Re: Open issue: DPV relay > > Russ, > > It seems that essentially you want to change "protocols MAY > re-direct/m-c" > into "protocols MUST NOT re-direct/m-c", right? > > - I fail to see how the MAY option adds complexity to clients since > presumably the protocol you like that meets the requirements won't > take up the "MAY" option and it won't be an issue for such clients. > Even if a conforming protocol does include re-direct, the text > proposed ensures that there is mandatory impact on clients. > > - Allowing re-direct/m-c does allow for some interesting server to > server interactions (in an IMO clean way) as previously discussed on > the list. I see no reason to prohibit those or cause vendors to > re-invent or corrupt their use of a dpv protocol in order to > support such cases. > > - We can in any case judge relative compexity issues (only?) when > concrete protocols are being compared against these requirements. > > So, all in all, I see no reason to forbid protocols to support these > mechcnisms and some reasons to allow protocols to do so and no reason > at all to make a premature decision on this. > > Regards, > Stephen. > > "Housley, Russ" wrote: > > > > I am strongly opposed to any requirements regarding re-direction > (a.k.a. > > referrals) or multicasting. These services would add considerable > > complexity to the client side of the interface, making support for > > lightweight clients more difficult. > > > > I have specific comments below... > > > > >4.2. Relaying, re-direction and multicasting. > > > > > >Protocols designed to conform to these requirements MAY include > > >optional fields and extensions to support relaying, re-direction or > > >multicasting features. DPV clients are NOT REQUIRED to support relay, > > >re-direct or multicast, therefore clients or servers which do not > > >support such features still conform to the basic set of requirements. > > >DPV servers are NOT REQUIRED either to support relay, re-direct or > > >multicast. > > > > I can support relaying (a.k.a. chaining) because it does not add > complexity > > to the client. > > > > These are not protocol requirements. They are implementation > requirements, > > and we are not defining a protocol in this document. > > > > I prefer: > > > > Protocols designed to satisfy these requirements MAY include > mechanisms for > > relaying. However, such protocols MUST NOT include mechanisms for > > re-direction or multicasting. Re-direction or multicasting mechanisms > > would add considerable complexity to the client side of the interface, > > making support for lightweight clients more difficult. > > > > >1. Where relay or re-direct mechanisms are supported by a server > > > a mechanism to detect loops or repetition SHOULD be supported. > > > > I think that SHOULD ought to be changed to MUST. > > I think that re-direct ought to be deleted. > > > > >2. Where a DPV server chooses to re-direct the request to another > > > DPV server (i.e. chooses to provide a referral), a mechanism to > > > provide information to be used for the re-direction SHOULD be > > > supported. Note: In case where information to be used for the > > > re-direction is sent back, clients are NOT REQUIRED to interpret > > > that information (but MAY do so). > > > > I think that this should be deleted. > > > > >3. These features MAY be supported by using additional parameters > > > in the request and/or response. Clients and servers that do not > > > support such additional parameters MUST still be able to > use/offer > > > DPV service. In this way, implementers need not understand the > > > semantics of any such extensions. > > > > I think that additional ought to be changed to optional. > > > > Russ > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3GAAdI05516 for ietf-pkix-bks; Tue, 16 Apr 2002 03:10:39 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3GA9Hm05196 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 03:09:17 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3GA9Hb22464 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:09:17 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a4adca0590a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 11:03:49 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id LAA25557; Tue, 16 Apr 2002 11:09:10 +0100 Message-ID: <3CBBF851.B7FB92D3@baltimore.ie> Date: Tue, 16 Apr 2002 11:09:21 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV relay References: <5.1.0.14.2.20020415124949.02f44df0@exna07.securitydynamics.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, (modulo typos) I'm fine with this text. Stephen. "Housley, Russ" wrote: > > All: > > I remain strongly opposed to any requirements that impose re-direction > (a.k.a. referrals) or multicasting on the client. After a private e-mail > exchange with Steve Farrell, I now realize that this is not the > intention. This intent was to permit the use of re-direction and > multicasting between a collection of DPV servers. > > I think that a bit of rationale will greatly help all readers. > > I propose the following text. Note that the rationale paragraph does not > include any MUST, SHOULD, or MAY sentences. > > Russ > > = = = = = = = = = = > > 4.2. Relaying, re-direction and multicasting. > > In some network environments, especially ones that include firewalls, a DPV > server might not be able to obtain all of the information that it needs to > process a request. However, the DPV server might be configured to use the > services of one or more other DPV servers to fulfill all requests. In such > cases, the client is unaware that the queried DPV server is using the > services of other DPV servers. In such environments, the client-queried > DPV server acts as a DPV client to another DPV server. Unlike the original > client, the DPV server is expected to have moderate computing and memory > resources, enabling the use of relay, re-direct or multicasting mechanisms. > The requirements in this section support such mechanisms for DPV > server-to-DPV server exchanges without imposing them on DPV client-to-DPV > client exchanges. > > Protocols designed to satisfy these requirements MAY include optional > fields and/or extensions to support relaying, re-direction or multicasting. > However, DPV clients are not expected to support relay, re-direct or > multicast. If the protocol supports such features, the protocol MUST > include provisions for DPV clients and DPV servers that do not support such > features, allowing them to conform to the basic set of requirements. > > 1. When a protocol provides a relay or re-direct mechanism, a companion > mechanism to detect loops or repetition MUST also be provided. > > 2. When a protocol provides the capability for a DPV server to re-direct a > request to another DPV server (i.e. the protocol chooses to provide a > referral mechanism), a mechanism to provide information to be used for the > re-direction SHOULD be supported. If such re-direction information is > sent back to clients, then the protocol MUST allow conforming clients to > ignore it. > > 3. Optional parameters in the protocol request and/or response MAY be > provide support for relaying, re-direction or multicasting. DPV clients > that ignore any such optional parameters MUST still be able to use the DPV > service. DPV servers that ignore any such optional parameters MUST MUST > still be able to offer the DPV service, although they might not be able to > overcome the limitations imposed by the network topology. In this way, > protocol implementors need not understand the syntax or semantics of any > such optional parameters. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3G8WFd17976 for ietf-pkix-bks; Tue, 16 Apr 2002 01:32:15 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3G8WDm17958 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 01:32:13 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id KAA26116; Tue, 16 Apr 2002 10:34:52 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041610313912:432 ; Tue, 16 Apr 2002 10:31:39 +0200 Message-ID: <3CBBE16A.1C512FC9@bull.net> Date: Tue, 16 Apr 2002 10:31:38 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tim Polk <tim.polk@nist.gov> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020415145538.00cb0f00@email.nist.gov> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 10:31:39, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 10:32:11, Serialize complete at 16/04/2002 10:32:11 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, I will be leaving my office tomorrow evening for one full week (both holidays then business), so we had better solve this rapidly so that I can post a new draft before leaving. :-) See my comments embedded. > Folks, > > Here is my take on the relay/referral fracas, in two parts. > > The first part addresses DPV relay includes (1) my assumptions about DPV, > (2) a little rationale, and (3) a proposed "solution" for DPV replay. The > second part amounts to four complaints about the impact of adding > referrals, and my belief that it should not be supported. > > Part 1: DPV Relay > Proposal > > Assumption #1: > > DPV relay is irrelevant to DPV clients. They request answers from a > trusted DPV server X, and server X MUST stand behind the response. (That > is, X can't say "I don't know, but Server Y says this certificate is > okay." It is up to X whether it can trust that answer.) Fine. > Assumption #2: > > Many DPV servers will not relay requests. > > Tim's Theory and what it is, too: > > DPV servers that do not relay requests do not care if the request has been > relayed before they received it. True. > That only matters for loop detection/relay limits, etc. Wrong. If they do not relay, a loop can never occur. :-( > DPV servers that do relay requests MUST be able to detect whether or not > the request has been previously relayed, Correct. > and the request MUST have the complete list of servers that have received the request. No. You are specifying a solution, which would work but there are other solutions to this problem: a list of servers is not the single way to solve this issue. Since we are writing requirements we should not impose a solution. I believe that this requirement can be captured by the following sentence: When a server supports a relay mechanism, a mechanism to detect loops or repetition MUST be provided. Now, to explain in more details: When a DPV server relays a request to another DPV server: 1) it must copy already present relay history information (if any), 2) it must add relay history information in the relayed request. As an example, the added information can simply be a nonce and thus no server name needs to be ever used. A sequence of nonces would thus do the job nicely and avoid naming problems or naming conventions. Practically speaking, a sequence of INTEGER would do the job. > So, the conformance requirements: > > Support for DPV relay is OPTIONAL for DPV servers. DPV servers that do not > relay requests do not need to process or recognize the relay history > information. Correct. > DPV servers that relay requests MUST satisfy all the following conditions: > (1) recognize and process relay history if present in a DPV request; > (2) able to generate a relay history .. information. Full stop. > including the complete list of servers that have already forwarded this request; No. As said earlier, the received relay information is blindly copied. > (3) before relaying a request, the DPV server MUST verify that > the chosen DPV server > has not already seen the message. (That is loop detection > occurs at the requester, > not the recipient). Correct. > This proposal does not impact clients, it simplifies the most common DPV > servers, and it places *all* the burden on DPV servers that relay > requests. (As it should be, in my opinion.) Correct. > Part 2: DPV Referrals > > Complaint A > > Referrals impact *all* DPV clients, significantly increasing their > complexity. Currently, the requirements indicate whether or not the server > could build a satisfactory path. It seems to me that referrals force all > DPV clients to interpret a new class of answers: "I don't know but ask > Server B". (By itself, this isn't that compelling, I admit. They get > stronger, IMHO.) No. The idea is to send back the referral in a non-critical extension so that it can be ignored by a client. Clients must be ready to support extension fields, but are not mandated to understand any non-critical extension. > Complaint B > > One of the nice features of DPV is a single "proof" for archival. This > feature is broken by the introduction of DPV referrals. Assume Alice is > trusts Server A, but she receives a referral indicating that Server A > trusts Server B to validate this certificate. No. It is not the meaning of the referral. Assume Alice trusts Server A, but she receives a referral from server A indicating that Server B might be able to validate this certificate. Alice has to make its own decision whether she can trust or not server B. > Alice will need to maintain both the referral from Server A and the > answer from Server B. No. See above. > Complaint C > > Referrals for DPV are a very different animal than LDAP referrals. Once > again, assume Alice is trusts Server A but she receives a referral > indicating that Server A trusts Server B to validate this > certificate. Alice will need to authenticate the identity of Server B > using information from Server A. I think that means that Server A needs to > identify Server B by including Server B's public key in the referral. If > that is true, we just created a parallel key management infrastructure and > increased the complexity of our universe. Not with the trust model that I indicated. > Complaint D > > If LDAP is any indicator, nobody does referrals anyway. Since DPV > referrals will be significantly more complex, wouldn't it be better to put > the load on the server? The load will be on the servers. Clients may fully ignore that field. Denis > Alright, I'm off my soapbox. Flame suit is zipped. What do you all think > of these proposals? > > Thanks, > > Tim Polk Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3G8HPn13377 for ietf-pkix-bks; Tue, 16 Apr 2002 01:17:25 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3G8G4m12746 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 01:16:04 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id KAA26280; Tue, 16 Apr 2002 10:18:40 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041610153658:424 ; Tue, 16 Apr 2002 10:15:36 +0200 Message-ID: <3CBBDDA8.A3CEBECF@bull.net> Date: Tue, 16 Apr 2002 10:15:36 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt References: <5.1.0.14.2.20020415143619.02f76e90@exna07.securitydynamics.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 10:15:36, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 10:15:59, Serialize complete at 16/04/2002 10:15:59 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, > Tom: > We are about to post an update to the draft. Expect to see it in the next > day or so. Isn't it premature ? I am still expecting responses to my set of comments and questions. Regards, Denis > I recognize the severe memory constraints of smartcards. > > Russ > > At 12:35 PM 4/10/2002 -0400, Tom Gindin wrote: > > > Russ: > > > > Most of the following concerns the data structures of the current > >draft and of my last posting. First, should the URI really be optional in > >cases where the binary component is a hash? What good is the logotype > >field with a hash but no way to reference the image? Second, I have > >reviewed draft-ietf-idn-uri-01.txt (by Martin Duerst) and it recommends > >that internationalized URI strings be converted to UTF-8 but then escaped > >using %HH, so UTF8String is unnecessary. Therefore, we should simplify > >VerifiedReference as follows: > > VerifiedReference ::= SEQUENCE { > > hashAlgorithm AlgorithmIdentifier, > > dataHash OCTET STRING, > > uri IA5String, > > } > > > > On a different topic, smart cards and other tokens have the least > >space of any place certificates are likely to be put, so if in-line > >logotypes are OK there they're OK anywhere. > > > > Tom Gindin > > > > > >"Housley, Russ" <rhousley@rsasecurity.com> on 04/08/2002 01:17:11 PM > > > >To: Tom Gindin/Watson/IBM@IBMUS > >cc: ietf-pkix@imc.org > >Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt > > > > > >Tom: > > > > >The following is just a personal opinion, but one based on fairly > > >well-understood trends. I don't think that in-line logotypes are > >CURRENTLY > > >worth the space that they'd take up on a smart card, but I would guess > >that > > >they will be in two more smart-card generations and perhaps only one. > > >Given the amount of time between standard proposal and deployment, it's > >not > > >premature to standardize it. > > > >I tend to agree with your assessment of storage on smart cards. Today, all > > > >of the certificates stored on one smart card are likely to be associated > >with one community. Therefore, a logo will like appear on the smart card > >itself. > > > >Of course, there are other places that certificates and private keys are > >stored.... > > > > > However, I also have a question about the current data structure. > > >First, why is the URI optional (assuming that the only binary value is the > > >digest, as at present)? Second, why would we not permit in-line logotypes > > >(in which case the URI is suppressed)? This would require some edits to > > >LogotypeData, but nothing very difficult. One possibility would be: > > > LogotypeData ::= SEQUENCE { > > > typeOfLogotype TypeOfLogotype, > > > hashAlgorithm AlgorithmIdentifier, -- might be > >OPTIONAL, > > >it's not meaningful for GIF's > > > CHOICE { > > > logotypeDataHash OCTET STRING, > > > gif [0] IMPLICIT OCTET STRING > > > }, > > > logotypeDataUri IA5String OPTIONAL } > > > > > > Another would be: > > > LogotypeData ::= SEQUENCE { > > > typeOfLogotype TypeOfLogotype, > > > CHOICE { > > > logotypeReference VerifiedReference, > > > gif OCTET STRING > > > } > > > } > > > VerifiedReference ::= SEQUENCE { > > > hashAlgorithm AlgorithmIdentifier, > > > dataHash OCTET STRING, > > > CHOICE { > > > uri IA5String, > > > intlUri UTF8String } > > > } > > > > > > > > > IMO VerifiedReference is a generally useful type, so its names do > >not > > >contain reference to logotypes. My understanding of COMPONENTS OF, which > > >may be faulty, is that defining LogotypeData using COMPONENTS OF > > >VerifiedReference as an element of a CHOICE would not produce a useful > > >result because each of the elements of VerifiedReference would show up in > > >the CHOICE rather than merely hashAlgorithm going into the CHOICE with the > > >other fields added to LogotypeData's SEQUENCE. > > > >We are in the final steps of an updated I-D. It addresses some of these > >issues, but not all. > > > >Is there a reference for UTF8String URI? > > > >Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3G82Fa08555 for ietf-pkix-bks; Tue, 16 Apr 2002 01:02:15 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3G82Dm08535 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 01:02:13 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id KAA26146; Tue, 16 Apr 2002 10:04:46 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041610013435:418 ; Tue, 16 Apr 2002 10:01:34 +0200 Message-ID: <3CBBDA5D.718BB889@bull.net> Date: Tue, 16 Apr 2002 10:01:33 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Williams <peterw@valicert.com> CC: Peter Sylvester <Peter.Sylvester@edelweb.fr>, ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5AB@polaris.valicert.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 10:01:34, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 16/04/2002 10:02:07, Serialize complete at 16/04/2002 10:02:07 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > Denis: > > In your phrase "authorised CRL issuers or authorised OCSP > responders", who performs the act of authorization? Many questions and simple answers. Authorized means authorized by the CA that has issued the certificate. Authorized CRL Issuers and authorized OCSP responders are designated by the CA. > Which mechanism(s) of OCSP communicate > and handle "authorization", for the OCSP case? A certificate is issued by the CA for the OCSP responder. > Who is responsible for "enforcing" the authorization > policy, of the authorization scheme, for the OCSP case? The CA that has issued the certificate. > Which procedures of the (to be specified) DPV Protocol > will perform the requirements for authorization > enforcement for DPV? And the interaction of DPV > with CRL issuers and OCSP responders, and any > other repository access provider. Certificates issued by the CA for the CRL Issuers and OCSP responders will do it. > When a DPV relay server receives an OCSP response > set from the upstream DPV relay, will it > (a) forward the OCSP responses to the client? > (b) reverify the OCSP responses, before sending material > to the client? > (c) take legal responsibility for the upstream > validation policy enforcement? A DPV server does not simply send back an OCSP response, but a DPV response which *may* be accompanied with certificates, CRLs and OCSP responses, *all* verified. > How will the DPV relay server know if the > OCSP responder upstream (several DPV relay > servers away) is "authorized"? See above. > If a DPV server relays a DPV request, and > authorization is issued by the relying party, Authorisation comes from a CA, not from a relying party. > how will an upstream DPV server enforce > the policy - without knowledge of > the relying party identity, and the > validation policy. The validation policy has to be known from a DPV server. Denis > >>>>-----Original Message----- > >>>>From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > >>>>Sent: Monday, April 15, 2002 12:49 AM > >>>>To: Peter Sylvester > >>>>Cc: ietf-pkix@imc.org > >>>>Subject: Re: Open issue: DPV relay > >>>> > >>>>The DPV request MUST allow the client to request the response to > >>>>include either the certification path and the revocation status > >>>>information from authorised CRL issuers or authorised OCSP > >>>>responders, > >>>>or a DPV response from a DPV server that is trusted under the > >>>>validation policy. This information may allow other clients, not > >>>>trusting the requested DPV server to be confident that the > >>>>certificate > >>>>validation has correctly be performed. When the certificate > >>>>is valid > >>>>according to the validation policy, the server MUST, upon request, > >>>>include that information in the response. However, the server MAY > >>>>omit that information when the certificate is invalid or when it > >>>>cannot determine the validity. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3G6CfH19842 for ietf-pkix-bks; Mon, 15 Apr 2002 23:12:41 -0700 (PDT) Received: from maila.telia.com (maila.telia.com [194.22.194.231]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3G6Cdm19832 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 23:12:40 -0700 (PDT) Received: from arport (t4o69p69.telia.com [62.20.145.189]) by maila.telia.com (8.11.6/8.11.6) with SMTP id g3G6CgS12086 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 08:12:43 +0200 (CEST) Message-ID: <003d01c1e515$c1f07600$0500a8c0@arport> From: "Anders Rundgren" <anders.rundgren@telia.com> To: <ietf-pkix@imc.org> Subject: Hi-Jacking the VeriSign WebServer CA Date: Tue, 16 Apr 2002 09:10:13 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Pardon the interesting title :-) The following is a part of a coming B2B- standard that I want you PKIXers to comment on. The scenario -------------- A multi-party portal supporting potentially millions of small businesses, will, using the OBI Express B2B-standard, be forced to keep a unique company-certificate and associated private key for each hosted business- entity. AKA a "Digital Company Paper". The private keys are only used on the portal-server, and never distributed as OBI Express is based on organization-level, server-based PKI. A portal of this kind typically only vouches for the hosted business-entity as being a customer of the portal with a certain internal customer-ID and common name. Mostly because this is a safe thing for the portal to do. To do this efficiently and securely, the portal usually has an integral CA-function, with a corresponding CA-cert and key. A business- entity's "Digital Company Paper" is automatically created during the registration of the business entity. Renewals are performed automatically in the background. Revocation does not apply, as you simply disable or delete the account if a customer is not wanted anymore. Private keys are preferably protected by HW-cryptography. The problem -------------- All this is great, but it also effectively means that each portal will become an independent CA-root to be accepted, installed etc. by RPs. This somewhat defeats the OBI Express goal of plug-and-play operation. To make the portal-CA a part of an existing and trusted hierarchy is certainly possible (who's?), but is also likely to cost a minor fortune. The work-around -------------------- The portal signs a message containing the local portal-CA certpath using a web-server certificate issued by a generally known and trusted issuer like VeriSign (a web-server certificate is BTW needed anyway, as OBI Express uses HTTPS for all external communication). Then the portal publishes this message for existing and potential RPs to use (OBI Express' PKI-support functions are capable of performing the dual path- validations needed). ==================================================== By doing this, the portal-CA gets a certified "home" and can (depending on local policy) be "auto-accepted" as it was a part of the VeriSign tree. ==================================================== The only difference trustwise is that VeriSign has not sanctioned the portal's CA-activities. But for RPs that do not know the portal, that does not mean much. This is IMHO a problem with deeply nested PKIs in general. For a business operation, the concept of trust is also a bit more complicated than just a trustworthy digital certificate. It is more about reputation, and execution. To use a web server certificate as a CA-certificate had been even better, but VeriSign's et al's key-usage constraints for avoiding trust- anchor hi-jacking (!), make PKIX-conformant path-validation fail. Is this hi-jacking illegal, unethical, technically broken, or just a "clever" way to save maybe $25-$100K / installation? Anders Rundgren X-OBI Trademarks: OBI and OBI Express are trademarks of CommerceNet Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3G334q11357 for ietf-pkix-bks; Mon, 15 Apr 2002 20:03:04 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3G333m11353 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 20:03:03 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GUM00L01ECNWK@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 15 Apr 2002 10:38:48 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GUM00L6QECNRV@ext-mail.valicert.com>; Mon, 15 Apr 2002 10:38:47 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <2X07K5C5>; Mon, 15 Apr 2002 10:40:58 -0700 Content-return: allowed Date: Mon, 15 Apr 2002 10:40:52 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Open issue: DPV relay To: "'Denis Pinkas'" <Denis.Pinkas@bull.net>, Peter Sylvester <Peter.Sylvester@edelweb.fr> Cc: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5AB@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis: In your phrase "authorised CRL issuers or authorised OCSP responders", who performs the act of authorization? Which mechanism(s) of OCSP communicate and handle "authorization", for the OCSP case? Who is responsible for "enforcing" the authorization policy, of the authorization scheme, for the OCSP case? Which procedures of the (to be specified) DPV Protocol will perform the requirements for authorization enforcement for DPV? And the interaction of DPV with CRL issuers and OCSP responders, and any other repository access provider. When a DPV relay server receives an OCSP response set from the upstream DPV relay, will it (a) forward the OCSP responses to the client? (b) reverify the OCSP responses, before sending material to the client? (c) take legal responsibility for the upstream validation policy enforcement? How will the DPV relay server know if the OCSP responder upstream (several DPV relay servers away) is "authorized"? If a DPV server relays a DPV request, and authorization is issued by the relying party, how will an upstream DPV server enforce the policy - without knowledge of the relying party identity, and the validation policy. >>>>-----Original Message----- >>>>From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] >>>>Sent: Monday, April 15, 2002 12:49 AM >>>>To: Peter Sylvester >>>>Cc: ietf-pkix@imc.org >>>>Subject: Re: Open issue: DPV relay >>>> >>>>The DPV request MUST allow the client to request the response to >>>>include either the certification path and the revocation status >>>>information from authorised CRL issuers or authorised OCSP >>>>responders, >>>>or a DPV response from a DPV server that is trusted under the >>>>validation policy. This information may allow other clients, not >>>>trusting the requested DPV server to be confident that the >>>>certificate >>>>validation has correctly be performed. When the certificate >>>>is valid >>>>according to the validation policy, the server MUST, upon request, >>>>include that information in the response. However, the server MAY >>>>omit that information when the certificate is invalid or when it >>>>cannot determine the validity. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3G2TSV10729 for ietf-pkix-bks; Mon, 15 Apr 2002 19:29:28 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3G2TQm10725 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 19:29:26 -0700 (PDT) Received: from tsg1 ([12.81.64.131]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020416022924.ITVF28245.mtiwmhc23.worldnet.att.net@tsg1>; Tue, 16 Apr 2002 02:29:24 +0000 Message-ID: <004e01c1e4ee$5e51e7e0$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Michael Myers" <myers@coastside.net> Cc: <ietf-pkix@imc.org> References: <EOEGJNFMMIBDKGFONJJDOEJDCJAA.myers@coastside.net> <3CBB0848.9C19980C@bull.net> Subject: Re: Two more nits re: DPV/DPD rqmts Date: Mon, 15 Apr 2002 19:01:43 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> ----- Original Message ----- From: "Denis Pinkas" <Denis.Pinkas@bull.net> To: "Michael Myers" <myers@coastside.net> Cc: <ietf-pkix@imc.org> Sent: Monday, April 15, 2002 10:05 AM Subject: Re: Two more nits re: DPV/DPD rqmts > > Mike, > > > Russ, Denis: > > > > Section 4, Delegated Path Validation Protocol Requirements > > begins with: > > "The Delegated Path Validation (DPV) protocol allows . . ." > > > > Similarly, Section 5 Delegated Path Discovery Protocol > > Requirements begins with: > > "The Delegated Path Discovery (DPD) protocol allows . . ." > > > > Since we're defining requirements and not protocols in this I-D, > > you may wish to consider amending both these phrases towards > > something along the lines of "DPV protocols allow . . ." and > > "DPD protocols allow . . ." respectively. > > Are we really defining multiple protocols ? > I was assuming that we would like only one. > I prefer to keep the current text. Denis - are you saying that it is PKIX's operating rule to only allow one of each protocol type its working on? Is this true Tim and Steve Kent? Todd > > Denis > > > > > Mike > > > > Michael Myers > > t: +415.819.1362 > > e: mailto:mike@traceroutesecurity.com > > w: http://www.traceroutesecurity.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FNTsI07024 for ietf-pkix-bks; Mon, 15 Apr 2002 16:29:54 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FNTqm07018 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 16:29:52 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3FNTpPm020402; Mon, 15 Apr 2002 16:29:51 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Tim Polk" <tim.polk@nist.gov>, <ietf-pkix@imc.org> Subject: RE: Open issue: DPV relay Date: Mon, 15 Apr 2002 16:27:03 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDEEMFCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <4.2.0.58.20020415145538.00cb0f00@email.nist.gov> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, A few specific comments embedded below regarding relay. In summary: 1. Relay may some day be relevant to clients; 2. Relay history lists may get long, another solution?; and 3. Common servers may not be the same vendors five years out. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Tim Polk > Sent: Monday, April 15, 2002 1:08 PM > To: ietf-pkix@imc.org > Subject: RE: Open issue: DPV relay > > > > Folks, > > Here is my take on the relay/referral fracas, in two parts. > > The first part addresses DPV relay includes (1) my > assumptions about DPV, (2) a little rationale, and > (3) a proposed "solution" for DPV replay. The > second part amounts to four complaints about the > impact of adding > referrals, and my belief that > it should not be supported. > > > Part 1: DPV Relay > Proposal > > Assumption #1: > > DPV relay is irrelevant to DPV clients. They request > answers from a trusted DPV server X, and server X MUST > stand behind the response. (That is, X can't say "I don't > know, but Server Y says this certificate is okay." It > is up to X whether it can trust that answer.) We may be premature in assuming relay will never be relevant to clients. In future applications it may be important for a client to have in hand a digitally signed assertion from the entity ultimately at risk for the reliability of a certificate even if the client trusts a given server as a service aggregation point for the purposes of system design economy. > > Assumption #2: > > Many DPV servers will not relay requests. > > Tim's Theory and what it is, too: > > DPV servers that do not relay requests do not care if > the request has been relayed before they received it. I assume your further thinking is, "because in the event they can't satisfy the request, they'll assert 'unknown' rather than seek a suitable relay hop, thus breaking the relay chain." Correct? > That only matters for loop detection/relay limits, etc. > > DPV servers that do relay requests MUST be able to > detect whether or not the request has been previously > relayed, and the request MUST have the complete list of > servers that have received the request. > > So, the conformance requirements: > > Support for DPV relay is OPTIONAL for DPV servers. > DPV servers that do not relay requests do not need > to process or recognize the relay history information. > > DPV servers that relay requests MUST satisfy all the > following conditions: > > (1) recognize and process relay history if present > in a DPV request; I'm a bit worried about relay history being an increasingly long list of server names and IP addresses. There should be something simpler here that enables loop detection. Problem is I'm not sure we can predict what it would look like until we get into the protocol selection issue. > (2) able to generate a relay history including the > complete list of servers that have already > forwarded this request; and See above. > (3) before relaying a request, the DPV server MUST verify > that the chosen DPV server has not already seen the > message. (That is loop detection occurs at the requester, > not the recipient). Loop detection at the requester makes sense. > This proposal does not impact clients, it simplifies > the most common DPV servers, Hmm. In five years the most common DPV servers may not be those currently in favor. Maybe you meant to say this differently, but I'm hearing that market share and installed base is relevant to our technical considerations. I'm confident this is a minor point easily clarified due to my misreading of the above. > and it places *all* the burden on DPV servers that relay > requests. (As it should be, in my opinion.) Looking forward, clients might want a piece of the action. Hard to predict what the storage and processing limitations will be (e.g. increasingly smarter smart cards). My sense is those capabilities are reliably expanding. Certainly though, our intent from the very beginning with online status mechanisms was to push complexity to the backend and so make it easier to initiate, deploy and maintain a PKI. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FLc3904802 for ietf-pkix-bks; Mon, 15 Apr 2002 14:38:03 -0700 (PDT) Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FLc1m04798 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 14:38:01 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <JAAN6SNG>; Mon, 15 Apr 2002 17:22:35 -0400 Message-ID: <9A4F653B0A375841AC75A8D17712B9C9030D22B1@sottmxs04.entrust.com> From: Tim Moses <tim.moses@entrust.com> To: "'Trevor Freeman'" <trevorf@windows.microsoft.com>, Tim Polk <tim.polk@nist.gov>, ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Date: Mon, 15 Apr 2002 17:22:34 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1E4C3.A8D48460" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1E4C3.A8D48460 Content-Type: text/plain; charset="iso-8859-1" I'm hearing nothing but good sense. All the best. Tim. ----------------------------------------- Tim Moses Tel: 613.270.3183 -----Original Message----- From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] Sent: Monday, April 15, 2002 4:47 PM To: Tim Polk; ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Hi Tim, I am in 100% agreement on assumption 1 and consider this one of the cornerstones of DPV. Given assumption 1, I really don't care how many servers do\do not support relay. We need a loop detection payload in a request, but that is all. A client should have full confidence that all it will get back from the DPV server is a yes or no answer. My biggest compliant is around C. This is a critical difference between DPV and LDAP referrals. It cannot simply return a referral because the client may not trust the server referred to. If you go down the rat hole of also returning a signed token to say if you trust me, you can also trust him we should give ourselves a red card for client complexity. The whole point of this work is that the client wants to say "I want a strait yes\no answer to this question and don't bother me with details". So no flammable comments here, just agreement. Trevor -----Original Message----- From: Tim Polk [mailto:tim.polk@nist.gov] Sent: Monday, April 15, 2002 1:08 PM To: ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Folks, Here is my take on the relay/referral fracas, in two parts. The first part addresses DPV relay includes (1) my assumptions about DPV, (2) a little rationale, and (3) a proposed "solution" for DPV replay. The second part amounts to four complaints about the impact of adding referrals, and my belief that it should not be supported. Part 1: DPV Relay Proposal Assumption #1: DPV relay is irrelevant to DPV clients. They request answers from a trusted DPV server X, and server X MUST stand behind the response. (That is, X can't say "I don't know, but Server Y says this certificate is okay." It is up to X whether it can trust that answer.) Assumption #2: Many DPV servers will not relay requests. Tim's Theory and what it is, too: DPV servers that do not relay requests do not care if the request has been relayed before they received it. That only matters for loop detection/relay limits, etc. DPV servers that do relay requests MUST be able to detect whether or not the request has been previously relayed, and the request MUST have the complete list of servers that have received the request. So, the conformance requirements: Support for DPV relay is OPTIONAL for DPV servers. DPV servers that do not relay requests do not need to process or recognize the relay history information. DPV servers that relay requests MUST satisfy all the following conditions: (1) recognize and process relay history if present in a DPV request; (2) able to generate a relay history including the complete list of servers that have already forwarded this request; and (3) before relaying a request, the DPV server MUST verify that the chosen DPV server has not already seen the message. (That is loop detection occurs at the requester, not the recipient). This proposal does not impact clients, it simplifies the most common DPV servers, and it places *all* the burden on DPV servers that relay requests. (As it should be, in my opinion.) Part 2: DPV Referrals Complaint A Referrals impact *all* DPV clients, significantly increasing their complexity. Currently, the requirements indicate whether or not the server could build a satisfactory path. It seems to me that referrals force all DPV clients to interpret a new class of answers: "I don't know but ask Server B". (By itself, this isn't that compelling, I admit. They get stronger, IMHO.) Complaint B One of the nice features of DPV is a single "proof" for archival. This feature is broken by the introduction of DPV referrals. Assume Alice is trusts Server A, but she receives a referral indicating that Server A trusts Server B to validate this certificate. Alice will need to maintain both the referral from Server A and the answer from Server B. Complaint C Referrals for DPV are a very different animal than LDAP referrals. Once again, assume Alice is trusts Server A but she receives a referral indicating that Server A trusts Server B to validate this certificate. Alice will need to authenticate the identity of Server B using information from Server A. I think that means that Server A needs to identify Server B by including Server B's public key in the referral. If that is true, we just created a parallel key management infrastructure and increased the complexity of our universe. Complaint D If LDAP is any indicator, nobody does referrals anyway. Since DPV referrals will be significantly more complex, wouldn't it be better to put the load on the server? Alright, I'm off my soapbox. Flame suit is zipped. What do you all think of these proposals? Thanks, Tim Polk ------_=_NextPart_001_01C1E4C3.A8D48460 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: Open issue: DPV relay</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>I'm hearing nothing but good sense. All the = best. Tim.</FONT> </P> <P><FONT SIZE=3D2>-----------------------------------------</FONT> <BR><FONT SIZE=3D2>Tim Moses</FONT> <BR><FONT SIZE=3D2>Tel: 613.270.3183</FONT> </P> <BR> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Trevor Freeman [<A = HREF=3D"mailto:trevorf@windows.microsoft.com">mailto:trevorf@windows.mic= rosoft.com</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Monday, April 15, 2002 4:47 PM</FONT> <BR><FONT SIZE=3D2>To: Tim Polk; ietf-pkix@imc.org</FONT> <BR><FONT SIZE=3D2>Subject: RE: Open issue: DPV relay</FONT> </P> <BR> <BR> <P><FONT SIZE=3D2>Hi Tim,</FONT> <BR><FONT SIZE=3D2>I am in 100% agreement on assumption 1 and consider = this one of the</FONT> <BR><FONT SIZE=3D2>cornerstones of DPV. Given assumption 1, I really = don't care how many</FONT> <BR><FONT SIZE=3D2>servers do\do not support relay. We need a loop = detection payload in a</FONT> <BR><FONT SIZE=3D2>request, but that is all. A client should have full = confidence that all</FONT> <BR><FONT SIZE=3D2>it will get back from the DPV server is a yes or no = answer. My biggest</FONT> <BR><FONT SIZE=3D2>compliant is around C. This is a critical difference = between DPV and</FONT> <BR><FONT SIZE=3D2>LDAP referrals. It cannot simply return a referral = because the client</FONT> <BR><FONT SIZE=3D2>may not trust the server referred to. If you go down = the rat hole of</FONT> <BR><FONT SIZE=3D2>also returning a signed token to say if you trust = me, you can also trust</FONT> <BR><FONT SIZE=3D2>him we should give ourselves a red card for client = complexity. The whole</FONT> <BR><FONT SIZE=3D2>point of this work is that the client wants to say = "I want a strait</FONT> <BR><FONT SIZE=3D2>yes\no answer to this question and don't bother me = with details".</FONT> <BR><FONT SIZE=3D2>So no flammable comments here, just = agreement.</FONT> <BR><FONT SIZE=3D2>Trevor</FONT> </P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Tim Polk [<A = HREF=3D"mailto:tim.polk@nist.gov">mailto:tim.polk@nist.gov</A>] </FONT> <BR><FONT SIZE=3D2>Sent: Monday, April 15, 2002 1:08 PM</FONT> <BR><FONT SIZE=3D2>To: ietf-pkix@imc.org</FONT> <BR><FONT SIZE=3D2>Subject: RE: Open issue: DPV relay</FONT> </P> <BR> <P><FONT SIZE=3D2>Folks,</FONT> </P> <P><FONT SIZE=3D2>Here is my take on the relay/referral fracas, in two = parts.</FONT> </P> <P><FONT SIZE=3D2>The first part addresses DPV relay includes (1) my = assumptions about</FONT> <BR><FONT SIZE=3D2>DPV, </FONT> <BR><FONT SIZE=3D2>(2) a little rationale, and (3) a proposed = "solution" for DPV replay.</FONT> <BR><FONT SIZE=3D2>The </FONT> <BR><FONT SIZE=3D2>second part amounts to four complaints about the = impact of adding </FONT> <BR><FONT SIZE=3D2>referrals, and my belief that it should not be = supported.</FONT> </P> <P><FONT = SIZE=3D2> &nb= sp; &nb= sp; &nb= sp; &nb= sp; Part 1: = DPV</FONT> <BR><FONT SIZE=3D2>Relay </FONT> <BR><FONT SIZE=3D2>Proposal</FONT> </P> <P><FONT SIZE=3D2>Assumption #1:</FONT> </P> <P><FONT SIZE=3D2>DPV relay is irrelevant to DPV clients. They = request answers from a </FONT> <BR><FONT SIZE=3D2>trusted DPV server X, and server X MUST stand behind = the response.</FONT> <BR><FONT SIZE=3D2>(That </FONT> <BR><FONT SIZE=3D2>is, X can't say "I don't know, but Server Y = says this certificate is </FONT> <BR><FONT SIZE=3D2>okay." It is up to X whether it can trust = that answer.)</FONT> </P> <P><FONT SIZE=3D2>Assumption #2:</FONT> </P> <P><FONT SIZE=3D2>Many DPV servers will not relay requests.</FONT> </P> <P><FONT SIZE=3D2>Tim's Theory and what it is, too:</FONT> </P> <P><FONT SIZE=3D2>DPV servers that do not relay requests do not care if = the request has</FONT> <BR><FONT SIZE=3D2>been </FONT> <BR><FONT SIZE=3D2>relayed before they received it. That only = matters for loop </FONT> <BR><FONT SIZE=3D2>detection/relay limits, etc.</FONT> </P> <P><FONT SIZE=3D2>DPV servers that do relay requests MUST be able to = detect whether or not</FONT> </P> <P><FONT SIZE=3D2>the request has been previously relayed, and the = request MUST have the </FONT> <BR><FONT SIZE=3D2>complete list of servers that have received the = request.</FONT> </P> <P><FONT SIZE=3D2>So, the conformance requirements:</FONT> </P> <P><FONT SIZE=3D2>Support for DPV relay is OPTIONAL for DPV = servers. DPV servers that do</FONT> <BR><FONT SIZE=3D2>not </FONT> <BR><FONT SIZE=3D2>relay requests do not need to process or recognize = the relay history </FONT> <BR><FONT SIZE=3D2>information.</FONT> </P> <P><FONT SIZE=3D2>DPV servers that relay requests MUST satisfy all the = following</FONT> <BR><FONT SIZE=3D2>conditions:</FONT> <BR><FONT = SIZE=3D2> = (1) recognize and process relay history if present in a DPV</FONT> <BR><FONT SIZE=3D2>request;</FONT> <BR><FONT = SIZE=3D2> = (2) able to generate a relay history including the complete</FONT> <BR><FONT SIZE=3D2>list </FONT> <BR><FONT SIZE=3D2>of servers that have</FONT> <BR><FONT = SIZE=3D2> = already forwarded this request; and</FONT> <BR><FONT = SIZE=3D2> = (3) before relaying a request, the DPV server MUST verify</FONT> <BR><FONT SIZE=3D2>that </FONT> <BR><FONT SIZE=3D2>the chosen DPV server</FONT> <BR><FONT = SIZE=3D2> = has not already seen the message. (That is loop detection </FONT> <BR><FONT SIZE=3D2>occurs at the requester,</FONT> <BR><FONT = SIZE=3D2> = not the recipient).</FONT> </P> <P><FONT SIZE=3D2>This proposal does not impact clients, it simplifies = the most common DPV</FONT> </P> <P><FONT SIZE=3D2>servers, and it places *all* the burden on DPV = servers that relay </FONT> <BR><FONT SIZE=3D2>requests. (As it should be, in my = opinion.)</FONT> </P> <P><FONT = SIZE=3D2> &nb= sp; &nb= sp; &nb= sp; &nb= sp; Part 2: DPV</FONT> <BR><FONT SIZE=3D2>Referrals</FONT> </P> <P><FONT SIZE=3D2>Complaint A</FONT> </P> <P><FONT SIZE=3D2>Referrals impact *all* DPV clients, significantly = increasing their </FONT> <BR><FONT SIZE=3D2>complexity. Currently, the requirements = indicate whether or not the</FONT> <BR><FONT SIZE=3D2>server </FONT> <BR><FONT SIZE=3D2>could build a satisfactory path. It seems to = me that referrals force</FONT> <BR><FONT SIZE=3D2>all </FONT> <BR><FONT SIZE=3D2>DPV clients to interpret a new class of answers: = "I don't know but ask </FONT> <BR><FONT SIZE=3D2>Server B". (By itself, this isn't that = compelling, I admit. They get </FONT> <BR><FONT SIZE=3D2>stronger, IMHO.)</FONT> </P> <P><FONT SIZE=3D2>Complaint B</FONT> </P> <P><FONT SIZE=3D2>One of the nice features of DPV is a single = "proof" for archival. This </FONT> <BR><FONT SIZE=3D2>feature is broken by the introduction of DPV = referrals. Assume Alice is</FONT> </P> <P><FONT SIZE=3D2>trusts Server A, but she receives a referral = indicating that Server A </FONT> <BR><FONT SIZE=3D2>trusts Server B to validate this certificate. = Alice will need to</FONT> <BR><FONT SIZE=3D2>maintain </FONT> <BR><FONT SIZE=3D2>both the referral from Server A and the answer from = Server B.</FONT> </P> <P><FONT SIZE=3D2>Complaint C</FONT> </P> <P><FONT SIZE=3D2>Referrals for DPV are a very different animal than = LDAP referrals. Once</FONT> </P> <P><FONT SIZE=3D2>again, assume Alice is trusts Server A but she = receives a referral </FONT> <BR><FONT SIZE=3D2>indicating that Server A trusts Server B to validate = this </FONT> <BR><FONT SIZE=3D2>certificate. Alice will need to authenticate = the identity of Server B </FONT> <BR><FONT SIZE=3D2>using information from Server A. I think that = means that Server A needs</FONT> <BR><FONT SIZE=3D2>to </FONT> <BR><FONT SIZE=3D2>identify Server B by including Server B's public key = in the referral.</FONT> <BR><FONT SIZE=3D2>If </FONT> <BR><FONT SIZE=3D2>that is true, we just created a parallel key = management infrastructure</FONT> <BR><FONT SIZE=3D2>and </FONT> <BR><FONT SIZE=3D2>increased the complexity of our universe.</FONT> </P> <P><FONT SIZE=3D2>Complaint D</FONT> </P> <P><FONT SIZE=3D2>If LDAP is any indicator, nobody does referrals = anyway. Since DPV </FONT> <BR><FONT SIZE=3D2>referrals will be significantly more complex, = wouldn't it be better to</FONT> <BR><FONT SIZE=3D2>put </FONT> <BR><FONT SIZE=3D2>the load on the server?</FONT> </P> <P><FONT SIZE=3D2>Alright, I'm off my soapbox. Flame suit is = zipped. What do you all</FONT> <BR><FONT SIZE=3D2>think </FONT> <BR><FONT SIZE=3D2>of these proposals?</FONT> </P> <P><FONT SIZE=3D2>Thanks,</FONT> </P> <P><FONT SIZE=3D2>Tim Polk</FONT> </P> <BR> </BODY> </HTML> ------_=_NextPart_001_01C1E4C3.A8D48460-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FL2Jb04048 for ietf-pkix-bks; Mon, 15 Apr 2002 14:02:19 -0700 (PDT) Received: from mail2.microsoft.com (mail2.microsoft.com [131.107.3.124]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FL2Hm04043 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 14:02:17 -0700 (PDT) Received: from INET-VRS-02.redmond.corp.microsoft.com ([157.54.8.110]) by mail2.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 15 Apr 2002 14:02:15 -0700 Received: from 157.54.6.150 by INET-VRS-02.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 15 Apr 2002 14:02:15 -0700 Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 15 Apr 2002 14:02:14 -0700 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 15 Apr 2002 14:02:14 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Mon, 15 Apr 2002 13:58:38 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: A few comments re: dpv-dpd requirements Date: Mon, 15 Apr 2002 13:58:40 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CDEE5F4E@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: A few comments re: dpv-dpd requirements Thread-Index: AcHkuq3R4Yc+CP93SqGPFErt89ADQwABLmnA From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Michael Myers" <myers@coastside.net>, <ietf-pkix@imc.org> X-OriginalArrivalTime: 15 Apr 2002 20:58:38.0666 (UTC) FILETIME=[50FC72A0:01C1E4C0] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3FL2Hm04044 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Mike, I still don't see it. The client is really searching for a digitally signed success case. If the server sends back nothing, an unsigned response of failure or signed response of failure - that's still a failure as far as the client is concerned. I don't see we have exposed the server in any way and we can accommodate any number of sub-statuses to the failure responses. Trevor -----Original Message----- From: Michael Myers [mailto:myers@coastside.net] Sent: Monday, April 15, 2002 1:19 PM To: Trevor Freeman; ietf-pkix@imc.org Subject: RE: A few comments re: dpv-dpd requirements Trevor, Looking at this from an abstract state machine perspective I see a first, binary branching. Upon receipt of a query, you have either: 1. FAILURE: Something's wrong here, can't proceed, raise an exception, send back an unsigned response; or 2. PROCEED: Understand the query, send to the backend for the heavy lifting needed to produce a signed response. My model is basically a frontend/backend architecture that protects the backend (and, in the case of DPV, its signing key) from DOS attacks, among other Internet-facing nastiness. This model assume of course that when a query gets to the trusted backend, a signature is required. While we're not lawyers here, it's arguable that a trusted entity's digitally signed assertion that a certificate is "invalid" could be significant in a dispute when in point of fact that trusted backend couldn't arrive at conclusion due to lack of relevant data. Given that we're still into the early stages of defining and using these things, I think it's better we enable a digitally signed "unknown" to cover this instance. Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > Sent: Friday, April 12, 2002 12:32 PM > To: Michael Myers; ietf-pkix@imc.org > Subject: RE: A few comments re: dpv-dpd requirements > > > Hi Mike, > I don't see how supporting an unknown response helps. > Unknown sounds > like a sub-status on the failure case. If I did have > multiple SA with > multiple DPV servers, anything other than a cert is > valid response will > cause me to go select the next DPV server and try > again. If I only have > one DPV server, then again, if it is not valid - it's invalid. > Insufficient information to be able to be able to > complete the request > could be a sub-status reason returned in the DPV > response, which allows > me to audit or account for why the cert was not used, > but the DPV server > should only return one of two states. > > Trevor > > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Thursday, April 04, 2002 4:51 PM > To: ietf-pkix@imc.org > Subject: A few comments re: dpv-dpd requirements > > > Russ, Denis: > > The state "unknown" is missing in Section 4, "Delegated Path > Validation Protocol Requirements". The -03 draft currently > reads: > > "The DPV response MUST indicate one of the following > two status > alternatives: > > 1) the certificate is valid according to the > validation policy. > 2) the certificate is not valid according to the validation > policy." > > I think -04 should read: > > "The DPV response MUST indicate one of the following three > status alternatives: > > 1) the certificate is valid according to the > validation policy. > 2) the certificate is not valid according to the validation > policy. > 3) the certificate is unknown to the validation server." > > Thus we remain at {valid, invalid, unknown} as primary initial > states per list-based consensus. Apologies for digging into > this, but it has relevance to the design of state machines. > > Mike > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FKpBP03818 for ietf-pkix-bks; Mon, 15 Apr 2002 13:51:11 -0700 (PDT) Received: from mail6.microsoft.com (mail6.microsoft.com [131.107.3.126]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FKpAm03814 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 13:51:10 -0700 (PDT) Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.201]) by mail6.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 15 Apr 2002 13:51:08 -0700 Received: from 157.54.6.197 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 15 Apr 2002 13:51:07 -0700 Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-06.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 15 Apr 2002 13:51:07 -0700 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 15 Apr 2002 13:51:07 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3604.0); Mon, 15 Apr 2002 13:47:23 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Open issue: DPV relay Date: Mon, 15 Apr 2002 13:47:22 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CDEE5F4D@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Open issue: DPV relay Thread-Index: AcHkunqPRvzcAPYoTmGV6FzPXVaoXQAAkl3A From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Tim Polk" <tim.polk@nist.gov>, <ietf-pkix@imc.org> X-OriginalArrivalTime: 15 Apr 2002 20:47:23.0287 (UTC) FILETIME=[BE6DCA70:01C1E4BE] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3FKpAm03815 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Tim, I am in 100% agreement on assumption 1 and consider this one of the cornerstones of DPV. Given assumption 1, I really don't care how many servers do\do not support relay. We need a loop detection payload in a request, but that is all. A client should have full confidence that all it will get back from the DPV server is a yes or no answer. My biggest compliant is around C. This is a critical difference between DPV and LDAP referrals. It cannot simply return a referral because the client may not trust the server referred to. If you go down the rat hole of also returning a signed token to say if you trust me, you can also trust him we should give ourselves a red card for client complexity. The whole point of this work is that the client wants to say "I want a strait yes\no answer to this question and don't bother me with details". So no flammable comments here, just agreement. Trevor -----Original Message----- From: Tim Polk [mailto:tim.polk@nist.gov] Sent: Monday, April 15, 2002 1:08 PM To: ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Folks, Here is my take on the relay/referral fracas, in two parts. The first part addresses DPV relay includes (1) my assumptions about DPV, (2) a little rationale, and (3) a proposed "solution" for DPV replay. The second part amounts to four complaints about the impact of adding referrals, and my belief that it should not be supported. Part 1: DPV Relay Proposal Assumption #1: DPV relay is irrelevant to DPV clients. They request answers from a trusted DPV server X, and server X MUST stand behind the response. (That is, X can't say "I don't know, but Server Y says this certificate is okay." It is up to X whether it can trust that answer.) Assumption #2: Many DPV servers will not relay requests. Tim's Theory and what it is, too: DPV servers that do not relay requests do not care if the request has been relayed before they received it. That only matters for loop detection/relay limits, etc. DPV servers that do relay requests MUST be able to detect whether or not the request has been previously relayed, and the request MUST have the complete list of servers that have received the request. So, the conformance requirements: Support for DPV relay is OPTIONAL for DPV servers. DPV servers that do not relay requests do not need to process or recognize the relay history information. DPV servers that relay requests MUST satisfy all the following conditions: (1) recognize and process relay history if present in a DPV request; (2) able to generate a relay history including the complete list of servers that have already forwarded this request; and (3) before relaying a request, the DPV server MUST verify that the chosen DPV server has not already seen the message. (That is loop detection occurs at the requester, not the recipient). This proposal does not impact clients, it simplifies the most common DPV servers, and it places *all* the burden on DPV servers that relay requests. (As it should be, in my opinion.) Part 2: DPV Referrals Complaint A Referrals impact *all* DPV clients, significantly increasing their complexity. Currently, the requirements indicate whether or not the server could build a satisfactory path. It seems to me that referrals force all DPV clients to interpret a new class of answers: "I don't know but ask Server B". (By itself, this isn't that compelling, I admit. They get stronger, IMHO.) Complaint B One of the nice features of DPV is a single "proof" for archival. This feature is broken by the introduction of DPV referrals. Assume Alice is trusts Server A, but she receives a referral indicating that Server A trusts Server B to validate this certificate. Alice will need to maintain both the referral from Server A and the answer from Server B. Complaint C Referrals for DPV are a very different animal than LDAP referrals. Once again, assume Alice is trusts Server A but she receives a referral indicating that Server A trusts Server B to validate this certificate. Alice will need to authenticate the identity of Server B using information from Server A. I think that means that Server A needs to identify Server B by including Server B's public key in the referral. If that is true, we just created a parallel key management infrastructure and increased the complexity of our universe. Complaint D If LDAP is any indicator, nobody does referrals anyway. Since DPV referrals will be significantly more complex, wouldn't it be better to put the load on the server? Alright, I'm off my soapbox. Flame suit is zipped. What do you all think of these proposals? Thanks, Tim Polk Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FKLW603321 for ietf-pkix-bks; Mon, 15 Apr 2002 13:21:32 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FKLVm03317 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 13:21:31 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3FKLVPm028865; Mon, 15 Apr 2002 13:21:31 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Trevor Freeman" <trevorf@windows.microsoft.com>, <ietf-pkix@imc.org> Subject: RE: A few comments re: dpv-dpd requirements Date: Mon, 15 Apr 2002 13:18:42 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAELNCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <4AEE3169443CDD4796CA8A00B02191CDEE5F3D@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Trevor, Looking at this from an abstract state machine perspective I see a first, binary branching. Upon receipt of a query, you have either: 1. FAILURE: Something's wrong here, can't proceed, raise an exception, send back an unsigned response; or 2. PROCEED: Understand the query, send to the backend for the heavy lifting needed to produce a signed response. My model is basically a frontend/backend architecture that protects the backend (and, in the case of DPV, its signing key) from DOS attacks, among other Internet-facing nastiness. This model assume of course that when a query gets to the trusted backend, a signature is required. While we're not lawyers here, it's arguable that a trusted entity's digitally signed assertion that a certificate is "invalid" could be significant in a dispute when in point of fact that trusted backend couldn't arrive at conclusion due to lack of relevant data. Given that we're still into the early stages of defining and using these things, I think it's better we enable a digitally signed "unknown" to cover this instance. Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@windows.microsoft.com] > Sent: Friday, April 12, 2002 12:32 PM > To: Michael Myers; ietf-pkix@imc.org > Subject: RE: A few comments re: dpv-dpd requirements > > > Hi Mike, > I don't see how supporting an unknown response helps. > Unknown sounds > like a sub-status on the failure case. If I did have > multiple SA with > multiple DPV servers, anything other than a cert is > valid response will > cause me to go select the next DPV server and try > again. If I only have > one DPV server, then again, if it is not valid - it's invalid. > Insufficient information to be able to be able to > complete the request > could be a sub-status reason returned in the DPV > response, which allows > me to audit or account for why the cert was not used, > but the DPV server > should only return one of two states. > > Trevor > > -----Original Message----- > From: Michael Myers [mailto:myers@coastside.net] > Sent: Thursday, April 04, 2002 4:51 PM > To: ietf-pkix@imc.org > Subject: A few comments re: dpv-dpd requirements > > > Russ, Denis: > > The state "unknown" is missing in Section 4, "Delegated Path > Validation Protocol Requirements". The -03 draft currently > reads: > > "The DPV response MUST indicate one of the following > two status > alternatives: > > 1) the certificate is valid according to the > validation policy. > 2) the certificate is not valid according to the validation > policy." > > I think -04 should read: > > "The DPV response MUST indicate one of the following three > status alternatives: > > 1) the certificate is valid according to the > validation policy. > 2) the certificate is not valid according to the validation > policy. > 3) the certificate is unknown to the validation server." > > Thus we remain at {valid, invalid, unknown} as primary initial > states per list-based consensus. Apologies for digging into > this, but it has relevance to the design of state machines. > > Mike > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FK9qH03075 for ietf-pkix-bks; Mon, 15 Apr 2002 13:09:52 -0700 (PDT) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FK9om03071 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 13:09:50 -0700 (PDT) Received: from st25 (st25.ncsl.nist.gov [129.6.54.67]) by email.nist.gov (8.12.2/8.12.2) with ESMTP id g3FK9pvV003137 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 16:09:51 -0400 (EDT) Message-Id: <4.2.0.58.20020415145538.00cb0f00@email.nist.gov> X-Sender: wpolk@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 15 Apr 2002 16:08:03 -0400 To: ietf-pkix@imc.org From: Tim Polk <tim.polk@nist.gov> Subject: RE: Open issue: DPV relay In-Reply-To: <4AEE3169443CDD4796CA8A00B02191CDEE5F45@win-msg-01.wingroup .windeploy.ntdev.microsoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Folks, Here is my take on the relay/referral fracas, in two parts. The first part addresses DPV relay includes (1) my assumptions about DPV, (2) a little rationale, and (3) a proposed "solution" for DPV replay. The second part amounts to four complaints about the impact of adding referrals, and my belief that it should not be supported. Part 1: DPV Relay Proposal Assumption #1: DPV relay is irrelevant to DPV clients. They request answers from a trusted DPV server X, and server X MUST stand behind the response. (That is, X can't say "I don't know, but Server Y says this certificate is okay." It is up to X whether it can trust that answer.) Assumption #2: Many DPV servers will not relay requests. Tim's Theory and what it is, too: DPV servers that do not relay requests do not care if the request has been relayed before they received it. That only matters for loop detection/relay limits, etc. DPV servers that do relay requests MUST be able to detect whether or not the request has been previously relayed, and the request MUST have the complete list of servers that have received the request. So, the conformance requirements: Support for DPV relay is OPTIONAL for DPV servers. DPV servers that do not relay requests do not need to process or recognize the relay history information. DPV servers that relay requests MUST satisfy all the following conditions: (1) recognize and process relay history if present in a DPV request; (2) able to generate a relay history including the complete list of servers that have already forwarded this request; and (3) before relaying a request, the DPV server MUST verify that the chosen DPV server has not already seen the message. (That is loop detection occurs at the requester, not the recipient). This proposal does not impact clients, it simplifies the most common DPV servers, and it places *all* the burden on DPV servers that relay requests. (As it should be, in my opinion.) Part 2: DPV Referrals Complaint A Referrals impact *all* DPV clients, significantly increasing their complexity. Currently, the requirements indicate whether or not the server could build a satisfactory path. It seems to me that referrals force all DPV clients to interpret a new class of answers: "I don't know but ask Server B". (By itself, this isn't that compelling, I admit. They get stronger, IMHO.) Complaint B One of the nice features of DPV is a single "proof" for archival. This feature is broken by the introduction of DPV referrals. Assume Alice is trusts Server A, but she receives a referral indicating that Server A trusts Server B to validate this certificate. Alice will need to maintain both the referral from Server A and the answer from Server B. Complaint C Referrals for DPV are a very different animal than LDAP referrals. Once again, assume Alice is trusts Server A but she receives a referral indicating that Server A trusts Server B to validate this certificate. Alice will need to authenticate the identity of Server B using information from Server A. I think that means that Server A needs to identify Server B by including Server B's public key in the referral. If that is true, we just created a parallel key management infrastructure and increased the complexity of our universe. Complaint D If LDAP is any indicator, nobody does referrals anyway. Since DPV referrals will be significantly more complex, wouldn't it be better to put the load on the server? Alright, I'm off my soapbox. Flame suit is zipped. What do you all think of these proposals? Thanks, Tim Polk Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FIcCa01012 for ietf-pkix-bks; Mon, 15 Apr 2002 11:38:12 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3FIcAm01007 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 11:38:10 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 Apr 2002 18:37:04 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id OAA19287 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 14:36:54 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3FIcFi22210 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 14:38:15 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1SW09>; Mon, 15 Apr 2002 14:35:46 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.155]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1SW06; Mon, 15 Apr 2002 14:35:34 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Tom Gindin <tgindin@us.ibm.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020415143619.02f76e90@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 15 Apr 2002 14:37:15 -0400 Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt In-Reply-To: <OFA53E7AEF.F4D33908-ON85256B96.0073D849@pok.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom: We are about to post an update to the draft. Expect to see it in the next day or so. I recognize the severe memory constraints of smartcards. Russ At 12:35 PM 4/10/2002 -0400, Tom Gindin wrote: > Russ: > > Most of the following concerns the data structures of the current >draft and of my last posting. First, should the URI really be optional in >cases where the binary component is a hash? What good is the logotype >field with a hash but no way to reference the image? Second, I have >reviewed draft-ietf-idn-uri-01.txt (by Martin Duerst) and it recommends >that internationalized URI strings be converted to UTF-8 but then escaped >using %HH, so UTF8String is unnecessary. Therefore, we should simplify >VerifiedReference as follows: > VerifiedReference ::= SEQUENCE { > hashAlgorithm AlgorithmIdentifier, > dataHash OCTET STRING, > uri IA5String, > } > > On a different topic, smart cards and other tokens have the least >space of any place certificates are likely to be put, so if in-line >logotypes are OK there they're OK anywhere. > > Tom Gindin > > >"Housley, Russ" <rhousley@rsasecurity.com> on 04/08/2002 01:17:11 PM > >To: Tom Gindin/Watson/IBM@IBMUS >cc: ietf-pkix@imc.org >Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt > > >Tom: > > >The following is just a personal opinion, but one based on fairly > >well-understood trends. I don't think that in-line logotypes are >CURRENTLY > >worth the space that they'd take up on a smart card, but I would guess >that > >they will be in two more smart-card generations and perhaps only one. > >Given the amount of time between standard proposal and deployment, it's >not > >premature to standardize it. > >I tend to agree with your assessment of storage on smart cards. Today, all > >of the certificates stored on one smart card are likely to be associated >with one community. Therefore, a logo will like appear on the smart card >itself. > >Of course, there are other places that certificates and private keys are >stored.... > > > However, I also have a question about the current data structure. > >First, why is the URI optional (assuming that the only binary value is the > >digest, as at present)? Second, why would we not permit in-line logotypes > >(in which case the URI is suppressed)? This would require some edits to > >LogotypeData, but nothing very difficult. One possibility would be: > > LogotypeData ::= SEQUENCE { > > typeOfLogotype TypeOfLogotype, > > hashAlgorithm AlgorithmIdentifier, -- might be >OPTIONAL, > >it's not meaningful for GIF's > > CHOICE { > > logotypeDataHash OCTET STRING, > > gif [0] IMPLICIT OCTET STRING > > }, > > logotypeDataUri IA5String OPTIONAL } > > > > Another would be: > > LogotypeData ::= SEQUENCE { > > typeOfLogotype TypeOfLogotype, > > CHOICE { > > logotypeReference VerifiedReference, > > gif OCTET STRING > > } > > } > > VerifiedReference ::= SEQUENCE { > > hashAlgorithm AlgorithmIdentifier, > > dataHash OCTET STRING, > > CHOICE { > > uri IA5String, > > intlUri UTF8String } > > } > > > > > > IMO VerifiedReference is a generally useful type, so its names do >not > >contain reference to logotypes. My understanding of COMPONENTS OF, which > >may be faulty, is that defining LogotypeData using COMPONENTS OF > >VerifiedReference as an element of a CHOICE would not produce a useful > >result because each of the elements of VerifiedReference would show up in > >the CHOICE rather than merely hashAlgorithm going into the CHOICE with the > >other fields added to LogotypeData's SEQUENCE. > >We are in the final steps of an updated I-D. It addresses some of these >issues, but not all. > >Is there a reference for UTF8String URI? > >Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FHsu529924 for ietf-pkix-bks; Mon, 15 Apr 2002 10:54:56 -0700 (PDT) Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FHstm29920 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 10:54:55 -0700 (PDT) Received: from inet-vrs-01.redmond.corp.microsoft.com ([157.54.8.27]) by mail1.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 15 Apr 2002 10:54:48 -0700 Received: from 157.54.5.25 by inet-vrs-01.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 15 Apr 2002 10:54:51 -0700 Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-03.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 15 Apr 2002 10:54:51 -0700 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 15 Apr 2002 10:54:51 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Mon, 15 Apr 2002 10:51:20 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Open issue: DPV relay Date: Mon, 15 Apr 2002 10:51:17 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CDEE5F45@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Open issue: DPV relay Thread-Index: AcHkhUXzzab0d+8lSVCefsr77LvyRwAHtY2w From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: <stephen.farrell@baltimore.ie>, "Housley, Russ" <rhousley@rsasecurity.com> Cc: "pkix" <ietf-pkix@imc.org> X-OriginalArrivalTime: 15 Apr 2002 17:51:20.0004 (UTC) FILETIME=[2638B840:01C1E4A6] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3FHstm29921 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stephen, There is obviously a relationship between implementation complexity and protocol design. We are proposing a simple model where the client only has to consider two responses from the DPV server, success or failure. Nothing in that model excludes a DPV server for accessing or requesting any resource it chooses. A DPV server can therefore act as a DPC client to other DPV servers. What is not clear is why you seem to be so keen for the original PDV client to do this work of contacting other DPV servers instead of the client's original DPV server. If the DPV server truly believes that an answer can be obtained from anther resource - why can't it go get that answer for the client? What does the client know that the server does not which would make that work? What piece of information is missing from the DPV server that by returning a DPV referral to the client, something will be accomplished that it could not do itself? Trevor -----Original Message----- From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] Sent: Monday, April 15, 2002 6:54 AM To: Housley, Russ Cc: pkix Subject: Re: Open issue: DPV relay Russ, It seems that essentially you want to change "protocols MAY re-direct/m-c" into "protocols MUST NOT re-direct/m-c", right? - I fail to see how the MAY option adds complexity to clients since presumably the protocol you like that meets the requirements won't take up the "MAY" option and it won't be an issue for such clients. Even if a conforming protocol does include re-direct, the text proposed ensures that there is mandatory impact on clients. - Allowing re-direct/m-c does allow for some interesting server to server interactions (in an IMO clean way) as previously discussed on the list. I see no reason to prohibit those or cause vendors to re-invent or corrupt their use of a dpv protocol in order to support such cases. - We can in any case judge relative compexity issues (only?) when concrete protocols are being compared against these requirements. So, all in all, I see no reason to forbid protocols to support these mechcnisms and some reasons to allow protocols to do so and no reason at all to make a premature decision on this. Regards, Stephen. "Housley, Russ" wrote: > > I am strongly opposed to any requirements regarding re-direction (a.k.a. > referrals) or multicasting. These services would add considerable > complexity to the client side of the interface, making support for > lightweight clients more difficult. > > I have specific comments below... > > >4.2. Relaying, re-direction and multicasting. > > > >Protocols designed to conform to these requirements MAY include > >optional fields and extensions to support relaying, re-direction or > >multicasting features. DPV clients are NOT REQUIRED to support relay, > >re-direct or multicast, therefore clients or servers which do not > >support such features still conform to the basic set of requirements. > >DPV servers are NOT REQUIRED either to support relay, re-direct or > >multicast. > > I can support relaying (a.k.a. chaining) because it does not add complexity > to the client. > > These are not protocol requirements. They are implementation requirements, > and we are not defining a protocol in this document. > > I prefer: > > Protocols designed to satisfy these requirements MAY include mechanisms for > relaying. However, such protocols MUST NOT include mechanisms for > re-direction or multicasting. Re-direction or multicasting mechanisms > would add considerable complexity to the client side of the interface, > making support for lightweight clients more difficult. > > >1. Where relay or re-direct mechanisms are supported by a server > > a mechanism to detect loops or repetition SHOULD be supported. > > I think that SHOULD ought to be changed to MUST. > I think that re-direct ought to be deleted. > > >2. Where a DPV server chooses to re-direct the request to another > > DPV server (i.e. chooses to provide a referral), a mechanism to > > provide information to be used for the re-direction SHOULD be > > supported. Note: In case where information to be used for the > > re-direction is sent back, clients are NOT REQUIRED to interpret > > that information (but MAY do so). > > I think that this should be deleted. > > >3. These features MAY be supported by using additional parameters > > in the request and/or response. Clients and servers that do not > > support such additional parameters MUST still be able to use/offer > > DPV service. In this way, implementers need not understand the > > semantics of any such extensions. > > I think that additional ought to be changed to optional. > > Russ -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FHXgG29007 for ietf-pkix-bks; Mon, 15 Apr 2002 10:33:42 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3FHXem29003 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 10:33:40 -0700 (PDT) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 Apr 2002 17:32:34 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA14108 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 13:32:23 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3FHXio15935 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 13:33:44 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1SWAB>; Mon, 15 Apr 2002 13:31:15 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.17]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1SV06; Mon, 15 Apr 2002 13:31:02 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: todd glassey <todd.glassey@worldnet.att.net> Cc: PKIX-IETF <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020415132724.02f4ce58@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 15 Apr 2002 13:31:44 -0400 Subject: Re: Open issue: DPV relay In-Reply-To: <016201c1e49e$6d53aad0$020aff0a@tsg1> References: <5.1.0.14.2.20020415091244.03104418@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Todd: You wrote: >Doesn't chaining change the trust model since it will now not be clear at >which link along the chain any trust-transaction went green or red. My take >is that DPV still is far from being done since the use model is in conflict. No. The client gets a response from the server that it sent the request to in the first place. The response is signed, and it can be validated with the expected trusted public key. The fact that the DPV server used the resources of other DPV servers to fulfill the request is transparent to the client. Of course, the first DPV server administrator must do some checking into the subsequent DPV servers in the chain before configuring it to forward requests. That is, the subsequent DPV servers must meet the requirements of the validation policy. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FHQbs28854 for ietf-pkix-bks; Mon, 15 Apr 2002 10:26:37 -0700 (PDT) Received: from gonzo.aus.rsa.com (mail.rsasecurity.com.au [203.46.112.10]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3FHQZm28847 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 10:26:35 -0700 (PDT) Received: from checkpoint.local.aus.rsa.com by gonzo.aus.rsa.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 Apr 2002 17:26:57 UT Received: from exaus01.local.aus.rsa.com (exaus01.local.aus.rsa.com [10.177.1.15]) by grover.local.aus.rsa.com (8.10.2/8.10.2) with ESMTP id g3FHVOq23666 for <ietf-pkix@imc.org>; Tue, 16 Apr 2002 03:31:24 +1000 (EST) Received: by exaus01.local.aus.rsa.com with Internet Mail Service (5.5.2653.19) id <13VS1TY9>; Tue, 16 Apr 2002 03:27:01 +1000 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.17]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1SV68; Mon, 15 Apr 2002 13:23:46 -0400 Message-Id: <5.1.0.14.2.20020415124949.02f44df0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 15 Apr 2002 13:25:40 -0400 To: pkix <ietf-pkix@imc.org> From: "Housley, Russ" <rhousley@rsasecurity.com> Subject: Re: Open issue: DPV relay Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All: I remain strongly opposed to any requirements that impose re-direction (a.k.a. referrals) or multicasting on the client. After a private e-mail exchange with Steve Farrell, I now realize that this is not the intention. This intent was to permit the use of re-direction and multicasting between a collection of DPV servers. I think that a bit of rationale will greatly help all readers. I propose the following text. Note that the rationale paragraph does not include any MUST, SHOULD, or MAY sentences. Russ = = = = = = = = = = 4.2. Relaying, re-direction and multicasting. In some network environments, especially ones that include firewalls, a DPV server might not be able to obtain all of the information that it needs to process a request. However, the DPV server might be configured to use the services of one or more other DPV servers to fulfill all requests. In such cases, the client is unaware that the queried DPV server is using the services of other DPV servers. In such environments, the client-queried DPV server acts as a DPV client to another DPV server. Unlike the original client, the DPV server is expected to have moderate computing and memory resources, enabling the use of relay, re-direct or multicasting mechanisms. The requirements in this section support such mechanisms for DPV server-to-DPV server exchanges without imposing them on DPV client-to-DPV client exchanges. Protocols designed to satisfy these requirements MAY include optional fields and/or extensions to support relaying, re-direction or multicasting. However, DPV clients are not expected to support relay, re-direct or multicast. If the protocol supports such features, the protocol MUST include provisions for DPV clients and DPV servers that do not support such features, allowing them to conform to the basic set of requirements. 1. When a protocol provides a relay or re-direct mechanism, a companion mechanism to detect loops or repetition MUST also be provided. 2. When a protocol provides the capability for a DPV server to re-direct a request to another DPV server (i.e. the protocol chooses to provide a referral mechanism), a mechanism to provide information to be used for the re-direction SHOULD be supported. If such re-direction information is sent back to clients, then the protocol MUST allow conforming clients to ignore it. 3. Optional parameters in the protocol request and/or response MAY be provide support for relaying, re-direction or multicasting. DPV clients that ignore any such optional parameters MUST still be able to use the DPV service. DPV servers that ignore any such optional parameters MUST MUST still be able to offer the DPV service, although they might not be able to overcome the limitations imposed by the network topology. In this way, protocol implementors need not understand the syntax or semantics of any such optional parameters. Received: by above.proper.com (8.11.6/8.11.3) id g3FHJeG28691 for ietf-pkix-bks; Mon, 15 Apr 2002 10:19:40 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FHJdm28687 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 10:19:39 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3FHJVPm007810; Mon, 15 Apr 2002 10:19:32 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Subject: RE: Two more nits re: DPV/DPD rqmts Date: Mon, 15 Apr 2002 10:16:44 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDAELHCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <3CBB0848.9C19980C@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, I believe we are defining requirements that will be applied against perhaps multiple technical proposals with a view towards the WG selecting one. It seems premature to assume the WG's consensus on this point. Mike > -----Original Message----- > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > Sent: Monday, April 15, 2002 10:05 AM > To: Michael Myers > Cc: ietf-pkix@imc.org > Subject: Re: Two more nits re: DPV/DPD rqmts > > > Mike, > > > Russ, Denis: > > > > Section 4, Delegated Path Validation Protocol Requirements > > begins with: > > "The Delegated Path Validation (DPV) protocol allows . . ." > > > > Similarly, Section 5 Delegated Path Discovery Protocol > > Requirements begins with: > > "The Delegated Path Discovery (DPD) protocol allows . . ." > > > > Since we're defining requirements and not protocols > in this I-D, > > you may wish to consider amending both these phrases towards > > something along the lines of "DPV protocols allow . . ." and > > "DPD protocols allow . . ." respectively. > > Are we really defining multiple protocols ? > I was assuming that we would like only one. > I prefer to keep the current text. > > Denis > > > > > Mike > > > > Michael Myers > > t: +415.819.1362 > > e: mailto:mike@traceroutesecurity.com > > w: http://www.traceroutesecurity.com > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FH5nu28241 for ietf-pkix-bks; Mon, 15 Apr 2002 10:05:49 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FH5mm28237 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 10:05:48 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id TAA14090; Mon, 15 Apr 2002 19:08:25 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041519051345:395 ; Mon, 15 Apr 2002 19:05:13 +0200 Message-ID: <3CBB0848.9C19980C@bull.net> Date: Mon, 15 Apr 2002 19:05:12 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: ietf-pkix@imc.org Subject: Re: Two more nits re: DPV/DPD rqmts References: <EOEGJNFMMIBDKGFONJJDOEJDCJAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 15/04/2002 19:05:13, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 15/04/2002 19:05:47, Serialize complete at 15/04/2002 19:05:47 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, > Russ, Denis: > > Section 4, Delegated Path Validation Protocol Requirements > begins with: > "The Delegated Path Validation (DPV) protocol allows . . ." > > Similarly, Section 5 Delegated Path Discovery Protocol > Requirements begins with: > "The Delegated Path Discovery (DPD) protocol allows . . ." > > Since we're defining requirements and not protocols in this I-D, > you may wish to consider amending both these phrases towards > something along the lines of "DPV protocols allow . . ." and > "DPD protocols allow . . ." respectively. Are we really defining multiple protocols ? I was assuming that we would like only one. I prefer to keep the current text. Denis > > Mike > > Michael Myers > t: +415.819.1362 > e: mailto:mike@traceroutesecurity.com > w: http://www.traceroutesecurity.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FGvDG28079 for ietf-pkix-bks; Mon, 15 Apr 2002 09:57:13 -0700 (PDT) Received: from mtiwmhc21.worldnet.att.net (mtiwmhc21.worldnet.att.net [204.127.131.46]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FGvBm28075 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 09:57:11 -0700 (PDT) Received: from tsg1 ([12.81.65.181]) by mtiwmhc21.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020415165706.LYVK24238.mtiwmhc21.worldnet.att.net@tsg1>; Mon, 15 Apr 2002 16:57:06 +0000 Message-ID: <016201c1e49e$6d53aad0$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Housley, Russ" <rhousley@rsasecurity.com> Cc: "PKIX-IETF" <ietf-pkix@imc.org> References: <5.1.0.14.2.20020415091244.03104418@exna07.securitydynamics.com> Subject: Re: Open issue: DPV relay Date: Mon, 15 Apr 2002 09:13:40 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ - ----- Original Message ----- From: "Housley, Russ" <rhousley@rsasecurity.com> To: "pkix" <ietf-pkix@imc.org> Sent: Monday, April 15, 2002 6:26 AM Subject: Re: Open issue: DPV relay > > I am strongly opposed to any requirements regarding re-direction (a.k.a. > referrals) or multicasting. These services would add considerable > complexity to the client side of the interface, making support for > lightweight clients more difficult. > > I have specific comments below... > > > >4.2. Relaying, re-direction and multicasting. > > > >Protocols designed to conform to these requirements MAY include > >optional fields and extensions to support relaying, re-direction or > >multicasting features. DPV clients are NOT REQUIRED to support relay, > >re-direct or multicast, therefore clients or servers which do not > >support such features still conform to the basic set of requirements. > >DPV servers are NOT REQUIRED either to support relay, re-direct or > >multicast. > > I can support relaying (a.k.a. chaining) because it does not add complexity > to the client. Doesn't chaining change the trust model since it will now not be clear at which link along the chain any trust-transaction went green or red. My take is that DPV still is far from being done since the use model is in conflict. > > These are not protocol requirements. They are implementation requirements, > and we are not defining a protocol in this document. > > I prefer: > > Protocols designed to satisfy these requirements MAY include mechanisms for > relaying. However, such protocols MUST NOT include mechanisms for > re-direction or multicasting. Re-direction or multicasting mechanisms > would add considerable complexity to the client side of the interface, > making support for lightweight clients more difficult. > > >1. Where relay or re-direct mechanisms are supported by a server > > a mechanism to detect loops or repetition SHOULD be supported. > > I think that SHOULD ought to be changed to MUST. > I think that re-direct ought to be deleted. > > >2. Where a DPV server chooses to re-direct the request to another > > DPV server (i.e. chooses to provide a referral), a mechanism to > > provide information to be used for the re-direction SHOULD be > > supported. Note: In case where information to be used for the > > re-direction is sent back, clients are NOT REQUIRED to interpret > > that information (but MAY do so). > > I think that this should be deleted. > > >3. These features MAY be supported by using additional parameters > > in the request and/or response. Clients and servers that do not > > support such additional parameters MUST still be able to use/offer > > DPV service. In this way, implementers need not understand the > > semantics of any such extensions. > > I think that additional ought to be changed to optional. > > Russ > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FDsOY18046 for ietf-pkix-bks; Mon, 15 Apr 2002 06:54:24 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FDsLm18038 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 06:54:21 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3FDsMb32236 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 14:54:22 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a468459100a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 14:48:55 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id OAA12988; Mon, 15 Apr 2002 14:54:19 +0100 Message-ID: <3CBADB95.F3204FE1@baltimore.ie> Date: Mon, 15 Apr 2002 14:54:29 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV relay References: <5.1.0.14.2.20020415091244.03104418@exna07.securitydynamics.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, It seems that essentially you want to change "protocols MAY re-direct/m-c" into "protocols MUST NOT re-direct/m-c", right? - I fail to see how the MAY option adds complexity to clients since presumably the protocol you like that meets the requirements won't take up the "MAY" option and it won't be an issue for such clients. Even if a conforming protocol does include re-direct, the text proposed ensures that there is mandatory impact on clients. - Allowing re-direct/m-c does allow for some interesting server to server interactions (in an IMO clean way) as previously discussed on the list. I see no reason to prohibit those or cause vendors to re-invent or corrupt their use of a dpv protocol in order to support such cases. - We can in any case judge relative compexity issues (only?) when concrete protocols are being compared against these requirements. So, all in all, I see no reason to forbid protocols to support these mechcnisms and some reasons to allow protocols to do so and no reason at all to make a premature decision on this. Regards, Stephen. "Housley, Russ" wrote: > > I am strongly opposed to any requirements regarding re-direction (a.k.a. > referrals) or multicasting. These services would add considerable > complexity to the client side of the interface, making support for > lightweight clients more difficult. > > I have specific comments below... > > >4.2. Relaying, re-direction and multicasting. > > > >Protocols designed to conform to these requirements MAY include > >optional fields and extensions to support relaying, re-direction or > >multicasting features. DPV clients are NOT REQUIRED to support relay, > >re-direct or multicast, therefore clients or servers which do not > >support such features still conform to the basic set of requirements. > >DPV servers are NOT REQUIRED either to support relay, re-direct or > >multicast. > > I can support relaying (a.k.a. chaining) because it does not add complexity > to the client. > > These are not protocol requirements. They are implementation requirements, > and we are not defining a protocol in this document. > > I prefer: > > Protocols designed to satisfy these requirements MAY include mechanisms for > relaying. However, such protocols MUST NOT include mechanisms for > re-direction or multicasting. Re-direction or multicasting mechanisms > would add considerable complexity to the client side of the interface, > making support for lightweight clients more difficult. > > >1. Where relay or re-direct mechanisms are supported by a server > > a mechanism to detect loops or repetition SHOULD be supported. > > I think that SHOULD ought to be changed to MUST. > I think that re-direct ought to be deleted. > > >2. Where a DPV server chooses to re-direct the request to another > > DPV server (i.e. chooses to provide a referral), a mechanism to > > provide information to be used for the re-direction SHOULD be > > supported. Note: In case where information to be used for the > > re-direction is sent back, clients are NOT REQUIRED to interpret > > that information (but MAY do so). > > I think that this should be deleted. > > >3. These features MAY be supported by using additional parameters > > in the request and/or response. Clients and servers that do not > > support such additional parameters MUST still be able to use/offer > > DPV service. In this way, implementers need not understand the > > semantics of any such extensions. > > I think that additional ought to be changed to optional. > > Russ -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FDQdJ17428 for ietf-pkix-bks; Mon, 15 Apr 2002 06:26:39 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3FDQbm17424 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 06:26:37 -0700 (PDT) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 Apr 2002 13:25:30 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA19447 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 09:25:20 -0400 (EDT) Received: from exeu00.securid.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3FDQfe16094 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 09:26:41 -0400 (EDT) Received: by exeu00.eu.rsa.net with Internet Mail Service (5.5.2653.19) id <2KMJW9Q4>; Mon, 15 Apr 2002 14:26:54 +0100 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.124]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1SPR6; Mon, 15 Apr 2002 09:24:00 -0400 Message-Id: <5.1.0.14.2.20020415091244.03104418@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 15 Apr 2002 09:26:22 -0400 To: pkix <ietf-pkix@imc.org> From: "Housley, Russ" <rhousley@rsasecurity.com> Subject: Re: Open issue: DPV relay In-Reply-To: <3CB6F32F.868ED1F1@bull.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I am strongly opposed to any requirements regarding re-direction (a.k.a. referrals) or multicasting. These services would add considerable complexity to the client side of the interface, making support for lightweight clients more difficult. I have specific comments below... >4.2. Relaying, re-direction and multicasting. > >Protocols designed to conform to these requirements MAY include >optional fields and extensions to support relaying, re-direction or >multicasting features. DPV clients are NOT REQUIRED to support relay, >re-direct or multicast, therefore clients or servers which do not >support such features still conform to the basic set of requirements. >DPV servers are NOT REQUIRED either to support relay, re-direct or >multicast. I can support relaying (a.k.a. chaining) because it does not add complexity to the client. These are not protocol requirements. They are implementation requirements, and we are not defining a protocol in this document. I prefer: Protocols designed to satisfy these requirements MAY include mechanisms for relaying. However, such protocols MUST NOT include mechanisms for re-direction or multicasting. Re-direction or multicasting mechanisms would add considerable complexity to the client side of the interface, making support for lightweight clients more difficult. >1. Where relay or re-direct mechanisms are supported by a server > a mechanism to detect loops or repetition SHOULD be supported. I think that SHOULD ought to be changed to MUST. I think that re-direct ought to be deleted. >2. Where a DPV server chooses to re-direct the request to another > DPV server (i.e. chooses to provide a referral), a mechanism to > provide information to be used for the re-direction SHOULD be > supported. Note: In case where information to be used for the > re-direction is sent back, clients are NOT REQUIRED to interpret > that information (but MAY do so). I think that this should be deleted. >3. These features MAY be supported by using additional parameters > in the request and/or response. Clients and servers that do not > support such additional parameters MUST still be able to use/offer > DPV service. In this way, implementers need not understand the > semantics of any such extensions. I think that additional ought to be changed to optional. Russ Received: by above.proper.com (8.11.6/8.11.3) id g3FDCcS17022 for ietf-pkix-bks; Mon, 15 Apr 2002 06:12:38 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3FDCYm17018 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 06:12:35 -0700 (PDT) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 15 Apr 2002 13:11:27 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA18008 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 09:11:17 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3FDCbm14380 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 09:12:37 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1SPKS>; Mon, 15 Apr 2002 09:10:09 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.124]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1SPKP; Mon, 15 Apr 2002 09:10:04 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: osamafarook <osamafarook@hotmail.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020415091033.030fc4c8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 15 Apr 2002 09:12:19 -0400 Subject: Re: Where does the certificate go In-Reply-To: <DAV741RVnKVfQ2l8L4M00011d5c@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This depends on the environment that you are working in and the protocol that you are using. If there is an RA involved, the certificate will usually be sent to the RA and be posted in the repository. If there is not an RA involved, then the certificate will usually be sent to the certificate holder and posted in the repository. Russ At 04:39 PM 4/14/2002 +0200, osamafarook wrote: >Welcome >I work in a graduation project " Building CA server" >I want to know Where does the certificate go after it issued by CA server? >Is it being sent to user as a file? >or what? >Thank you. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3FCOfB15793 for ietf-pkix-bks; Mon, 15 Apr 2002 05:24:41 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3FCOdm15788 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 05:24:39 -0700 (PDT) Received: from tsg1 ([12.81.65.181]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020415122421.IKNF28245.mtiwmhc23.worldnet.att.net@tsg1>; Mon, 15 Apr 2002 12:24:21 +0000 Message-ID: <005301c1e478$58985030$020aff0a@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Peter Sylvester" <Peter.Sylvester@edelweb.fr> Cc: <ietf-pkix@imc.org> References: <200204121628.SAA07505@emeriau.edelweb.fr> <3CBA8601.818CDB81@bull.net> Subject: Re: Open issue: DPV relay Date: Mon, 15 Apr 2002 05:13:32 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Gentlemen -See inline below... ----- Original Message ----- From: "Denis Pinkas" <Denis.Pinkas@bull.net> To: "Peter Sylvester" <Peter.Sylvester@edelweb.fr> Cc: <ietf-pkix@imc.org> Sent: Monday, April 15, 2002 12:49 AM Subject: Re: Open issue: DPV relay > > Peter (Sylvester), > > I agree that there is a difference between an authorized responder > and a server trusted under a given policy. > > So in order to solve this last issue, I propose to replace the current text > which is: > > The DPV request MUST allow the client to request that the response > include the certification path and revocation status information used > by the DPV server to process the request. When requested, the DPV > server MUST include the certification path and revocation status > information in the response when the certificate is valid according to > the validation policy. However, the server MAY omit the certification > path and revocation status information when the certificate is invalid. > > by the following text: > > The DPV request MUST allow the client to request the response to > include either the certification path and the revocation status > information from authorised CRL issuers or authorised OCSP responders, > or a DPV response from a DPV server that is trusted under the > validation policy. This information may allow other clients, not > trusting the requested DPV server to be confident that the certificate > validation has correctly be performed. Denis - Peter - I disagree with this next paragraph - > When the certificate is valid > according to the validation policy, the server MUST, upon request, > include that information in the response. However, the server MAY > omit that information when the certificate is invalid or when it > cannot determine the validity. I cant think of a commercial process when the RP would want the DPV to make ANY decisions regarding what to include or not to as part of the data gram and this is important to the bigger picture. The key-concept for audit-model stability is to to keep the response types identical (from yes to no answers) and have the content be reflective of that yes or a no answer rather than the structure of the message envelope itself changing from positive to negative states. This is one of the ongoing problems with many PKI protocols. It is technologically slick if the message types are different for a YES and NO answer but from a commercial use standpoint the exact opposite is true... in fact many PKI protocls have too much diversity and divergences in the srtructure of YES messages relative to their NO messages. In fact from a Legalese standpoint, it is very important that the record reflect why you said "NO" too so the datapoints used to signify this are equally critical to the yes or no content they reinforce. > > Regards, > > Denis > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3F7nqA07910 for ietf-pkix-bks; Mon, 15 Apr 2002 00:49:52 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3F7nom07905 for <ietf-pkix@imc.org>; Mon, 15 Apr 2002 00:49:50 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA09662; Mon, 15 Apr 2002 09:52:27 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041509491492:289 ; Mon, 15 Apr 2002 09:49:14 +0200 Message-ID: <3CBA8601.818CDB81@bull.net> Date: Mon, 15 Apr 2002 09:49:21 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204121628.SAA07505@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 15/04/2002 09:49:14, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 15/04/2002 09:49:47, Serialize complete at 15/04/2002 09:49:47 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter (Sylvester), I agree that there is a difference between an authorized responder and a server trusted under a given policy. So in order to solve this last issue, I propose to replace the current text which is: The DPV request MUST allow the client to request that the response include the certification path and revocation status information used by the DPV server to process the request. When requested, the DPV server MUST include the certification path and revocation status information in the response when the certificate is valid according to the validation policy. However, the server MAY omit the certification path and revocation status information when the certificate is invalid. by the following text: The DPV request MUST allow the client to request the response to include either the certification path and the revocation status information from authorised CRL issuers or authorised OCSP responders, or a DPV response from a DPV server that is trusted under the validation policy. This information may allow other clients, not trusting the requested DPV server to be confident that the certificate validation has correctly be performed. When the certificate is valid according to the validation policy, the server MUST, upon request, include that information in the response. However, the server MAY omit that information when the certificate is invalid or when it cannot determine the validity. Regards, Denis > Peter, > > I am a little bit confused that you replied to a message sent > by Denis as a repl to me. > > > > > Peter. > > > > OCSP has always envisioned and practised a relying party > > authorizing an OCSP Responder: no CA/AA involvement > > is required and no certificate need be issued, in this > > case. > > There seems to be a confusion about the difference of > a 'Trusted Responder' and an 'Authorised Responder' > > All definitive response messages SHALL be digitally signed. The key > used to sign the response MUST belong to one of the following: > > -- the CA who issued the certificate in question > -- a Trusted Responder whose public key is trusted by the requester > -- a CA Designated Responder (Authorized Responder) who holds a > specially marked certificate issued directly by the CA, indicating > that the responder may issue OCSP responses for that CA > > In 4.2.2.2 the text > > The key that signs a certificate's status information need not be the > same key that signed the certificate. It is necessary however to > ensure that the entity signing this information is authorized to do > so. Therefore, a certificate's issuer MUST either sign the OCSP > responses itself or it MUST explicitly designate this authority to > another entity. OCSP signing delegation SHALL be designated by the > inclusion of id-kp-OCSPSigning in an extendedKeyUsage certificate > extension included in the OCSP response signer's certificate. This > certificate MUST be issued directly by the CA that issued the > certificate in question. > > id-kp-OCSPSigning OBJECT IDENTIFIER ::= {id-kp 9} > > seem to indicate that two of the three cases are AUTHORISED responders. > The next sentences say: > > Systems or applications that rely on OCSP responses MUST be capable > of detecting and enforcing use of the id-ad-ocspSigning value as > described above. They MAY provide a means of locally configuring one > or more OCSP signing authorities, and specifying the set of CAs for > which each signing authority is trusted. They MUST reject the > response if the certificate required to validate the signature on the > response fails to meet at least one of the following criteria: > > 1. Matches a local configuration of OCSP signing authority for the > certificate in question; or > > 2. Is the certificate of the CA that issued the certificate in > question; or > > 3. Includes a value of id-ad-ocspSigning in an ExtendedKeyUsage > extension and is issued by the CA that issued the certificate in > question." > > which seems to explain an additional,thus three possible conditions for which > a response can be excepted. But what exactly means 1) ? > > what means 'locally configuring one or more OCSP signing authorities'? > > Does it mean that this matched the second case in the introduction, > which IMO is that a relying party that can operate its own OCSP > service for its own benefit, just as a front end to a collection > of some CRLs for example. > > Or, the text says TWO things: > > How a CA can delegate OCSP operations resulting in 2 modes > to accept responses by a relying party, and a third mode indicating > how a relying party can have an additional mode to trust someone > who is NOT in one of the two other cases, and may have no > relationship with the CA or else. > > > Carry over this conformance requirement from OCSP to DPV: > > > > An OCSP client (which includes a client that is a DPV server) > > must potentially accept an OCSP response according to ALL the > > rules of 4.2.2.2. There are three cases: (1) (2) and (3). > Do You mean ALL (conditions met at the same time) or *ANY* > (of them may be true). ? > > > > > Lets remember, a relying party can operate its > > own DPV service for its own benefit. The relying party > > needs no authority from a CA to do so. The operator > > of a DPV server is not necessarily a TTP, and > > need have no relationship to the cert or CRL > > issuer, other than that of performing > > relying party obligations or (less stringent) user > > obligations according to the CP. > > > In your paragraph, if you replace DPV by OCSP, I don't see > why this would be different if my interpretation of the > three cases are correct. > > Or, for OCSP the condition > > 1. Matches a local configuration of OCSP signing authority for the > certificate in question; or > > doesn't it mean that some other relying party who will inspect the > response will not necessarily have the same configuration? > > Peter S Received: by above.proper.com (8.11.6/8.11.3) id g3F2elm02149 for ietf-pkix-bks; Sun, 14 Apr 2002 19:40:47 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3F2ekm02145 for <ietf-pkix@imc.org>; Sun, 14 Apr 2002 19:40:46 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3F2efPm017678; Sun, 14 Apr 2002 19:40:42 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "pkix" <ietf-pkix@imc.org> Subject: RE: Open issue: DPV relay Date: Sun, 14 Apr 2002 19:37:55 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDCELACJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-reply-to: <3CB6F32F.868ED1F1@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Stephen: Good work. I agree with the text as submitted. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > Sent: Friday, April 12, 2002 7:46 AM > To: pkix > Subject: Re: Open issue: DPV relay > > > > > Thanks to numerous private e-mail exchanges with > Stephen Farrell > (thanks Stephen !) we both came to an agreement on > additional text > to address relaying, re-direction and multicasting. > > So I submit this text to the list. > > Denis > > ====================================================== > ============== > > 4.2. Relaying, re-direction and multicasting. > > Protocols designed to conform to these requirements > MAY include > optional fields and extensions to support relaying, > re-direction or > multicasting features. DPV clients are NOT REQUIRED > to support relay, > re-direct or multicast, therefore clients or servers > which do not > support such features still conform to the basic set > of requirements. > DPV servers are NOT REQUIRED either to support relay, > re-direct or > multicast. > > 1. Where relay or re-direct mechanisms are supported > by a server > a mechanism to detect loops or repetition SHOULD > be supported. > > 2. Where a DPV server chooses to re-direct the > request to another > DPV server (i.e. chooses to provide a referral), a > mechanism to > provide information to be used for the > re-direction SHOULD be > supported. Note: In case where information to be > used for the > re-direction is sent back, clients are NOT > REQUIRED to interpret > that information (but MAY do so). > > 3. These features MAY be supported by using > additional parameters > in the request and/or response. Clients and > servers that do not > support such additional parameters MUST still be > able to use/offer > DPV service. In this way, implementers need not > understand the > semantics of any such extensions. > > ====================================================== > ============== > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3EKpQk23907 for ietf-pkix-bks; Sun, 14 Apr 2002 13:51:26 -0700 (PDT) Received: from nymelsmtp.internet.ny.fdms.firstdata.com ([204.124.248.17]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3EKpOm23903 for <ietf-pkix@imc.org>; Sun, 14 Apr 2002 13:51:24 -0700 (PDT) Subject: Re: Where does the certificate go To: "osamafarook" <osamafarook@hotmail.com> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000 Message-ID: <OF1DECB49B.E7E73BCC-ON87256B9B.0071AF6E@internet.ny.fdms.firstdata.com> From: lynn.wheeler@firstdata.com Date: Sun, 14 Apr 2002 14:50:05 -0600 X-MIMETrack: Serialize by Router on NYMELSMTP/NY/FDMS/FDC(Release 5.0.8 |June 18, 2001) at 04/14/2002 04:48:39 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> the RA/CA authority ... typically saves the original of the certificate it has created in a local administration file. Frequently then a CA either 1) mails a copy of the certificate to the requester ... as an email attachment or 2) mails the requester a notification ... giving a URL where the requester can retrieve the a copy of the certificate. certificates may also be compressed especially in the case where a RA/CA is also the relying party (except for the SSL domain name certificates ... a large percentage of the certificates issued are by relying parties). For relying party certificates, a certificate can frequently be compressed to zero bytes before sending to the requesting party. random relying-party postings .... http://www.garlic.com/~lynn/aadsm8.htm#softpki4 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki8 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki9 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki11 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki19 DNSSEC (RE: Software for PKI) http://www.garlic.com/~lynn/aadsm9.htm#softpki23 Software for PKI http://www.garlic.com/~lynn/aadsm9.htm#carnivore Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern" http://www.garlic.com/~lynn/aadsm9.htm#pkcs12d A PKI Question: PKCS11-> PKCS12 http://www.garlic.com/~lynn/aadsm9.htm#cfppki CFP: PKI research workshop http://www.garlic.com/~lynn/aadsm9.htm#cfppki5 CFP: PKI research workshop http://www.garlic.com/~lynn/aadsm9.htm#cfppki9 CFP: PKI research workshop http://www.garlic.com/~lynn/2000.html#36 "Trusted" CA - Oxymoron? http://www.garlic.com/~lynn/2000.html#40 "Trusted" CA - Oxymoron? http://www.garlic.com/~lynn/2000.html#41 "Trusted" CA - Oxymoron? http://www.garlic.com/~lynn/2000b.html#40 general questions on SSL certificates http://www.garlic.com/~lynn/2000b.html#93 Question regarding authentication implementation http://www.garlic.com/~lynn/2000e.html#41 Why trust root CAs ? http://www.garlic.com/~lynn/2000f.html#15 Why trust root CAs ? http://www.garlic.com/~lynn/2001c.html#56 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#57 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#58 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#60 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#72 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001c.html#79 Q: ANSI X9.68 certificate format standard http://www.garlic.com/~lynn/2001d.html#7 Invalid certificate on 'security' site. http://www.garlic.com/~lynn/2001d.html#20 What is PKI? http://www.garlic.com/~lynn/2001e.html#35 Can I create my own SSL key? http://www.garlic.com/~lynn/2001e.html#46 Can I create my own SSL key? http://www.garlic.com/~lynn/2001f.html#77 FREE X.509 Certificates http://www.garlic.com/~lynn/2001f.html#79 FREE X.509 Certificates http://www.garlic.com/~lynn/2001g.html#40 Self-Signed Certificate http://www.garlic.com/~lynn/2001g.html#64 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001g.html#65 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001g.html#68 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001h.html#0 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001h.html#3 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001h.html#7 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001i.html#16 Net banking, is it safe??? http://www.garlic.com/~lynn/2001k.html#0 Are client certificates really secure? http://www.garlic.com/~lynn/2001n.html#57 Certificate Authentication Issues in IE and Verisign http://www.garlic.com/~lynn/2001n.html#73 A PKI question and an answer http://www.garlic.com/~lynn/2002d.html#39 PKI Implementation http://www.garlic.com/~lynn/2002e.html#49 PKI and Relying Parties http://www.garlic.com/~lynn/2002e.html#56 PKI and Relying Parties http://www.garlic.com/~lynn/2002e.html#72 Digital certificate varification "osamafarook" <osamafarook@hotma To: <ietf-pkix@imc.org> il.com> cc: Sent by: Subject: Where does the certificate owner-ietf-pkix@ma go il.imc.org 04/14/2002 08:39 AM Welcome I work in a graduation project " Building CA server" I want to know Where does the certificate go after it issued by CA server? Is it being sent to user as a file? or what? Thank you. Received: by above.proper.com (8.11.6/8.11.3) id g3EEpEc06368 for ietf-pkix-bks; Sun, 14 Apr 2002 07:51:14 -0700 (PDT) Received: from hotmail.com (dav74.sea1.hotmail.com [207.68.162.209]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3EEpDm06364 for <ietf-pkix@imc.org>; Sun, 14 Apr 2002 07:51:13 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 14 Apr 2002 07:39:21 -0700 X-Originating-IP: [213.158.176.172] From: "osamafarook" <osamafarook@hotmail.com> To: <ietf-pkix@imc.org> Subject: Where does the certificate go Date: Sun, 14 Apr 2002 16:39:18 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1256" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Message-ID: <DAV741RVnKVfQ2l8L4M00011d5c@hotmail.com> X-OriginalArrivalTime: 14 Apr 2002 14:39:21.0897 (UTC) FILETIME=[2A7B5190:01C1E3C2] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Welcome I work in a graduation project " Building CA server" I want to know Where does the certificate go after it issued by CA server? Is it being sent to user as a file? or what? Thank you. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3D3T1Q01970 for ietf-pkix-bks; Fri, 12 Apr 2002 20:29:01 -0700 (PDT) Received: from zetnet.co.uk (root@irwell.zetnet.co.uk [194.247.47.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3D3T0m01966 for <ietf-pkix@imc.org>; Fri, 12 Apr 2002 20:29:00 -0700 (PDT) Received: from zetnet.co.uk (bts-0061.dialup.zetnet.co.uk [194.247.48.61]) by zetnet.co.uk (8.11.3/8.11.3/Debian 8.11.2-1) with ESMTP id g3D3T1I02507; Sat, 13 Apr 2002 04:29:01 +0100 Message-ID: <3CB7B12A.1908C8BB@zetnet.co.uk> Date: Sat, 13 Apr 2002 04:16:42 +0000 From: David Hopwood <david.hopwood@zetnet.co.uk> Reply-To: ietf-pkix@imc.org, ietf-tls@lists.certicom.com, david.hopwood@zetnet.co.uk X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en-GB,en,fr-FR,fr,de-DE,de,ru MIME-Version: 1.0 To: ietf-pkix@imc.org, ietf-tls@lists.certicom.com Subject: Proposed MIME type application/pkix-pkipath Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> -----BEGIN PGP SIGNED MESSAGE----- (Please keep replies posted to both <ietf-pkix@imc.org> and <ietf-tls@lists.certicom.com>.) The Transport Layer Security WG has developed a draft for a set of extensions to TLS. One of the extensions, "client_certificate_url", is designed to allow TLS clients to specify client certificate chains that should be retrieved from an URL, instead of the chain being sent in the TLS protocol (so that memory-constrained clients do not have to store the whole chain). Therefore a MIME type needs to be registered for transferring the cert chain by HTTP, etc. The ASN.1 type proposed to be used is PkiPath, as defined in X.509 (2000) Technical Corrigendum 1, which is equivalent to "SEQUENCE OF Certificate". (Other possible ASN.1 types such as CertificationPath and ForwardCertificationPath were considered to be unnecessarily complicated for this application, and CertificateSet from PKCS#7 is not used because it defines a SET rather than a SEQUENCE, making validation more difficult.) A copy of X.509 (2000) TC 1 is at: <ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/TechnicalCorrigenda/ApprovedTechnicalCorrigendaToX.509/8|X.509-TC1(4th).pdf>. The current version of the TLS extensions draft is <http://www.rfc-editor.org/internet-drafts/draft-ietf-tls-extensions-03.txt>. It will be modified to include an IANA Considerations section with the MIME template given below, and to specify use of "application/pkix-pkipath" instead of "application/pkcs7-mime". <draft-ietf-tls-extensions-04.txt> will then be taken to Last Call, since all issues other than this one have already been resolved. Here is the draft registration template, following RFC 2048. It is intended to be consistent with application/pkix-{cert,crl} as defined in RFC 2585. To: ietf-types@iana.org Subject: Registration of MIME media type application/pkix-pkipath MIME media type name: application MIME subtype name: pkix-pkipath Required parameters: none Optional parameters: version (default value is "1") Encoding considerations: This is the DER-encoded ASN.1 type PkiPath, which is defined in [X509-TC1] as follows: PkiPath ::= SEQUENCE OF Certificate PkiPath is used to represent a certification path. Within the sequence, the order of certificates is such that the subject of the first certificate is the issuer of the second certificate, etc. All Certificates MUST conform to [PKIX] (an update to [PKIX] is in preparation, and should be followed when it is published). DER (as opposed to BER) encoding MUST be used. If this type is sent over a 7-bit transport, base64 encoding SHOULD be used. Security considerations: The security considerations of [X509-2000] and [PKIX] (or any update to it) apply, as well as those of any protocol that uses this type (e.g. TLS). Note that this type only specifies a certificate chain that can be assessed for validity according to the relying party's existing configuration of trusted CAs; it is not intended to be used to specify any change to that configuration. Interoperability considerations: No specific interoperability problems are known with this type, but for recommendations relating to X.509 certificates in general, see [PKIX]. Published specification: <draft-ietf-tls-extensions-04.txt>, [X509-TC1], and [PKIX]. Applications which use this media type: TLS. It may also be used by other protocols, or for general interchange of PKIX certificate chains. Additional information: Magic number(s): DER-encoded ASN.1 can be easily recognised (further parsing is required to distinguish from other ASN.1 types) File extension(s): .pkipath Macintosh File Type Code(s): not specified Person & email address to contact for further information: Magnus Nystrom <magnus@rsasecurity.com> Intended usage: COMMON Author/Change controller: Magnus Nystrom <magnus@rsasecurity.com> References: [PKIX] R. Housley, W. Ford, W. Polk, and D. Solo, "Internet Public Key Infrastructure: Part I: X.509 Certificate and CRL Profile", IETF RFC 2459, January 1999. [X509-2000] ITU-T RECOMMENDATION X.509 (2000) | ISO/IEC 9594-8:2001. [X509-TC1] Technical Corrigendum 1 (DTC 2) to ITU-T RECOMMENDATION X.509 (2000) | ISO/IEC 9594-8:2001. - -- David Hopwood <david.hopwood@zetnet.co.uk> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/ RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Nothing in this message is intended to be legally binding. If I revoke a public key but refuse to specify why, it is because the private key has been seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBPLevKjkCAxeYt5gVAQECpAgAr5brsVe2Qqs/HGGxtfvAa/DWnW+OqeSb qI27EMBS+Y+1lMsqObHULr67PoOB6jzBPHUfwqaA6iBzsKbh+95ZyRieuaXoaxV1 MNI70kgky43lhHR+rkP0r51mzUpzFFrXHNEIA94TEqFHLNOW7VF088MJEnGtbK0I 1mWqiJCB6jN7CkaOunEtsbmhZQ5hjkgw75JhypCWNnNLgFWSDyQyHFW3zn/XZnZf 4xGlrbN+rxwJyG+Orga23mpIo04VMnI0mTGsyOhAM5SdUbTc/3RQ4yqJMI4+oePf 3EPeDQTLO9BTHhSx4fcXeST6zjDWPWfMSHNW6brXGddQyNZ8nB7BJA== =UXVS -----END PGP SIGNATURE----- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3CJZJR17348 for ietf-pkix-bks; Fri, 12 Apr 2002 12:35:19 -0700 (PDT) Received: from mail4.microsoft.com (mail4.microsoft.com [131.107.3.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3CJZIm17343 for <ietf-pkix@imc.org>; Fri, 12 Apr 2002 12:35:18 -0700 (PDT) Received: from inet-vrs-04.redmond.corp.microsoft.com ([157.54.8.154]) by mail4.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 12 Apr 2002 12:35:15 -0700 Received: from 157.54.8.23 by inet-vrs-04.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Fri, 12 Apr 2002 12:35:15 -0700 Received: from red-imc-01.redmond.corp.microsoft.com ([157.54.9.102]) by inet-hub-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 12 Apr 2002 12:35:15 -0700 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 12 Apr 2002 12:35:14 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Fri, 12 Apr 2002 12:31:44 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: A few comments re: dpv-dpd requirements Date: Fri, 12 Apr 2002 12:31:43 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CDEE5F3D@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: A few comments re: dpv-dpd requirements Thread-Index: AcHcPPBMirus8SdtSqyL+Z/DFkJmbQGG0Vdg From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Michael Myers" <myers@coastside.net>, <ietf-pkix@imc.org> X-OriginalArrivalTime: 12 Apr 2002 19:31:44.0062 (UTC) FILETIME=[AD99C5E0:01C1E258] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3CJZIm17345 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Mike, I don't see how supporting an unknown response helps. Unknown sounds like a sub-status on the failure case. If I did have multiple SA with multiple DPV servers, anything other than a cert is valid response will cause me to go select the next DPV server and try again. If I only have one DPV server, then again, if it is not valid - it's invalid. Insufficient information to be able to be able to complete the request could be a sub-status reason returned in the DPV response, which allows me to audit or account for why the cert was not used, but the DPV server should only return one of two states. Trevor -----Original Message----- From: Michael Myers [mailto:myers@coastside.net] Sent: Thursday, April 04, 2002 4:51 PM To: ietf-pkix@imc.org Subject: A few comments re: dpv-dpd requirements Russ, Denis: The state "unknown" is missing in Section 4, "Delegated Path Validation Protocol Requirements". The -03 draft currently reads: "The DPV response MUST indicate one of the following two status alternatives: 1) the certificate is valid according to the validation policy. 2) the certificate is not valid according to the validation policy." I think -04 should read: "The DPV response MUST indicate one of the following three status alternatives: 1) the certificate is valid according to the validation policy. 2) the certificate is not valid according to the validation policy. 3) the certificate is unknown to the validation server." Thus we remain at {valid, invalid, unknown} as primary initial states per list-based consensus. Apologies for digging into this, but it has relevance to the design of state machines. Mike Received: by above.proper.com (8.11.6/8.11.3) id g3CHKnF11701 for ietf-pkix-bks; Fri, 12 Apr 2002 10:20:49 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3CHKmm11696 for <ietf-pkix@imc.org>; Fri, 12 Apr 2002 10:20:48 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GUG00A01TEBE4@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 12 Apr 2002 10:18:11 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GUG009ABTEBVG@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 12 Apr 2002 10:18:11 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <2X07KTDD>; Fri, 12 Apr 2002 10:20:23 -0700 Content-return: allowed Date: Fri, 12 Apr 2002 10:20:22 -0700 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: Open issue: DPV relay To: pkix <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E53A9@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Denis, This sounds good to me. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > Sent: Friday, April 12, 2002 7:46 AM > To: pkix > Subject: Re: Open issue: DPV relay > > > > > Thanks to numerous private e-mail exchanges with Stephen Farrell > (thanks Stephen !) we both came to an agreement on additional text > to address relaying, re-direction and multicasting. > > So I submit this text to the list. > > Denis > > ==================================================================== > > 4.2. Relaying, re-direction and multicasting. > > Protocols designed to conform to these requirements MAY include > optional fields and extensions to support relaying, re-direction or > multicasting features. DPV clients are NOT REQUIRED to support relay, > re-direct or multicast, therefore clients or servers which do not > support such features still conform to the basic set of requirements. > DPV servers are NOT REQUIRED either to support relay, re-direct or > multicast. > > 1. Where relay or re-direct mechanisms are supported by a server > a mechanism to detect loops or repetition SHOULD be supported. > > 2. Where a DPV server chooses to re-direct the request to another > DPV server (i.e. chooses to provide a referral), a mechanism to > provide information to be used for the re-direction SHOULD be > supported. Note: In case where information to be used for the > re-direction is sent back, clients are NOT REQUIRED to interpret > that information (but MAY do so). > > 3. These features MAY be supported by using additional parameters > in the request and/or response. Clients and servers that do not > support such additional parameters MUST still be able to use/offer > DPV service. In this way, implementers need not understand the > semantics of any such extensions. > > ==================================================================== > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3CGSaw10227 for ietf-pkix-bks; Fri, 12 Apr 2002 09:28:36 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3CGSXm10216 for <ietf-pkix@imc.org>; Fri, 12 Apr 2002 09:28:33 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA18120; Fri, 12 Apr 2002 18:28:30 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Fri, 12 Apr 2002 18:28:30 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA16517; Fri, 12 Apr 2002 18:28:29 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA07505; Fri, 12 Apr 2002 18:28:29 +0200 (MET DST) Date: Fri, 12 Apr 2002 18:28:29 +0200 (MET DST) Message-Id: <200204121628.SAA07505@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, peterw@valicert.com Subject: RE: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, I am a little bit confused that you replied to a message sent by Denis as a repl to me. > > Peter. > > OCSP has always envisioned and practised a relying party > authorizing an OCSP Responder: no CA/AA involvement > is required and no certificate need be issued, in this > case. There seems to be a confusion about the difference of a 'Trusted Responder' and an 'Authorised Responder' All definitive response messages SHALL be digitally signed. The key used to sign the response MUST belong to one of the following: -- the CA who issued the certificate in question -- a Trusted Responder whose public key is trusted by the requester -- a CA Designated Responder (Authorized Responder) who holds a specially marked certificate issued directly by the CA, indicating that the responder may issue OCSP responses for that CA In 4.2.2.2 the text The key that signs a certificate's status information need not be the same key that signed the certificate. It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. OCSP signing delegation SHALL be designated by the inclusion of id-kp-OCSPSigning in an extendedKeyUsage certificate extension included in the OCSP response signer's certificate. This certificate MUST be issued directly by the CA that issued the certificate in question. id-kp-OCSPSigning OBJECT IDENTIFIER ::= {id-kp 9} seem to indicate that two of the three cases are AUTHORISED responders. The next sentences say: Systems or applications that rely on OCSP responses MUST be capable of detecting and enforcing use of the id-ad-ocspSigning value as described above. They MAY provide a means of locally configuring one or more OCSP signing authorities, and specifying the set of CAs for which each signing authority is trusted. They MUST reject the response if the certificate required to validate the signature on the response fails to meet at least one of the following criteria: 1. Matches a local configuration of OCSP signing authority for the certificate in question; or 2. Is the certificate of the CA that issued the certificate in question; or 3. Includes a value of id-ad-ocspSigning in an ExtendedKeyUsage extension and is issued by the CA that issued the certificate in question." which seems to explain an additional,thus three possible conditions for which a response can be excepted. But what exactly means 1) ? what means 'locally configuring one or more OCSP signing authorities'? Does it mean that this matched the second case in the introduction, which IMO is that a relying party that can operate its own OCSP service for its own benefit, just as a front end to a collection of some CRLs for example. Or, the text says TWO things: How a CA can delegate OCSP operations resulting in 2 modes to accept responses by a relying party, and a third mode indicating how a relying party can have an additional mode to trust someone who is NOT in one of the two other cases, and may have no relationship with the CA or else. > Carry over this conformance requirement from OCSP to DPV: > > An OCSP client (which includes a client that is a DPV server) > must potentially accept an OCSP response according to ALL the > rules of 4.2.2.2. There are three cases: (1) (2) and (3). Do You mean ALL (conditions met at the same time) or *ANY* (of them may be true). ? > > Lets remember, a relying party can operate its > own DPV service for its own benefit. The relying party > needs no authority from a CA to do so. The operator > of a DPV server is not necessarily a TTP, and > need have no relationship to the cert or CRL > issuer, other than that of performing > relying party obligations or (less stringent) user > obligations according to the CP. > In your paragraph, if you replace DPV by OCSP, I don't see why this would be different if my interpretation of the three cases are correct. Or, for OCSP the condition 1. Matches a local configuration of OCSP signing authority for the certificate in question; or doesn't it mean that some other relying party who will inspect the response will not necessarily have the same configuration? Peter S Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3CEnfA03383 for ietf-pkix-bks; Fri, 12 Apr 2002 07:49:41 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3CEnem03378 for <ietf-pkix@imc.org>; Fri, 12 Apr 2002 07:49:40 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA09936; Fri, 12 Apr 2002 16:52:17 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041216490928:216 ; Fri, 12 Apr 2002 16:49:09 +0200 Message-ID: <3CB6F32F.868ED1F1@bull.net> Date: Fri, 12 Apr 2002 16:46:07 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV relay X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 12/04/2002 16:49:09, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 12/04/2002 16:49:42, Serialize complete at 12/04/2002 16:49:42 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Thanks to numerous private e-mail exchanges with Stephen Farrell (thanks Stephen !) we both came to an agreement on additional text to address relaying, re-direction and multicasting. So I submit this text to the list. Denis ==================================================================== 4.2. Relaying, re-direction and multicasting. Protocols designed to conform to these requirements MAY include optional fields and extensions to support relaying, re-direction or multicasting features. DPV clients are NOT REQUIRED to support relay, re-direct or multicast, therefore clients or servers which do not support such features still conform to the basic set of requirements. DPV servers are NOT REQUIRED either to support relay, re-direct or multicast. 1. Where relay or re-direct mechanisms are supported by a server a mechanism to detect loops or repetition SHOULD be supported. 2. Where a DPV server chooses to re-direct the request to another DPV server (i.e. chooses to provide a referral), a mechanism to provide information to be used for the re-direction SHOULD be supported. Note: In case where information to be used for the re-direction is sent back, clients are NOT REQUIRED to interpret that information (but MAY do so). 3. These features MAY be supported by using additional parameters in the request and/or response. Clients and servers that do not support such additional parameters MUST still be able to use/offer DPV service. In this way, implementers need not understand the semantics of any such extensions. ==================================================================== Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3CEXK003057 for ietf-pkix-bks; Fri, 12 Apr 2002 07:33:20 -0700 (PDT) Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3CEXBm03049 for <ietf-pkix@imc.org>; Fri, 12 Apr 2002 07:33:11 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <2ZHH9YAH>; Fri, 12 Apr 2002 10:33:07 -0400 Message-ID: <BFB44293CE13C9419B7AFE7CBC35B9390150A79E@sottmxs08.entrust.com> From: Carlisle Adams <carlisle.adams@entrust.com> To: "'Al Arsenault'" <awa1@comcast.net> Cc: Alfred Arsenault <AArsenault@diversinet.com>, ietf-pkix@imc.org Subject: RE: CMP Interoperability Question Date: Fri, 12 Apr 2002 10:33:06 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1E22E.F623F850" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1E22E.F623F850 Content-Type: text/plain Hi Al, > ---------- > From: Al Arsenault[SMTP:awa1@comcast.net] > Sent: Wednesday, April 10, 2002 7:52 AM > To: ietf-pkix@imc.org > Cc: Alfred Arsenault > Subject: CMP Interoperability Question > > The reason for asking this: we tend to believe that they private > signing key used to sign certificates and revocation information (CRLs, > OCSP responses) should ONLY be used for that purpose. The CA has a > separate key to use for secure communications, including signing CMP > responses. (I can't find anything in the spec - either RFC2510 or > son-of-2510 - that addresses this at all. My apologies if I just missed a > section.) The spec mentions the concept of a "protocol encryption key" and I was sure it also mentioned the concept of a "protocol signing key" somewhere, but I just took a look and I can't find it... In any case, there was never any assumption in our minds that the key used to sign CMP responses would be the same one as used to sign certificates, CRLs, etc.. I always thought in terms of a protocol signing key (whose public key was put into a certificate signed by the regular cert-signing key so that the EE would be able to trust it). As far as I am aware, this issue never came up during the CMP interop testing. In particular, we always used a separate key to sign CMP responses and were able to successfully interoperate with the other participants. Carlisle. ------_=_NextPart_001_01C1E22E.F623F850 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: CMP Interoperability Question</TITLE> </HEAD> <BODY> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">Hi = Al,</FONT> </P> <UL> <P><FONT SIZE=3D2 FACE=3D"MS Sans Serif">----------</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">From:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans Serif">Al = Arsenault[SMTP:awa1@comcast.net]</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Sent:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans Serif">Wednesday, April 10, 2002 7:52 = AM</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">To:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">ietf-pkix@imc.org</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Cc:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans Serif">Alfred = Arsenault</FONT> <BR><B><FONT SIZE=3D2 FACE=3D"MS Sans Serif">Subject:</FONT></B> = <FONT SIZE=3D2 FACE=3D"MS Sans = Serif">CMP Interoperability Question</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">=A0=A0=A0 The reason for asking this: = we tend to believe that they private signing key used to sign = certificates and revocation information (CRLs, OCSP responses) should = ONLY be used for that purpose.=A0 The CA has a separate key to use for = secure communications, including signing CMP responses. (I can't find = anything in the spec - either RFC2510 or son-of-2510 - that addresses = this at all. My apologies if I just missed a section.)</FONT></P> </UL> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman"> </FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">The spec = mentions the concept of a "protocol encryption key" and I was = sure it also mentioned the concept of a "protocol signing = key" somewhere, but I just took a look and I can't find = it...</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">In any = case, there was never any assumption in our minds that the key used to = sign CMP responses would be the same one as used to sign certificates, = CRLs, etc.. I always thought in terms of a protocol signing key = (whose public key was put into a certificate signed by the regular = cert-signing key so that the EE would be able to trust it).</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New Roman">As far as = I am aware, this issue never came up during the CMP interop = testing. In particular, we always used a separate key to sign CMP = responses and were able to successfully interoperate with the other = participants.</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Times New = Roman">Carlisle.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1E22E.F623F850-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3C7ui929771 for ietf-pkix-bks; Fri, 12 Apr 2002 00:56:44 -0700 (PDT) Received: from brot.celocom.de (brot.celocom.de [212.78.104.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3C7ugm29762 for <ietf-pkix@imc.org>; Fri, 12 Apr 2002 00:56:42 -0700 (PDT) Message-ID: <3CB6932C.6423723E@gemplus.com> Date: Fri, 12 Apr 2002 09:56:28 +0200 From: Bernd Matthes <bernd.matthes@gemplus.com> X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org Subject: Re: TSA Policy Identifiers References: <000001c1dfed$e2a28730$a600a8c0@seguridata.com> <3CB41741.F112A490@bull.net> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms2DE93B2AFEC64AB26D4E3685" X-Virus-Scanned: by AMaViS perl-11 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------ms2DE93B2AFEC64AB26D4E3685 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Denis Pinkas wrote: > > > Hi! Where can I find info on defined TSA Policy OIDs for TSP, rfc 3163? > ^^^^^^^^ > rfc 3161 > The URL is: > http://www.ietf.org/internet-drafts/draft-ietf-pkix-pr-tsa-00.txt > > Regards, > > Denis Hi Denis! In Section 7.3.1, g) NOTE2 I found: "NOTE 2: A protocol for a time-stamp token is defined in RFC 3631 and profiled in TS 101 861 [TS 101861]." Is this a typo? ---------^ with kind regards -- Bernd Matthes Gemplus mids GmbH -- Senior Software Engineer formerly Celo Communications GmbH Dipl.-Ing.(FH) R&D Center Germany -------------------------------------------------------------------- "Complexity breeds bugs. Bugs prevent adoption, lack of" \ "adoption results in death. Death not good." "Life sucks." --------------ms2DE93B2AFEC64AB26D4E3685 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIH6gYJKoZIhvcNAQcCoIIH2zCCB9cCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC Bb0wggKMMIIB9aADAgECAgMHA+kwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMjAzMTgxNzIxMzRaFw0wMzAzMTgxNzIxMzRa MEsxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxKDAmBgkqhkiG9w0BCQEWGWJl cm5kLm1hdHRoZXNAZ2VtcGx1cy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANLH Ug0UXihUAGRuILAJAZhyok9Oj2UG5HcQXVgAK8Q1MJOTs3XKzdimgxdKdl1C6GBj+XUDhyin 6EM0/nrgpIg+abWtjmz1U4XXOhmqDz7qLRP/wu/FZefkM/QRbgrBXZh/NTOr1m0sMThKGTgs ZCiwc6HebSh43HNgwE74QTHhAgMBAAGjNjA0MCQGA1UdEQQdMBuBGWJlcm5kLm1hdHRoZXNA Z2VtcGx1cy5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQDK4ZRCCCV5wytZ NmCxQfoGRljKsUxU4L5gztN0ni6ibvlDeDfg6A2+Hsv5JqhNq1EoujkRAKAry4jcSDY/pI+7 D4zhyMxx4eH+vEIGq3z1Jvukx9Tm/wKGyW504SKWCBo5LI0jMnfydBY7gQd1wyGlRuYDm77f mzOXD2VfcMy87jCCAykwggKSoAMCAQICAQwwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYT AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMg RGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAwMDBa Fw0wMjA4MjkyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBl MRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlm aWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAwLjgu MzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZgpcO 40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqdknWo J67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFpAgMB AAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzASBgNV HRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQBzG28mZYv/ FTRLWWKK7US+ScfoDbuPuQ1qJipihB+4h2N0HG23zxpTkUvhzeY42e1Q9DpsNJKs5pKcbsEj AcIJp+9LrnLdBmf1UG8uWLi2C8FQV7XsHNfvF7bViJu3ooga7TlbOX00/LaWGCVNavSdxcOR L6mWuAU8Uvzd6WIDSDGCAfUwggHxAgEBMIGaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsG A1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWls IFJTQSAyMDAwLjguMzACAwcD6TAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG 9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAyMDQxMjA3NTYzMlowIwYJKoZIhvcNAQkEMRYEFHOE KL32M/trEKoQ35mt0RmYyXwcMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI hvcNAwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqG SIb3DQEBAQUABIGAqcKIppHIiDWH/yCGG0QivAUMbDCD3oNFjh1/sYbr8ICn7OalwS8wa16a s5km8DQSxe+wiOVAPr/l14tSAgTVS0eP9IHvOue8KN8Lgat9F/MRBcDMB85gQTFV4uihCxwo fVZrE1y54EnmRYoGNb2BZkpL22T9gY5+46Mz1VkqCFw= --------------ms2DE93B2AFEC64AB26D4E3685-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3BH1TW10414 for ietf-pkix-bks; Thu, 11 Apr 2002 10:01:29 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3BH1Nm10408 for <ietf-pkix@imc.org>; Thu, 11 Apr 2002 10:01:23 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GUE00201XTVG1@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 11 Apr 2002 09:58:43 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GUE0021SXTUEU@ext-mail.valicert.com>; Thu, 11 Apr 2002 09:58:43 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <2VWBV6BB>; Thu, 11 Apr 2002 10:00:54 -0700 Content-return: allowed Date: Thu, 11 Apr 2002 10:00:53 -0700 From: Peter Williams <peterw@valicert.com> Subject: RE: Open issue: DPV relay To: "'Peter Sylvester '" <Peter.Sylvester@edelweb.fr> Cc: "'ietf-pkix@imc.org '" <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A5A3@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter. OCSP has always envisioned and practised a relying party authorizing an OCSP Responder: no CA/AA involvement is required and no certificate need be issued, in this case. Carry over this conformance requirement from OCSP to DPV: An OCSP client (which includes a client that is a DPV server) must potentially accept an OCSP response according to ALL the rules of 4.2.2.2. There are three cases: (1) (2) and (3). Lets remember, a relying party can operate its own DPV service for its own benefit. The relying party needs no authority from a CA to do so. The operator of a DPV server is not necessarily a TTP, and need have no relationship to the cert or CRL issuer, other than that of performing relying party obligations or (less stringent) user obligations according to the CP. -----Original Message----- From: Denis Pinkas To: Peter Sylvester Cc: ietf-pkix@imc.org Sent: 4/11/02 3:18 AM Subject: Re: Open issue: DPV relay > See the second point and also read 4.2.2.2 Which says: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. > Or: You may want a requirement that the DPV responder must ensure > that the OCSP responses are signed by a CA or an authorised responder > and not by some locally trusted OCSP responder in order to > be sure that an 'evidence verifier' finds trustworthy information. This is correct. However, it is not necesssary to add this requirement in the DPV requirements document since this requirement is already in section 4.2.2.2 from RFC 2560 (OCSP). > > > To make the simple case, if a DPV response is signed directly by the CA > > > (or by an authorised responder), you have the same situation. > > > > No. A CA can only assert information about what it is directly responsible. > So, the DPV response made by the CA just talks about the certificates > it has directly issued. No. Talking about the certificates that a DPV server may have issued does not make sense. Certificates are only issued by CAs, AFAIK. Once again, a DPV server MUST answer for one (or more) certificates and must verify an entire chain of certificates, whoever has issued them. A DPV server is *not* a CA. A DPV server can be *any* service provider. An organization running a CA may also run a DPV server, in the same way as an organization running a CA may also provide a Time-Stamping service. > > No CA is responsible for all the certifiactes from one path. An OCSP query > > is for ONE certificate, while a DPV query involves a CHAIN of certificates. > > The text says: > > The Delegated Path Validation (DPV) protocol allows a server to > validate one or more public key certificates according to a validation > policy. > > In order to validate a certificate, a chain of multiple certificates, > called a certification path, may be needed, comprising a certificate > of the public key owner (the end entity) signed by one CA, and zero or > more additional certificates of CAs signed by other CAs. > In the simple case of only one CA, an OCSP response signed by the CA > concerning the certificate in question does not say anything the > validity of the CA cert since when it was signed with the same key. > You thus just have on certificate. > In a case of one intermediate CA, the DPV response may for example > contain two OCSP responses, one signed by the intermediate CA > concerning the revocation status of the end user and another > concerning the statius of the intermediate CA signed by the > top CA. > If both CAs provide a DPV service instead of an OCSP service You mean "If the organisation hosting a CA also provides a DPV service ... " > in the same way, you have exactly the same situation except > that this is a positive status information. > > For example, the initial client asks for a combined status, > it asks his own trusted service, this server asks the intermediate > CA either to provide an OCSP status or a DPV status of the > cert in question and then asks the top CA to provide a status of > the intermediate CA's cert, and well, even three other OCSP > responders to provide statement that the top level > CA's cert is good. I believe that you have mis-understood one idea behind DPV. DPV verifies the whole path processing. A DPV status about one intermediate certificate of the chain does not make sense. The validation policy is not about that intermediate certificate but about a given certificate and a whole chain above it. Applying the validation policy on an intermediate certificate only does not make sense. > DPV would allow to combine the responses differently. > It can well be that the intermediate CA/DPV responder > itself asks for a DPV response from the top CA/DPV > and include this in his DPV response to the initial server. > > > > > There are no similarities. > "Ok, let's talk." > > > > I think that there must be a language problem somewhere because I > > > fail to see what *not* you are referring, i.e. to see where we are > > > in disagreement. I have not said that it is necessary for the client > > > to gather all information. I have said that the protocol must provide > > > a method to allow a client to ask and the server to respond with that > > > information. > > > > Maybe, since we possibly interpreted diffrently "what has contributed to the > > final decision". > > > > > > In case of a dispute, testing again the certificate validity, means that > > > > certificates, CRLs and OCSP responses must be available. Anything else is > > > > useless. > > > > > I think that this may be the core of our disagreement. > > > > > This is because you only accept that CA can create assertions about the > > > validity of their certificates using CRLs and OCSP. > > > > Correct. > > Unfortunately we may be both wrong. > > > > As soon as you would > > > admit that some new protocol or service is provided that enhances and in > > > particular replaces them, the statements obtained via that service are > > > necessary. > > > > > I would like to know what you would have said 5 years ago when only > > > CRLs existed. > > > > Basicaly the chain must be verified and no element fom the chain must be > > revoked. > > > > Five years ago this information was provided off-line, i.e. via CRLs. OCSP > > allows to obtain the same information on-line. Between on-line and off-line > > I currently see no other mechanism. > But you can have different protocols for these characteristics. Offline > you could use trees, online you can have DPV, No. On-line, to know the revocation status of a single certificate we only have OCSP. RFC 2560 states: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. Note that this is true as well for CRLs. Either the CA signs the CRL directly or designate another authority. RFC 2459 RECOMMENDS for the support of the CRL distribution points extension which then contains a cRLIssuer field. "If the certificate issuer is not the CRL issuer, then the cRLIssuer field MUST be present and contain the Name of the CRL issuer. If the certificate issuer is also the CRL issuer, then the cRLIssuer field MUST be omitted ..." > or other techniques like > timestamps over CRLs and OCSP responses to have a proof that the server > has provided the OCSPresp/CRL at a current date. Time-stamping is not needed to prove that the server has provided the OCSPresp/CRL at a current date. An OCSP response includes such a date. CRL checking uses thisUpdate and nextUpdate. Time-stamping may however be useful for other reasons. An informational RFC (i.e. RFC 3126 - Electronic Signature Formats for long term electronic signatures) does however indicate such a format in the context of a signature policy. Another format could be derived from it in the context of a validation policy. > > The basic question is whether first-hand information and second-hand > > information should be used. In case of a dispute, only first-hand > > information is useful (certificates and revocation status information from > > the CAs responsible for every certificate from the chain). DPV responses > > (i.e. the signed "yes" answers) are useless, unless the plaintiff and the > > defendant both trust the same DPV server. > OCSP responses may also be useless, unless the plaintiff and the > defendant both trust the same OCSP server. Wrong. RFC 2560 sates: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. In either of these cases, the plaintiff and the defendant cannot argue that the OCSP response is not valid (unless the OCSP responder has been revoked by the CA). They cannot argue that such responses are useless, or if they do, this argumentation will be rejected. I have made my best efforts to explain all the rational behind DPV responses, which are very different from OCSP responses. I have also made my best efforts to explain why in the general case a DPV response from a given server is not necessarilly trusted by all clients, and thus would be useless in front of a court. The security consideration section is very explicit on this issue: "A DPV client must trust a DPV server to provide the correct answer. However, this does not mean that all DPV clients will trust the same DPV servers. While a positive answer might be sufficient for one DPV client, that same positive answer will not necessarily convince another DPV client." Can we finally close this issue ? Denis > Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3BBl5024128 for ietf-pkix-bks; Thu, 11 Apr 2002 04:47:05 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3BBl4m24123 for <ietf-pkix@imc.org>; Thu, 11 Apr 2002 04:47:04 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3BBkQms034990; Thu, 11 Apr 2002 07:46:26 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g3BBkPp70986; Thu, 11 Apr 2002 07:46:25 -0400 Importance: Normal Sensitivity: Subject: Re: WG Last Call: Roadmap To: Al Arsenault <awa1@comcast.net> Cc: Denis Pinkas <Denis.Pinkas@bull.net>, ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF10CD0088.E3281CA9-ON85256B98.00407374@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Thu, 11 Apr 2002 07:46:17 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/11/2002 07:46:25 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Al: Your argument against updating the terminology is pretty convincing. We should probably provide a note that the term "trust anchor" is normally used with roughly the same meaning as "root CA" in this document. The term is fairly commonly used, and unambiguous. Tom Gindin Al Arsenault <awa1@comcast.net> on 04/10/2002 01:28:43 PM To: Tom Gindin/Watson/IBM@IBMUS, Denis Pinkas <Denis.Pinkas@bull.net> cc: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap Tom, Going back to how that discussion got started lo those many years ago, the problem was that different PKIX documents used the term "root CA" to mean different things. Most of them used it to mean "trust anchor" or some similar thing; i.e., "this is the CA that you base all of your trust on as an RP" (and yes, in a large complex PKI system there might be more than one of these); a few used it as a synonym for "top CA"; i.e., the thing at the top of a hierarchy. After much discussion on this list, the terms as they now appear in the Roadmap document were agreed to (okay, it was pretty darned rough consensus, but it was as good as we were gonna get at that time). This made the Roadmap pretty consistent with other PKIX documents, and I think "best efforts" were made to bring the usage in the other documents into line over the years. So I'd be really hestitant to change the terminology in the Roadmap now - it'd just bring up the same old issue again, and cause the roadmap to be inconsistent with (almost) all of the other PKIX documents - which is not something I'd want. Thanks, Al Arsenault ----- Original Message ----- From: "Tom Gindin" <tgindin@us.ibm.com> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Sent: Wednesday, April 10, 2002 10:41 AM Subject: Re: WG Last Call: Roadmap > > > It is obviously important that this document get finalized fairly > soon. The only question we have outstanding is whether "root CA" as > defined would be better replaced by "anchor CA" or "trust anchor". This > should not block the document for more than a day or two, but I think it > worthwhile to find out what you think the difference is. The term "root > CA" as "root of trust" has caused some confusion in these discussions, and > if there's a better term which is in fairly common use (as "anchor" is) we > should use it. If there's a real difference, we should keep "root CA". In > case it's not obvious, the term "anchor CA" means "a trust anchor which is > a CA" - which assumes that trust anchors could be defined in such a way > that they might be EE's or even AA's. > > Tom Gindin > > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/09/2002 12:00:26 PM > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > > Tom, > > > Denis: > > > > Should we really standardize on the term "root CA" rather than > "trust > > anchor" or "anchor CA"? > > I do not care, but I care for this document to be sent to the IESG soon. So > the sooner we may find a compromise, the better. Maybe the quickest way > is to try to suppress the sentences that create problems. We should > focuss on text replacement proposals. > > > "Trust anchor" has never been used to mean anything other than an entity > directly trusted by the RP, AFAIK. > > Not exactly. Read this sentence again. However, I would like to resist to > start a new discusion now on trust anchors. > > > I have other comments below. > > > > Tom Gindin > > > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/08/2002 12:32:41 PM > > > > To: Tom Gindin/Watson/IBM@IBMUS > > cc: ietf-pkix@imc.org > > Subject: Re: WG Last Call: Roadmap > > > > Tom, > > > > I have not forgotten this message, but I gave priority to the DPV thread. > > > > > Responses below. > > > > > The issue of who specifies the verifier's policy is > > > rather serious. If the policy to be used is expected to be the same as > > RFC > > > 3126's SignaturePolicy, we need to specify a step in which the verifier > > has > > > the right to reject such a policy or to consider it inapplicable to the > > > verifier's own current context. > > > > This is true. However, the text does not go at that level of detail: > > > > "Another model considers a set of rules that apply to an application > > context. Every application context may have a different set of rules. > > When choosing to use certificates in the context of that application, > > the EE selects the set of rules for that context. In a set of rules, > > one or more Top CAs may be trusted, each one may be associated with > > different constraints, like the certificate policies that are trusted > > or the naming constraints that apply. These constrains may be specified > > either in self-signed certificates or in addition to self-signed > > certificates when they do not incorporate these constraints. This set > > of rules is called a validation policy (when validating a certificate) > > or a signature policy (when validating a digital signature)." > > > > I do not think it is necesary to state it. If you think so, please > provide > > a text and a placement for that text. > > > > [TG] My biggest problem is the use of the term "signature policy", which > > you have elsewhere defined as something defined and signed by the signer > of > > the document. > > There is a misunderstanding. A signer may provide the *reference* of the > signature policy that he agrees to use when signing. In order to prevent > someone else to change that reference, it is protected by the signer's > signature. So in that case the verifier has first to see whether the > signature policy used by the signer is appropriate for his application > context. If it is the case, then it uses it, otherwise this is the end of > the story. > > [TG] He mainly needs to check whether it's an approved signature policy by > his personal or organizational criteria. > > > In the paragraph above, I would replace the term "Top CAs" > > by "root CA's", > > No problem. > > > and I would also call the sets of rules in the last > > sentence a "certificate validation policy" and a "signature validation > > policy". I would then add the following statement: "Neither of these > > policies is considered to be the same as either a CertificatePolicy as > > defined in RFC 2459 or a SignaturePolicy as defined in RFC 3126." > > I would simply propose to delete the following sentence: > > "This set of rules is called a validation policy (when validating a > certificate) or a signature policy (when validating a digital signature)" > not because it is wrong, but because I would like this document to proceed. > > This would lead to the following text: > > "Another model considers a set of rules that apply to an application > context. Every application context may have a different set of rules. > When choosing to use certificates in the context of that application, > the EE selects the set of rules for that context. In a set of rules, > one or more root CAs may be trusted, each one may be associated with > different constraints, like the certificate policies that are trusted > or the naming constraints that apply. These constrains may be specified > either in self-signed certificates or in addition to self-signed > certificates when they do not incorporate these constraints." > > Can you live with it ? > > [TG] Sure. > > > > To: Tom Gindin/Watson/IBM@IBMUS > > > cc: ietf-pkix@imc.org > > > Subject: Re: WG Last Call: Roadmap > > > > > > Tom, > > > > > > > I have a few issues with this, and some corrections as well. > > > > > > > In comment 12, I have two issues. The first one, which is > minor, > > > is > > > > that "one or more Top CA's may be trusted" should refer to root CA's > > > > instead - the two terms mean the same thing more often than not, but > > when > > > > they differ the trust point is the root rather than the top. > > > > > > PKIX-1 states: > > > > > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > > > > > Note: This is often also called a "Root CA," since in data > structures > > > terms and in graph theory, the node at the top of a tree is the > > > "root." However, to minimize confusion in this document, we elect to > > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > > trusted by the EE." > > > > > > The problem lies with the last sentence, i.e. "*the* CA directly > trusted > > by > > > the EE.". The singular is being used which means that there is a single > > > one, multiple roots are not permitted, while multiple Top-CAs are > > > permitted. > > > > > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly > trusted" > > > in either RFC 2459 or in draft 12 of new-pkix-1. > > > > Sorry for the confusion: it is in the roadmap document, not PKIX-1. > > > > The current text in the roadmap is: > > > > " - Root CA - A CA that is directly trusted by an EE; that is, > > securely acquiring the value of a Root CA public key requires > > some out-of-band step(s). This term is not meant to imply that a > > Root CA is necessarily at the top of any hierarchy, simply that > > the CA in question is trusted directly. > > > > (...) > > > > Note: This is often also called a "Root CA," since in data structures > > terms and in graph theory, the node at the top of a tree is the > > "root." However, to minimize confusion in this document, we elect to > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > trusted by the EE. Readers new to PKIX should be aware that these > > terms are not used consistently throughout the PKIX documents, as the > > Internet PKI profile [2459bis] uses "Root CA" to refer to what this > > and other documents call a "Top CA," and "most-trusted CA" to refer > > to what this and other documents call a "Root CA." > > > > There is no problem with PKIX-1 but a problem with the roadmap document. > > PKIX-1 does not use the term "root CA", and thus it is wrong to say in > > the roadmap that "these terms are not used consistently throughout the > > PKIX documents". > > > > I would thus propose to change the note in the following way: > > > > Note: Since in data structures terms and in graph theory, the node > > at the top of a tree is the "root", the term "root CA" is sometimes > > used. This term is not meant to imply that a Root CA is necessarily > > at the top of any hierarchy, simply that the CA in question is trusted > > directly. > > > > [TG] As I stated at the beginning, I don't know why we should standardize > > on the term "root CA" rather than "trust anchor" or "anchor CA". Those > > terms cannot be mistaken for what is defined here as a "Top CA". BTW, I > > approve of that coinage. > > We do use "root CA", so I see no harm to use that vocabulary. This is no > attempt to standardize this term here. Originally my single concern what > that the text was talking about *one* root CA whereas there can be > multiple. > This was my ONLY concern. This is now fixed. We should close this issue > ASAP. > > Denis > > > Then, on page 14, change: > > > > Additionally, once the Root CA ... > > > > with > > > > Additionally, once a Root CA ... > > > > on pages 29 and 30, change: > > > > (e.g., the DVCS's CA, or the Root CA in a > > hierarchy) > > > > with > > > > (e.g., the DVCS's CA, or a Root CA) > > > > Regards, > > > > Denis > > > > (snip) > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3BBLCX23022 for ietf-pkix-bks; Thu, 11 Apr 2002 04:21:12 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3BBLAm23018 for <ietf-pkix@imc.org>; Thu, 11 Apr 2002 04:21:10 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3BBL5ms313408; Thu, 11 Apr 2002 07:21:05 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g3BBL3p31262; Thu, 11 Apr 2002 07:21:04 -0400 Importance: Normal Sensitivity: Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt To: "Housley, Russ" <rhousley@rsasecurity.com> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OFA53E7AEF.F4D33908-ON85256B96.0073D849@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Wed, 10 Apr 2002 12:35:16 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/11/2002 07:21:04 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ: Most of the following concerns the data structures of the current draft and of my last posting. First, should the URI really be optional in cases where the binary component is a hash? What good is the logotype field with a hash but no way to reference the image? Second, I have reviewed draft-ietf-idn-uri-01.txt (by Martin Duerst) and it recommends that internationalized URI strings be converted to UTF-8 but then escaped using %HH, so UTF8String is unnecessary. Therefore, we should simplify VerifiedReference as follows: VerifiedReference ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, dataHash OCTET STRING, uri IA5String, } On a different topic, smart cards and other tokens have the least space of any place certificates are likely to be put, so if in-line logotypes are OK there they're OK anywhere. Tom Gindin "Housley, Russ" <rhousley@rsasecurity.com> on 04/08/2002 01:17:11 PM To: Tom Gindin/Watson/IBM@IBMUS cc: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt Tom: >The following is just a personal opinion, but one based on fairly >well-understood trends. I don't think that in-line logotypes are CURRENTLY >worth the space that they'd take up on a smart card, but I would guess that >they will be in two more smart-card generations and perhaps only one. >Given the amount of time between standard proposal and deployment, it's not >premature to standardize it. I tend to agree with your assessment of storage on smart cards. Today, all of the certificates stored on one smart card are likely to be associated with one community. Therefore, a logo will like appear on the smart card itself. Of course, there are other places that certificates and private keys are stored.... > However, I also have a question about the current data structure. >First, why is the URI optional (assuming that the only binary value is the >digest, as at present)? Second, why would we not permit in-line logotypes >(in which case the URI is suppressed)? This would require some edits to >LogotypeData, but nothing very difficult. One possibility would be: > LogotypeData ::= SEQUENCE { > typeOfLogotype TypeOfLogotype, > hashAlgorithm AlgorithmIdentifier, -- might be OPTIONAL, >it's not meaningful for GIF's > CHOICE { > logotypeDataHash OCTET STRING, > gif [0] IMPLICIT OCTET STRING > }, > logotypeDataUri IA5String OPTIONAL } > > Another would be: > LogotypeData ::= SEQUENCE { > typeOfLogotype TypeOfLogotype, > CHOICE { > logotypeReference VerifiedReference, > gif OCTET STRING > } > } > VerifiedReference ::= SEQUENCE { > hashAlgorithm AlgorithmIdentifier, > dataHash OCTET STRING, > CHOICE { > uri IA5String, > intlUri UTF8String } > } > > > IMO VerifiedReference is a generally useful type, so its names do not >contain reference to logotypes. My understanding of COMPONENTS OF, which >may be faulty, is that defining LogotypeData using COMPONENTS OF >VerifiedReference as an element of a CHOICE would not produce a useful >result because each of the elements of VerifiedReference would show up in >the CHOICE rather than merely hashAlgorithm going into the CHOICE with the >other fields added to LogotypeData's SEQUENCE. We are in the final steps of an updated I-D. It addresses some of these issues, but not all. Is there a reference for UTF8String URI? Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3BAIxO18315 for ietf-pkix-bks; Thu, 11 Apr 2002 03:18:59 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3BAIvm18311 for <ietf-pkix@imc.org>; Thu, 11 Apr 2002 03:18:57 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA16466; Thu, 11 Apr 2002 12:21:30 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041112182382:53 ; Thu, 11 Apr 2002 12:18:23 +0200 Message-ID: <3CB562EE.550AD51B@bull.net> Date: Thu, 11 Apr 2002 12:18:22 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204101839.UAA06783@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 11/04/2002 12:18:24, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 11/04/2002 12:18:55, Serialize complete at 11/04/2002 12:18:55 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > > In OCSP, you have that either the response is signed by the same entity that > > > signed the certificate or by an OCSP entity which has a certificate directly > > > signed by the CA in question with some extended key usage. > > > > True. > > Well, maybe not, I was just made aware that I have forgotten that OCSP says: > > All definitive response messages SHALL be digitally signed. The key > used to sign the response MUST belong to one of the following: > > -- the CA who issued the certificate in question > -- a Trusted Responder whose public key is trusted by the requester > -- a CA Designated Responder (Authorized Responder) who holds a > specially marked certificate issued directly by the CA, indicating > that the responder may issue OCSP responses for that CA > > See the second point and also read 4.2.2.2 Which says: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. > Or: You may want a requirement that the DPV responder must ensure > that the OCSP responses are signed by a CA or an authorised responder > and not by some locally trusted OCSP responder in order to > be sure that an 'evidence verifier' finds trustworthy information. This is correct. However, it is not necesssary to add this requirement in the DPV requirements document since this requirement is already in section 4.2.2.2 from RFC 2560 (OCSP). > > > To make the simple case, if a DPV response is signed directly by the CA > > > (or by an authorised responder), you have the same situation. > > > > No. A CA can only assert information about what it is directly responsible. > So, the DPV response made by the CA just talks about the certificates > it has directly issued. No. Talking about the certificates that a DPV server may have issued does not make sense. Certificates are only issued by CAs, AFAIK. Once again, a DPV server MUST answer for one (or more) certificates and must verify an entire chain of certificates, whoever has issued them. A DPV server is *not* a CA. A DPV server can be *any* service provider. An organization running a CA may also run a DPV server, in the same way as an organization running a CA may also provide a Time-Stamping service. > > No CA is responsible for all the certifiactes from one path. An OCSP query > > is for ONE certificate, while a DPV query involves a CHAIN of certificates. > > The text says: > > The Delegated Path Validation (DPV) protocol allows a server to > validate one or more public key certificates according to a validation > policy. > > In order to validate a certificate, a chain of multiple certificates, > called a certification path, may be needed, comprising a certificate > of the public key owner (the end entity) signed by one CA, and zero or > more additional certificates of CAs signed by other CAs. > In the simple case of only one CA, an OCSP response signed by the CA > concerning the certificate in question does not say anything the > validity of the CA cert since when it was signed with the same key. > You thus just have on certificate. > In a case of one intermediate CA, the DPV response may for example > contain two OCSP responses, one signed by the intermediate CA > concerning the revocation status of the end user and another > concerning the statius of the intermediate CA signed by the > top CA. > If both CAs provide a DPV service instead of an OCSP service You mean "If the organisation hosting a CA also provides a DPV service ... " > in the same way, you have exactly the same situation except > that this is a positive status information. > > For example, the initial client asks for a combined status, > it asks his own trusted service, this server asks the intermediate > CA either to provide an OCSP status or a DPV status of the > cert in question and then asks the top CA to provide a status of > the intermediate CA's cert, and well, even three other OCSP > responders to provide statement that the top level > CA's cert is good. I believe that you have mis-understood one idea behind DPV. DPV verifies the whole path processing. A DPV status about one intermediate certificate of the chain does not make sense. The validation policy is not about that intermediate certificate but about a given certificate and a whole chain above it. Applying the validation policy on an intermediate certificate only does not make sense. > DPV would allow to combine the responses differently. > It can well be that the intermediate CA/DPV responder > itself asks for a DPV response from the top CA/DPV > and include this in his DPV response to the initial server. > > > > > There are no similarities. > "Ok, let's talk." > > > > I think that there must be a language problem somewhere because I > > > fail to see what *not* you are referring, i.e. to see where we are > > > in disagreement. I have not said that it is necessary for the client > > > to gather all information. I have said that the protocol must provide > > > a method to allow a client to ask and the server to respond with that > > > information. > > > > Maybe, since we possibly interpreted diffrently "what has contributed to the > > final decision". > > > > > > In case of a dispute, testing again the certificate validity, means that > > > > certificates, CRLs and OCSP responses must be available. Anything else is > > > > useless. > > > > > I think that this may be the core of our disagreement. > > > > > This is because you only accept that CA can create assertions about the > > > validity of their certificates using CRLs and OCSP. > > > > Correct. > > Unfortunately we may be both wrong. > > > > As soon as you would > > > admit that some new protocol or service is provided that enhances and in > > > particular replaces them, the statements obtained via that service are > > > necessary. > > > > > I would like to know what you would have said 5 years ago when only > > > CRLs existed. > > > > Basicaly the chain must be verified and no element fom the chain must be > > revoked. > > > > Five years ago this information was provided off-line, i.e. via CRLs. OCSP > > allows to obtain the same information on-line. Between on-line and off-line > > I currently see no other mechanism. > But you can have different protocols for these characteristics. Offline > you could use trees, online you can have DPV, No. On-line, to know the revocation status of a single certificate we only have OCSP. RFC 2560 states: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. Note that this is true as well for CRLs. Either the CA signs the CRL directly or designate another authority. RFC 2459 RECOMMENDS for the support of the CRL distribution points extension which then contains a cRLIssuer field. "If the certificate issuer is not the CRL issuer, then the cRLIssuer field MUST be present and contain the Name of the CRL issuer. If the certificate issuer is also the CRL issuer, then the cRLIssuer field MUST be omitted ..." > or other techniques like > timestamps over CRLs and OCSP responses to have a proof that the server > has provided the OCSPresp/CRL at a current date. Time-stamping is not needed to prove that the server has provided the OCSPresp/CRL at a current date. An OCSP response includes such a date. CRL checking uses thisUpdate and nextUpdate. Time-stamping may however be useful for other reasons. An informational RFC (i.e. RFC 3126 - Electronic Signature Formats for long term electronic signatures) does however indicate such a format in the context of a signature policy. Another format could be derived from it in the context of a validation policy. > > The basic question is whether first-hand information and second-hand > > information should be used. In case of a dispute, only first-hand > > information is useful (certificates and revocation status information from > > the CAs responsible for every certificate from the chain). DPV responses > > (i.e. the signed "yes" answers) are useless, unless the plaintiff and the > > defendant both trust the same DPV server. > OCSP responses may also be useless, unless the plaintiff and the > defendant both trust the same OCSP server. Wrong. RFC 2560 sates: It is necessary however to ensure that the entity signing this information is authorized to do so. Therefore, a certificate's issuer MUST either sign the OCSP responses itself or it MUST explicitly designate this authority to another entity. In either of these cases, the plaintiff and the defendant cannot argue that the OCSP response is not valid (unless the OCSP responder has been revoked by the CA). They cannot argue that such responses are useless, or if they do, this argumentation will be rejected. I have made my best efforts to explain all the rational behind DPV responses, which are very different from OCSP responses. I have also made my best efforts to explain why in the general case a DPV response from a given server is not necessarilly trusted by all clients, and thus would be useless in front of a court. The security consideration section is very explicit on this issue: "A DPV client must trust a DPV server to provide the correct answer. However, this does not mean that all DPV clients will trust the same DPV servers. While a positive answer might be sufficient for one DPV client, that same positive answer will not necessarily convince another DPV client." Can we finally close this issue ? Denis > Peter Received: by above.proper.com (8.11.6/8.11.3) id g3AL8LA23249 for ietf-pkix-bks; Wed, 10 Apr 2002 14:08:21 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AL8Km23245 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 14:08:20 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3AL8KsB001059 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 14:08:20 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: <ietf-pkix@imc.org> Subject: Two more nits re: DPV/DPD rqmts Date: Wed, 10 Apr 2002 14:05:33 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDOEJDCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-reply-to: <5.1.0.14.2.20020404095641.02e7f538@exna07.securitydynamics.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, Denis: Section 4, Delegated Path Validation Protocol Requirements begins with: "The Delegated Path Validation (DPV) protocol allows . . ." Similarly, Section 5 Delegated Path Discovery Protocol Requirements begins with: "The Delegated Path Discovery (DPD) protocol allows . . ." Since we're defining requirements and not protocols in this I-D, you may wish to consider amending both these phrases towards something along the lines of "DPV protocols allow . . ." and "DPD protocols allow . . ." respectively. Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AKtIe22762 for ietf-pkix-bks; Wed, 10 Apr 2002 13:55:18 -0700 (PDT) Received: from mail.coastside.net (mail.coastside.net [207.213.212.6]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AKtGm22758 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 13:55:16 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3AKt8sB029515; Wed, 10 Apr 2002 13:55:09 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: "Peter Sylvester" <Peter.Sylvester@edelweb.fr>, <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Subject: RE: Open issue: DPV relay Date: Wed, 10 Apr 2002 13:52:22 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDIEJDCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-reply-to: <200204101839.UAA06783@emeriau.edelweb.fr> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Maybe this is well understood but FWIW take care in reading 4.2.2.2 of RFC 2560. In part, we wrote "Therefore, a certificate's issuer MUST either sign the OCSP responses itself or . . ." The intent with this particular wording its related text "The key that signs a certificate's status information need not be the same key that signed the certificate." was to enable a differentiation between the identity of an abstract entity and the key or keys that entity uses to assert its identity in various circumstances. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of > Peter Sylvester > Sent: Wednesday, April 10, 2002 11:40 AM > To: Denis.Pinkas@bull.net > Cc: ietf-pkix@imc.org > Subject: Re: Open issue: DPV relay > > > > > > > > In OCSP, you have that either the response is > signed by the same entity that > > > signed the certificate or by an OCSP entity which > has a certificate directly > > > signed by the CA in question with some extended key usage. > > > > True. > > Well, maybe not, I was just made aware that I have > forgotten that OCSP says: > > All definitive response messages SHALL be > digitally signed. The key > used to sign the response MUST belong to one of > the following: > > -- the CA who issued the certificate in question > -- a Trusted Responder whose public key is trusted > by the requester > -- a CA Designated Responder (Authorized > Responder) who holds a > specially marked certificate issued directly by > the CA, indicating > that the responder may issue OCSP responses for that CA > > See the second point and also read 4.2.2.2 > > Or: You may want a requirement that the DPV responder > must ensure > that the OCSP responses are signed by a CA or an > authorised responder > and not by some locally trusted OCSP responder in order to > be sure that an 'evidence verifier' finds trustworthy > information. > > > > > > To make the simple case, if a DPV response is > signed directly by the CA > > > (or by an authorised responder), you have the > same situation. > > > > No. A CA can only assert information about what it > is directly responsible. > So, the DPV response made by the CA just talks about > the certificates > it has directly issued. > > > No CA is responsible for all the certifiactes from > one path. An OCSP query > > is for ONE certificate, while a DPV query involves > a CHAIN of certificates. > > The text says: > > The Delegated Path Validation (DPV) protocol > allows a server to > validate one or more public key certificates > according to a validation > policy. > > In order to validate a certificate, a chain of > multiple certificates, > called a certification path, may be needed, > comprising a certificate > of the public key owner (the end entity) signed by > one CA, and zero or > more additional certificates of CAs signed by other CAs. > > In the simple case of only one CA, an OCSP response > signed by the CA > concerning the certificate in question does not say > anything the > validity of the CA cert since when it was signed with > the same key. > You thus just have on certificate. > > In a case of one intermediate CA, the DPV response > may for example > contain two OCSP responses, one signed by the intermediate CA > concerning the revocation status of the end user and another > concerning the statius of the intermediate CA signed by the > top CA. > > If both CAs provide a DPV service instead of an OCSP service > in the same way, you have exactly the same situation except > that this is a positive status information. > > For example, the initial client asks for a combined status, > it asks his own trusted service, this server asks the > intermediate > CA either to provide an OCSP status or a DPV status of the > cert in question and then asks the top CA to provide > a status of > the intermediate CA's cert, and well, even three other OCSP > responders to provide statement that the top level > CA's cert is good. > > DPV would allow to combine the responses differently. > It can well be that the intermediate CA/DPV responder > itself asks for a DPV response from the top CA/DPV > and include this in his DPV response to the initial server. > > > > > There are no similarities. > "Ok, let's talk." > > > > I think that there must be a language problem > somewhere because I > > > fail to see what *not* you are referring, i.e. to > see where we are > > > in disagreement. I have not said that it is > necessary for the client > > > to gather all information. I have said that the > protocol must provide > > > a method to allow a client to ask and the server > to respond with that > > > information. > > > > Maybe, since we possibly interpreted diffrently > "what has contributed to the > > final decision". > > > > > > In case of a dispute, testing again the > certificate validity, means that > > > > certificates, CRLs and OCSP responses must be > available. Anything else is > > > > useless. > > > > > I think that this may be the core of our disagreement. > > > > > This is because you only accept that CA can > create assertions about the > > > validity of their certificates using CRLs and OCSP. > > > > Correct. > > Unfortunately we may be both wrong. > > > > As soon as you would > > > admit that some new protocol or service is > provided that enhances and in > > > particular replaces them, the statements obtained > via that service are > > > necessary. > > > > > I would like to know what you would have said 5 > years ago when only > > > CRLs existed. > > > > Basicaly the chain must be verified and no element > fom the chain must be > > revoked. > > > > Five years ago this information was provided > off-line, i.e. via CRLs. OCSP > > allows to obtain the same information on-line. > Between on-line and off-line > > I currently see no other mechanism. > > But you can have different protocols for these > characteristics. Offline > you could use trees, online you can have DPV, or > other techniques like > timestamps over CRLs and OCSP responses to have a > proof that the server > has provided the OCSPresp/CRL at a current date. > > > The basic question is whether first-hand > information and second-hand > > information should be used. In case of a dispute, > only first-hand > > information is useful (certificates and revocation > status information from > > the CAs responsible for every certificate from the > chain). DPV responses > > (i.e. the signed "yes" answers) are useless, unless > the plaintiff and the > > defendant both trust the same DPV server. > > OCSP responses may also be useless, unless the > plaintiff and the > defendant both trust the same OCSP server. > > Peter > > > > > Received: by above.proper.com (8.11.6/8.11.3) id g3AIjHO14077 for ietf-pkix-bks; Wed, 10 Apr 2002 11:45:17 -0700 (PDT) Received: from poseidon.coastside.net (poseidon.coastside.net [207.213.212.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AIjFm14073 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 11:45:15 -0700 (PDT) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g3AIj1q3012171; Wed, 10 Apr 2002 11:45:01 -0700 (PDT) From: "Michael Myers" <myers@coastside.net> To: <ietf-pkix@imc.org>, "Denis Pinkas" <Denis.Pinkas@bull.net>, "Peter Sylvester" <Peter.Sylvester@edelweb.fr> Subject: RE: Open issue: DPV relay Date: Wed, 10 Apr 2002 11:42:16 -0700 Message-ID: <EOEGJNFMMIBDKGFONJJDMEINCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-reply-to: <3CB45D22.4AAB8871@bull.net> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, Once the requirements settle down, we intend to update the OCSPv2 I-D accordingly for the WG's consideration. It made no sense to produce incremental I-Ds until then. Now that we're about a year into the rqmts, I suspect we're near closure on that issue. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Denis Pinkas > > > There is no more a standing OCSP-v2 proposal today. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AIdkm13797 for ietf-pkix-bks; Wed, 10 Apr 2002 11:39:46 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AIdim13790 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 11:39:44 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id UAA07680; Wed, 10 Apr 2002 20:39:44 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 10 Apr 2002 20:39:44 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id UAA08050; Wed, 10 Apr 2002 20:39:43 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id UAA06783; Wed, 10 Apr 2002 20:39:43 +0200 (MET DST) Date: Wed, 10 Apr 2002 20:39:43 +0200 (MET DST) Message-Id: <200204101839.UAA06783@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > In OCSP, you have that either the response is signed by the same entity that > > signed the certificate or by an OCSP entity which has a certificate directly > > signed by the CA in question with some extended key usage. > > True. Well, maybe not, I was just made aware that I have forgotten that OCSP says: All definitive response messages SHALL be digitally signed. The key used to sign the response MUST belong to one of the following: -- the CA who issued the certificate in question -- a Trusted Responder whose public key is trusted by the requester -- a CA Designated Responder (Authorized Responder) who holds a specially marked certificate issued directly by the CA, indicating that the responder may issue OCSP responses for that CA See the second point and also read 4.2.2.2 Or: You may want a requirement that the DPV responder must ensure that the OCSP responses are signed by a CA or an authorised responder and not by some locally trusted OCSP responder in order to be sure that an 'evidence verifier' finds trustworthy information. > > > To make the simple case, if a DPV response is signed directly by the CA > > (or by an authorised responder), you have the same situation. > > No. A CA can only assert information about what it is directly responsible. So, the DPV response made by the CA just talks about the certificates it has directly issued. > No CA is responsible for all the certifiactes from one path. An OCSP query > is for ONE certificate, while a DPV query involves a CHAIN of certificates. The text says: The Delegated Path Validation (DPV) protocol allows a server to validate one or more public key certificates according to a validation policy. In order to validate a certificate, a chain of multiple certificates, called a certification path, may be needed, comprising a certificate of the public key owner (the end entity) signed by one CA, and zero or more additional certificates of CAs signed by other CAs. In the simple case of only one CA, an OCSP response signed by the CA concerning the certificate in question does not say anything the validity of the CA cert since when it was signed with the same key. You thus just have on certificate. In a case of one intermediate CA, the DPV response may for example contain two OCSP responses, one signed by the intermediate CA concerning the revocation status of the end user and another concerning the statius of the intermediate CA signed by the top CA. If both CAs provide a DPV service instead of an OCSP service in the same way, you have exactly the same situation except that this is a positive status information. For example, the initial client asks for a combined status, it asks his own trusted service, this server asks the intermediate CA either to provide an OCSP status or a DPV status of the cert in question and then asks the top CA to provide a status of the intermediate CA's cert, and well, even three other OCSP responders to provide statement that the top level CA's cert is good. DPV would allow to combine the responses differently. It can well be that the intermediate CA/DPV responder itself asks for a DPV response from the top CA/DPV and include this in his DPV response to the initial server. > > There are no similarities. "Ok, let's talk." > > I think that there must be a language problem somewhere because I > > fail to see what *not* you are referring, i.e. to see where we are > > in disagreement. I have not said that it is necessary for the client > > to gather all information. I have said that the protocol must provide > > a method to allow a client to ask and the server to respond with that > > information. > > Maybe, since we possibly interpreted diffrently "what has contributed to the > final decision". > > > > In case of a dispute, testing again the certificate validity, means that > > > certificates, CRLs and OCSP responses must be available. Anything else is > > > useless. > > > I think that this may be the core of our disagreement. > > > This is because you only accept that CA can create assertions about the > > validity of their certificates using CRLs and OCSP. > > Correct. Unfortunately we may be both wrong. > > As soon as you would > > admit that some new protocol or service is provided that enhances and in > > particular replaces them, the statements obtained via that service are > > necessary. > > > I would like to know what you would have said 5 years ago when only > > CRLs existed. > > Basicaly the chain must be verified and no element fom the chain must be > revoked. > > Five years ago this information was provided off-line, i.e. via CRLs. OCSP > allows to obtain the same information on-line. Between on-line and off-line > I currently see no other mechanism. But you can have different protocols for these characteristics. Offline you could use trees, online you can have DPV, or other techniques like timestamps over CRLs and OCSP responses to have a proof that the server has provided the OCSPresp/CRL at a current date. > The basic question is whether first-hand information and second-hand > information should be used. In case of a dispute, only first-hand > information is useful (certificates and revocation status information from > the CAs responsible for every certificate from the chain). DPV responses > (i.e. the signed "yes" answers) are useless, unless the plaintiff and the > defendant both trust the same DPV server. OCSP responses may also be useless, unless the plaintiff and the defendant both trust the same OCSP server. Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AHT0u08746 for ietf-pkix-bks; Wed, 10 Apr 2002 10:29:00 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AHT0m08741 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 10:29:00 -0700 (PDT) Received: from SJOSEPH (pcp237514pcs.elictc01.md.comcast.net [68.55.160.145]) by mtaout01.icomcast.net (iPlanet Messaging Server 5.1 (built Feb 6 2002)) with SMTP id <0GUD00LK44K8LQ@mtaout01.icomcast.net> for ietf-pkix@imc.org; Wed, 10 Apr 2002 13:28:57 -0400 (EDT) Date: Wed, 10 Apr 2002 13:28:43 -0400 From: Al Arsenault <awa1@comcast.net> Subject: Re: WG Last Call: Roadmap To: Tom Gindin <tgindin@us.ibm.com>, Denis Pinkas <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org Message-id: <002a01c1e0b5$2a48c8c0$6401a8c0@SJOSEPH> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: <OF233C39DB.1BECB197-ON85256B97.005015E9@pok.ibm.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, Going back to how that discussion got started lo those many years ago, the problem was that different PKIX documents used the term "root CA" to mean different things. Most of them used it to mean "trust anchor" or some similar thing; i.e., "this is the CA that you base all of your trust on as an RP" (and yes, in a large complex PKI system there might be more than one of these); a few used it as a synonym for "top CA"; i.e., the thing at the top of a hierarchy. After much discussion on this list, the terms as they now appear in the Roadmap document were agreed to (okay, it was pretty darned rough consensus, but it was as good as we were gonna get at that time). This made the Roadmap pretty consistent with other PKIX documents, and I think "best efforts" were made to bring the usage in the other documents into line over the years. So I'd be really hestitant to change the terminology in the Roadmap now - it'd just bring up the same old issue again, and cause the roadmap to be inconsistent with (almost) all of the other PKIX documents - which is not something I'd want. Thanks, Al Arsenault ----- Original Message ----- From: "Tom Gindin" <tgindin@us.ibm.com> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Sent: Wednesday, April 10, 2002 10:41 AM Subject: Re: WG Last Call: Roadmap > > > It is obviously important that this document get finalized fairly > soon. The only question we have outstanding is whether "root CA" as > defined would be better replaced by "anchor CA" or "trust anchor". This > should not block the document for more than a day or two, but I think it > worthwhile to find out what you think the difference is. The term "root > CA" as "root of trust" has caused some confusion in these discussions, and > if there's a better term which is in fairly common use (as "anchor" is) we > should use it. If there's a real difference, we should keep "root CA". In > case it's not obvious, the term "anchor CA" means "a trust anchor which is > a CA" - which assumes that trust anchors could be defined in such a way > that they might be EE's or even AA's. > > Tom Gindin > > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/09/2002 12:00:26 PM > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > > Tom, > > > Denis: > > > > Should we really standardize on the term "root CA" rather than > "trust > > anchor" or "anchor CA"? > > I do not care, but I care for this document to be sent to the IESG soon. So > the sooner we may find a compromise, the better. Maybe the quickest way > is to try to suppress the sentences that create problems. We should > focuss on text replacement proposals. > > > "Trust anchor" has never been used to mean anything other than an entity > directly trusted by the RP, AFAIK. > > Not exactly. Read this sentence again. However, I would like to resist to > start a new discusion now on trust anchors. > > > I have other comments below. > > > > Tom Gindin > > > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/08/2002 12:32:41 PM > > > > To: Tom Gindin/Watson/IBM@IBMUS > > cc: ietf-pkix@imc.org > > Subject: Re: WG Last Call: Roadmap > > > > Tom, > > > > I have not forgotten this message, but I gave priority to the DPV thread. > > > > > Responses below. > > > > > The issue of who specifies the verifier's policy is > > > rather serious. If the policy to be used is expected to be the same as > > RFC > > > 3126's SignaturePolicy, we need to specify a step in which the verifier > > has > > > the right to reject such a policy or to consider it inapplicable to the > > > verifier's own current context. > > > > This is true. However, the text does not go at that level of detail: > > > > "Another model considers a set of rules that apply to an application > > context. Every application context may have a different set of rules. > > When choosing to use certificates in the context of that application, > > the EE selects the set of rules for that context. In a set of rules, > > one or more Top CAs may be trusted, each one may be associated with > > different constraints, like the certificate policies that are trusted > > or the naming constraints that apply. These constrains may be specified > > either in self-signed certificates or in addition to self-signed > > certificates when they do not incorporate these constraints. This set > > of rules is called a validation policy (when validating a certificate) > > or a signature policy (when validating a digital signature)." > > > > I do not think it is necesary to state it. If you think so, please > provide > > a text and a placement for that text. > > > > [TG] My biggest problem is the use of the term "signature policy", which > > you have elsewhere defined as something defined and signed by the signer > of > > the document. > > There is a misunderstanding. A signer may provide the *reference* of the > signature policy that he agrees to use when signing. In order to prevent > someone else to change that reference, it is protected by the signer's > signature. So in that case the verifier has first to see whether the > signature policy used by the signer is appropriate for his application > context. If it is the case, then it uses it, otherwise this is the end of > the story. > > [TG] He mainly needs to check whether it's an approved signature policy by > his personal or organizational criteria. > > > In the paragraph above, I would replace the term "Top CAs" > > by "root CA's", > > No problem. > > > and I would also call the sets of rules in the last > > sentence a "certificate validation policy" and a "signature validation > > policy". I would then add the following statement: "Neither of these > > policies is considered to be the same as either a CertificatePolicy as > > defined in RFC 2459 or a SignaturePolicy as defined in RFC 3126." > > I would simply propose to delete the following sentence: > > "This set of rules is called a validation policy (when validating a > certificate) or a signature policy (when validating a digital signature)" > not because it is wrong, but because I would like this document to proceed. > > This would lead to the following text: > > "Another model considers a set of rules that apply to an application > context. Every application context may have a different set of rules. > When choosing to use certificates in the context of that application, > the EE selects the set of rules for that context. In a set of rules, > one or more root CAs may be trusted, each one may be associated with > different constraints, like the certificate policies that are trusted > or the naming constraints that apply. These constrains may be specified > either in self-signed certificates or in addition to self-signed > certificates when they do not incorporate these constraints." > > Can you live with it ? > > [TG] Sure. > > > > To: Tom Gindin/Watson/IBM@IBMUS > > > cc: ietf-pkix@imc.org > > > Subject: Re: WG Last Call: Roadmap > > > > > > Tom, > > > > > > > I have a few issues with this, and some corrections as well. > > > > > > > In comment 12, I have two issues. The first one, which is > minor, > > > is > > > > that "one or more Top CA's may be trusted" should refer to root CA's > > > > instead - the two terms mean the same thing more often than not, but > > when > > > > they differ the trust point is the root rather than the top. > > > > > > PKIX-1 states: > > > > > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > > > > > Note: This is often also called a "Root CA," since in data > structures > > > terms and in graph theory, the node at the top of a tree is the > > > "root." However, to minimize confusion in this document, we elect to > > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > > trusted by the EE." > > > > > > The problem lies with the last sentence, i.e. "*the* CA directly > trusted > > by > > > the EE.". The singular is being used which means that there is a single > > > one, multiple roots are not permitted, while multiple Top-CAs are > > > permitted. > > > > > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly > trusted" > > > in either RFC 2459 or in draft 12 of new-pkix-1. > > > > Sorry for the confusion: it is in the roadmap document, not PKIX-1. > > > > The current text in the roadmap is: > > > > " - Root CA - A CA that is directly trusted by an EE; that is, > > securely acquiring the value of a Root CA public key requires > > some out-of-band step(s). This term is not meant to imply that a > > Root CA is necessarily at the top of any hierarchy, simply that > > the CA in question is trusted directly. > > > > (...) > > > > Note: This is often also called a "Root CA," since in data structures > > terms and in graph theory, the node at the top of a tree is the > > "root." However, to minimize confusion in this document, we elect to > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > trusted by the EE. Readers new to PKIX should be aware that these > > terms are not used consistently throughout the PKIX documents, as the > > Internet PKI profile [2459bis] uses "Root CA" to refer to what this > > and other documents call a "Top CA," and "most-trusted CA" to refer > > to what this and other documents call a "Root CA." > > > > There is no problem with PKIX-1 but a problem with the roadmap document. > > PKIX-1 does not use the term "root CA", and thus it is wrong to say in > > the roadmap that "these terms are not used consistently throughout the > > PKIX documents". > > > > I would thus propose to change the note in the following way: > > > > Note: Since in data structures terms and in graph theory, the node > > at the top of a tree is the "root", the term "root CA" is sometimes > > used. This term is not meant to imply that a Root CA is necessarily > > at the top of any hierarchy, simply that the CA in question is trusted > > directly. > > > > [TG] As I stated at the beginning, I don't know why we should standardize > > on the term "root CA" rather than "trust anchor" or "anchor CA". Those > > terms cannot be mistaken for what is defined here as a "Top CA". BTW, I > > approve of that coinage. > > We do use "root CA", so I see no harm to use that vocabulary. This is no > attempt to standardize this term here. Originally my single concern what > that the text was talking about *one* root CA whereas there can be > multiple. > This was my ONLY concern. This is now fixed. We should close this issue > ASAP. > > Denis > > > Then, on page 14, change: > > > > Additionally, once the Root CA ... > > > > with > > > > Additionally, once a Root CA ... > > > > on pages 29 and 30, change: > > > > (e.g., the DVCS's CA, or the Root CA in a > > hierarchy) > > > > with > > > > (e.g., the DVCS's CA, or a Root CA) > > > > Regards, > > > > Denis > > > > (snip) > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AHQvK08644 for ietf-pkix-bks; Wed, 10 Apr 2002 10:26:57 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AHQtm08639 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 10:26:56 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id TAA24144; Wed, 10 Apr 2002 19:29:31 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041018470575:399 ; Wed, 10 Apr 2002 18:47:05 +0200 Message-ID: <3CB46C88.84E33D9C@bull.net> Date: Wed, 10 Apr 2002 18:47:04 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204101632.SAA06749@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 18:47:05, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 19:26:57, Serialize complete at 10/04/2002 19:26:57 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > I now understand why we disagree. > good. > > This service does *not* need to be provided by a CA. It can be provided by > > any service provider that the client is willing to trust. The case where it > > would be provided by a CA, would be a very specific case. In order to > > resolve disputes, the "proof" must directly come from the CAs. This means > > that CRLs as well as OCSP responses must be provided by CAs (or authorities > > empowered by the CAs). DPV responses would be of no value. > 'directly come from' is not exactly defined. > In OCSP, you have that either the response is signed by the same entity that > signed the certificate or by an OCSP entity which has a certificate directly > signed by the CA in question with some extended key usage. True. > To make the simple case, if a DPV response is signed directly by the CA > (or by an authorised responder), you have the same situation. No. A CA can only assert information about what it is directly responsible. No CA is responsible for all the certifiactes from one path. An OCSP query is for ONE certificate, while a DPV query involves a CHAIN of certificates. There are no similarities. > (text deleted) > > > > > > Since you haven't commented the next paragraph may I assume that > > > > > this is ok with you? > > > > > > > > > > > I think the general principle should be that there is one mode > > > > > > > that all information essential to understand what has contributed > > > > > > > to the final decision must be made available to the client. > > > > > > > (Not necessarily understood by the client). > > > > > > > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > > > > It is optional to provide all the information essential to test again the > > > > certificate validity, should another party not simply trust the signed "yes" > > > > answer. It is certainly not necessary for the client to understand what has > > > > contributed to the final decision. > > > > > > What is 'no': > > > > It is *not* necessary for the client to gather all the information that has > > contributed to the final decision; i.e. relayed DPV responses, if any, are > > not needed. > > > > > Where did I say that yes/no/unknown is NOT necessary? (is this the reason > > > for the no?) In the remainder you just rephrase what I have said. > > > > With a *not*, which makes a big difference. > I think that there must be a language problem somewhere because I > fail to see what *not* you are referring, i.e. to see where we are > in disagreement. I have not said that it is necessary for the client > to gather all information. I have said that the protocol must provide > a method to allow a client to ask and the server to respond with that > information. Maybe, since we possibly interpreted diffrently "what has contributed to the final decision". > > In case of a dispute, testing again the certificate validity, means that > > certificates, CRLs and OCSP responses must be available. Anything else is > > useless. > I think that this may be the core of our disagreement. > This is because you only accept that CA can create assertions about the > validity of their certificates using CRLs and OCSP. Correct. > As soon as you would > admit that some new protocol or service is provided that enhances and in > particular replaces them, the statements obtained via that service are > necessary. > I would like to know what you would have said 5 years ago when only > CRLs existed. Basicaly the chain must be verified and no element fom the chain must be revoked. Five years ago this information was provided off-line, i.e. via CRLs. OCSP allows to obtain the same information on-line. Between on-line and off-line I currently see no other mechanism. The basic question is whether first-hand information and second-hand information should be used. In case of a dispute, only first-hand information is useful (certificates and revocation status information from the CAs responsible for every certificate from the chain). DPV responses (i.e. the signed "yes" answers) are useless, unless the plaintiff and the defendant both trust the same DPV server. Denis > Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AGpVY07219 for ietf-pkix-bks; Wed, 10 Apr 2002 09:51:31 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AGpTm07214 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 09:51:30 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA07077; Wed, 10 Apr 2002 18:51:27 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 10 Apr 2002 18:51:27 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA07622; Wed, 10 Apr 2002 18:51:26 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA06757; Wed, 10 Apr 2002 18:51:25 +0200 (MET DST) Date: Wed, 10 Apr 2002 18:51:25 +0200 (MET DST) Message-Id: <200204101651.SAA06757@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net, stephen.farrell@baltimore.ie Subject: Re: Open issue: DPV relay Cc: Peter.Sylvester@edelweb.fr, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > But isn't it likely that the evaluation of the evidence happens > at dispute-resolution time and is done not by the run-time > client but by some 3rd party? If not, then the client has to > check everything at run-time; if so, then the fact that the > client doesn't trust the relayed-to server is moot (what > matters is what the evidence evaluator thinks). Yes, my interpretation is that the client trust HIS server to provide all evidences that MAY allow a potential/optional 'evidence evaluator' to determine something *without* any need to access to some other hidden data. I did not say that the evidences MUST always be sufficient, for example, as in real life they may degradable in time. > I would agree though that including just a dpv response as evidence > might be misleading unless all relayed responses can be matched > against the original request. It seems that Denis think that only the OCSPresp, and CRLs that are in a response need to be provided. One can also say that time stamped versions of these data should be provided, then well, a DPV response itself could contain a time stamp of the data (e.g. CRL) etc. > Seems a bit confused to me (but then I'm often confused:-), Wouldn't life otherwise life be much more boaring :-) Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AGZJQ06540 for ietf-pkix-bks; Wed, 10 Apr 2002 09:35:19 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AGZHm06532 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 09:35:17 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA06953; Wed, 10 Apr 2002 18:35:15 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 10 Apr 2002 18:35:15 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA07525; Wed, 10 Apr 2002 18:35:14 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA06752; Wed, 10 Apr 2002 18:35:13 +0200 (MET DST) Date: Wed, 10 Apr 2002 18:35:13 +0200 (MET DST) Message-Id: <200204101635.SAA06752@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net, stephen.farrell@baltimore.ie Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > My position would be that one can be just as meaningful > as the other, depending on the context, and that the DPV > protocol MUST be able to be used in contexts where the > DPV request/response are (according to me) as good as > the certificates/crls/ocsp stuff. > I guess this message chracterises perfectly what I have been trying to explain. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AGWC106350 for ietf-pkix-bks; Wed, 10 Apr 2002 09:32:12 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AGWAm06346 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 09:32:10 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA06935; Wed, 10 Apr 2002 18:32:09 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 10 Apr 2002 18:32:09 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA07514; Wed, 10 Apr 2002 18:32:08 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA06749; Wed, 10 Apr 2002 18:32:08 +0200 (MET DST) Date: Wed, 10 Apr 2002 18:32:08 +0200 (MET DST) Message-Id: <200204101632.SAA06749@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > I now understand why we disagree. good. > > This service does *not* need to be provided by a CA. It can be provided by > any service provider that the client is willing to trust. The case where it > would be provided by a CA, would be a very specific case. In order to > resolve disputes, the "proof" must directly come from the CAs. This means > that CRLs as well as OCSP responses must be provided by CAs (or authorities > empowered by the CAs). DPV responses would be of no value. 'directly come from' is not exactly defined. In OCSP, you have that either the response is signed by the same entity that signed the certificate or by an OCSP entity which has a certificate directly signed by the CA in question with some extended key usage. To make the simple case, if a DPV response is signed directly by the CA (or by an authorised responder), you have the same situation. (text deleted) > > > > Since you haven't commented the next paragraph may I assume that > > > > this is ok with you? > > > > > > > > > I think the general principle should be that there is one mode > > > > > > that all information essential to understand what has contributed > > > > > > to the final decision must be made available to the client. > > > > > > (Not necessarily understood by the client). > > > > > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > > > It is optional to provide all the information essential to test again the > > > certificate validity, should another party not simply trust the signed "yes" > > > answer. It is certainly not necessary for the client to understand what has > > > contributed to the final decision. > > > > What is 'no': > > It is *not* necessary for the client to gather all the information that has > contributed to the final decision; i.e. relayed DPV responses, if any, are > not needed. > > > Where did I say that yes/no/unknown is NOT necessary? (is this the reason > > for the no?) In the remainder you just rephrase what I have said. > > With a *not*, which makes a big difference. I think that there must be a language problem somewhere because I fail to see what *not* you are referring, i.e. to see where we are in disagreement. I have not said that it is necessary for the client to gather all information. I have said that the protocol must provide a method to allow a client to ask and the server to respond with that information. > In case of a dispute, testing again the certificate validity, means that > certificates, CRLs and OCSP responses must be available. Anything else is > useless. I think that this may be the core of our disagreement. This is because you only accept that CA can create assertions about the validity of their certificates using CRLs and OCSP. As soon as you would admit that some new protocol or service is provided that enhances and in particular replaces them, the statements obtained via that service are necessary. I would like to know what you would have said 5 years ago when only CRLs existed. Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AGMbG06085 for ietf-pkix-bks; Wed, 10 Apr 2002 09:22:37 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AGMZm06080 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 09:22:35 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA23444; Wed, 10 Apr 2002 18:25:10 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041018120537:392 ; Wed, 10 Apr 2002 18:12:05 +0200 Message-ID: <3CB46454.B69729C9@bull.net> Date: Wed, 10 Apr 2002 18:12:04 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: stephen.farrell@baltimore.ie CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204091659.SAA06361@emeriau.edelweb.fr> <3CB44DE3.37E45287@bull.net> <3CB453FD.C917FDD4@baltimore.ie> <3CB457B3.DF639CF8@bull.net> <3CB45D8C.46A4233A@baltimore.ie> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 18:12:05, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 18:22:35, Serialize complete at 10/04/2002 18:22:35 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stephen, > Denis, > Is the core of our difference that you consider that > showing a DPV request/response pair (say to an expert > witness who'll then turn up in court) is not as meaningful as > showing a bunch of certificates, CRLs and OCSP request/response > pairs (to that same expert witness who'll then turn up in > court)? [And s/in court/in an arbitration meeting/ or > whatever else you prefer which avoids us discussing how > legal things happen.] No. It is not the core of our difference. A court may find some DPV responses from some specific DPV servers as appropriate, but this cannot be a general rule. So when it is not appropriate, certificates and revocation stauts information will be used. > My position would be that one can be just as meaningful > as the other, depending on the context, Correct. > and that the DPV > protocol MUST be able to be used in contexts where the > DPV request/response are (according to me) as good as > the certificates/crls/ocsp stuff. So we both agree. :-) > Denis Pinkas wrote: > > > > Stephen, > > > > > Denis, > > > > > > > I would disagree. Let me explain why. The requester only trusts the DPV > > > > server that it has queried. The DPV server may trust any server it likes, > > > > but the client does not care: the client does not necessarilly trust them. > > > > The original server is the only one responsible for the "valid" signed > > > > response. So if a DPV response from another server were included as a proof > > > > of the "valid" response, it would not be a proof for the client. The client > > > > needs a proof from first hand, i.e. a proof that is not disputable. This can > > > > only be the original certification path, the original CRLs and the original > > > > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > > > > responders are indeed empowered to provide that information. > > > > > But isn't it likely that the evaluation of the evidence happens > > > at dispute-resolution time and is done not by the run-time > > > client but by some 3rd party? > > > > What do you call an evidence ? Is it the signed "yes" answer or the bunch of > > certificates, CRLs and OCSP responses ? If it is the latter, then I agree. > Practically speaking any data structure can provide some level of evidence, > certificates, CRLs and OCSP responses included, but I'd also include DPV > request/response pairs (assuming good protocol design) as being pretty > much as good in some contexts. No: the client nor a disputing party will not necessarilly trust it. The only thing that the first DPV server knows is that it is trusted by that client, but this first DPV server is unaware of any other DPV server trusted by that client. The only information that is not disputable is: the certificates, CRLs and OCSP responses. > > > If not, then the client has to check everything at run-time; if so, > > > then the fact that the client doesn't trust the relayed-to server is moot > > > (what matters is what the evidence evaluator thinks). > > > > We are not in that case, so this argumenation does not apply. > > We are in that case, so it does apply. > > (See - didn't that bring the discussion along nicely:-) > > > > I would agree though that including just a dpv response as evidence > > > might be misleading unless all relayed responses can be matched > > > against the original request. > > > > Relayed responses, if any, are invisible to the first requester. > > We're discussing whether this should be the case or not. > > > If, as mentionned earlier, an evidence is bunch of certificates, CRLs and > > OCSP responses, then it is not the signed "yes" answer, i.e. the core of the > > DPV response. > I can't parse that, but I think its ok if I've identified where > our difference lies. The difference lies in the trust conditions. I believe that trust conditions are *not* transitive and thus would a DPV response come from a another server, it is unlikely that the client would trust it. Now, if the server trusts it, it is its problem and becomes fully responsible of the final response. If it wants to make sure that everything is correct, then it should ask for and check itself the original data used to validate the full path: all certificates, CRLs and OCSP responses. I hope this helps. Denis > Stephen. > > > > Seems a bit confused to me (but then I'm often confused:-), > > > > Indeed since your are using a term (i.e. evidence) that is not used in the > > document. > > > > Denis > > > > > Stephen. > > > > > > Denis Pinkas wrote: > > > > > > > > Peter, > > > > > > > > (text deleted) > > > > > > > > > I refer to my proposal to change the text saying that > > > > > that among the optional returned infos like paths CRL, > > > > > OCSP responses, there may alos occur DPV responses. > > > > > > > > I would disagree. Let me explain why. The requester only trusts the DPV > > > > server that it has queried. The DPV server may trust any server it likes, > > > > but the client does not care: the client does not necessarilly trust them. > > > > The original server is the only one responsible for the "valid" signed > > > > response. So if a DPV response from another server were included as a proof > > > > of the "valid" response, it would not be a proof for the client. The client > > > > needs a proof from first hand, i.e. a proof that is not disputable. This can > > > > only be the original certification path, the original CRLs and the original > > > > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > > > > responders are indeed empowered to provide that information. > > > > > > > > > Encapsulating a "DPV response" in a OCSP response still > > > > > remains an option anyway. > > > > > > > > Encapsulating a "DPV response" in a OCSP response is out of the scope of > > > > this discussion. > > > > > > > > > > Denis > > > > > > > > > Since you haven't commented the next paragraph may I assume that > > > > > this is ok with you? > > > > > > > > > > > I think the general principle should be that there is one mode > > > > > > > that all information essential to understand what has contributed > > > > > > > to the final decision must be made available to the client. > > > > > > > (Not necessarily understood by the client). > > > > > > > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > > > > > > > > It is optional to provide all the information essential to test again the > > > > certificate validity, should another party not simply trust the signed "yes" > > > > answer. It is certainly not necessary for the client to understand what has > > > > contributed to the final decision. > > > > > > > > Denis > > > > > > > > > > > I would also agree, that only necessary information should be made > > > > > > > available. It may be not necessary to inform: > > > > > > > > > > > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > > > > > > the last one finally succeed by using an internet connect to > > > > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > > > > > > > Peter > > > > > > -- > > > ____________________________________________________________ > > > Stephen Farrell > > > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > > 39 Parkgate Street, fax: +353 1 881 7000 > > > Dublin 8. mailto:stephen.farrell@baltimore.ie > > > Ireland http://www.baltimore.com > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AGMYj06078 for ietf-pkix-bks; Wed, 10 Apr 2002 09:22:34 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AGMVm06072 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 09:22:32 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA23426; Wed, 10 Apr 2002 18:25:01 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041018025265:390 ; Wed, 10 Apr 2002 18:02:52 +0200 Message-ID: <3CB4622B.DF6FBE6F@bull.net> Date: Wed, 10 Apr 2002 18:02:51 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: "Linn, John" <jlinn@rsasecurity.com> CC: "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie>, ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <F504A8CEE925D411AF4A00508B8BE90A01F7CF8B@exna07.securitydynamics.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 18:02:52, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 18:22:26, Serialize complete at 10/04/2002 18:22:26 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> John, > I agree with Stephen's observation. Within a DPV environment, much of the > rationale for being (optionally) able to return information received from > other servers, rather than simply distilling it, is to be able to support > audit and dispute resolution. You address two different needs: 1) audit, 2) dispute resolution. I have addressed the later in my mail exchanges with Peter. So let us address the former. There is no requirement for an audit purposes in the current document. The DPV server is responsible for providing a right answer. If it is not able to do so, it shall answer "unknown". The server may keep anything it wants in audit trail, but there is no requirement to provide "audit information " associated with the response. Currently the only requirement, in addition with a signed "yes" answer, is: "The DPV request MUST allow the client to request that the response include the certification path and revocation status information used by the DPV server to process the request." Denis > This would normally happen on an exception > basis, and its verifier may well be different from the client that requested > the DPV response. > > --jl > > > -----Original Message----- > > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > > Sent: Wednesday, April 10, 2002 11:02 AM > > To: Denis Pinkas > > Cc: Peter Sylvester; ietf-pkix@imc.org > > Subject: Re: Open issue: DPV relay > > > > > > > > > > Denis, > > > > > I would disagree. Let me explain why. The requester only > > trusts the DPV > > > server that it has queried. The DPV server may trust any > > server it likes, > > > but the client does not care: the client does not > > necessarilly trust them. > > > The original server is the only one responsible for the > > "valid" signed > > > response. So if a DPV response from another server were > > included as a proof > > > of the "valid" response, it would not be a proof for the > > client. The client > > > needs a proof from first hand, i.e. a proof that is not > > disputable. This can > > > only be the original certification path, the original CRLs > > and the original > > > OCSP responses, with all the proofs that the CRL Issuers > > and the OCSP > > > responders are indeed empowered to provide that information. > > > > But isn't it likely that the evaluation of the evidence happens > > at dispute-resolution time and is done not by the run-time > > client but by some 3rd party? If not, then the client has to > > check everything at run-time; if so, then the fact that the > > client doesn't trust the relayed-to server is moot (what > > matters is what the evidence evaluator thinks). > > > > I would agree though that including just a dpv response as evidence > > might be misleading unless all relayed responses can be matched > > against the original request. > > > > Seems a bit confused to me (but then I'm often confused:-), > > Stephen. > > > > Denis Pinkas wrote: > > > > > > Peter, > > > > > > (text deleted) > > > > > > > I refer to my proposal to change the text saying that > > > > that among the optional returned infos like paths CRL, > > > > OCSP responses, there may alos occur DPV responses. > > > > > > I would disagree. Let me explain why. The requester only > > trusts the DPV > > > server that it has queried. The DPV server may trust any > > server it likes, > > > but the client does not care: the client does not > > necessarilly trust them. > > > The original server is the only one responsible for the > > "valid" signed > > > response. So if a DPV response from another server were > > included as a proof > > > of the "valid" response, it would not be a proof for the > > client. The client > > > needs a proof from first hand, i.e. a proof that is not > > disputable. This can > > > only be the original certification path, the original CRLs > > and the original > > > OCSP responses, with all the proofs that the CRL Issuers > > and the OCSP > > > responders are indeed empowered to provide that information. > > > > > > > Encapsulating a "DPV response" in a OCSP response still > > > > remains an option anyway. > > > > > > Encapsulating a "DPV response" in a OCSP response is out of > > the scope of > > > this discussion. > > > > > > > > Denis > > > > > > > Since you haven't commented the next paragraph may I assume that > > > > this is ok with you? > > > > > > > > > I think the general principle should be that there is one mode > > > > > > that all information essential to understand what has > > contributed > > > > > > to the final decision must be made available to the client. > > > > > > (Not necessarily understood by the client). > > > > > > No. It is always necessary to provide a yes/no/unknown > > answer (or an error). > > > > > > It is optional to provide all the information essential to > > test again the > > > certificate validity, should another party not simply trust > > the signed "yes" > > > answer. It is certainly not necessary for the client to > > understand what has > > > contributed to the final decision. > > > > > > Denis > > > > > > > > > I would also agree, that only necessary information > > should be made > > > > > > available. It may be not necessary to inform: > > > > > > > > > > > > - Yesterday I have made three unsuccesseful attempt > > at time1 2 3, > > > > > > the last one finally succeed by using an internet connect to > > > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > > > > > Peter > > > > -- > > ____________________________________________________________ > > Stephen Farrell > > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > 39 Parkgate Street, fax: +353 1 881 7000 > > Dublin 8. mailto:stephen.farrell@baltimore.ie > > Ireland http://www.baltimore.com > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AFh7E01555 for ietf-pkix-bks; Wed, 10 Apr 2002 08:43:07 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AFh4m01551 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:43:05 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3AFh5b32403 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 16:43:05 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a2d2823e00a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 16:37:41 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id QAA07530; Wed, 10 Apr 2002 16:43:03 +0100 Message-ID: <3CB45D8C.46A4233A@baltimore.ie> Date: Wed, 10 Apr 2002 16:43:08 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204091659.SAA06361@emeriau.edelweb.fr> <3CB44DE3.37E45287@bull.net> <3CB453FD.C917FDD4@baltimore.ie> <3CB457B3.DF639CF8@bull.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Is the core of our difference that you consider that showing a DPV request/response pair (say to an expert witness who'll then turn up in court) is not as meaningful as showing a bunch of certificates, CRLs and OCSP request/response pairs (to that same expert witness who'll then turn up in court)? [And s/in court/in an arbitration meeting/ or whatever else you prefer which avoids us discussing how legal things happen.] My position would be that one can be just as meaningful as the other, depending on the context, and that the DPV protocol MUST be able to be used in contexts where the DPV request/response are (according to me) as good as the certificates/crls/ocsp stuff. Denis Pinkas wrote: > > Stephen, > > > Denis, > > > > > I would disagree. Let me explain why. The requester only trusts the DPV > > > server that it has queried. The DPV server may trust any server it likes, > > > but the client does not care: the client does not necessarilly trust them. > > > The original server is the only one responsible for the "valid" signed > > > response. So if a DPV response from another server were included as a proof > > > of the "valid" response, it would not be a proof for the client. The client > > > needs a proof from first hand, i.e. a proof that is not disputable. This can > > > only be the original certification path, the original CRLs and the original > > > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > > > responders are indeed empowered to provide that information. > > > But isn't it likely that the evaluation of the evidence happens > > at dispute-resolution time and is done not by the run-time > > client but by some 3rd party? > > What do you call an evidence ? Is it the signed "yes" answer or the bunch of > certificates, CRLs and OCSP responses ? If it is the latter, then I agree. Practically speaking any data structure can provide some level of evidence, certificates, CRLs and OCSP responses included, but I'd also include DPV request/response pairs (assuming good protocol design) as being pretty much as good in some contexts. > > If not, then the client has to check everything at run-time; if so, > > then the fact that the client doesn't trust the relayed-to server is moot > > (what matters is what the evidence evaluator thinks). > > We are not in that case, so this argumenation does not apply. We are in that case, so it does apply. (See - didn't that bring the discussion along nicely:-) > > I would agree though that including just a dpv response as evidence > > might be misleading unless all relayed responses can be matched > > against the original request. > > Relayed responses, if any, are invisible to the first requester. We're discussing whether this should be the case or not. > If, as mentionned earlier, an evidence is bunch of certificates, CRLs and > OCSP responses, then it is not the signed "yes" answer, i.e. the core of the > DPV response. I can't parse that, but I think its ok if I've identified where our difference lies. Stephen. > > Seems a bit confused to me (but then I'm often confused:-), > > Indeed since your are using a term (i.e. evidence) that is not used in the > document. > > Denis > > > Stephen. > > > > Denis Pinkas wrote: > > > > > > Peter, > > > > > > (text deleted) > > > > > > > I refer to my proposal to change the text saying that > > > > that among the optional returned infos like paths CRL, > > > > OCSP responses, there may alos occur DPV responses. > > > > > > I would disagree. Let me explain why. The requester only trusts the DPV > > > server that it has queried. The DPV server may trust any server it likes, > > > but the client does not care: the client does not necessarilly trust them. > > > The original server is the only one responsible for the "valid" signed > > > response. So if a DPV response from another server were included as a proof > > > of the "valid" response, it would not be a proof for the client. The client > > > needs a proof from first hand, i.e. a proof that is not disputable. This can > > > only be the original certification path, the original CRLs and the original > > > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > > > responders are indeed empowered to provide that information. > > > > > > > Encapsulating a "DPV response" in a OCSP response still > > > > remains an option anyway. > > > > > > Encapsulating a "DPV response" in a OCSP response is out of the scope of > > > this discussion. > > > > > > > > Denis > > > > > > > Since you haven't commented the next paragraph may I assume that > > > > this is ok with you? > > > > > > > > > I think the general principle should be that there is one mode > > > > > > that all information essential to understand what has contributed > > > > > > to the final decision must be made available to the client. > > > > > > (Not necessarily understood by the client). > > > > > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > > > > > > It is optional to provide all the information essential to test again the > > > certificate validity, should another party not simply trust the signed "yes" > > > answer. It is certainly not necessary for the client to understand what has > > > contributed to the final decision. > > > > > > Denis > > > > > > > > > I would also agree, that only necessary information should be made > > > > > > available. It may be not necessary to inform: > > > > > > > > > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > > > > > the last one finally succeed by using an internet connect to > > > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > > > > > Peter > > > > -- > > ____________________________________________________________ > > Stephen Farrell > > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > 39 Parkgate Street, fax: +353 1 881 7000 > > Dublin 8. mailto:stephen.farrell@baltimore.ie > > Ireland http://www.baltimore.com -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AFfgC01485 for ietf-pkix-bks; Wed, 10 Apr 2002 08:41:42 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AFfem01481 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:41:40 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA17050; Wed, 10 Apr 2002 17:44:15 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041017412420:387 ; Wed, 10 Apr 2002 17:41:24 +0200 Message-ID: <3CB45D22.4AAB8871@bull.net> Date: Wed, 10 Apr 2002 17:41:22 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204101510.RAA06729@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 17:41:24, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 17:41:41, Serialize complete at 10/04/2002 17:41:41 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > Peter, > > > > (text deleted) > > > > > I refer to my proposal to change the text saying that > > > that among the optional returned infos like paths CRL, > > > OCSP responses, there may alos occur DPV responses. > > > > I would disagree. Let me explain why. The requester only trusts the DPV > > server that it has queried. The DPV server may trust any server it likes, > > but the client does not care: the client does not necessarilly trust them. > > The original server is the only one responsible for the "valid" signed > > response. So if a DPV response from another server were included as a proof > > of the "valid" response, it would not be a proof for the client. The client > > needs a proof from first hand, i.e. a proof that is not disputable. This can > > only be the original certification path, the original CRLs and the original > > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > > responders are indeed empowered to provide that information. > I disagree when you say 'this can *only* be'. You assume implicitly that > the only service providable by CAs are CRLs and/or OCSP. So far, > DPV has been designed in a way that instead of providing an OCSP service > through whatever structure, a CA can provide a quite similar service > using DPV. I now understand why we disagree. This service does *not* need to be provided by a CA. It can be provided by any service provider that the client is willing to trust. The case where it would be provided by a CA, would be a very specific case. In order to resolve disputes, the "proof" must directly come from the CAs. This means that CRLs as well as OCSP responses must be provided by CAs (or authorities empowered by the CAs). DPV responses would be of no value. > > > Encapsulating a "DPV response" in a OCSP response still > > > remains an option anyway. > > > > Encapsulating a "DPV response" in a OCSP response is out of the scope of > > this discussion. > I am not discussing this, I just reminded that in order to formally > respond to the actual text, it is always possible to create > an OCSP response together with an indication about the existance > of the cert, and one may or not call this *DPV* response. Certainly not. The full path is being checked, not a single certificate. > Or: If one would take the DPV proposal of OCSP-V2 as a potential > implementation there would be conformance of 'only OCSP responses' > and at the same time there would be DPV reponses. There is no more a standing OCSP-v2 proposal today. > > > Since you haven't commented the next paragraph may I assume that > > > this is ok with you? > > > > > > > I think the general principle should be that there is one mode > > > > > that all information essential to understand what has contributed > > > > > to the final decision must be made available to the client. > > > > > (Not necessarily understood by the client). > > > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > > It is optional to provide all the information essential to test again the > > certificate validity, should another party not simply trust the signed "yes" > > answer. It is certainly not necessary for the client to understand what has > > contributed to the final decision. > > What is 'no': It is *not* necessary for the client to gather all the information that has contributed to the final decision; i.e. relayed DPV responses, if any, are not needed. > Where did I say that yes/no/unknown is NOT necessary? (is this the reason > for the no?) In the remainder you just rephrase what I have said. With a *not*, which makes a big difference. In case of a dispute, testing again the certificate validity, means that certificates, CRLs and OCSP responses must be available. Anything else is useless. Denis. > 'it is optional' == "there is one mode" > 'all the information essential' idem > 'Not necessarily understood by the client' == last sentence. > > > > > Denis > > > > > > > I would also agree, that only necessary information should be made > > > > > available. It may be not necessary to inform: > > > > > > > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > > > > the last one finally succeed by using an internet connect to > > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > > > Peter > > Received: by above.proper.com (8.11.6/8.11.3) id g3AFWWF01247 for ietf-pkix-bks; Wed, 10 Apr 2002 08:32:32 -0700 (PDT) Received: from phaos.com (phaos.com [161.58.151.210]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AFWVm01243 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:32:31 -0700 (PDT) Received: from phaos_arik.phaos.com ([198.78.132.60]) by phaos.com (8.11.6) id g3AFWWO34627; Wed, 10 Apr 2002 09:32:32 -0600 (MDT) Message-Id: <5.1.0.14.2.20020410112905.035c01f0@verio.phaos.com> X-Sender: arik@verio.phaos.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 10 Apr 2002 11:33:18 -0400 To: Al Arsenault <awa1@comcast.net>, ietf-pkix@imc.org From: Ari Kermaier <arik@phaos.com> Subject: Re: CMP Interoperability Question Cc: Alfred Arsenault <AArsenault@diversinet.com> In-Reply-To: <029301c1e086$348d00a0$6401a8c0@SJOSEPH> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Yes, our CMP toolkit lets you build any sort of CA, RA or EE component you like -- policies enforcing who is permitted to sign what are mostly left up to the application developer. Ari Kermaier Senior Software Engineer Phaos Technology Corp. http://www.phaos.com/ >Folks, > > I'm looking for some information, so I figured that this might be the > fastest way to do an "informal survey". > > For those who have implemented CMP, the question is: Does your > implementation support CAs who sign CMP messages (e.g., cp, ip, ...) > using a different key than they use to sign certificates? > > The reason for asking this: we tend to believe that they private > signing key used to sign certificates and revocation information (CRLs, > OCSP responses) should ONLY be used for that purpose. The CA has a > separate key to use for secure communications, including signing CMP > responses. (I can't find anything in the spec - either RFC2510 or > son-of-2510 - that addresses this at all. My apologies if I just missed a > section.) > > The problem was that a little informal testing showed a problem. We > had a "brand X" RA send our CA a cr message. The CA responded with a > cp. The RA rejected the cp, apparently because it wasn't signed with the > same key used to sign certs/CRLs. (We're investigating to find out what > the exact conditions for success are; e.g., does the CMP cp message have > to be signed with the same key the cert contained in the message is > signed with; or do basic constraints and/or specific key usage values > have to be set in the signing cert.) > > So, for you CMP implementors - would your code reject a cp or other > message from a CA, if it was: > > - signed with a key other than that used by the CA to sign certs? > - signed with a key that matched a certificate without > basicConstraints set to CA? > - signed with a key without keyUsage set to some magic value? > > Thanks for any information you can provide, > > Al Arsenault > Chief Security Architect > Diversinet Corp. > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AFJCq00836 for ietf-pkix-bks; Wed, 10 Apr 2002 08:19:12 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AFJAm00832 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:19:10 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA13974; Wed, 10 Apr 2002 17:21:44 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041017181324:384 ; Wed, 10 Apr 2002 17:18:13 +0200 Message-ID: <3CB457B3.DF639CF8@bull.net> Date: Wed, 10 Apr 2002 17:18:11 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: stephen.farrell@baltimore.ie CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204091659.SAA06361@emeriau.edelweb.fr> <3CB44DE3.37E45287@bull.net> <3CB453FD.C917FDD4@baltimore.ie> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 17:18:13, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 17:19:09, Serialize complete at 10/04/2002 17:19:09 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stephen, > Denis, > > > I would disagree. Let me explain why. The requester only trusts the DPV > > server that it has queried. The DPV server may trust any server it likes, > > but the client does not care: the client does not necessarilly trust them. > > The original server is the only one responsible for the "valid" signed > > response. So if a DPV response from another server were included as a proof > > of the "valid" response, it would not be a proof for the client. The client > > needs a proof from first hand, i.e. a proof that is not disputable. This can > > only be the original certification path, the original CRLs and the original > > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > > responders are indeed empowered to provide that information. > But isn't it likely that the evaluation of the evidence happens > at dispute-resolution time and is done not by the run-time > client but by some 3rd party? What do you call an evidence ? Is it the signed "yes" answer or the bunch of certificates, CRLs and OCSP responses ? If it is the latter, then I agree. > If not, then the client has to check everything at run-time; if so, > then the fact that the client doesn't trust the relayed-to server is moot > (what matters is what the evidence evaluator thinks). We are not in that case, so this argumenation does not apply. > I would agree though that including just a dpv response as evidence > might be misleading unless all relayed responses can be matched > against the original request. Relayed responses, if any, are invisible to the first requester. If, as mentionned earlier, an evidence is bunch of certificates, CRLs and OCSP responses, then it is not the signed "yes" answer, i.e. the core of the DPV response. > Seems a bit confused to me (but then I'm often confused:-), Indeed since your are using a term (i.e. evidence) that is not used in the document. Denis > Stephen. > > Denis Pinkas wrote: > > > > Peter, > > > > (text deleted) > > > > > I refer to my proposal to change the text saying that > > > that among the optional returned infos like paths CRL, > > > OCSP responses, there may alos occur DPV responses. > > > > I would disagree. Let me explain why. The requester only trusts the DPV > > server that it has queried. The DPV server may trust any server it likes, > > but the client does not care: the client does not necessarilly trust them. > > The original server is the only one responsible for the "valid" signed > > response. So if a DPV response from another server were included as a proof > > of the "valid" response, it would not be a proof for the client. The client > > needs a proof from first hand, i.e. a proof that is not disputable. This can > > only be the original certification path, the original CRLs and the original > > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > > responders are indeed empowered to provide that information. > > > > > Encapsulating a "DPV response" in a OCSP response still > > > remains an option anyway. > > > > Encapsulating a "DPV response" in a OCSP response is out of the scope of > > this discussion. > > > > > > Denis > > > > > Since you haven't commented the next paragraph may I assume that > > > this is ok with you? > > > > > > > I think the general principle should be that there is one mode > > > > > that all information essential to understand what has contributed > > > > > to the final decision must be made available to the client. > > > > > (Not necessarily understood by the client). > > > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > > > > It is optional to provide all the information essential to test again the > > certificate validity, should another party not simply trust the signed "yes" > > answer. It is certainly not necessary for the client to understand what has > > contributed to the final decision. > > > > Denis > > > > > > > I would also agree, that only necessary information should be made > > > > > available. It may be not necessary to inform: > > > > > > > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > > > > the last one finally succeed by using an internet connect to > > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > > > Peter > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AFHN800793 for ietf-pkix-bks; Wed, 10 Apr 2002 08:17:23 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g3AFHLm00789 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:17:21 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 10 Apr 2002 15:16:20 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA11270; Wed, 10 Apr 2002 11:16:08 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g3AFHIu26873; Wed, 10 Apr 2002 11:17:19 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1Q8HF>; Wed, 10 Apr 2002 11:14:51 -0400 Message-ID: <F504A8CEE925D411AF4A00508B8BE90A01F7CF8B@exna07.securitydynamics.com> From: "Linn, John" <jlinn@rsasecurity.com> To: "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie> Cc: ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Date: Wed, 10 Apr 2002 11:16:55 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I agree with Stephen's observation. Within a DPV environment, much of the rationale for being (optionally) able to return information received from other servers, rather than simply distilling it, is to be able to support audit and dispute resolution. This would normally happen on an exception basis, and its verifier may well be different from the client that requested the DPV response. --jl > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: Wednesday, April 10, 2002 11:02 AM > To: Denis Pinkas > Cc: Peter Sylvester; ietf-pkix@imc.org > Subject: Re: Open issue: DPV relay > > > > > Denis, > > > I would disagree. Let me explain why. The requester only > trusts the DPV > > server that it has queried. The DPV server may trust any > server it likes, > > but the client does not care: the client does not > necessarilly trust them. > > The original server is the only one responsible for the > "valid" signed > > response. So if a DPV response from another server were > included as a proof > > of the "valid" response, it would not be a proof for the > client. The client > > needs a proof from first hand, i.e. a proof that is not > disputable. This can > > only be the original certification path, the original CRLs > and the original > > OCSP responses, with all the proofs that the CRL Issuers > and the OCSP > > responders are indeed empowered to provide that information. > > But isn't it likely that the evaluation of the evidence happens > at dispute-resolution time and is done not by the run-time > client but by some 3rd party? If not, then the client has to > check everything at run-time; if so, then the fact that the > client doesn't trust the relayed-to server is moot (what > matters is what the evidence evaluator thinks). > > I would agree though that including just a dpv response as evidence > might be misleading unless all relayed responses can be matched > against the original request. > > Seems a bit confused to me (but then I'm often confused:-), > Stephen. > > Denis Pinkas wrote: > > > > Peter, > > > > (text deleted) > > > > > I refer to my proposal to change the text saying that > > > that among the optional returned infos like paths CRL, > > > OCSP responses, there may alos occur DPV responses. > > > > I would disagree. Let me explain why. The requester only > trusts the DPV > > server that it has queried. The DPV server may trust any > server it likes, > > but the client does not care: the client does not > necessarilly trust them. > > The original server is the only one responsible for the > "valid" signed > > response. So if a DPV response from another server were > included as a proof > > of the "valid" response, it would not be a proof for the > client. The client > > needs a proof from first hand, i.e. a proof that is not > disputable. This can > > only be the original certification path, the original CRLs > and the original > > OCSP responses, with all the proofs that the CRL Issuers > and the OCSP > > responders are indeed empowered to provide that information. > > > > > Encapsulating a "DPV response" in a OCSP response still > > > remains an option anyway. > > > > Encapsulating a "DPV response" in a OCSP response is out of > the scope of > > this discussion. > > > > > > Denis > > > > > Since you haven't commented the next paragraph may I assume that > > > this is ok with you? > > > > > > > I think the general principle should be that there is one mode > > > > > that all information essential to understand what has > contributed > > > > > to the final decision must be made available to the client. > > > > > (Not necessarily understood by the client). > > > > No. It is always necessary to provide a yes/no/unknown > answer (or an error). > > > > It is optional to provide all the information essential to > test again the > > certificate validity, should another party not simply trust > the signed "yes" > > answer. It is certainly not necessary for the client to > understand what has > > contributed to the final decision. > > > > Denis > > > > > > > I would also agree, that only necessary information > should be made > > > > > available. It may be not necessary to inform: > > > > > > > > > > - Yesterday I have made three unsuccesseful attempt > at time1 2 3, > > > > > the last one finally succeed by using an internet connect to > > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > > > Peter > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AFAAt00304 for ietf-pkix-bks; Wed, 10 Apr 2002 08:10:10 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AFA7m00293 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:10:07 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA06406; Wed, 10 Apr 2002 17:10:06 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 10 Apr 2002 17:10:06 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA07132; Wed, 10 Apr 2002 17:10:05 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA06729; Wed, 10 Apr 2002 17:10:04 +0200 (MET DST) Date: Wed, 10 Apr 2002 17:10:04 +0200 (MET DST) Message-Id: <200204101510.RAA06729@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Peter, > > (text deleted) > > > I refer to my proposal to change the text saying that > > that among the optional returned infos like paths CRL, > > OCSP responses, there may alos occur DPV responses. > > I would disagree. Let me explain why. The requester only trusts the DPV > server that it has queried. The DPV server may trust any server it likes, > but the client does not care: the client does not necessarilly trust them. > The original server is the only one responsible for the "valid" signed > response. So if a DPV response from another server were included as a proof > of the "valid" response, it would not be a proof for the client. The client > needs a proof from first hand, i.e. a proof that is not disputable. This can > only be the original certification path, the original CRLs and the original > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > responders are indeed empowered to provide that information. I disagree when you say 'this can *only* be'. You assume implicitly that the only service providable by CAs are CRLs and/or OCSP. So far, DPV has been designed in a way that instead of providing an OCSP service through whatever structure, a CA can provide a quite similar service using DPV. > > Encapsulating a "DPV response" in a OCSP response still > > remains an option anyway. > > Encapsulating a "DPV response" in a OCSP response is out of the scope of > this discussion. I am not discussing this, I just reminded that in order to formally respond to the actual text, it is always possible to create an OCSP response together with an indication about the existance of the cert, and one may or not call this *DPV* response. Or: If one would take the DPV proposal of OCSP-V2 as a potential implementation there would be conformance of 'only OCSP responses' and at the same time there would be DPV reponses. > > Since you haven't commented the next paragraph may I assume that > > this is ok with you? > > > > > I think the general principle should be that there is one mode > > > > that all information essential to understand what has contributed > > > > to the final decision must be made available to the client. > > > > (Not necessarily understood by the client). > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > It is optional to provide all the information essential to test again the > certificate validity, should another party not simply trust the signed "yes" > answer. It is certainly not necessary for the client to understand what has > contributed to the final decision. What is 'no': Where did I say that yes/no/unknown is NOT necessary? (is this the reason for the no?) In the remainder you just rephrase what I have said. 'it is optional' == "there is one mode" 'all the information essential' idem 'Not necessarily understood by the client' == last sentence. > > Denis > > > > > I would also agree, that only necessary information should be made > > > > available. It may be not necessary to inform: > > > > > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > > > the last one finally succeed by using an internet connect to > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > Peter > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AF94029985 for ietf-pkix-bks; Wed, 10 Apr 2002 08:09:04 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AF93m29976 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:09:03 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA17834; Wed, 10 Apr 2002 17:11:38 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041017085936:383 ; Wed, 10 Apr 2002 17:08:59 +0200 Message-ID: <3CB4558A.A6FA7E52@bull.net> Date: Wed, 10 Apr 2002 17:08:58 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap References: <OF233C39DB.1BECB197-ON85256B97.005015E9@pok.ibm.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 17:08:59, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 17:09:04, Serialize complete at 10/04/2002 17:09:04 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, > It is obviously important that this document get finalized fairly soon. Indeed. > The only question we have outstanding is whether "root CA" as > defined would be better replaced by "anchor CA" or "trust anchor". This > should not block the document for more than a day or two, but I think it > worthwhile to find out what you think the difference is. The term "root > CA" as "root of trust" has caused some confusion in these discussions, Maybe. > and > if there's a better term which is in fairly common use (as "anchor" is) I wonder. "Anchor" or "trust anchor" is a term that few people understand (and there is no unanimity on its meaning). Root CA has been used (or mis-used ?) for years. We cannot ignore thee fact that "root CA" is being used. > we should use it. If there's a real difference, we should keep "root CA". There is a real difference, since you mention that a trust anchor could be defined in such a way that they might be EE's or even AA. By opposition a root CA is always a CA, not necessarilly a Top CA. This is what the current text says. So these terms are not equivalent So if I take your previous statement, i.e. "If there's a real difference, we should keep "root CA", I let you draw the conclusion. Denis > In case it's not obvious, the term "anchor CA" means "a trust anchor which > is a CA" - which assumes that trust anchors could be defined in such a way > that they might be EE's or even AA's. > > Tom Gindin > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/09/2002 12:00:26 PM > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > Tom, > > > Denis: > > > > Should we really standardize on the term "root CA" rather than > "trust > > anchor" or "anchor CA"? > > I do not care, but I care for this document to be sent to the IESG soon. So > the sooner we may find a compromise, the better. Maybe the quickest way > is to try to suppress the sentences that create problems. We should > focuss on text replacement proposals. > > > "Trust anchor" has never been used to mean anything other than an entity > directly trusted by the RP, AFAIK. > > Not exactly. Read this sentence again. However, I would like to resist to > start a new discusion now on trust anchors. > > > I have other comments below. > > > > Tom Gindin > > > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/08/2002 12:32:41 PM > > > > To: Tom Gindin/Watson/IBM@IBMUS > > cc: ietf-pkix@imc.org > > Subject: Re: WG Last Call: Roadmap > > > > Tom, > > > > I have not forgotten this message, but I gave priority to the DPV thread. > > > > > Responses below. > > > > > The issue of who specifies the verifier's policy is > > > rather serious. If the policy to be used is expected to be the same as > > RFC > > > 3126's SignaturePolicy, we need to specify a step in which the verifier > > has > > > the right to reject such a policy or to consider it inapplicable to the > > > verifier's own current context. > > > > This is true. However, the text does not go at that level of detail: > > > > "Another model considers a set of rules that apply to an application > > context. Every application context may have a different set of rules. > > When choosing to use certificates in the context of that application, > > the EE selects the set of rules for that context. In a set of rules, > > one or more Top CAs may be trusted, each one may be associated with > > different constraints, like the certificate policies that are trusted > > or the naming constraints that apply. These constrains may be specified > > either in self-signed certificates or in addition to self-signed > > certificates when they do not incorporate these constraints. This set > > of rules is called a validation policy (when validating a certificate) > > or a signature policy (when validating a digital signature)." > > > > I do not think it is necesary to state it. If you think so, please > provide > > a text and a placement for that text. > > > > [TG] My biggest problem is the use of the term "signature policy", which > > you have elsewhere defined as something defined and signed by the signer > of > > the document. > > There is a misunderstanding. A signer may provide the *reference* of the > signature policy that he agrees to use when signing. In order to prevent > someone else to change that reference, it is protected by the signer's > signature. So in that case the verifier has first to see whether the > signature policy used by the signer is appropriate for his application > context. If it is the case, then it uses it, otherwise this is the end of > the story. > > [TG] He mainly needs to check whether it's an approved signature policy by > his personal or organizational criteria. > > > In the paragraph above, I would replace the term "Top CAs" > > by "root CA's", > > No problem. > > > and I would also call the sets of rules in the last > > sentence a "certificate validation policy" and a "signature validation > > policy". I would then add the following statement: "Neither of these > > policies is considered to be the same as either a CertificatePolicy as > > defined in RFC 2459 or a SignaturePolicy as defined in RFC 3126." > > I would simply propose to delete the following sentence: > > "This set of rules is called a validation policy (when validating a > certificate) or a signature policy (when validating a digital signature)" > not because it is wrong, but because I would like this document to proceed. > > This would lead to the following text: > > "Another model considers a set of rules that apply to an application > context. Every application context may have a different set of rules. > When choosing to use certificates in the context of that application, > the EE selects the set of rules for that context. In a set of rules, > one or more root CAs may be trusted, each one may be associated with > different constraints, like the certificate policies that are trusted > or the naming constraints that apply. These constrains may be specified > either in self-signed certificates or in addition to self-signed > certificates when they do not incorporate these constraints." > > Can you live with it ? > > [TG] Sure. > > > > To: Tom Gindin/Watson/IBM@IBMUS > > > cc: ietf-pkix@imc.org > > > Subject: Re: WG Last Call: Roadmap > > > > > > Tom, > > > > > > > I have a few issues with this, and some corrections as well. > > > > > > > In comment 12, I have two issues. The first one, which is > minor, > > > is > > > > that "one or more Top CA's may be trusted" should refer to root CA's > > > > instead - the two terms mean the same thing more often than not, but > > when > > > > they differ the trust point is the root rather than the top. > > > > > > PKIX-1 states: > > > > > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > > > > > Note: This is often also called a "Root CA," since in data > structures > > > terms and in graph theory, the node at the top of a tree is the > > > "root." However, to minimize confusion in this document, we elect to > > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > > trusted by the EE." > > > > > > The problem lies with the last sentence, i.e. "*the* CA directly > trusted > > by > > > the EE.". The singular is being used which means that there is a single > > > one, multiple roots are not permitted, while multiple Top-CAs are > > > permitted. > > > > > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly > trusted" > > > in either RFC 2459 or in draft 12 of new-pkix-1. > > > > Sorry for the confusion: it is in the roadmap document, not PKIX-1. > > > > The current text in the roadmap is: > > > > " - Root CA - A CA that is directly trusted by an EE; that is, > > securely acquiring the value of a Root CA public key requires > > some out-of-band step(s). This term is not meant to imply that a > > Root CA is necessarily at the top of any hierarchy, simply that > > the CA in question is trusted directly. > > > > (...) > > > > Note: This is often also called a "Root CA," since in data structures > > terms and in graph theory, the node at the top of a tree is the > > "root." However, to minimize confusion in this document, we elect to > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > trusted by the EE. Readers new to PKIX should be aware that these > > terms are not used consistently throughout the PKIX documents, as the > > Internet PKI profile [2459bis] uses "Root CA" to refer to what this > > and other documents call a "Top CA," and "most-trusted CA" to refer > > to what this and other documents call a "Root CA." > > > > There is no problem with PKIX-1 but a problem with the roadmap document. > > PKIX-1 does not use the term "root CA", and thus it is wrong to say in > > the roadmap that "these terms are not used consistently throughout the > > PKIX documents". > > > > I would thus propose to change the note in the following way: > > > > Note: Since in data structures terms and in graph theory, the node > > at the top of a tree is the "root", the term "root CA" is sometimes > > used. This term is not meant to imply that a Root CA is necessarily > > at the top of any hierarchy, simply that the CA in question is trusted > > directly. > > > > [TG] As I stated at the beginning, I don't know why we should standardize > > on the term "root CA" rather than "trust anchor" or "anchor CA". Those > > terms cannot be mistaken for what is defined here as a "Top CA". BTW, I > > approve of that coinage. > > We do use "root CA", so I see no harm to use that vocabulary. This is no > attempt to standardize this term here. Originally my single concern what > that the text was talking about *one* root CA whereas there can be > multiple. > This was my ONLY concern. This is now fixed. We should close this issue > ASAP. > > Denis > > > Then, on page 14, change: > > > > Additionally, once the Root CA ... > > > > with > > > > Additionally, once a Root CA ... > > > > on pages 29 and 30, change: > > > > (e.g., the DVCS's CA, or the Root CA in a > > hierarchy) > > > > with > > > > (e.g., the DVCS's CA, or a Root CA) > > > > Regards, > > > > Denis > > > > (snip) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AF2L028504 for ietf-pkix-bks; Wed, 10 Apr 2002 08:02:21 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AF2Jm28497 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 08:02:19 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g3AF2Jb31175 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 16:02:19 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a2d02d20b0a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 15:56:56 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id QAA06710; Wed, 10 Apr 2002 16:02:16 +0100 Message-ID: <3CB453FD.C917FDD4@baltimore.ie> Date: Wed, 10 Apr 2002 16:02:21 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Peter Sylvester <Peter.Sylvester@edelweb.fr>, ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204091659.SAA06361@emeriau.edelweb.fr> <3CB44DE3.37E45287@bull.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, > I would disagree. Let me explain why. The requester only trusts the DPV > server that it has queried. The DPV server may trust any server it likes, > but the client does not care: the client does not necessarilly trust them. > The original server is the only one responsible for the "valid" signed > response. So if a DPV response from another server were included as a proof > of the "valid" response, it would not be a proof for the client. The client > needs a proof from first hand, i.e. a proof that is not disputable. This can > only be the original certification path, the original CRLs and the original > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > responders are indeed empowered to provide that information. But isn't it likely that the evaluation of the evidence happens at dispute-resolution time and is done not by the run-time client but by some 3rd party? If not, then the client has to check everything at run-time; if so, then the fact that the client doesn't trust the relayed-to server is moot (what matters is what the evidence evaluator thinks). I would agree though that including just a dpv response as evidence might be misleading unless all relayed responses can be matched against the original request. Seems a bit confused to me (but then I'm often confused:-), Stephen. Denis Pinkas wrote: > > Peter, > > (text deleted) > > > I refer to my proposal to change the text saying that > > that among the optional returned infos like paths CRL, > > OCSP responses, there may alos occur DPV responses. > > I would disagree. Let me explain why. The requester only trusts the DPV > server that it has queried. The DPV server may trust any server it likes, > but the client does not care: the client does not necessarilly trust them. > The original server is the only one responsible for the "valid" signed > response. So if a DPV response from another server were included as a proof > of the "valid" response, it would not be a proof for the client. The client > needs a proof from first hand, i.e. a proof that is not disputable. This can > only be the original certification path, the original CRLs and the original > OCSP responses, with all the proofs that the CRL Issuers and the OCSP > responders are indeed empowered to provide that information. > > > Encapsulating a "DPV response" in a OCSP response still > > remains an option anyway. > > Encapsulating a "DPV response" in a OCSP response is out of the scope of > this discussion. > > > > Denis > > > Since you haven't commented the next paragraph may I assume that > > this is ok with you? > > > > > I think the general principle should be that there is one mode > > > > that all information essential to understand what has contributed > > > > to the final decision must be made available to the client. > > > > (Not necessarily understood by the client). > > No. It is always necessary to provide a yes/no/unknown answer (or an error). > > It is optional to provide all the information essential to test again the > certificate validity, should another party not simply trust the signed "yes" > answer. It is certainly not necessary for the client to understand what has > contributed to the final decision. > > Denis > > > > > I would also agree, that only necessary information should be made > > > > available. It may be not necessary to inform: > > > > > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > > > the last one finally succeed by using an internet connect to > > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > > > Peter -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AEsiZ28172 for ietf-pkix-bks; Wed, 10 Apr 2002 07:54:44 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AEsgm28166 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 07:54:42 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g3AEs6lh050854; Wed, 10 Apr 2002 10:54:06 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g3AEs3023888; Wed, 10 Apr 2002 10:54:03 -0400 Importance: Normal Sensitivity: Subject: Re: WG Last Call: Roadmap To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF233C39DB.1BECB197-ON85256B97.005015E9@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Wed, 10 Apr 2002 10:41:39 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/10/2002 10:54:04 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> It is obviously important that this document get finalized fairly soon. The only question we have outstanding is whether "root CA" as defined would be better replaced by "anchor CA" or "trust anchor". This should not block the document for more than a day or two, but I think it worthwhile to find out what you think the difference is. The term "root CA" as "root of trust" has caused some confusion in these discussions, and if there's a better term which is in fairly common use (as "anchor" is) we should use it. If there's a real difference, we should keep "root CA". In case it's not obvious, the term "anchor CA" means "a trust anchor which is a CA" - which assumes that trust anchors could be defined in such a way that they might be EE's or even AA's. Tom Gindin Denis Pinkas <Denis.Pinkas@bull.net> on 04/09/2002 12:00:26 PM To: Tom Gindin/Watson/IBM@IBMUS cc: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap Tom, > Denis: > > Should we really standardize on the term "root CA" rather than "trust > anchor" or "anchor CA"? I do not care, but I care for this document to be sent to the IESG soon. So the sooner we may find a compromise, the better. Maybe the quickest way is to try to suppress the sentences that create problems. We should focuss on text replacement proposals. > "Trust anchor" has never been used to mean anything other than an entity directly trusted by the RP, AFAIK. Not exactly. Read this sentence again. However, I would like to resist to start a new discusion now on trust anchors. > I have other comments below. > > Tom Gindin > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/08/2002 12:32:41 PM > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > Tom, > > I have not forgotten this message, but I gave priority to the DPV thread. > > > Responses below. > > > The issue of who specifies the verifier's policy is > > rather serious. If the policy to be used is expected to be the same as > RFC > > 3126's SignaturePolicy, we need to specify a step in which the verifier > has > > the right to reject such a policy or to consider it inapplicable to the > > verifier's own current context. > > This is true. However, the text does not go at that level of detail: > > "Another model considers a set of rules that apply to an application > context. Every application context may have a different set of rules. > When choosing to use certificates in the context of that application, > the EE selects the set of rules for that context. In a set of rules, > one or more Top CAs may be trusted, each one may be associated with > different constraints, like the certificate policies that are trusted > or the naming constraints that apply. These constrains may be specified > either in self-signed certificates or in addition to self-signed > certificates when they do not incorporate these constraints. This set > of rules is called a validation policy (when validating a certificate) > or a signature policy (when validating a digital signature)." > > I do not think it is necesary to state it. If you think so, please provide > a text and a placement for that text. > > [TG] My biggest problem is the use of the term "signature policy", which > you have elsewhere defined as something defined and signed by the signer of > the document. There is a misunderstanding. A signer may provide the *reference* of the signature policy that he agrees to use when signing. In order to prevent someone else to change that reference, it is protected by the signer's signature. So in that case the verifier has first to see whether the signature policy used by the signer is appropriate for his application context. If it is the case, then it uses it, otherwise this is the end of the story. [TG] He mainly needs to check whether it's an approved signature policy by his personal or organizational criteria. > In the paragraph above, I would replace the term "Top CAs" > by "root CA's", No problem. > and I would also call the sets of rules in the last > sentence a "certificate validation policy" and a "signature validation > policy". I would then add the following statement: "Neither of these > policies is considered to be the same as either a CertificatePolicy as > defined in RFC 2459 or a SignaturePolicy as defined in RFC 3126." I would simply propose to delete the following sentence: "This set of rules is called a validation policy (when validating a certificate) or a signature policy (when validating a digital signature)" not because it is wrong, but because I would like this document to proceed. This would lead to the following text: "Another model considers a set of rules that apply to an application context. Every application context may have a different set of rules. When choosing to use certificates in the context of that application, the EE selects the set of rules for that context. In a set of rules, one or more root CAs may be trusted, each one may be associated with different constraints, like the certificate policies that are trusted or the naming constraints that apply. These constrains may be specified either in self-signed certificates or in addition to self-signed certificates when they do not incorporate these constraints." Can you live with it ? [TG] Sure. > > To: Tom Gindin/Watson/IBM@IBMUS > > cc: ietf-pkix@imc.org > > Subject: Re: WG Last Call: Roadmap > > > > Tom, > > > > > I have a few issues with this, and some corrections as well. > > > > > In comment 12, I have two issues. The first one, which is minor, > > is > > > that "one or more Top CA's may be trusted" should refer to root CA's > > > instead - the two terms mean the same thing more often than not, but > when > > > they differ the trust point is the root rather than the top. > > > > PKIX-1 states: > > > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > > > Note: This is often also called a "Root CA," since in data structures > > terms and in graph theory, the node at the top of a tree is the > > "root." However, to minimize confusion in this document, we elect to > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > trusted by the EE." > > > > The problem lies with the last sentence, i.e. "*the* CA directly trusted > by > > the EE.". The singular is being used which means that there is a single > > one, multiple roots are not permitted, while multiple Top-CAs are > > permitted. > > > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly trusted" > > in either RFC 2459 or in draft 12 of new-pkix-1. > > Sorry for the confusion: it is in the roadmap document, not PKIX-1. > > The current text in the roadmap is: > > " - Root CA - A CA that is directly trusted by an EE; that is, > securely acquiring the value of a Root CA public key requires > some out-of-band step(s). This term is not meant to imply that a > Root CA is necessarily at the top of any hierarchy, simply that > the CA in question is trusted directly. > > (...) > > Note: This is often also called a "Root CA," since in data structures > terms and in graph theory, the node at the top of a tree is the > "root." However, to minimize confusion in this document, we elect to > call this node a "Top CA," and reserve "Root CA" for the CA directly > trusted by the EE. Readers new to PKIX should be aware that these > terms are not used consistently throughout the PKIX documents, as the > Internet PKI profile [2459bis] uses "Root CA" to refer to what this > and other documents call a "Top CA," and "most-trusted CA" to refer > to what this and other documents call a "Root CA." > > There is no problem with PKIX-1 but a problem with the roadmap document. > PKIX-1 does not use the term "root CA", and thus it is wrong to say in > the roadmap that "these terms are not used consistently throughout the > PKIX documents". > > I would thus propose to change the note in the following way: > > Note: Since in data structures terms and in graph theory, the node > at the top of a tree is the "root", the term "root CA" is sometimes > used. This term is not meant to imply that a Root CA is necessarily > at the top of any hierarchy, simply that the CA in question is trusted > directly. > > [TG] As I stated at the beginning, I don't know why we should standardize > on the term "root CA" rather than "trust anchor" or "anchor CA". Those > terms cannot be mistaken for what is defined here as a "Top CA". BTW, I > approve of that coinage. We do use "root CA", so I see no harm to use that vocabulary. This is no attempt to standardize this term here. Originally my single concern what that the text was talking about *one* root CA whereas there can be multiple. This was my ONLY concern. This is now fixed. We should close this issue ASAP. Denis > Then, on page 14, change: > > Additionally, once the Root CA ... > > with > > Additionally, once a Root CA ... > > on pages 29 and 30, change: > > (e.g., the DVCS's CA, or the Root CA in a > hierarchy) > > with > > (e.g., the DVCS's CA, or a Root CA) > > Regards, > > Denis > > (snip) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AEatf27213 for ietf-pkix-bks; Wed, 10 Apr 2002 07:36:55 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AEarm27208 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 07:36:53 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id QAA22428; Wed, 10 Apr 2002 16:39:27 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041016362058:375 ; Wed, 10 Apr 2002 16:36:20 +0200 Message-ID: <3CB44DE3.37E45287@bull.net> Date: Wed, 10 Apr 2002 16:36:19 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204091659.SAA06361@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 16:36:20, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 16:36:52, Serialize complete at 10/04/2002 16:36:52 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, (text deleted) > I refer to my proposal to change the text saying that > that among the optional returned infos like paths CRL, > OCSP responses, there may alos occur DPV responses. I would disagree. Let me explain why. The requester only trusts the DPV server that it has queried. The DPV server may trust any server it likes, but the client does not care: the client does not necessarilly trust them. The original server is the only one responsible for the "valid" signed response. So if a DPV response from another server were included as a proof of the "valid" response, it would not be a proof for the client. The client needs a proof from first hand, i.e. a proof that is not disputable. This can only be the original certification path, the original CRLs and the original OCSP responses, with all the proofs that the CRL Issuers and the OCSP responders are indeed empowered to provide that information. > Encapsulating a "DPV response" in a OCSP response still > remains an option anyway. Encapsulating a "DPV response" in a OCSP response is out of the scope of this discussion. > > Denis > Since you haven't commented the next paragraph may I assume that > this is ok with you? > > > I think the general principle should be that there is one mode > > > that all information essential to understand what has contributed > > > to the final decision must be made available to the client. > > > (Not necessarily understood by the client). No. It is always necessary to provide a yes/no/unknown answer (or an error). It is optional to provide all the information essential to test again the certificate validity, should another party not simply trust the signed "yes" answer. It is certainly not necessary for the client to understand what has contributed to the final decision. Denis > > > I would also agree, that only necessary information should be made > > > available. It may be not necessary to inform: > > > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > > the last one finally succeed by using an internet connect to > > > address a.b.c.d using DPV protocol over OCSP, ... > > > > > > Peter Received: by above.proper.com (8.11.6/8.11.3) id g3ADRu124488 for ietf-pkix-bks; Wed, 10 Apr 2002 06:27:56 -0700 (PDT) Received: from dymwsm13.mailwatch.com (dymwsm13.mailwatch.com [204.253.83.37]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3ADRtm24483 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 06:27:55 -0700 (PDT) Received: from mwsc0202.mw4.mailwatch.com (mwsc0202.mw4.mailwatch.com [204.253.83.132]) by dymwsm13.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3ADRZb28478 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 09:27:35 -0400 Received: from mail pickup service by mwsc0202.mw4.mailwatch.com with Microsoft SMTPSVC; Wed, 10 Apr 2002 09:27:35 -0400 Received: from 204.253.83.72 ([204.253.83.72]) by MWSC0202 with SMTP id 00020002894052e0-9318-4b66-ad3e-0dfcb196d7f9; Wed, 10 Apr 2002 09:27:35 -0500 Received: from bigbird.entegrity.com (bigbird.gradient.com [192.92.110.50]) by dymwsm10.mailwatch.com (8.11.0/8.11.0) with ESMTP id g3ADRZV11840; Wed, 10 Apr 2002 09:27:35 -0400 Received: by bigbird.gradient.com with Internet Mail Service (5.5.2650.10) id <2SMDF0TW>; Wed, 10 Apr 2002 09:24:34 -0400 Message-ID: <899128A30EEDD1118FC900A0C9C74A3401033FB2@bigbird.gradient.com> From: Hal Lockhart <hal.lockhart@entegrity.com> To: "'todd glassey'" <todd.glassey@worldnet.att.net> Cc: ietf-pkix@imc.org Subject: RE: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay Date: Wed, 10 Apr 2002 09:24:33 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.10) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1E093.0DDA59B4" HOP-COUNT: 1 X-MAILWATCH-INSTANCEID: 01020002894052e0-9318-4b66-ad3e-0dfcb196d7f9 X-OriginalArrivalTime: 10 Apr 2002 13:27:35.0740 (UTC) FILETIME=[7A28E7C0:01C1E093] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1E093.0DDA59B4 Content-Type: text/plain; charset="ISO-8859-1" Todd, > > BTW, what percentage of Internet traffic do you assert is > > "transaction processing" > > 100% - All of it. That did it. You just made my kill file. You are obviously designing standards for some "other" Internet. Hal ------_=_NextPart_001_01C1E093.0DDA59B4 Content-Type: text/html; charset="ISO-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2448.0"> <TITLE>RE: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>Todd,</FONT> </P> <P><FONT SIZE=2>> > BTW, what percentage of Internet traffic do you assert is</FONT> <BR><FONT SIZE=2>> > "transaction processing"</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> 100% - All of it.</FONT> </P> <P><FONT SIZE=2>That did it. You just made my kill file. You are obviously designing standards for some "other" Internet.</FONT> </P> <P><FONT SIZE=2>Hal</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1E093.0DDA59B4-- Received: by above.proper.com (8.11.6/8.11.3) id g3ADR7u24416 for ietf-pkix-bks; Wed, 10 Apr 2002 06:27:07 -0700 (PDT) Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3ADR5m24410 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 06:27:06 -0700 (PDT) Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g3ADQnXv025732; Thu, 11 Apr 2002 01:26:49 +1200 Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id BAA77179; Thu, 11 Apr 2002 01:26:43 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Thu, 11 Apr 2002 01:26:43 +1200 (NZST) Message-ID: <200204101326.BAA77179@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: awa1@comcast.net, ietf-pkix@imc.org Subject: Re: CMP Interoperability Question Cc: AArsenault@diversinet.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Al Arsenault <awa1@comcast.net> writes: >For those who have implemented CMP, the question is: Does your implementation >support CAs who sign CMP messages (e.g., cp, ip, ...) using a different key >than they use to sign certificates? Sure. If it didn't, it wouldn't be possible to use an RA which proxies for a CA. I'd be surprised if there were implementations which didn't allow this... no hang on, after having taken part in CMP interop testing I wouldn't be surprised if there were implementations which reformatted the hard drive or played an MPEG of a cat :-). >- signed with a key without keyUsage set to some magic value? keyUsage = signature or nonrepudiation would be useful (there's a Norwegian CA which believes that a keyUsage extension is unnecessary in its root cert, and obviously I'm not going to be able to check anything signed with that). Peter. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3ACvss22152 for ietf-pkix-bks; Wed, 10 Apr 2002 05:57:54 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3ACvrm22145 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 05:57:53 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GUC00F01RWAMA@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 10 Apr 2002 05:55:22 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GUC00EOWRWAS1@ext-mail.valicert.com>; Wed, 10 Apr 2002 05:55:22 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <2L0B8MJ9>; Wed, 10 Apr 2002 05:57:34 -0700 Content-return: allowed Date: Wed, 10 Apr 2002 05:57:33 -0700 From: Frank Balluffi <frankb@valicert.com> Subject: RE: CMP Interoperability Question To: "'awa1@comcast.net'" <awa1@comcast.net>, "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Cc: "'AArsenault@diversinet.com'" <AArsenault@diversinet.com> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E03038B38@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Al Arsenault asked: > For those who have implemented CMP, the question is: Does > your implementation support CAs who sign CMP messages (e.g., > cp, ip, ...) using a different key than they use to sign certificates? Yes. It is possible to configure our validation authority product to accept a CMP revocation request signed with a key other than the CA's certificate signing key. For example, it is possible to configure the system to accept requests signed by a local administrator. Frank Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3ABqu618824 for ietf-pkix-bks; Wed, 10 Apr 2002 04:52:56 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3ABqpm18817 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 04:52:51 -0700 (PDT) Received: from SJOSEPH (pcp237514pcs.elictc01.md.comcast.net [68.55.160.145]) by mtaout04.icomcast.net (iPlanet Messaging Server 5.1 (built Feb 6 2002)) with SMTP id <0GUC0084POZYAC@mtaout04.icomcast.net> for ietf-pkix@imc.org; Wed, 10 Apr 2002 07:52:47 -0400 (EDT) Date: Wed, 10 Apr 2002 07:52:35 -0400 From: Al Arsenault <awa1@comcast.net> Subject: CMP Interoperability Question To: ietf-pkix@imc.org Cc: Alfred Arsenault <AArsenault@diversinet.com> Message-id: <029301c1e086$348d00a0$6401a8c0@SJOSEPH> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Content-type: multipart/alternative; boundary="Boundary_(ID_S+hEdpM9yy3FVZgvW/Duaw)" X-Priority: 3 X-MSMail-priority: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --Boundary_(ID_S+hEdpM9yy3FVZgvW/Duaw) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Folks, I'm looking for some information, so I figured that this might be the fastest way to do an "informal survey". For those who have implemented CMP, the question is: Does your implementation support CAs who sign CMP messages (e.g., cp, ip, ...) using a different key than they use to sign certificates? The reason for asking this: we tend to believe that they private signing key used to sign certificates and revocation information (CRLs, OCSP responses) should ONLY be used for that purpose. The CA has a separate key to use for secure communications, including signing CMP responses. (I can't find anything in the spec - either RFC2510 or son-of-2510 - that addresses this at all. My apologies if I just missed a section.) The problem was that a little informal testing showed a problem. We had a "brand X" RA send our CA a cr message. The CA responded with a cp. The RA rejected the cp, apparently because it wasn't signed with the same key used to sign certs/CRLs. (We're investigating to find out what the exact conditions for success are; e.g., does the CMP cp message have to be signed with the same key the cert contained in the message is signed with; or do basic constraints and/or specific key usage values have to be set in the signing cert.) So, for you CMP implementors - would your code reject a cp or other message from a CA, if it was: - signed with a key other than that used by the CA to sign certs? - signed with a key that matched a certificate without basicConstraints set to CA? - signed with a key without keyUsage set to some magic value? Thanks for any information you can provide, Al Arsenault Chief Security Architect Diversinet Corp. --Boundary_(ID_S+hEdpM9yy3FVZgvW/Duaw) Content-type: text/html; charset=iso-8859-1 Content-transfer-encoding: 7BIT <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 5.50.4134.600" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Folks,</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> I'm looking for some information, so I figured that this might be the fastest way to do an "informal survey".</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> For those who have implemented CMP, the question is: Does your implementation support CAs who sign CMP messages (e.g., cp, ip, ...) using a different key than they use to sign certificates?</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> The reason for asking this: we tend to believe that they private signing key used to sign certificates and revocation information (CRLs, OCSP responses) should ONLY be used for that purpose. The CA has a separate key to use for secure communications, including signing CMP responses. (I can't find anything in the spec - either RFC2510 or son-of-2510 - that addresses this at all. My apologies if I just missed a section.)</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> The problem was that a little informal testing showed a problem. We had a "brand X" RA send our CA a cr message. The CA responded with a cp. The RA rejected the cp, apparently because it wasn't signed with the same key used to sign certs/CRLs. (We're investigating to find out what the exact conditions for success are; e.g., does the CMP cp message have to be signed with the same key the cert contained in the message is signed with; or do basic constraints and/or specific key usage values have to be set in the signing cert.)</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> So, for you CMP implementors - would your code reject a cp or other message from a CA, if it was:</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> - signed with a key other than that used by the CA to sign certs?</FONT></DIV> <DIV><FONT face=Arial size=2> - signed with a key that matched a certificate without basicConstraints set to CA?</FONT></DIV> <DIV><FONT face=Arial size=2> - signed with a key without keyUsage set to some magic value?</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> Thanks for any information you can provide,</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2> Al Arsenault</FONT></DIV> <DIV><FONT face=Arial size=2> Chief Security Architect</FONT></DIV> <DIV><FONT face=Arial size=2> Diversinet Corp.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML> --Boundary_(ID_S+hEdpM9yy3FVZgvW/Duaw)-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3AAhoD15145 for ietf-pkix-bks; Wed, 10 Apr 2002 03:43:50 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3AAhnm15137 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 03:43:49 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA25508; Wed, 10 Apr 2002 12:46:22 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002041012431476:327 ; Wed, 10 Apr 2002 12:43:14 +0200 Message-ID: <3CB41741.F112A490@bull.net> Date: Wed, 10 Apr 2002 12:43:13 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Miguel Angel Rodriguez <mars@seguridata.com> CC: ietf-pkix@imc.org Subject: Re: TSA Policy Identifiers References: <000001c1dfed$e2a28730$a600a8c0@seguridata.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 12:43:15, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 10/04/2002 12:43:47, Serialize complete at 10/04/2002 12:43:47 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Hi! Where can I find info on defined TSA Policy OIDs for TSP, rfc 3163? ^^^^^^^^ rfc 3161 > Regards, > Miguel A Rodriguez > SeguriDATA > Mexico You may find one on page 9, section 5.2. from the "Policy Requirements for Time-Stamping Authorities" draft, i.e. draft-ietf-pkix-pr-tsa-00.txt. The object-identifier of the baseline time-stamp policy is: itu-t(0) identified-organization(4) etsi(0) time-stamp-policy(2023) policy-identifiers(1) baseline-ts-policy (1) The draft has been announced on Monday, 25 March 2002. The URL is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-pr-tsa-00.txt Regards, Denis Received: by above.proper.com (8.11.6/8.11.3) id g3A7SXI20675 for ietf-pkix-bks; Wed, 10 Apr 2002 00:28:33 -0700 (PDT) Received: from gorilla.mchh.siemens.de (gorilla.mchh.siemens.de [194.138.158.18]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3A7SVm20664 for <ietf-pkix@imc.org>; Wed, 10 Apr 2002 00:28:31 -0700 (PDT) Received: from moody.mchh.siemens.de (mail2.mchh.siemens.de [194.138.158.226]) by gorilla.mchh.siemens.de (8.9.3/8.9.3) with ESMTP id JAA12686; Wed, 10 Apr 2002 09:28:25 +0200 (MET DST) Received: from mchh246e.demchh201e.icn.siemens.de ([139.21.200.56]) by moody.mchh.siemens.de (8.9.1/8.9.1) with ESMTP id JAA05051; Wed, 10 Apr 2002 09:28:19 +0200 (MET DST) Received: by MCHH246E with Internet Mail Service (5.5.2653.19) id <H22NQQD0>; Wed, 10 Apr 2002 09:28:18 +0200 Message-ID: <1D82815C322BD41196EA00508B951F7B01B40EB4@MCHH265E> From: Fantou Patrick <patrick.fantou@icn.siemens.de> To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, Fantou Patrick <patrick.fantou@icn.siemens.de> Cc: Christopher Oliva <Chris.Oliva@entrust.com>, David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: AW: AW: LDAP Certificate transfer syntax Date: Wed, 10 Apr 2002 09:27:52 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g3A7SWm20669 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Kurt, Peter and Ron, thanks for your comments. Let me make more precise what i mean whith *no choice* for *some attributes* As Peter said, there are additional dependancies directly connected with the attribute type and the fact that some attributes do not have any string encoding possibilities. For some attributes like certificates, the only possibility as transfer encoding is the binary encoding. It is what i mean with "there is no choice". And in this case, as Ron says, ;binary is redundant. Other comments in Kurt´s text. Patrick > -----Ursprüngliche Nachricht----- > Von: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] > Gesendet: Dienstag, 9. April 2002 18:17 > An: Fantou Patrick > Cc: Christopher Oliva; David Chadwick; Mark Wahl; > steven.legg@adacel.com.au; 'LDAP BIS'; 'PKIX' > Betreff: Re: AW: LDAP Certificate transfer syntax > > > At 10:44 AM 2002-04-09, Fantou Patrick wrote: > >I am not sure this discussion really brings us further. > > I think this discussion is bringing us further along. It has, > at least, boiled down this particular debate to one issue: > whether or not ;binary is required when the binary > encoding of a value is transferred in the protocol. > For certificates in any case the binary encoding has to be transferred in the protocol. So the presence or absence of ;binary cannot change anything here. > >There is no choice with some attributes like certificates. > > I would have to agree that this is no choice. But I think > we disagree on what that choice is. > The choice is string encoding, when it exists, or binary encoding. > One must transfer certificates in their binary encoding as > indicates by ;binary. Note only is this the intent of RFC > 2251, but we have demonstrated interoperability between > multiple independently developed implementations of this. > One must always transfer certificates in their binary encoding. And i am not sure that interoperability was demonstrated because ;binary was implemented correctly, or because the presence or the absence of ;binary was ignored by the servers for the attribute types which do not have any string encoding. P.F. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39KOHg10556 for ietf-pkix-bks; Tue, 9 Apr 2002 13:24:17 -0700 (PDT) Received: from mtiwmhc22.worldnet.att.net (mtiwmhc22.worldnet.att.net [204.127.131.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39KOAm10552 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 13:24:10 -0700 (PDT) Received: from tsg1 ([12.81.78.249]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020409202406.ZFDC38.mtiwmhc22.worldnet.att.net@tsg1>; Tue, 9 Apr 2002 20:24:06 +0000 Message-ID: <000201c1e004$5425f7f0$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Stephen Kent" <kent@bbn.com> Cc: <ietf-pkix@imc.org> References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert.com> <001901c1dd74$8d26a730$020aff0c@tsg1> <p05100300b8d76b579027@[128.33.238.74]> Subject: Re: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay Date: Tue, 9 Apr 2002 13:18:34 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> ----- Original Message ----- From: "Stephen Kent" <kent@bbn.com> To: "todd glassey" <todd.glassey@worldnet.att.net> Cc: <ietf-pkix@imc.org> Sent: Monday, April 08, 2002 9:05 PM Subject: Re: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay > > Todd, > > >Peter - All - I agree with you to some extent but let me also that there is > >another side and its about a bigger picture. And in this bigger picture > >PKIX is way out of control. What it really needs is to have a thread of > >commonality drawn through all that PKIX produces. What I mean by that is > >that the entire process of complex-decision-support and evidentiary > >processing of x.509 certs is out of control. > > As noted in my immediate, previous message, not all the PKI standards > we address are in support of NR. This it is not reasonable to insist > that all of these standards have an "evidentiary" flavor to them. Why not Stephen? NR is something that only a set of practices can establish. > > >What we as a culture really need is something like CDSA only for PKIX. What > >I would conceptually propose as the PKIX streamlined PKI architecture. A > >common PKIX transaction architecture and process model. A simpler one, and > >one that does not allow recursion or ambiguity that is unchecked. What PKIX > >needs to do is to simplify everything it does. > > > >The intent would be to identify: > > > > 1) Is there any value in making all this PKI ware at the Network > >Transport Level. I.e will the evidentiary needs of the world need and use > >what we are proposing. Will it fit into Human Law and Process currently > >accepted or, like the TSA, will it need artificial stimulus in the form of > >something like Italy's mandating some EU approved timestamp process without > >understanding exactly what the TSA provides relative to simple receipts > >(i.e. not much at this point but we should spin that off as a separate > >thread!). > > Your terminology is seriously flawed. No Stephen its not. What is flawed is the response I get from you. 1) What I said was simple - Is PKI technology being implemented at the TCP/UDP based network level a good idea. So far the only parts of the market that agree with you as the chair of the Global; PKI Standards group is the manufacturers. What this means is that you have failed to date to get the end users to buy in. What was that line from that Van Morrison song, "and the Girls go by, dressed up for each other"... or something like that. The real issue I think is that you have failed to bring the evolution of PKI to a place where it is marketable and isnt that what you set out to do? if not then please correct me as to what and why we are all here? > We make us of transport layer > protocols such as UDP and TCP. Steve - pardon my being picking about this next point but you are not the WG, so its "The WG makes use of"... >Using the Internet protocol > architecture terminology, we are developing application protocols. > after that sentence, I begin to lose track of your point, other than > apparently insulting Italians. The problem here is not with the Italian Government it is with the people that convinced them that a Timestamp was something new that they needed for official document processing. This has nothing to do with Italians per se except that they came to understand something that most of the world missed in B2B style models. The fact that you took it as an insult as opposed to an obersvation is almost amusing to me... > > > 2) How can the same services be used for both Evidentiary Service > >Models and for Decision Support (Hey Stephen - I going Cap Crazy!)... > > yes, you are > > > > > 3) And who we are going to work with. > > > >What has happened so far is that with its key architects, this WG has come > >up with so many pieces that it is freakin impossible to come to any gross > >agreements about anything. Take this argument - "Should DPV servers refer > >their requests to another node in a chain if local policy is failed or > >exceeded?" - it is totally constrained by how this system is being used and > >what types of legal frameworks are manding functionality under it. > > > >This is more than a problem with PKIX and people submitting technologies > >that while the use seems mechanically cool, do not satisfy the existing > >legal or process framework. And to that end PKIX and the IETF force the > >world to tau-tau to its goals rather that the IETF doing what its supposed > >to and that is to build protocols for the real world. Well the real world is > >commercial transaction processing and without it there would be no Internet. Come on Steve - no comment on #3? except to the spelling of Tau tau. > > > "tau-tau?" I assume you mean "kowtow," meaning to bow as a sign of > respect (from the ancient Mandarin). OK the spelling issue - yes pardon me - I was using one of the Cantonese forms of the phrase, and in the colloquiel manner. Something like 200 ways to spell and say POT STICKER. You understand, eh? > > Anyway, the folks who participate in the WG do believe that they are > building protocols that are of value to the real world. I just advocate that the world is ready for something more that Microsoft's Fully Fledged, Development Enabled OS. That appliance computing is coming and that it will soon take the place of many complex services. And that becuase of what it is many of the OS Flaws that we spend so much time working around will not be there. >As noted > elsewhere, many of us have a model of the real world that is a bit > more encompassing that what you seem to advocate, and thus our ideas > of an appropriate level of protocol generality differ from yours. yes, so it seems. > > BTW, what percentage of Internet traffic do you assert is > "transaction processing" 100% - All of it. > of the sort that requires the > non-repudiation facilities that is currently unknown, but email and corporate email in particular may soon need NR and testimonial capability. As far as other issues go, when the privacy legislation comes on line and the DoJ gets up to speed with managing slamming and spamming properly who knows maybe the answer is that this number is going to get HUGE!!! > that seem to be the focus of all your > comments? Depends on what the legal framework is for the country that this traffic is passing through. > If we eliminate all the informal e-mail, essentially all > file transfers, web surfing for a great variety of information that > may not result in purchases, the credit card transactions that, due > to extant laws, are acceptably well protected, ... But Steve all of these are transactions. Just not ones of the Buy or Sell type. Everytime that a request and a fulfillment is made a transaction happens. > Yes, the Internet > is about to grind to a halt because PKIX has not addressed your > notion of what is required. Ahahaha - You make the joke, No? > > Steve > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39HgKk01182 for ietf-pkix-bks; Tue, 9 Apr 2002 10:42:20 -0700 (PDT) Received: from web.seguridata.com (seguridata02.terra.net.mx [200.4.103.226]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39HgIm01174 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 10:42:18 -0700 (PDT) Received: from MarsXP ([192.168.0.166]) by web.seguridata.com (Post.Office MTA v3.5.3 release 223 ID# 517-61027U100L2S100V35) with ESMTP id com for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 11:51:08 -0600 From: mars@seguridata.com (Miguel Angel Rodriguez) To: <ietf-pkix@imc.org> Subject: TSA Policy Identifiers Date: Tue, 9 Apr 2002 12:42:14 -0500 Message-ID: <000001c1dfed$e2a28730$a600a8c0@seguridata.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C1DFC3.F9CC7F30" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C1DFC3.F9CC7F30 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi! Where can I find info on defined TSA Policy OIDs for TSP, rfc 3163? Regards, Miguel A Rodriguez SeguriDATA Mexico ------=_NextPart_000_0001_01C1DFC3.F9CC7F30 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C1DFC3.F99CE3B0"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:windowtext;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple = style=3D'tab-interval:36.0pt'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Hi! Where can I find info on defined TSA Policy <span class=3DSpellE>OIDs</span> for TSP, <span class=3DSpellE>rfc</span> = 3163?<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Regards,<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Miguel A Rodriguez<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>SeguriDATA<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Mexico<o:p></o:p></span></font></p> </div> </body> </html> ------=_NextPart_000_0001_01C1DFC3.F9CC7F30-- Received: by above.proper.com (8.11.6/8.11.3) id g39HAwX28878 for ietf-pkix-bks; Tue, 9 Apr 2002 10:10:58 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39HAsm28872 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 10:10:55 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA01453; Tue, 9 Apr 2002 19:10:55 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 9 Apr 2002 19:10:55 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA03401; Tue, 9 Apr 2002 19:10:54 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA06370; Tue, 9 Apr 2002 19:10:53 +0200 (MET DST) Date: Tue, 9 Apr 2002 19:10:53 +0200 (MET DST) Message-Id: <200204091710.TAA06370@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All, I was told in private mail that in one of my previous messages a statement that ended with a :-) could be misinterpreted as a personal offense against Denis Pinkas. I agree with that and hereby declare that there has been no such intention. The different styles of argumentation reminded me to some discussions that happened almost 20 years ago among former and actual colleagues; and I wanted to share with all the anecdotical conclusions that had been drawn at that time. Peter Sylvester Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39Gxft28423 for ietf-pkix-bks; Tue, 9 Apr 2002 09:59:41 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39Gxdm28419 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 09:59:39 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA01371; Tue, 9 Apr 2002 18:59:38 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 9 Apr 2002 18:59:38 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA03322; Tue, 9 Apr 2002 18:59:37 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA06361; Tue, 9 Apr 2002 18:59:37 +0200 (MET DST) Date: Tue, 9 Apr 2002 18:59:37 +0200 (MET DST) Message-Id: <200204091659.SAA06361@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > We both agree that authentication is only from the initial server, > so the client does not need to understand where the data comes from. Ok. More, the client may not even need to know what the data *ARE*. > > My definition > > of visibility is just that it is possible to determine all data > > that have contributed to a decision, and this information may > > include the fact that they had original been build by someone > > else and confirmed by the DPV server. > > > > Somewhat related to this : On last Friday Ambarish wrote: > > > > Hi Peter, > > I agree with your desire to have a DPV response included where > > one would allow CRLs or OCSP responses to be included to prove > > how a server obtained the status of a certificate. > > > > Regards, > > Ambarish > > This is different. CRLs, OCSP responses and certificates may be needed in > case someone else, not trusting the YES anwser from one DPV server, would > like to verify the certificate against the same policy using another DPV > server. All the information collected at the time of first validation is not > necessarilly available, e.g. two years later, hence why this data may be > useful. A DPV server can operate in a simular way as an OCSP. with a similar "trust environment", creating a "positive response" instead of a negative negative response. A CA may just want to operate an 'authorized DPV responder' instead of providing CRLs or OCSP. Note, that the various extensions for OCSP proposing to turn the -*- answer into a + answer by including the cert or something like that could be regarded as an implementation of DPV. > > If this requirement is accepted by the group one can regards this > > as a kind of visibility of relaying. > > There is no requirement for any visibility of relying. That's not what I said. There is also no requirement for complete obscurity or information hiding. > > The DPV responses may concern > > the same certificate or some certicate in the chain or else. > > > > As far as I remember, I have not read an argument why such > > a thing would create harm or would be undesirable for whatever > > reason. > > There is no need for any extra information. Complexity and over-engineering > should be avoided whenever possible. What do you call 'any extra information'? 'extra' related to some information considered 'normal'? What has this to do with over-engineering and complexity? These information are not 'extra'. DPV responses may the only ones available to return a 'timely status' of the certificate like a 'timely revocation information'. > > Signatures of CAs, CRL providers, OCSP providers may are also visible. > > Not exactly: CA certificates, CRLs and OCSP responses may optionally be > returned. Sorry for having made a error in my previous phrase the 'are' should be 'be'. So we agree, still where is the essential difference between a DPV response and an OCSP response concerning their signature? There is already a requirement: " For the client to be able prove to a third party that trusts the same DPV server that the certificate validation was handled correctly, the DPV response MUST be digitally signed." which IMO means that the DPV response does not has a pure ephemeral status but at least a similar characteristics as those of an OCSP response. > > Remember I said that "I agree that it is probably not necssary .." > > > > Where do you see too much complexity: It is already complex to return a path, > > CRLs and others. Is *this* complexity necessary, if one only needs > > a yes/no/unknown answer? > > See the rational explained above. I still don't see where you see the complexity. DPV responses may be given to other relying parties. Such a party must be able to validate it. It don't think that there is much code complexity by allowing that the response itself may contain a response as part of the justifications. I would think that there may be even simplicity If I only have to treat DPV responses for example. > > Or, I fail to understand why some information that contributed to the > > decision almost MUST be thrown away, in particular when it is possible > > that it is important. > > This information is optional and MAY be requested by the client. Isn't this exactly what I am asking for. A DPV response may be the only information available indicating that some intermediate CA cert is valid. It MAY be optional returned when requested (or defined as to be returned in the policy). > I hope these explanations will allow to close this issue. I refer to my proposal to change the text saying that that among the optional returned infos like paths CRL, OCSP responses, there may alos occur DPV responses. Encapsulating a "DPV response" in a OCSP response still remains an option anyway. > Denis Since you haven't commented the next paragraph may I assume that this is ok with you? > > > I think the general principle should be that there is one mode > > that all information essential to understand what has contributed > > to the final decision must be made available to the client. > > (Not necessarily understood by the client). > > > > I would also agree, that only necessary information should be made > > available. It may be not necessary to inform: > > > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > > the last one finally succeed by using an internet connect to > > address a.b.c.d using DPV protocol over OCSP, ... > > > > Peter > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39GKfl27450 for ietf-pkix-bks; Tue, 9 Apr 2002 09:20:41 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39GKdm27446 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 09:20:39 -0700 (PDT) Received: from tsg1 ([12.81.78.88]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020409162034.RVOM8815.mtiwmhc23.worldnet.att.net@tsg1>; Tue, 9 Apr 2002 16:20:34 +0000 Message-ID: <032f01c1dfe2$4f7e3a40$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Tom Gindin" <tgindin@us.ibm.com> Cc: <ietf-pkix@imc.org> References: <OFDE8091ED.56C059E1-ON85256B96.004D970E@pok.ibm.com> Subject: Re: WG Last Call: Roadmap Date: Tue, 9 Apr 2002 09:03:18 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> For what it is worth- the term Trust Anchor is something that I coined at Coastek some number of years ago (1997) and is specific to an evaulated set of trust processes. What I mean by that is that a trust anchor is the uppermost anchoring trust element to which all others are referenced to or through but that this is also specific to a particular transaction or set of transactions. The intent was/is to define on a per transaction basis a uniform point of anchoring these referencable datasets. As to the mechanics of the process, the term ROOT CA is the mechanical analog of the trust anchor only for the mechanics of the transaction and not the content of the transaction per se. The term "trust anchor" was/is to remove any ambiguity on a transaction specific basis, and the term ROOT CA is more likely to be accepted as the mechanical top of the pyramid (i.e. as part of the plumbing and not its use per se.) Todd ----- Original Message ----- From: "Tom Gindin" <tgindin@us.ibm.com> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Sent: Tuesday, April 09, 2002 7:46 AM Subject: Re: WG Last Call: Roadmap > > > Denis: > > Should we really standardize on the term "root CA" rather than "trust > anchor" or "anchor CA"? "Trust anchor" has never been used to mean > anything other than an entity directly trusted by the RP, AFAIK. I have > other comments below. > > Tom Gindin > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/08/2002 12:32:41 PM > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > > Tom, > > I have not forgotten this message, but I gave priority to the DPV thread. > > > Responses below. > > > The issue of who specifies the verifier's policy is > > rather serious. If the policy to be used is expected to be the same as > RFC > > 3126's SignaturePolicy, we need to specify a step in which the verifier > has > > the right to reject such a policy or to consider it inapplicable to the > > verifier's own current context. > > This is true. However, the text does not go at that level of detail: > > "Another model considers a set of rules that apply to an application > context. Every application context may have a different set of rules. > When choosing to use certificates in the context of that application, > the EE selects the set of rules for that context. In a set of rules, > one or more Top CAs may be trusted, each one may be associated with > different constraints, like the certificate policies that are trusted > or the naming constraints that apply. These constrains may be specified > either in self-signed certificates or in addition to self-signed > certificates when they do not incorporate these constraints. This set > of rules is called a validation policy (when validating a certificate) > or a signature policy (when validating a digital signature)." > > I do not think it is necesary to state it. If you think so, please provide > a text and a placement for that text. > > [TG] My biggest problem is the use of the term "signature policy", which > you have elsewhere defined as something defined and signed by the signer of > the document. In the paragraph above, I would replace the term "Top CAs" > by "root CA's", and I would also call the sets of rules in the last > sentence a "certificate validation policy" and a "signature validation > policy". I would then add the following statement: "Neither of these > policies is considered to be the same as either a CertificatePolicy as > defined in RFC 2459 or a SignaturePolicy as defined in RFC 3126." > > > > > To: Tom Gindin/Watson/IBM@IBMUS > > cc: ietf-pkix@imc.org > > Subject: Re: WG Last Call: Roadmap > > > > Tom, > > > > > I have a few issues with this, and some corrections as well. > > > > > In comment 12, I have two issues. The first one, which is minor, > > is > > > that "one or more Top CA's may be trusted" should refer to root CA's > > > instead - the two terms mean the same thing more often than not, but > when > > > they differ the trust point is the root rather than the top. > > > > PKIX-1 states: > > > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > > > Note: This is often also called a "Root CA," since in data structures > > terms and in graph theory, the node at the top of a tree is the > > "root." However, to minimize confusion in this document, we elect to > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > trusted by the EE." > > > > The problem lies with the last sentence, i.e. "*the* CA directly trusted > by > > the EE.". The singular is being used which means that there is a single > > one, multiple roots are not permitted, while multiple Top-CAs are > > permitted. > > > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly trusted" > > in either RFC 2459 or in draft 12 of new-pkix-1. > > Sorry for the confusion: it is in the roadmap document, not PKIX-1. > > The current text in the roadmap is: > > " - Root CA - A CA that is directly trusted by an EE; that is, > securely acquiring the value of a Root CA public key requires > some out-of-band step(s). This term is not meant to imply that a > Root CA is necessarily at the top of any hierarchy, simply that > the CA in question is trusted directly. > > (...) > > Note: This is often also called a "Root CA," since in data structures > terms and in graph theory, the node at the top of a tree is the > "root." However, to minimize confusion in this document, we elect to > call this node a "Top CA," and reserve "Root CA" for the CA directly > trusted by the EE. Readers new to PKIX should be aware that these > terms are not used consistently throughout the PKIX documents, as the > Internet PKI profile [2459bis] uses "Root CA" to refer to what this > and other documents call a "Top CA," and "most-trusted CA" to refer > to what this and other documents call a "Root CA." > > There is no problem with PKIX-1 but a problem with the roadmap document. > PKIX-1 does not use the term "root CA", and thus it is wrong to say in > the roadmap that "these terms are not used consistently throughout the > PKIX documents". > > I would thus propose to change the note in the following way: > > Note: Since in data structures terms and in graph theory, the node > at the top of a tree is the "root", the term "root CA" is sometimes > used. This term is not meant to imply that a Root CA is necessarily > at the top of any hierarchy, simply that the CA in question is trusted > directly. > > [TG] As I stated at the beginning, I don't know why we should standardize > on the term "root CA" rather than "trust anchor" or "anchor CA". Those > terms cannot be mistaken for what is defined here as a "Top CA". BTW, I > approve of that coinage. > > Then, on page 14, change: > > Additionally, once the Root CA ... > > with > > Additionally, once a Root CA ... > > > on pages 29 and 30, change: > > (e.g., the DVCS's CA, or the Root CA in a > hierarchy) > > with > > (e.g., the DVCS's CA, or a Root CA) > > Regards, > > Denis > > > (snip) > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39GHCC27353 for ietf-pkix-bks; Tue, 9 Apr 2002 09:17:12 -0700 (PDT) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39GHAm27349 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 09:17:10 -0700 (PDT) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g39GGvC48003; Tue, 9 Apr 2002 16:16:58 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020409105853.02615830@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 09 Apr 2002 11:17:10 -0500 To: Fantou Patrick <patrick.fantou@icn.siemens.de> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: Re: AW: LDAP Certificate transfer syntax Cc: Christopher Oliva <Chris.Oliva@entrust.com>, David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> In-Reply-To: <1D82815C322BD41196EA00508B951F7B01B40EB3@MCHH265E> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g39GHBm27350 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 10:44 AM 2002-04-09, Fantou Patrick wrote: >I am not sure this discussion really brings us further. I think this discussion is bringing us further along. It has, at least, boiled down this particular debate to one issue: whether or not ;binary is required when the binary encoding of a value is transferred in the protocol. >There is no choice with some attributes like certificates. I would have to agree that this is no choice. But I think we disagree on what that choice is. One must transfer certificates in their binary encoding as indicates by ;binary. Note only is this the intent of RFC 2251, but we have demonstrated interoperability between multiple independently developed implementations of this. Others have argued that RFC 2251 could be read otherwise. That's a good reason for clarifying the specification. It's a lousy reason for making changes which would cause implementations which interoperate today to fail to interoperate with implementations of the future specification. >I fully support David´s proposal: >"The use of the ;binary encoding option, i.e. by >requesting or returning the attributes with descriptions >"userCertificate;binary" or "caCertificate;binary" has no effect on the >transfer syntax." Noted. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39G0eI26543 for ietf-pkix-bks; Tue, 9 Apr 2002 09:00:40 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39G0dm26539 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 09:00:39 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA20544; Tue, 9 Apr 2002 18:03:14 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040918002784:251 ; Tue, 9 Apr 2002 18:00:27 +0200 Message-ID: <3CB3101A.6217009C@bull.net> Date: Tue, 09 Apr 2002 18:00:26 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap References: <OFDE8091ED.56C059E1-ON85256B96.004D970E@pok.ibm.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 18:00:28, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 18:00:39, Serialize complete at 09/04/2002 18:00:39 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, > Denis: > > Should we really standardize on the term "root CA" rather than "trust > anchor" or "anchor CA"? I do not care, but I care for this document to be sent to the IESG soon. So the sooner we may find a compromise, the better. Maybe the quickest way is to try to suppress the sentences that create problems. We should focuss on text replacement proposals. > "Trust anchor" has never been used to mean anything other than an entity directly trusted by the RP, AFAIK. Not exactly. Read this sentence again. However, I would like to resist to start a new discusion now on trust anchors. > I have other comments below. > > Tom Gindin > > Denis Pinkas <Denis.Pinkas@bull.net> on 04/08/2002 12:32:41 PM > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > Tom, > > I have not forgotten this message, but I gave priority to the DPV thread. > > > Responses below. > > > The issue of who specifies the verifier's policy is > > rather serious. If the policy to be used is expected to be the same as > RFC > > 3126's SignaturePolicy, we need to specify a step in which the verifier > has > > the right to reject such a policy or to consider it inapplicable to the > > verifier's own current context. > > This is true. However, the text does not go at that level of detail: > > "Another model considers a set of rules that apply to an application > context. Every application context may have a different set of rules. > When choosing to use certificates in the context of that application, > the EE selects the set of rules for that context. In a set of rules, > one or more Top CAs may be trusted, each one may be associated with > different constraints, like the certificate policies that are trusted > or the naming constraints that apply. These constrains may be specified > either in self-signed certificates or in addition to self-signed > certificates when they do not incorporate these constraints. This set > of rules is called a validation policy (when validating a certificate) > or a signature policy (when validating a digital signature)." > > I do not think it is necesary to state it. If you think so, please provide > a text and a placement for that text. > > [TG] My biggest problem is the use of the term "signature policy", which > you have elsewhere defined as something defined and signed by the signer of > the document. There is a misunderstanding. A signer may provide the *reference* of the signature policy that he agrees to use when signing. In order to prevent someone else to change that reference, it is protected by the signer's signature. So in that case the verifier has first to see whether the signature policy used by the signer is appropriate for his application context. If it is the case, then it uses it, otherwise this is the end of the story. > In the paragraph above, I would replace the term "Top CAs" > by "root CA's", No problem. > and I would also call the sets of rules in the last > sentence a "certificate validation policy" and a "signature validation > policy". I would then add the following statement: "Neither of these > policies is considered to be the same as either a CertificatePolicy as > defined in RFC 2459 or a SignaturePolicy as defined in RFC 3126." I would simply propose to delete the following sentence: "This set of rules is called a validation policy (when validating a certificate) or a signature policy (when validating a digital signature)" not because it is wrong, but because I would like this document to proceed. This would lead to the following text: "Another model considers a set of rules that apply to an application context. Every application context may have a different set of rules. When choosing to use certificates in the context of that application, the EE selects the set of rules for that context. In a set of rules, one or more root CAs may be trusted, each one may be associated with different constraints, like the certificate policies that are trusted or the naming constraints that apply. These constrains may be specified either in self-signed certificates or in addition to self-signed certificates when they do not incorporate these constraints." Can you live with it ? > > To: Tom Gindin/Watson/IBM@IBMUS > > cc: ietf-pkix@imc.org > > Subject: Re: WG Last Call: Roadmap > > > > Tom, > > > > > I have a few issues with this, and some corrections as well. > > > > > In comment 12, I have two issues. The first one, which is minor, > > is > > > that "one or more Top CA's may be trusted" should refer to root CA's > > > instead - the two terms mean the same thing more often than not, but > when > > > they differ the trust point is the root rather than the top. > > > > PKIX-1 states: > > > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > > > Note: This is often also called a "Root CA," since in data structures > > terms and in graph theory, the node at the top of a tree is the > > "root." However, to minimize confusion in this document, we elect to > > call this node a "Top CA," and reserve "Root CA" for the CA directly > > trusted by the EE." > > > > The problem lies with the last sentence, i.e. "*the* CA directly trusted > by > > the EE.". The singular is being used which means that there is a single > > one, multiple roots are not permitted, while multiple Top-CAs are > > permitted. > > > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly trusted" > > in either RFC 2459 or in draft 12 of new-pkix-1. > > Sorry for the confusion: it is in the roadmap document, not PKIX-1. > > The current text in the roadmap is: > > " - Root CA - A CA that is directly trusted by an EE; that is, > securely acquiring the value of a Root CA public key requires > some out-of-band step(s). This term is not meant to imply that a > Root CA is necessarily at the top of any hierarchy, simply that > the CA in question is trusted directly. > > (...) > > Note: This is often also called a "Root CA," since in data structures > terms and in graph theory, the node at the top of a tree is the > "root." However, to minimize confusion in this document, we elect to > call this node a "Top CA," and reserve "Root CA" for the CA directly > trusted by the EE. Readers new to PKIX should be aware that these > terms are not used consistently throughout the PKIX documents, as the > Internet PKI profile [2459bis] uses "Root CA" to refer to what this > and other documents call a "Top CA," and "most-trusted CA" to refer > to what this and other documents call a "Root CA." > > There is no problem with PKIX-1 but a problem with the roadmap document. > PKIX-1 does not use the term "root CA", and thus it is wrong to say in > the roadmap that "these terms are not used consistently throughout the > PKIX documents". > > I would thus propose to change the note in the following way: > > Note: Since in data structures terms and in graph theory, the node > at the top of a tree is the "root", the term "root CA" is sometimes > used. This term is not meant to imply that a Root CA is necessarily > at the top of any hierarchy, simply that the CA in question is trusted > directly. > > [TG] As I stated at the beginning, I don't know why we should standardize > on the term "root CA" rather than "trust anchor" or "anchor CA". Those > terms cannot be mistaken for what is defined here as a "Top CA". BTW, I > approve of that coinage. We do use "root CA", so I see no harm to use that vocabulary. This is no attempt to standardize this term here. Originally my single concern what that the text was talking about *one* root CA whereas there can be multiple. This was my ONLY concern. This is now fixed. We should close this issue ASAP. Denis > Then, on page 14, change: > > Additionally, once the Root CA ... > > with > > Additionally, once a Root CA ... > > on pages 29 and 30, change: > > (e.g., the DVCS's CA, or the Root CA in a > hierarchy) > > with > > (e.g., the DVCS's CA, or a Root CA) > > Regards, > > Denis > > (snip) Received: by above.proper.com (8.11.6/8.11.3) id g39Fj0k24077 for ietf-pkix-bks; Tue, 9 Apr 2002 08:45:00 -0700 (PDT) Received: from gorilla.mchh.siemens.de (gorilla.mchh.siemens.de [194.138.158.18]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39Fiwm24067 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 08:44:58 -0700 (PDT) Received: from moody.mchh.siemens.de (mail2.mchh.siemens.de [194.138.158.226]) by gorilla.mchh.siemens.de (8.9.3/8.9.3) with ESMTP id RAA00957; Tue, 9 Apr 2002 17:44:44 +0200 (MET DST) Received: from mchh246e.demchh201e.icn.siemens.de ([139.21.200.56]) by moody.mchh.siemens.de (8.9.1/8.9.1) with ESMTP id RAA20992; Tue, 9 Apr 2002 17:44:45 +0200 (MET DST) Received: by MCHH246E with Internet Mail Service (5.5.2653.19) id <H22NPZ9Q>; Tue, 9 Apr 2002 17:44:44 +0200 Message-ID: <1D82815C322BD41196EA00508B951F7B01B40EB3@MCHH265E> From: Fantou Patrick <patrick.fantou@icn.siemens.de> To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, Christopher Oliva <Chris.Oliva@entrust.com> Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: AW: LDAP Certificate transfer syntax Date: Tue, 9 Apr 2002 17:44:17 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g39Fixm24072 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Kurt and Chris, I am not sure this discussion really brings us further. There is no choice with some attributes like certificates. I fully support David´s proposal: "The use of the ;binary encoding option, i.e. by requesting or returning the attributes with descriptions "userCertificate;binary" or "caCertificate;binary" has no effect on the transfer syntax." Patrick > -----Ursprüngliche Nachricht----- > Von: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] > Gesendet: Dienstag, 9. April 2002 17:19 > An: Christopher Oliva > Cc: David Chadwick; Mark Wahl; steven.legg@adacel.com.au; 'LDAP BIS'; > 'PKIX' > Betreff: RE: LDAP Certificate transfer syntax > > > At 10:05 AM 2002-04-09, Christopher Oliva wrote: > >> ;binary must be present when the binary encoding is transferred. > >> ;binary must not be present when the native encoding is > transferred. > > > >Where is that stated in the RFC ? There are no such statements. > > It is implied by the language of RFC 2251. When a protocol > provides multiple possible transfer encodings for a particular > value, the protocol needs to provide a clear indication of > which transfer encoding is being used. In LDAPv3, absence > and presence of transfer options is used to indicate which > transfer encoding is used. > > Kurt > Received: by above.proper.com (8.11.6/8.11.3) id g39FIhO21926 for ietf-pkix-bks; Tue, 9 Apr 2002 08:18:43 -0700 (PDT) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39FIfm21922 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 08:18:41 -0700 (PDT) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g39FITC47798; Tue, 9 Apr 2002 15:18:29 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020409101448.0260aa30@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 09 Apr 2002 10:18:42 -0500 To: Christopher Oliva <Chris.Oliva@entrust.com> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: RE: LDAP Certificate transfer syntax Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> In-Reply-To: <BFB44293CE13C9419B7AFE7CBC35B9390120D78E@sottmxs08.entrust .com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 10:05 AM 2002-04-09, Christopher Oliva wrote: >> ;binary must be present when the binary encoding is transferred. >> ;binary must not be present when the native encoding is transferred. > >Where is that stated in the RFC ? There are no such statements. It is implied by the language of RFC 2251. When a protocol provides multiple possible transfer encodings for a particular value, the protocol needs to provide a clear indication of which transfer encoding is being used. In LDAPv3, absence and presence of transfer options is used to indicate which transfer encoding is used. Kurt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39F6F321326 for ietf-pkix-bks; Tue, 9 Apr 2002 08:06:15 -0700 (PDT) Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39F6Em21321 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 08:06:14 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <2TBP0R8R>; Tue, 9 Apr 2002 11:06:00 -0400 Message-ID: <BFB44293CE13C9419B7AFE7CBC35B9390120D78E@sottmxs08.entrust.com> From: Christopher Oliva <Chris.Oliva@entrust.com> To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org> Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Tue, 9 Apr 2002 11:05:58 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DFD8.0DF67470" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DFD8.0DF67470 Content-Type: text/plain; charset="iso-8859-1" > >> >a) and b) > >> >RFC 2252 clause 6.5 only mandates a binary encoding. > >> >As previously pointed out by others, there is no absolute > >> imperative that requires the use of the ";binary" option. > >> > >> How else would you indicate that the "binary" encoding was > >> requested/used instead of the "string" encoding? > > > >RFC 2252, 6.5 says that ".. values in this syntax MUST only > be transferred using the binary encoding ..". > > Yes. And RFC 2251 makes it quite clear that ;binary is used > to indicate that the binary encoding was used instead of the > native string encoding. If ;binary is not present, binary > transfer of the binary encoding is not used. There is no statement that says that if the ";binary" option is absent, that the syntax encoding cannot be the binary encoding. All the RFC says is that ";binary" overrides a string encoding. But certificates do not have a string encoding. Since there is no string encoding to override, the ";binary" option is not necessary. > >Although 4.3.1 lists two reasons to use the binary encoding, > it does not say that other valid reasons or syntaxes cannot > require the use of the binary encoding. > > But RFC 2251 states when binary encoding is to be used and when > native encodings are to be used. All it says is that ";binary" can override a string encoding. It doesn't say anything about "native" encodings or what happens when no string encoding is defined. It also does not say what happens when a syntax definition requires a specific encoding (such as the Certificate syntax mandating the binary encoding). The only guide is that the Certificate syntax requires the binary encoding. Therefore even if ";binary" is not used, the binary encoding must be generated. > > >Since the use of ";binary" is not mandatory for the > Certificate syntax, > > I disagree. Others have stated their belief that ";binary" is not mandatory for certificates. There is no text that supports an absolute imperative that ";binary" MUST be used. > > >and there is no other possible encoding, then the default > encoding that is used (that must be used) is the binary encoding. > > There is no such thing as the "default" encoding. That term is > no where used in the specification. There is the native string > encoding and there is the binary encoding. Which one is used > is indicated by the absence or presence of transfer options. > If this wasn't the case, then clients would have no clue as to > what encoding was actually used. The term "string encoding" is not defined either. So it is not clear if the RFC refers to a "native string" encoding or an encoding based on text (printable) strings. I note that for Directory String, the RFC does not explicitly identify the "string encoding" either. But we understand that the encoding mandated for Directory String is UTF8. The same logic can be applied to certificates. > > >If the ";binary" option is used to explicitly specify the > binary encoding, this results in the same encodings and this > would also satisfy the RFC. > > ;binary must be present when the binary encoding is transferred. > ;binary must not be present when the native encoding is transferred. Where is that stated in the RFC ? There are no such statements. > > >> >c) > >> >Nowhere in the ldapv3 RFCs is there a description of the > >> behavior for this case. There is no justification to label > >> this as non conformant. > >> > >> You are right in that the RFC does not explicit state this. > >> > >> But it should be obvious that "CN;binary" should not be > >> returned unless "CN;binary" was requested. Same goes > >> for userCertificate. > >> > > > >Attributes must be returned according to their syntax > encoding requirements. > > Values of a syntax can encoded multiple ways for transfer. The > encoding used is always indicated by the presence or absence of > transfer options such as ;binary. > The ";binary" only specifies that a "string encoding" was overridden. But if there is not string encoding to override, then the ";binary" is not required (there is no text that says ;binary is required when there is no string encoding to override). Chris. ------_=_NextPart_001_01C1DFD8.0DF67470 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: LDAP Certificate transfer syntax</TITLE> </HEAD> <BODY> <BR> <P><FONT SIZE=3D2>> >> >a) and b) </FONT> <BR><FONT SIZE=3D2>> >> >RFC 2252 clause 6.5 only mandates = a binary encoding. </FONT> <BR><FONT SIZE=3D2>> >> >As previously pointed out by = others, there is no absolute </FONT> <BR><FONT SIZE=3D2>> >> imperative that requires the use of = the ";binary" option. </FONT> <BR><FONT SIZE=3D2>> >> </FONT> <BR><FONT SIZE=3D2>> >> How else would you indicate that the = "binary" encoding was </FONT> <BR><FONT SIZE=3D2>> >> requested/used instead of the = "string" encoding? </FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> >RFC 2252, 6.5 says that ".. values in = this syntax MUST only </FONT> <BR><FONT SIZE=3D2>> be transferred using the binary encoding = ..".</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Yes. And RFC 2251 makes it quite clear = that ;binary is used</FONT> <BR><FONT SIZE=3D2>> to indicate that the binary encoding was used = instead of the</FONT> <BR><FONT SIZE=3D2>> native string encoding. If ;binary is not = present, binary</FONT> <BR><FONT SIZE=3D2>> transfer of the binary encoding is not = used.</FONT> </P> <P><FONT SIZE=3D2>There is no statement that says that if the = ";binary" option is absent, that the syntax encoding cannot = be the binary encoding. All the RFC says is that ";binary" = overrides a string encoding. But certificates do not have a string = encoding. Since there is no string encoding to override, the = ";binary" option is not necessary.</FONT></P> <P><FONT SIZE=3D2>> >Although 4.3.1 lists two reasons to use the = binary encoding, </FONT> <BR><FONT SIZE=3D2>> it does not say that other valid reasons or = syntaxes cannot </FONT> <BR><FONT SIZE=3D2>> require the use of the binary encoding.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> But RFC 2251 states when binary encoding is to = be used and when</FONT> <BR><FONT SIZE=3D2>> native encodings are to be used.</FONT> </P> <P><FONT SIZE=3D2>All it says is that ";binary" can override = a string encoding. It doesn't say anything about "native" = encodings or what happens when no string encoding is defined. It also = does not say what happens when a syntax definition requires a specific = encoding (such as the Certificate syntax mandating the binary = encoding).</FONT></P> <P><FONT SIZE=3D2>The only guide is that the Certificate syntax = requires the binary encoding. Therefore even if ";binary" is = not used, the binary encoding must be generated.</FONT></P> <P><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> >Since the use of ";binary" is not = mandatory for the </FONT> <BR><FONT SIZE=3D2>> Certificate syntax,</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> I disagree.</FONT> </P> <P><FONT SIZE=3D2>Others have stated their belief that = ";binary" is not mandatory for certificates. There is no text = that supports an absolute imperative that ";binary" MUST be = used.</FONT></P> <P><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> >and there is no other possible encoding, = then the default </FONT> <BR><FONT SIZE=3D2>> encoding that is used (that must be used) is = the binary encoding.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> There is no such thing as the = "default" encoding. That term is</FONT> <BR><FONT SIZE=3D2>> no where used in the specification. There = is the native string</FONT> <BR><FONT SIZE=3D2>> encoding and there is the binary = encoding. Which one is used</FONT> <BR><FONT SIZE=3D2>> is indicated by the absence or presence of = transfer options.</FONT> <BR><FONT SIZE=3D2>> If this wasn't the case, then clients would = have no clue as to</FONT> <BR><FONT SIZE=3D2>> what encoding was actually used.</FONT> </P> <P><FONT SIZE=3D2>The term "string encoding" is not defined = either. So it is not clear if the RFC refers to a "native = string" encoding or an encoding based on text (printable) = strings.</FONT></P> <P><FONT SIZE=3D2>I note that for Directory String, the RFC does not = explicitly identify the "string encoding" either. But we = understand that the encoding mandated for Directory String is UTF8. The = same logic can be applied to certificates.</FONT></P> <P><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> >If the ";binary" option is used = to explicitly specify the </FONT> <BR><FONT SIZE=3D2>> binary encoding, this results in the same = encodings and this </FONT> <BR><FONT SIZE=3D2>> would also satisfy the RFC.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> ;binary must be present when the binary = encoding is transferred.</FONT> <BR><FONT SIZE=3D2>> ;binary must not be present when the native = encoding is transferred.</FONT> </P> <P><FONT SIZE=3D2>Where is that stated in the RFC ? There are no such = statements.</FONT> </P> <P><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> >> >c) </FONT> <BR><FONT SIZE=3D2>> >> >Nowhere in the ldapv3 RFCs is = there a description of the </FONT> <BR><FONT SIZE=3D2>> >> behavior for this case. There is no = justification to label </FONT> <BR><FONT SIZE=3D2>> >> this as non conformant. </FONT> <BR><FONT SIZE=3D2>> >> </FONT> <BR><FONT SIZE=3D2>> >> You are right in that the RFC does not = explicit state this. </FONT> <BR><FONT SIZE=3D2>> >> </FONT> <BR><FONT SIZE=3D2>> >> But it should be obvious that = "CN;binary" should not be </FONT> <BR><FONT SIZE=3D2>> >> returned unless "CN;binary" = was requested. Same goes </FONT> <BR><FONT SIZE=3D2>> >> for userCertificate. </FONT> <BR><FONT SIZE=3D2>> >> </FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> >Attributes must be returned according to = their syntax </FONT> <BR><FONT SIZE=3D2>> encoding requirements. </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Values of a syntax can encoded multiple ways = for transfer. The</FONT> <BR><FONT SIZE=3D2>> encoding used is always indicated by the = presence or absence of</FONT> <BR><FONT SIZE=3D2>> transfer options such as ;binary.</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> <P><FONT SIZE=3D2>The ";binary" only specifies that a = "string encoding" was overridden. But if there is not string = encoding to override, then the ";binary" is not required = (there is no text that says ;binary is required when there is no string = encoding to override).</FONT></P> <P><FONT SIZE=3D2>Chris.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1DFD8.0DF67470-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39EuAu19922 for ietf-pkix-bks; Tue, 9 Apr 2002 07:56:10 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39Eu8m19914 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 07:56:08 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g39EtWlh444222; Tue, 9 Apr 2002 10:55:32 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g39EtTj70172; Tue, 9 Apr 2002 10:55:29 -0400 Importance: Normal Sensitivity: Subject: Re: WG Last Call: Roadmap To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OFDE8091ED.56C059E1-ON85256B96.004D970E@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Tue, 9 Apr 2002 10:46:34 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/09/2002 10:55:30 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis: Should we really standardize on the term "root CA" rather than "trust anchor" or "anchor CA"? "Trust anchor" has never been used to mean anything other than an entity directly trusted by the RP, AFAIK. I have other comments below. Tom Gindin Denis Pinkas <Denis.Pinkas@bull.net> on 04/08/2002 12:32:41 PM To: Tom Gindin/Watson/IBM@IBMUS cc: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap Tom, I have not forgotten this message, but I gave priority to the DPV thread. > Responses below. > The issue of who specifies the verifier's policy is > rather serious. If the policy to be used is expected to be the same as RFC > 3126's SignaturePolicy, we need to specify a step in which the verifier has > the right to reject such a policy or to consider it inapplicable to the > verifier's own current context. This is true. However, the text does not go at that level of detail: "Another model considers a set of rules that apply to an application context. Every application context may have a different set of rules. When choosing to use certificates in the context of that application, the EE selects the set of rules for that context. In a set of rules, one or more Top CAs may be trusted, each one may be associated with different constraints, like the certificate policies that are trusted or the naming constraints that apply. These constrains may be specified either in self-signed certificates or in addition to self-signed certificates when they do not incorporate these constraints. This set of rules is called a validation policy (when validating a certificate) or a signature policy (when validating a digital signature)." I do not think it is necesary to state it. If you think so, please provide a text and a placement for that text. [TG] My biggest problem is the use of the term "signature policy", which you have elsewhere defined as something defined and signed by the signer of the document. In the paragraph above, I would replace the term "Top CAs" by "root CA's", and I would also call the sets of rules in the last sentence a "certificate validation policy" and a "signature validation policy". I would then add the following statement: "Neither of these policies is considered to be the same as either a CertificatePolicy as defined in RFC 2459 or a SignaturePolicy as defined in RFC 3126." > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > Tom, > > > I have a few issues with this, and some corrections as well. > > > In comment 12, I have two issues. The first one, which is minor, > is > > that "one or more Top CA's may be trusted" should refer to root CA's > > instead - the two terms mean the same thing more often than not, but when > > they differ the trust point is the root rather than the top. > > PKIX-1 states: > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > Note: This is often also called a "Root CA," since in data structures > terms and in graph theory, the node at the top of a tree is the > "root." However, to minimize confusion in this document, we elect to > call this node a "Top CA," and reserve "Root CA" for the CA directly > trusted by the EE." > > The problem lies with the last sentence, i.e. "*the* CA directly trusted by > the EE.". The singular is being used which means that there is a single > one, multiple roots are not permitted, while multiple Top-CAs are > permitted. > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly trusted" > in either RFC 2459 or in draft 12 of new-pkix-1. Sorry for the confusion: it is in the roadmap document, not PKIX-1. The current text in the roadmap is: " - Root CA - A CA that is directly trusted by an EE; that is, securely acquiring the value of a Root CA public key requires some out-of-band step(s). This term is not meant to imply that a Root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly. (...) Note: This is often also called a "Root CA," since in data structures terms and in graph theory, the node at the top of a tree is the "root." However, to minimize confusion in this document, we elect to call this node a "Top CA," and reserve "Root CA" for the CA directly trusted by the EE. Readers new to PKIX should be aware that these terms are not used consistently throughout the PKIX documents, as the Internet PKI profile [2459bis] uses "Root CA" to refer to what this and other documents call a "Top CA," and "most-trusted CA" to refer to what this and other documents call a "Root CA." There is no problem with PKIX-1 but a problem with the roadmap document. PKIX-1 does not use the term "root CA", and thus it is wrong to say in the roadmap that "these terms are not used consistently throughout the PKIX documents". I would thus propose to change the note in the following way: Note: Since in data structures terms and in graph theory, the node at the top of a tree is the "root", the term "root CA" is sometimes used. This term is not meant to imply that a Root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly. [TG] As I stated at the beginning, I don't know why we should standardize on the term "root CA" rather than "trust anchor" or "anchor CA". Those terms cannot be mistaken for what is defined here as a "Top CA". BTW, I approve of that coinage. Then, on page 14, change: Additionally, once the Root CA ... with Additionally, once a Root CA ... on pages 29 and 30, change: (e.g., the DVCS's CA, or the Root CA in a hierarchy) with (e.g., the DVCS's CA, or a Root CA) Regards, Denis (snip) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39EY3H18707 for ietf-pkix-bks; Tue, 9 Apr 2002 07:34:03 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g39EY1m18703 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 07:34:01 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 9 Apr 2002 14:33:01 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA11278 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 10:32:53 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g39EXVf21723 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 10:33:32 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1QG44>; Tue, 9 Apr 2002 10:30:10 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.95]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1QG4T; Tue, 9 Apr 2002 10:30:06 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: stephen.farrell@baltimore.ie Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020409102328.03112688@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 09 Apr 2002 10:32:26 -0400 Subject: Re: Open issue: DPV relay In-Reply-To: <3CB2B989.67E74EBA@baltimore.ie> References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <3CB16D38.9D32AC11@baltimore.ie> <p05100303b8d77d9f2730@[128.33.238.74]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve: >So, in requirements language I guess I'd be arguing for something >like: > >- A protocol SHOULD NOT require DPV clients to support relay or > re-direct (aka chaining or referral) >- A protocol MAY require DPV servers to include support for > relay and/or re-direct (aka chaining and/or referral) > >Is that reasonable? I could live with: 1. The DPV protocol MUST NOT require DPV clients to support relay, re-direct or multicast. 2. The DPV protocol MUST NOT prohibit DPV servers from employing relay (a.k.a. chaining). I do not want to include any capability for re-direct (a.k.a. referral) for any party. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39ESc418512 for ietf-pkix-bks; Tue, 9 Apr 2002 07:28:38 -0700 (PDT) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39ESbm18508 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 07:28:37 -0700 (PDT) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g39ESAC47484; Tue, 9 Apr 2002 14:28:10 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020409091556.02621180@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 09 Apr 2002 09:28:23 -0500 To: Christopher Oliva <Chris.Oliva@entrust.com> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: RE: LDAP Certificate transfer syntax Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> In-Reply-To: <BFB44293CE13C9419B7AFE7CBC35B9390120D78A@sottmxs08.entrust .com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 08:09 PM 2002-04-08, Christopher Oliva wrote: >> >Here are some observations on the three cases: >> > >> >a) and b) >> >RFC 2252 clause 6.5 only mandates a binary encoding. >> >As previously pointed out by others, there is no absolute >> imperative that requires the use of the ";binary" option. >> >> How else would you indicate that the "binary" encoding was >> requested/used instead of the "string" encoding? > >RFC 2252, 6.5 says that ".. values in this syntax MUST only be transferred using the binary encoding ..". Yes. And RFC 2251 makes it quite clear that ;binary is used to indicate that the binary encoding was used instead of the native string encoding. If ;binary is not present, binary transfer of the binary encoding is not used. >Also, no other encoding is provided therefore only the binary encoding can be used. Yes, so ;binary must be used. >Although 4.3.1 lists two reasons to use the binary encoding, it does not say that other valid reasons or syntaxes cannot require the use of the binary encoding. But RFC 2251 states when binary encoding is to be used and when native encodings are to be used. >Since the use of ";binary" is not mandatory for the Certificate syntax, I disagree. >and there is no other possible encoding, then the default encoding that is used (that must be used) is the binary encoding. There is no such thing as the "default" encoding. That term is no where used in the specification. There is the native string encoding and there is the binary encoding. Which one is used is indicated by the absence or presence of transfer options. If this wasn't the case, then clients would have no clue as to what encoding was actually used. >If the ";binary" option is used to explicitly specify the binary encoding, this results in the same encodings and this would also satisfy the RFC. ;binary must be present when the binary encoding is transferred. ;binary must not be present when the native encoding is transferred. >> >c) >> >Nowhere in the ldapv3 RFCs is there a description of the >> behavior for this case. There is no justification to label >> this as non conformant. >> >> You are right in that the RFC does not explicit state this. >> >> But it should be obvious that "CN;binary" should not be >> returned unless "CN;binary" was requested. Same goes >> for userCertificate. >> > >Attributes must be returned according to their syntax encoding requirements. Values of a syntax can encoded multiple ways for transfer. The encoding used is always indicated by the presence or absence of transfer options such as ;binary. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39DE4C15230 for ietf-pkix-bks; Tue, 9 Apr 2002 06:14:04 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39DE2m15221 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 06:14:03 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA26562; Tue, 9 Apr 2002 15:16:36 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040915133360:197 ; Tue, 9 Apr 2002 15:13:33 +0200 Message-ID: <3CB2E8FC.E7BA6D04@bull.net> Date: Tue, 09 Apr 2002 15:13:32 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204091252.OAA06312@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 15:13:33, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 15:14:01, Serialize complete at 09/04/2002 15:14:01 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > > If the final answer > > > MAY contain answer from other service, a client might get some idea, > > > but I don't think that this creates a problem. > > > > The answer from a DPV server to an end-user client DOES NOT contain a signed > > answer from another server, but may contain some data from another server. > > The fact that that data comes from another server is NOT visible to the > > end-user client. > It may be that we have a different idea of visibility. I don't mean > that the client has to understand where data come from and the > only authentication is from the initial service. We both agree that authentication is only from the initial server, so the client does not need to understand where the data comes from. > My definition > of visibility is just that it is possible to determine all data > that have contributed to a decision, and this information may > include the fact that they had original been build by someone > else and confirmed by the DPV server. > > Somewhat related to this : On last Friday Ambarish wrote: > > Hi Peter, > I agree with your desire to have a DPV response included where > one would allow CRLs or OCSP responses to be included to prove > how a server obtained the status of a certificate. > > Regards, > Ambarish This is different. CRLs, OCSP responses and certificates may be needed in case someone else, not trusting the YES anwser from one DPV server, would like to verify the certificate against the same policy using another DPV server. All the information collected at the time of first validation is not necessarilly available, e.g. two years later, hence why this data may be useful. > If this requirement is accepted by the group one can regards this > as a kind of visibility of relaying. There is no requirement for any visibility of relying. > The DPV responses may concern > the same certificate or some certicate in the chain or else. > > As far as I remember, I have not read an argument why such > a thing would create harm or would be undesirable for whatever > reason. There is no need for any extra information. Complexity and over-engineering should be avoided whenever possible. > > > I agree that it is probably not necssary to make explicitely available > > > some information of the kind: "I have used a multicasting scheme among > > > servers X to Z or chaining to Y'. > > > > > > The client or another relying party want to know whether it is > > > valid and (maybe) why the server believes so. > > > > > > There may be: I have asked the following n servers and they all told me *no*. > > > > All that complexity is not needed, there is a single signature visible and > > the names of the intermediate servers, if any, are not visible. These names > > are not necessary (a stop-loop mechanism can be implemented without them). > Signatures of CAs, CRL providers, OCSP providers may are also visible. Not exactly: CA certificates, CRLs and OCSP responses may optionally be returned. > Remember I said that "I agree that it is probably not necssary .." > > Where do you see too much complexity: It is already complex to return a path, > CRLs and others. Is *this* complexity necessary, if one only needs > a yes/no/unknown answer? See the rational explained above. > Or, I fail to understand why some information that contributed to the > decision almost MUST be thrown away, in particular when it is possible > that it is important. This information is optional and MAY be requested by the client. I hope these explanations will allow to close this issue. Denis > I think the general principle should be that there is one mode > that all information essential to understand what has contributed > to the final decision must be made available to the client. > (Not necessarily understood by the client). > > I would also agree, that only necessary information should be made > available. It may be not necessary to inform: > > - Yesterday I have made three unsuccesseful attempt at time1 2 3, > the last one finally succeed by using an internet connect to > address a.b.c.d using DPV protocol over OCSP, ... > > Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39CqOK13042 for ietf-pkix-bks; Tue, 9 Apr 2002 05:52:24 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39CqLm13038 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 05:52:22 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id OAA00256; Tue, 9 Apr 2002 14:52:12 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 9 Apr 2002 14:52:12 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id OAA02379; Tue, 9 Apr 2002 14:52:11 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id OAA06312; Tue, 9 Apr 2002 14:52:11 +0200 (MET DST) Date: Tue, 9 Apr 2002 14:52:11 +0200 (MET DST) Message-Id: <200204091252.OAA06312@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > > If the final answer > > MAY contain answer from other service, a client might get some idea, > > but I don't think that this creates a problem. > > The answer from a DPV server to an end-user client DOES NOT contain a signed > answer from another server, but may contain some data from another server. > The fact that that data comes from another server is NOT visible to the > end-user client. It may be that we have a different idea of visibility. I don't mean that the client has to understand where data come from and the only authentication is from the initial service. My definition of visibility is just that it is possible to determine all data that have contributed to a decision, and this information may include the fact that they had original been build by someone else and confirmed by the DPV server. Somewhat related to this : On last Friday Ambarish wrote: Hi Peter, I agree with your desire to have a DPV response included where one would allow CRLs or OCSP responses to be included to prove how a server obtained the status of a certificate. Regards, Ambarish If this requirement is accepted by the group one can regards this as a kind of visibility of relaying. The DPV responses may concern the same certificate or some certicate in the chain or else. As far as I remember, I have not read an argument why such a thing would create harm or would be undesirable for whatever reason. > > I agree that it is probably not necssary to make explicitely available > > some information of the kind: "I have used a multicasting scheme among > > servers X to Z or chaining to Y'. > > > > The client or another relying party want to know whether it is > > valid and (maybe) why the server believes so. > > > > There may be: I have asked the following n servers and they all told me *no*. > > All that complexity is not needed, there is a single signature visible and > the names of the intermediate servers, if any, are not visible. These names > are not necessary (a stop-loop mechanism can be implemented without them). Signatures of CAs, CRL providers, OCSP providers may are also visible. Remember I said that "I agree that it is probably not necssary .." Where do you see too much complexity: It is already complex to return a path, CRLs and others. Is *this* complexity necessary, if one only needs a yes/no/unknown answer? Or, I fail to understand why some information that contributed to the decision almost MUST be thrown away, in particular when it is possible that it is important. I think the general principle should be that there is one mode that all information essential to understand what has contributed to the final decision must be made available to the client. (Not necessarily understood by the client). I would also agree, that only necessary information should be made available. It may be not necessary to inform: - Yesterday I have made three unsuccesseful attempt at time1 2 3, the last one finally succeed by using an internet connect to address a.b.c.d using DPV protocol over OCSP, ... Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39CEbF10742 for ietf-pkix-bks; Tue, 9 Apr 2002 05:14:37 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39CEZm10738 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 05:14:35 -0700 (PDT) Received: from Chokhani ([12.91.128.183]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020409121430.KLFL8815.mtiwmhc23.worldnet.att.net@Chokhani>; Tue, 9 Apr 2002 12:14:30 +0000 From: "Santosh Chokhani" <chokhani@orionsec.com> To: "'Trevor Freeman'" <trevorf@windows.microsoft.com>, "'Housley, Russ'" <rhousley@rsasecurity.com>, "'Peter Williams'" <peterw@valicert.com> Cc: <ietf-pkix@imc.org> Subject: RE: Open issue: DPV relay Date: Tue, 9 Apr 2002 08:16:09 -0400 Message-ID: <000001c1dfc0$55ed8970$a300a8c0@Chokhani> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal In-Reply-To: <4AEE3169443CDD4796CA8A00B02191CDEE5F26@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> All: I agree with what Trevor says. -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Trevor Freeman Sent: Monday, April 08, 2002 9:49 PM To: Housley, Russ; Peter Williams Cc: ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Asking for a DPV relay is serious miss-interpreting the intent of DPV. In DPV you have a security association between the client and DPV server. The client is outsourcing its certificate trust decisions to DPV server. It is reasonable for the DPV server to employ any resource it deems necessary to complete the request from the client that the DPV server underwrites. The DPV server has to decide what resources it uses. None of this is of any consequence to the client as long as the decision is gives back to the client in accordance with the previously agreed policy. All the client wants is a decision according to the policy. A client could set up multiple SA to different DPV servers if it wanted higher assurance that the answer from the DPV server was the "right" answer - but that begs the question of why the client is not using DPD Trevor -----Original Message----- From: Housley, Russ [mailto:rhousley@rsasecurity.com] Sent: Monday, April 08, 2002 9:22 AM To: Peter Williams Cc: ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Peter: I think you are changing the context of my statement. I said: "... the client asks one DPV server to perform an action. The response should come back, signed by that DPV server, or it is an error from the client's perspective." I did not say that the client could not have a trust relationship with more than one DPV server. Russ At 05:28 PM 4/5/2002 -0800, Peter Williams wrote: >Todd, > >I do not believe we should formulate any >particular use-model at this time, for DPV REQUIREMENTS; leaving aside >the philosophical issue of whether use-modeling would or would not help >IETF standards adoption. The requirements should prepare for >protocol-specification, not establish operational >usage constraints. > >The only valuable use-issues topics I can forsee that might serve us >(in contradiction to the above) are precisely those that Ambarish >mentioned: do what OCSP did, so succesfully in the Internet >environment... for the same issue; and dont lets sucumb to the >temptation to over-architect! > >-------------- > >In my view, on Russ side comment, constraining DPV to >require users to interact >with a service provider at a single access-point is >like setting the clock back on X.509, and requiring >the world to adopt the Entrust use-model >of PKC key management. Entrust's use-model makes >for a fine and highly-manageable system, but it >competes (successfully) with other domain-management >models that are equally succesful in the wider Internet environment we >server. > >The only trust issue for DPV requirments I can see >is this: > >Just, as Sharon recently indicated, PMI's SOAs >are trusted as authoritative for their policy >scope, so DPV servers are trusted. PMI deals >with privileges; DPV deals with remote processing >of chains against validation policies. The two >authority models are really identical, otherwise. > >Lets note that PMI didnt constrain an AC verifier to use >only a single SOA-headed source of AC paths. So >should the DPV requirements not constrain the >DPV client from accepting results from >any set of (possibly (out of IETF scope) constained) DPV servers - >whose service is provided at the access point to which the client is >bound (including that operated, perhaps, by a simple-proxing or a >chaining&resigning DPV server). > > >-----Original Message----- >From: todd glassey [mailto:todd.glassey@worldnet.att.net] >Sent: Friday, April 05, 2002 3:52 PM >To: Housley, Russ; jim >Cc: stephen.farrell@baltimore.ie; Tim Polk; ietf-pkix@imc.org >Subject: Re: Open issue: DPV relay > > > >Russ is 100% dead on but this is about the mechanics of the use model more >than anything - let me demonstrate... > >----- Original Message ----- >From: "Housley, Russ" <rhousley@rsasecurity.com> >To: "jim" <jimhei@cablespeed.com> >Cc: <stephen.farrell@baltimore.ie>; "Tim Polk" <tim.polk@nist.gov>; ><ietf-pkix@imc.org> >Sent: Friday, April 05, 2002 12:42 PM >Subject: Re: Open issue: DPV relay > > > > > > Jim: > > > > I am not talking about trust in the X.500 system. I am talking about >trust > > in a DPV server. In my mind, the client asks one DPV server to perform an > > action. The response should come back, signed by that DPV server, or it >is > > an error from the client's perspective. > > > > I see no reason for the client to be made aware of an chaining or >multicasting. > > > > I do not think that we should include referrals in the DPV system at all. > >The only way this would not want to be true is if the trust model between >the requesting agents and the supplying agents had a pre-existing agreement >that the trust supplying agent could look beyond its own services as sources >of the trust model its looking for from this DPV server. It would then stand >as a referred trust provider when it cannot satisfy the trust request >itself. > >In fact from a use model perspective, it would seem that only the client >could authotize this for privacy reasons, and it seems that it would need >to be on a per transaction basis (I.e. the Trust provider says " my trust >processes cannon fulfill this request so I have passed it onward to someone >that can" ... the only problem is that you run the potential that the next >link in the trust envelope would also not be able to satisfy this request >either or coupdl get locked in a loop... so where does it stop???) > >The "what" of what you have now is a situation where the referring agent is >going around and shopping for an external DPV agent who can and is willing >to satisfy this trust validation request. And this seems at best kinda >clunky and potentially a real problem over privacy and context information >from the actual agent requesting this validation service. > >I suggest that becuase of this, that unless specifically authorized or >requested from the client, that the DPV services should be restruicted to >stay on a single platform... and it be the Client's responsibility to >hierarchicly check out the trust element in question. > > > > > Russ > >SNIP Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39BkdV09782 for ietf-pkix-bks; Tue, 9 Apr 2002 04:46:39 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39Bkbm09775 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 04:46:37 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA29976; Tue, 9 Apr 2002 13:46:30 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 9 Apr 2002 13:46:30 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA02258; Tue, 9 Apr 2002 13:46:29 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA06299; Tue, 9 Apr 2002 13:46:29 +0200 (MET DST) Date: Tue, 9 Apr 2002 13:46:29 +0200 (MET DST) Message-Id: <200204091146.NAA06299@emeriau.edelweb.fr> To: rhousley@rsasecurity.com, peterw@valicert.com, trevorf@windows.microsoft.com Subject: RE: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Asking for a DPV relay is serious miss-interpreting the intent of DPV. I am confused: I am not sure but when I follow your following argument to the end, a DPV client would need anything more than just a authentic yes/no/unknown, not even a path; what is the purpose of giving a path to a client if the only thing it needs is a assertion about the status of the certificate. > In DPV you have a security association between the client and DPV > server. The client is outsourcing its certificate trust decisions to DPV > server. It is reasonable for the DPV server to employ any resource it > deems necessary to complete the request from the client that the DPV > server underwrites. The DPV server has to decide what resources it uses. The term 'relaying' is related to the observation that one of the possible resources is another DPV server. There is a possibility that the server turns itself into a client to another service and uses the same protocol. One of the questions related to 'blind relaying' (if I correctly understand Tim's definition) is how to avoid loops simply because the same or a similar request is used. Another question is to what degree the details of who has created the essence of the response is visible to a user. The initial server SHOULD be required to create a response that can be authenticated by the initial client. > None of this is of any consequence to the client as long as the decision > is gives back to the client in accordance with the previously agreed > policy. All the client wants is a decision according to the policy. A > client could set up multiple SA to different DPV servers if it wanted > higher assurance that the answer from the DPV server was the "right" > answer - but that begs the question of why the client is not using DPD I think that had been a lot discussion about use cases where some clients want more than just a simple decision. A client may require to see some or all the elements (path, CRLs, OCSPs, DVCs, DPV responses) that have contributed to the decision. Furthermore, it is not necessarily the client who asked for them will exploit these information, they may be just kept in order to have a verifiable trace of what had contributed to the decision. This is independant from 'relaying' which can occur simply because the protocol may be a convenient way to obtain information from what Denis calls 'a server that operates in the background'. Did I miss something? > > Trevor > Peter S. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39BXEH08987 for ietf-pkix-bks; Tue, 9 Apr 2002 04:33:14 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39BXCm08980 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 04:33:13 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA29926; Tue, 9 Apr 2002 13:33:05 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 9 Apr 2002 13:33:05 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA02216; Tue, 9 Apr 2002 13:33:03 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA06294; Tue, 9 Apr 2002 13:33:03 +0200 (MET DST) Date: Tue, 9 Apr 2002 13:33:03 +0200 (MET DST) Message-Id: <200204091133.NAA06294@emeriau.edelweb.fr> To: kent@bbn.com, stephen.farrell@baltimore.ie Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > So, in requirements language I guess I'd be arguing for something > like: > > - A protocol SHOULD NOT require DPV clients to support relay or > re-direct (aka chaining or referral) > - A protocol MAY require DPV servers to include support for > relay and/or re-direct (aka chaining and/or referral) > > Is that reasonable? I agree with the second statement. Splitting the first into 1a - A protocol SHOULD NOT require DPV clients to support relay (aka chaining) 1b - A protocol SHOULD NOT require DPV clients to support re-direct (aka referral) I agree with 1b. But with 1a I would like some explanation What means 'a client support relay'. If you mean for example one of the following, I'd agree that this should not be required for a client. - a client MUST indicate to a server the next hop in a chain. - a client MUST be able to authenticate the response from a second level server. Are there other possibilities where a client has to understand the fact that relaying or referral may occur or had occured in order to prepare a request or to authenticate the response? Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39BKWo08246 for ietf-pkix-bks; Tue, 9 Apr 2002 04:20:32 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39BKUm08241 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 04:20:30 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g39BKTb26044 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 12:20:29 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a271161360a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 12:15:07 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id MAA17484; Tue, 9 Apr 2002 12:20:26 +0100 Message-ID: <3CB2CE80.6B8BA2D2@baltimore.ie> Date: Tue, 09 Apr 2002 12:20:32 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <3CB16D38.9D32AC11@baltimore.ie> <p05100303b8d77d9f2730@[128.33.238.74]> <3CB2BC12.B678D295@bull.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, > However, for the question of supporting referrals, if we go back to the > trust model problem, an intermediate server has to make its own decision > to trust or not to trust a referral: trust is NOT a transitive property. True in general, but in this case? Take the example I gave, where Charlie re-directs/refers to Denis. In that case Charlie is already completely trusted by Bob to answer the question since Charlie can give whatever answer he likes. The only controls on Charlie are accountability schemes (like logging signed responses), which apply equally to a response containing a re-direct/referral. In other words, I don't see how transitivity applies here. (Or more crudely: Charlie can already shaft Bob, what does it matter if he chooses to do it in a complicated, rather than a simple, manner?) One way to convince me you're right woiuld be to show a difference between two scenarios, both with a bad-guy DPV server, but where one scenario supports re-direct/referral and the other doesn't. Right now, I can't see any difference. (I could see a differnce if the bad-guy DPV server were allowed to annouce to other servers which names/certs/keys he's authorative for, and where they were forced to belive the bad-guy, but I don't think anyone's proposed that.) > Yesterday I suggested to use a simple model where the client redirects > the request to another trusted server. If a referral is given back, then > the client has still to make its own decision of whether or not it shall > trust that other server. It must do that using some local information. > There are two bacic ways to make that decision: > > 1) it is one of the names from a list of servers, certified by a CA under > some root CAs, Hmm... are we trying to get a DPV server to distinguish a re-direct/referral *instruction* response from re-direct/referral *advice* response? Sort of a half-way house isn't it, but possibly useful I guess. > 2) that server has some properties, e.g. its certificate is related to some > trusted root CA and is issued under some certificate policy. > > In the first case, no referral is needed. In the second case, walking down a > certificate tree looking for certificates with that property would do the > job in a less easy way, but would do the job as well. I do agree that some requirements language could be derived to the effect that a protocol supporting re-direct/referral MUST address this issue. I think we probably disagree as to whether it (i.e. transitivity) applies in the case of re-directed/referred DPV. (Well, I'm still not sure, rather than claiming transitivity doesn't apply.) > Unless we would add some flag (to be used by intermediate servers acting as > clients) asking for referrals to be sent back (whenever possible) in the > form of a certificate, a name and/or a URI, referrals cannot be supported > in a fashion invisible to end-user clients. That sounds too close to protocol design, but something like that would probably be required when it did come to design-time. Stephen. > > Denis > > > Of course, if we choose to make the fact of > > relaying or referral visible to the client, this argument no loner > > applies. (Which is not the same as having evidence of the relay or > > referral contained in an opaque blob of bits returned by the server.) > > The last does impinge on the simplicity of the client, and for that > > reason alone I would argue against any explicit provision for it in > > the client/server protocol, consistent with our broader goals for > > this protocol. > > > > Steve -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39AOqI03742 for ietf-pkix-bks; Tue, 9 Apr 2002 03:24:52 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39AOom03734 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 03:24:50 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA14214; Tue, 9 Apr 2002 12:27:23 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040912241786:171 ; Tue, 9 Apr 2002 12:24:17 +0200 Message-ID: <3CB2C150.2EEF2469@bull.net> Date: Tue, 09 Apr 2002 12:24:16 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <200204081610.SAA05966@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 12:24:17, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 12:24:48, Serialize complete at 09/04/2002 12:24:48 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, (text deleted) > > 1) "I see no reason for the client to be made aware of an chaining or > > multicasting". > I am not sure whether you can hide this completely. We can certainly hide this completely from the end-user client point of view. > If the final answer > MAY contain answer from other service, a client might get some idea, > but I don't think that this creates a problem. The answer from a DPV server to an end-user client DOES NOT contain a signed answer from another server, but may contain some data from another server. The fact that that data comes from another server is NOT visible to the end-user client. > I agree that it is probably not necssary to make explicitely available > some information of the kind: "I have used a multicasting scheme among > servers X to Z or chaining to Y'. > > The client or another relying party want to know whether it is > valid and (maybe) why the server believes so. > > There may be: I have asked the following n servers and they all told me *no*. All that complexity is not needed, there is a single signature visible and the names of the intermediate servers, if any, are not visible. These names are not necessary (a stop-loop mechanism can be implemented without them). > > 2) "I do not think that we should include referrals in the DPV system > > at all". > I am just a little bit careful asking about the meaning of this > sentence. See my response to Steve on that topic. Denis > Do You want a specification: A conformming protocol MUST not specify > any method that implies whatever kind of referral, or do you 'just > don't care', i.e. a protocol MAY implement an extension to be > used among consenting client/servers? see below. > > > > > Now, taking the scenario depicted by Peter, with some important changes: > > > > End user A asks server S1 "validate cert". > > client S1 asks server S2. > > server S2 responds : don't know. > S2 answers : Don't know, please go to service S3, here is a trustworthy cert of S3. > > > client S1 asks to another DPV server that it trusts, e.g. server S3. > > server S3 responds to client S1 : the certificate is valid. > > server S1 responds to end user A: the certificate is valid. > > > > This is not referral, but it works fine with a list of servers trusted > > by server S1. > > Indeed, it works fine. But the *important change* removes the problem > of the situation that may be interesting. > > One of the questions here is whether the protocol MAY/SHOULD/MUST provide for a > means to transfer some 'trust', i.e. to inform a client (maybe not to real > end users if they can be distinguished) about the trustworthiness of another server > (for a particular request). > > I wouldn't mind about MAY if simplicity of a real end user client is > guaranteed, i.e., in general, an end client SHOULD not be required to make > more than one request to obtain a result. > > In general: Do we have to put into this specification protocol > features that 'MAY' exist? > Peter (text deleted) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39A2MN02038 for ietf-pkix-bks; Tue, 9 Apr 2002 03:02:22 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39A2Im02024 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 03:02:18 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA23276; Tue, 9 Apr 2002 12:04:50 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040912015540:167 ; Tue, 9 Apr 2002 12:01:55 +0200 Message-ID: <3CB2BC12.B678D295@bull.net> Date: Tue, 09 Apr 2002 12:01:54 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <3CB16D38.9D32AC11@baltimore.ie> <p05100303b8d77d9f2730@[128.33.238.74]> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 12:01:55, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 09/04/2002 12:02:15, Serialize complete at 09/04/2002 12:02:15 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve, (...) > There are a few issues here: > - should DPV servers support relaying requests? > - should DPV servers support referral among servers? > - should DPV servers refer clients to other servers? > The first two facilities, if done in a fashion invisible to the > client, add no complexity to the client and might even be supported > by a different protocol. Relaying may indeed be supported in a fashion that is invisible to end-user clients. So I agree with the first statement. It is possible for relaying servers to implement a stop-loop mechanism. In order to close this issue, I have already proposed the following addition: " In case a DPV server chooses to relay the request to another server using the same protocol, a method to detect loops MUST be supported by that relaying server." However, for the question of supporting referrals, if we go back to the trust model problem, an intermediate server has to make its own decision to trust or not to trust a referral: trust is NOT a transitive property. Yesterday I suggested to use a simple model where the client redirects the request to another trusted server. If a referral is given back, then the client has still to make its own decision of whether or not it shall trust that other server. It must do that using some local information. There are two bacic ways to make that decision: 1) it is one of the names from a list of servers, certified by a CA under some root CAs, 2) that server has some properties, e.g. its certificate is related to some trusted root CA and is issued under some certificate policy. In the first case, no referral is needed. In the second case, walking down a certificate tree looking for certificates with that property would do the job in a less easy way, but would do the job as well. Unless we would add some flag (to be used by intermediate servers acting as clients) asking for referrals to be sent back (whenever possible) in the form of a certificate, a name and/or a URI, referrals cannot be supported in a fashion invisible to end-user clients. Denis > Of course, if we choose to make the fact of > relaying or referral visible to the client, this argument no loner > applies. (Which is not the same as having evidence of the relay or > referral contained in an opaque blob of bits returned by the server.) > The last does impinge on the simplicity of the client, and for that > reason alone I would argue against any explicit provision for it in > the client/server protocol, consistent with our broader goals for > this protocol. > > Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g399p5P01313 for ietf-pkix-bks; Tue, 9 Apr 2002 02:51:05 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g399p2m01303 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 02:51:03 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g399p2b23849 for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 10:51:02 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a26bf7a4b0a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Tue, 9 Apr 2002 10:45:39 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id KAA15882; Tue, 9 Apr 2002 10:50:59 +0100 Message-ID: <3CB2B989.67E74EBA@baltimore.ie> Date: Tue, 09 Apr 2002 10:51:05 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Stephen Kent <kent@bbn.com> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <3CB16D38.9D32AC11@baltimore.ie> <p05100303b8d77d9f2730@[128.33.238.74]> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve, > There are a few issues here: > - should DPV servers support relaying requests? > - should DPV servers support referral among servers? > - should DPV servers refer clients to other servers? A good list. (But I interpret the 2nd one above as being sufficient to support the use case I described - let me know if I'm misinterpreting you.) > The first two facilities, if done in a fashion invisible to the > client, add no complexity to the client and might even be supported > by a different protocol. Of course, if we choose to make the fact of > relaying or referral visible to the client, this argument no loner > applies. (Which is not the same as having evidence of the relay or > referral contained in an opaque blob of bits returned by the server.) I agree with the above too. For clarity, I'm interpreting the term "client" in the above to cover the Alice in my example but not the Bob, even though Bob also has a DPV client built into his backend (which suggests rude things that could be said about DPV:-). So Bob's built-in DPV client is a "special" one that might support re-direct/referral, even though Alice's DPV client doesn't. > The last does impinge on the simplicity of the client, and for that > reason alone I would argue against any explicit provision for it in > the client/server protocol, consistent with our broader goals for > this protocol. So, in requirements language I guess I'd be arguing for something like: - A protocol SHOULD NOT require DPV clients to support relay or re-direct (aka chaining or referral) - A protocol MAY require DPV servers to include support for relay and/or re-direct (aka chaining and/or referral) Is that reasonable? Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g39455f19170 for ietf-pkix-bks; Mon, 8 Apr 2002 21:05:05 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g39454m19165 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 21:05:04 -0700 (PDT) Received: from [10.81.115.157] (SSH.BBN.COM [192.1.50.70]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id AAA22909; Tue, 9 Apr 2002 00:04:57 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@127.0.0.1 Message-Id: <p05100300b8d76b579027@[128.33.238.74]> In-Reply-To: <001901c1dd74$8d26a730$020aff0c@tsg1> References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert.com> <001901c1dd74$8d26a730$020aff0c@tsg1> Date: Tue, 9 Apr 2002 00:05:04 -0400 To: "todd glassey" <todd.glassey@worldnet.att.net> From: Stephen Kent <kent@bbn.com> Subject: Re: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Todd, >Peter - All - I agree with you to some extent but let me also that there is >another side and its about a bigger picture. And in this bigger picture >PKIX is way out of control. What it really needs is to have a thread of >commonality drawn through all that PKIX produces. What I mean by that is >that the entire process of complex-decision-support and evidentiary >processing of x.509 certs is out of control. As noted in my immediate, previous message, not all the PKI standards we address are in support of NR. This it is not reasonable to insist that all of these standards have an "evidentiary" flavor to them. >What we as a culture really need is something like CDSA only for PKIX. What >I would conceptually propose as the PKIX streamlined PKI architecture. A >common PKIX transaction architecture and process model. A simpler one, and >one that does not allow recursion or ambiguity that is unchecked. What PKIX >needs to do is to simplify everything it does. > >The intent would be to identify: > > 1) Is there any value in making all this PKI ware at the Network >Transport Level. I.e will the evidentiary needs of the world need and use >what we are proposing. Will it fit into Human Law and Process currently >accepted or, like the TSA, will it need artificial stimulus in the form of >something like Italy's mandating some EU approved timestamp process without >understanding exactly what the TSA provides relative to simple receipts >(i.e. not much at this point but we should spin that off as a separate >thread!). Your terminology is seriously flawed. We make us of transport layer protocols such as UDP and TCP. Using the Internet protocol architecture terminology, we are developing application protocols. after that sentence, I begin to lose track of your point, other than apparently insulting Italians. > 2) How can the same services be used for both Evidentiary Service >Models and for Decision Support (Hey Stephen - I going Cap Crazy!)... yes, you are. > > 3) And who we are going to work with. > >What has happened so far is that with its key architects, this WG has come >up with so many pieces that it is freakin impossible to come to any gross >agreements about anything. Take this argument - "Should DPV servers refer >their requests to another node in a chain if local policy is failed or >exceeded?" - it is totally constrained by how this system is being used and >what types of legal frameworks are manding functionality under it. > >This is more than a problem with PKIX and people submitting technologies >that while the use seems mechanically cool, do not satisfy the existing >legal or process framework. And to that end PKIX and the IETF force the >world to tau-tau to its goals rather that the IETF doing what its supposed >to and that is to build protocols for the real world. Well the real world is >commercial transaction processing and without it there would be no Internet. "tau-tau?" I assume you mean "kowtow," meaning to bow as a sign of respect (from the ancient Mandarin). Anyway, the folks who participate in the WG do believe that they are building protocols that are of value to the real world. As noted elsewhere, many of us have a model of the real world that is a bit more encompassing that what you seem to advocate, and thus our ideas of an appropriate level of protocol generality differ from yours. BTW, what percentage of Internet traffic do you assert is "transaction processing" of the sort that requires the non-repudiation facilities that seem to be the focus of all your comments? If we eliminate all the informal e-mail, essentially all file transfers, web surfing for a great variety of information that may not result in purchases, the credit card transactions that, due to extant laws, are acceptably well protected, ... Yes, the Internet is about to grind to a halt because PKIX has not addressed your notion of what is required. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3944xD19163 for ietf-pkix-bks; Mon, 8 Apr 2002 21:04:59 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3944wm19159 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 21:04:58 -0700 (PDT) Received: from [10.81.115.157] (SSH.BBN.COM [192.1.50.70]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id AAA22905; Tue, 9 Apr 2002 00:04:53 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@127.0.0.1 Message-Id: <p05100308b8d7411d48cf@[128.89.88.34]> In-Reply-To: <001801c1dd74$8703c2c0$020aff0c@tsg1> References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert.com> <001801c1dd74$8703c2c0$020aff0c@tsg1> Date: Tue, 9 Apr 2002 00:05:04 -0400 To: "todd glassey" <todd.glassey@worldnet.att.net> From: Stephen Kent <kent@bbn.com> Subject: Re: Open issue: DPV relay Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Todd, > > >> I do not believe we should formulate any >> particular use-model at this time, for DPV REQUIREMENTS; > >Then how can we make a determination on what its supposed to do in the real >world and how the policy is supposed to work? This one especially, I think, >needs a use model. > >o- Jane calls DPV server with the embedded clients in her document or >event authenticator applet. > >o- The applet transfers the query to the DPV server and then awaits >response. (and how is gross DPV discovery done anyhow?) > >o- Server responds - "No data, sorry Jane. But I do want to ask "should I >forward this request to the next link in the chain or what?" > >o- Jane responds through her applet - "Yeah go ahead and forward it." >(except that I see Safe Harbor violations in this so large that no one in >their right mind uses it without constraints.) Your effort above shows why it's not trivial to develop use models, i.e., one needs to identify the essential aspects of the model that should guide development of the standards. Your example does not seem to do that; it is not clear what the essential features are, based on the example, and how they should affect the requirements document. For example, I would remove all references to applets, etc. We don't care what sort of software invokes the protocol. With regard to your second bullet, we have already discussed the fact that since a client is relying on a DPV to verify certs, a means of identifying an acceptable DPV server must be configured into the client. We already have analogous provisions for local path validation in 2459 and 2459bis, where we discuss the role of trust anchors, and in OCSP, where one can configure the ID of the OCSP server to be employed. Here we don't have the luxury of relying on PKI-based facilities, since the client is assumed to be pretty dumb re PKI in the first place, so our options will be more limited. The precise means by which acceptable DPV servers are identified (securely) may be outside the scope of the protocol, though the need to provide for such binding should be part of the protocol, and of the requirements document. Presumably the heart of your example resides in the last two bullets, where you bring up a possible user interaction re approval of invocation of a relay function. But, I don't think your example helps clarify the issue. We're assuming dumb client software, and we have assumed reference to validation policies via OIDs. This suggests that the users probably ought not be assumed to be in the loop for a decision such as this. in fact, one could easily imagine that authorization to make use of a relay could be a part of a validation policy to which we are already referring. (By the way, the "next link in the chain" is an odd reference since there is no presumed correspondence between cert path elements and DPV servers.) So, at the end of the example, I don't think I have any additional insights into what should or should not be part of the requirements doc. > > The requirements should prepare for >> protocol-specification, not establish operational >> usage constraints. > >Except that this context is supposed to carry data that is directly impacted >by any number of already in place legal regimens. The concept that Safe >Harmor is not relative to what PKIX does is more than stupid its negligent >as no protocol that would violate what these laws were setup to do will fly. DPV is not for use ONLY in contexts involving NR, which I assume is the unstated assumption behind your reference to "legal regimens." Yes, NR may represent part of the use model, but it is not the overriding focus. Remember we're not restricted to digital signature uses of the keys extracted from certs, and even when signatures are involved, they may be used for authentication without invoking the complexity of NR. <SNIP> > > The only trust issue for DPV requirments I can see > > is this: >> >> Just, as Sharon recently indicated, PMI's SOAs > > are trusted as authoritative for their policy >> scope, so DPV servers are trusted. > >OK then should the source of the trust have the ability to refer you to >another trust node as the source of the trust its proferring to you. Remeber >that the request and servicing of a trust process may in many legal senses >be a contract and as such it has peculiar nuances that we as technogeeks are >usually unconcerned with. But its time to wake up and get concerned. I have a lot of trouble parsing this paragraph. Is not a replying party ultimately responsible to ensuring that the mechanisms it employs to verify a cert are adequate to protect its interests, should a legal challenge arise? If so, the responsibility here is on the folks configuring the policies in the DPV server, and on the clients invoking those policies, to make choices consistent with their requirements, whatever they may be. >So lets look what actually happens to a contract model wherein the end-node >trust service refers that trust process to a second or follow-on server... >The contract is still between the first two players, eh? - not likely - so >then what is the difference in DPV being driven by the Client Side as >opposed to authmatically being referred onward to the next node in a web of >trust? Simple - If the client is responsible for all escalation of the/up >the DPV Proofing Chain (thats my term for the identified chain of trust >verifiers for any given "D"), then the legal issues become more one for the >client application to address and this is a much safer method of dealing >with the process I think. The client is invoking a DPV server to perform a service constrained by the validation policy referred to in the request. That abstraction is capable of addressing the concern you cite, if the folks managing the policies choose to do so. Not all clients may have the concerns you cite, so it makes sense to address this in the policy. <SNIP> The bottom line is that DPV is about more than path validation in support of NR applications. Note that Denis previously proposed a signature validation capability that the WG decided was best separated from this path validation activity. Steve Received: by above.proper.com (8.11.6/8.11.3) id g393sT818941 for ietf-pkix-bks; Mon, 8 Apr 2002 20:54:29 -0700 (PDT) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g393sCm18935 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 20:54:27 -0700 (PDT) Received: from [10.81.115.157] (SSH.BBN.COM [192.1.50.70]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id XAA22278; Mon, 8 Apr 2002 23:53:58 -0400 (EDT) Mime-Version: 1.0 X-Sender: kent@127.0.0.1 (Unverified) Message-Id: <p05100303b8d77d9f2730@[128.33.238.74]> In-Reply-To: <3CB16D38.9D32AC11@baltimore.ie> References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <3CB16D38.9D32AC11@baltimore.ie> Date: Mon, 8 Apr 2002 23:52:41 -0400 To: stephen.farrell@baltimore.ie From: Stephen Kent <kent@bbn.com> Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 11:13 AM +0100 4/8/02, Stephen Farrell wrote: >Hi Russ, > >I do tend to agree that re-direct/referral carries some complexity >and therefore adding it might not be warranted at this stage. However, >if we are adding relay (though I'm not sure what requirement on a >protocol is being added - is it: "MAY have the ability to be used in >relaying fashion"?) then thinking about re-direct/referral seems >appropriate. > >I would think that the closest-to-real use case for this is actually >a combination of relaying and referral as in: > >Alice -> Bob - is this a good key? > Robert -> Charlie - is this a good key? (relaying) > Chaz -> Robert - I dunno, ask Denis (re-direct/referral) > Robbie -> Denis - is this a good key? > Denis -> Rob - I strongly disagree (with apologies:-) >Robert -> Alice - Nope > >That has some nice properties for hiding internal structure, using >fewer trust points, avoiding firewall problems, not making the client >more complicated than necessary etc that I think you don't get with >relaying alone. > >I also agree that the following is an intresting question that >would have to be answered by any protocol that claimed to support >re-direct/referral: "if I trust you for DPV, does it follow that >I trust you to tell me who else I trust for DPV?". On the one >hand the client is no more exposed since the first DPV server can >always cheat, on the other hand, this smacks of some meta-protocol, >so I don't know the answer. > >Cheers, >Stephen. There are a few issues here: - should DPV servers support relaying requests? - should DPV servers support referral among servers? - should DPV servers refer clients to other servers? The first two facilities, if done in a fashion invisible to the client, add no complexity to the client and might even be supported by a different protocol. Of course, if we choose to make the fact of relaying or referral visible to the client, this argument no loner applies. (Which is not the same as having evidence of the relay or referral contained in an opaque blob of bits returned by the server.) The last does impinge on the simplicity of the client, and for that reason alone I would argue against any explicit provision for it in the client/server protocol, consistent with our broader goals for this protocol. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g391qIA16892 for ietf-pkix-bks; Mon, 8 Apr 2002 18:52:18 -0700 (PDT) Received: from mail1.microsoft.com (mail1.microsoft.com [131.107.3.125]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g391qHm16888 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 18:52:17 -0700 (PDT) Received: from inet-vrs-01.redmond.corp.microsoft.com ([157.54.8.27]) by mail1.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 8 Apr 2002 18:52:15 -0700 Received: from 157.54.6.197 by inet-vrs-01.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 08 Apr 2002 18:52:15 -0700 Received: from red-imc-04.redmond.corp.microsoft.com ([157.54.2.168]) by inet-hub-06.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 8 Apr 2002 18:52:09 -0700 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.2966); Mon, 8 Apr 2002 18:52:14 -0700 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3604.0); Mon, 8 Apr 2002 18:48:33 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: Open issue: DPV relay Date: Mon, 8 Apr 2002 18:48:33 -0700 Message-ID: <4AEE3169443CDD4796CA8A00B02191CDEE5F26@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Open issue: DPV relay Thread-Index: AcHfGYxAMMlmmwvLT4SL4mH/TkqACQATcriQ From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Housley, Russ" <rhousley@rsasecurity.com>, "Peter Williams" <peterw@valicert.com> Cc: <ietf-pkix@imc.org> X-OriginalArrivalTime: 09 Apr 2002 01:48:33.0764 (UTC) FILETIME=[A8618240:01C1DF68] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g391qHm16889 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Asking for a DPV relay is serious miss-interpreting the intent of DPV. In DPV you have a security association between the client and DPV server. The client is outsourcing its certificate trust decisions to DPV server. It is reasonable for the DPV server to employ any resource it deems necessary to complete the request from the client that the DPV server underwrites. The DPV server has to decide what resources it uses. None of this is of any consequence to the client as long as the decision is gives back to the client in accordance with the previously agreed policy. All the client wants is a decision according to the policy. A client could set up multiple SA to different DPV servers if it wanted higher assurance that the answer from the DPV server was the "right" answer - but that begs the question of why the client is not using DPD Trevor -----Original Message----- From: Housley, Russ [mailto:rhousley@rsasecurity.com] Sent: Monday, April 08, 2002 9:22 AM To: Peter Williams Cc: ietf-pkix@imc.org Subject: RE: Open issue: DPV relay Peter: I think you are changing the context of my statement. I said: "... the client asks one DPV server to perform an action. The response should come back, signed by that DPV server, or it is an error from the client's perspective." I did not say that the client could not have a trust relationship with more than one DPV server. Russ At 05:28 PM 4/5/2002 -0800, Peter Williams wrote: >Todd, > >I do not believe we should formulate any >particular use-model at this time, for DPV REQUIREMENTS; >leaving aside the philosophical issue of >whether use-modeling would or would not help IETF standards >adoption. The requirements should prepare for >protocol-specification, not establish operational >usage constraints. > >The only valuable use-issues topics I can forsee that might >serve us (in contradiction to the above) are precisely >those that Ambarish mentioned: do what OCSP did, >so succesfully in the Internet environment... for the >same issue; and dont lets sucumb to the temptation to >over-architect! > >-------------- > >In my view, on Russ side comment, constraining DPV to >require users to interact >with a service provider at a single access-point is >like setting the clock back on X.509, and requiring >the world to adopt the Entrust use-model >of PKC key management. Entrust's use-model makes >for a fine and highly-manageable system, but it >competes (successfully) with other domain-management >models that are equally succesful in the wider Internet >environment we server. > >The only trust issue for DPV requirments I can see >is this: > >Just, as Sharon recently indicated, PMI's SOAs >are trusted as authoritative for their policy >scope, so DPV servers are trusted. PMI deals >with privileges; DPV deals with remote processing >of chains against validation policies. The two >authority models are really identical, otherwise. > >Lets note that PMI didnt constrain an AC verifier to use >only a single SOA-headed source of AC paths. So >should the DPV requirements not constrain the >DPV client from accepting results from >any set of (possibly (out of IETF scope) constained) DPV >servers - whose service is provided at the >access point to which the client is bound (including >that operated, perhaps, by a simple-proxing or a >chaining&resigning DPV server). > > >-----Original Message----- >From: todd glassey [mailto:todd.glassey@worldnet.att.net] >Sent: Friday, April 05, 2002 3:52 PM >To: Housley, Russ; jim >Cc: stephen.farrell@baltimore.ie; Tim Polk; ietf-pkix@imc.org >Subject: Re: Open issue: DPV relay > > > >Russ is 100% dead on but this is about the mechanics of the use model more >than anything - let me demonstrate... > >----- Original Message ----- >From: "Housley, Russ" <rhousley@rsasecurity.com> >To: "jim" <jimhei@cablespeed.com> >Cc: <stephen.farrell@baltimore.ie>; "Tim Polk" <tim.polk@nist.gov>; ><ietf-pkix@imc.org> >Sent: Friday, April 05, 2002 12:42 PM >Subject: Re: Open issue: DPV relay > > > > > > Jim: > > > > I am not talking about trust in the X.500 system. I am talking about >trust > > in a DPV server. In my mind, the client asks one DPV server to perform an > > action. The response should come back, signed by that DPV server, or it >is > > an error from the client's perspective. > > > > I see no reason for the client to be made aware of an chaining or >multicasting. > > > > I do not think that we should include referrals in the DPV system at all. > >The only way this would not want to be true is if the trust model between >the requesting agents and the supplying agents had a pre-existing agreement >that the trust supplying agent could look beyond its own services as sources >of the trust model its looking for from this DPV server. It would then stand >as a referred trust provider when it cannot satisfy the trust request >itself. > >In fact from a use model perspective, it would seem that only the client >could authotize this for privacy reasons, and it seems that it would need >to be on a per transaction basis (I.e. the Trust provider says " my trust >processes cannon fulfill this request so I have passed it onward to someone >that can" ... the only problem is that you run the potential that the next >link in the trust envelope would also not be able to satisfy this request >either or coupdl get locked in a loop... so where does it stop???) > >The "what" of what you have now is a situation where the referring agent is >going around and shopping for an external DPV agent who can and is willing >to satisfy this trust validation request. And this seems at best kinda >clunky and potentially a real problem over privacy and context information >from the actual agent requesting this validation service. > >I suggest that becuase of this, that unless specifically authorized or >requested from the client, that the DPV services should be restruicted to >stay on a single platform... and it be the Client's responsibility to >hierarchicly check out the trust element in question. > > > > > Russ > >SNIP Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3919hE16060 for ietf-pkix-bks; Mon, 8 Apr 2002 18:09:43 -0700 (PDT) Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3919Zm16054 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 18:09:35 -0700 (PDT) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <2RPWH92Q>; Mon, 8 Apr 2002 21:09:23 -0400 Message-ID: <BFB44293CE13C9419B7AFE7CBC35B9390120D78A@sottmxs08.entrust.com> From: Christopher Oliva <Chris.Oliva@entrust.com> To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org> Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Mon, 8 Apr 2002 21:09:22 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DF63.2F153580" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DF63.2F153580 Content-Type: text/plain; charset="iso-8859-1" > >Here are some observations on the three cases: > > > >a) and b) > >RFC 2252 clause 6.5 only mandates a binary encoding. > >As previously pointed out by others, there is no absolute > imperative that requires the use of the ";binary" option. > > How else would you indicate that the "binary" encoding was > requested/used instead of the "string" encoding? RFC 2252, 6.5 says that ".. values in this syntax MUST only be transferred using the binary encoding ..". Also, no other encoding is provided therefore only the binary encoding can be used. Although 4.3.1 lists two reasons to use the binary encoding, it does not say that other valid reasons or syntaxes cannot require the use of the binary encoding. Since the use of ";binary" is not mandatory for the Certificate syntax, and there is no other possible encoding, then the default encoding that is used (that must be used) is the binary encoding. If the ";binary" option is used to explicitly specify the binary encoding, this results in the same encodings and this would also satisfy the RFC. > >c) > >Nowhere in the ldapv3 RFCs is there a description of the > behavior for this case. There is no justification to label > this as non conformant. > > You are right in that the RFC does not explicit state this. > > But it should be obvious that "CN;binary" should not be > returned unless "CN;binary" was requested. Same goes > for userCertificate. > Attributes must be returned according to their syntax encoding requirements. The Certificate syntax requires the encoding to be the binary encoding; in this case, the use of ";binary" is a red herring. Chris. ------_=_NextPart_001_01C1DF63.2F153580 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: LDAP Certificate transfer syntax</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2> </FONT> <BR><FONT SIZE=3D2>> >Here are some observations on the three = cases: </FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> >a) and b) </FONT> <BR><FONT SIZE=3D2>> >RFC 2252 clause 6.5 only mandates a binary = encoding.</FONT> <BR><FONT SIZE=3D2>> >As previously pointed out by others, there = is no absolute </FONT> <BR><FONT SIZE=3D2>> imperative that requires the use of the = ";binary" option.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> How else would you indicate that the = "binary" encoding was</FONT> <BR><FONT SIZE=3D2>> requested/used instead of the = "string" encoding?</FONT> </P> <P><FONT SIZE=3D2>RFC 2252, 6.5 says that ".. values in this = syntax MUST only be transferred using the binary encoding ..". = Also, no other encoding is provided therefore only the binary encoding = can be used. Although 4.3.1 lists two reasons to use the binary = encoding, it does not say that other valid reasons or syntaxes cannot = require the use of the binary encoding.</FONT></P> <P><FONT SIZE=3D2>Since the use of ";binary" is not mandatory = for the Certificate syntax, and there is no other possible encoding, = then the default encoding that is used (that must be used) is the = binary encoding. If the ";binary" option is used to = explicitly specify the binary encoding, this results in the same = encodings and this would also satisfy the RFC.</FONT></P> <P><FONT SIZE=3D2>> >c) </FONT> <BR><FONT SIZE=3D2>> >Nowhere in the ldapv3 RFCs is there a = description of the </FONT> <BR><FONT SIZE=3D2>> behavior for this case. There is no = justification to label </FONT> <BR><FONT SIZE=3D2>> this as non conformant.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> You are right in that the RFC does not explicit = state this.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> But it should be obvious that = "CN;binary" should not be</FONT> <BR><FONT SIZE=3D2>> returned unless "CN;binary" was = requested. Same goes</FONT> <BR><FONT SIZE=3D2>> for userCertificate.</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> <P><FONT SIZE=3D2>Attributes must be returned according to their syntax = encoding requirements. The Certificate syntax requires the encoding to = be the binary encoding; in this case, the use of ";binary" is = a red herring.</FONT></P> <P><FONT SIZE=3D2>Chris.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1DF63.2F153580-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38ILL600623 for ietf-pkix-bks; Mon, 8 Apr 2002 11:21:21 -0700 (PDT) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38ILLm00619 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 11:21:21 -0700 (PDT) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU900101HJFN8@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 8 Apr 2002 11:18:51 -0700 (PDT) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU9001C7HJFDX@ext-mail.valicert.com>; Mon, 08 Apr 2002 11:18:51 -0700 (PDT) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <2L0B8DG0>; Mon, 08 Apr 2002 11:21:03 -0700 Content-return: allowed Date: Mon, 08 Apr 2002 11:20:53 -0700 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: Summary:open issues for draft-ietf-pkix-dpv-dpd-req-03.txt To: "'Tim Polk'" <tim.polk@nist.gov>, ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5382@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: multipart/alternative; boundary="Boundary_(ID_fqEx02Ti/Xa5gcPpcKftKQ)" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --Boundary_(ID_fqEx02Ti/Xa5gcPpcKftKQ) Content-type: text/plain Hi Tim, Any idea when and how we can come to closure on these issues? As far as I am concerned, an executive decision on the open issued would be fine - can we just move ahead? Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 339 N. Bernardo Ave. http://www.valicert.com <http://www.valicert.com/> Mountain View, CA 94043 -----Original Message----- From: Tim Polk [mailto:tim.polk@nist.gov] Sent: Thursday, April 04, 2002 3:01 PM To: ietf-pkix@imc.org Subject: Summary:open issues for draft-ietf-pkix-dpv-dpd-req-03.txt Folks, I think the discussion is converging here, and thought a summary was in order. There are a number of issues that were raised on the list and have demonstrated consensus on the list. (I will not enumerate them.) Proposed text has been submitted to the list and I sense general satisfaction with that text. However, there are two open issues that must be resolved before we forward the document to the Area Directors. Open Issue #1 The first issue involves "DPV relay". Peter Sylvester has stated a requirement for DPV servers to relay requests to one another: > >There is a requirement, similar as for OCSP caches, >that server just relays a request to another. This had been >discussed several times, the differences had only been to >what degree the relaying should become visible; whether one >server can rewrite/resigns the answers of another etc. >Relaying via cache is an obvious feature in many OCSP implementation, >how do they protect itself against loops between two servers? > I understand this issue remains open. Open Issue #2 The second issue is conformance requirements for multiple paths in the DPD service. As I read it, the current draft requires support for multiple paths at the server, but not the client. The client may request a maximum number of paths N; if the request does not specify N, it defaults to one. The DPD server includes zero, one, or up to N paths in a response. If the number of paths is less than N, this indicates that the server could not find as many paths as the client requested. Since the DPD process is performed with respect to a policy, just as in DPV, it has been suggested that a DPD server could be designed to always return a single path. If the specified policy matches the path validation process performed at the client (e.g., same certificate policies and same trust anchor) the client should be able to use that path. However, this could result in an ambiguity. How does the DPD client that requested three paths tell the difference between the following answers: "I gave you one path because it is the only one that exists" and "I gave you one path 'cause that's the way I was designed" In the case where the single path failed, a client may need to know the difference! Careful selection of conformance requirements and error condition statements will be required to permit building single answer DPD servers. Moving Forward Here is my plan for moving forward... I will start two threads for the remaining open issues. I consider all other issues regarding the DPD/DPV requirements to be resolved. Once the last two issues are resolved, I will ask the editors to post an -04 draft incorporating the currently agreed changes and the resolution to the two open issues. The -04 draft will be forwarded to the ADs. Hope this works for everyone. Thanks, Tim Polk --Boundary_(ID_fqEx02Ti/Xa5gcPpcKftKQ) Content-type: text/html Content-transfer-encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3DUS-ASCII"> <META content=3D"MSHTML 6.00.2713.1100" name=3DGENERATOR></HEAD> <BODY> <DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT> </DIV> <DIV><SPAN class=3D173132018-08042002><FONT face=3DArial = color=3D#0000ff size=3D2>Hi=20 Tim,</FONT></SPAN></DIV> <DIV><SPAN class=3D173132018-08042002><FONT face=3DArial = color=3D#0000ff=20 size=3D2> Any idea when and how we can come to = closure on these=20 issues? As far as I am</FONT></SPAN></DIV> <DIV><SPAN class=3D173132018-08042002><FONT face=3DArial = color=3D#0000ff=20 size=3D2>concerned, an executive decision on the open issued would be = fine - can=20 we just</FONT></SPAN></DIV> <DIV><SPAN class=3D173132018-08042002><FONT face=3DArial = color=3D#0000ff size=3D2>move=20 ahead?</FONT></SPAN></DIV> <DIV><SPAN class=3D173132018-08042002><FONT face=3DArial = color=3D#0000ff=20 size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D173132018-08042002><FONT face=3DArial = color=3D#0000ff=20 size=3D2>Regards,</FONT></SPAN></DIV> <DIV><SPAN class=3D173132018-08042002><FONT face=3DArial = color=3D#0000ff=20 size=3D2>Ambarish</FONT></SPAN></DIV> <DIV> </DIV> <P><FONT=20 size=3D2>---------------------------------------------------------------= ------<BR>Ambarish=20 Malpani<BR>Architect &nbs= p; &nbs= p; &nbs= p; &nbs= p; =20 650.567.5457<BR>ValiCert,=20 Inc. &n= bsp; &n= bsp; =20 ambarish@valicert.com<BR>339 N. Bernardo=20 Ave. &n= bsp; &n= bsp; =20 <A href=3D"http://www.valicert.com/"=20 target=3D_blank>http://www.valicert.com</A><BR>Mountain View, CA=20 94043<BR></FONT></P> <BLOCKQUOTE=20 style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px = solid"> <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT = face=3DTahoma=20 size=3D2>-----Original Message-----<BR><B>From:</B> Tim Polk=20 [mailto:tim.polk@nist.gov]<BR><B>Sent:</B> Thursday, April 04, 2002 = 3:01=20 PM<BR><B>To:</B> ietf-pkix@imc.org<BR><B>Subject:</B> Summary:open = issues for=20 = draft-ietf-pkix-dpv-dpd-req-03.txt<BR><BR></FONT></DIV>Folks,<BR><BR>I = think=20 the discussion is converging here, and thought a summary was in=20 order.<BR><BR>There are a number of issues that were raised on the = list and=20 have demonstrated consensus on the list. (I will not enumerate=20 them.) Proposed text has been submitted to the list and I sense = general=20 satisfaction with that text.<BR><BR>However, there are two open = issues that=20 must be resolved before we forward the document to the Area=20 Directors.<BR><BR><U>Open Issue #1<BR><BR></U>The first issue = involves "DPV=20 relay". Peter Sylvester has stated a requirement for DPV = servers to=20 relay requests to one another:<BR><BR>><BR>>There is a = requirement,=20 similar as for OCSP caches, <BR>>that server just relays a request = to=20 another. This had been <BR>>discussed several times, the = differences had=20 only been to <BR>>what degree the relaying should become visible; = whether=20 one <BR>>server can rewrite/resigns the answers of another etc.=20 <BR>>Relaying via cache is an obvious feature in many OCSP = implementation,=20 <BR>>how do they protect itself against loops between two servers? = <BR>><BR><BR>I understand this issue remains open.<BR><BR><U>Open = Issue=20 #2<BR><BR></U>The second issue is conformance requirements for = multiple paths=20 in the DPD service. As I read it, the current draft requires = support for=20 multiple paths at the server, but not the client. The client = may request=20 a maximum number of paths N; if the request does not specify N, it = defaults to=20 one. The DPD server includes zero, one, or up to N paths in a=20 response. If the number of paths is less than N, this indicates = that the=20 server could not find as many paths as the client = requested.<BR><BR>Since the=20 DPD process is performed with respect to a policy, just as in DPV, it = has been=20 suggested that a DPD server could be designed to always return a = single=20 path. If the specified policy matches the path validation = process=20 performed at the client (e.g., same certificate policies and same = trust=20 anchor) the client should be able to use that path.<BR><BR>However, = this could=20 result in an ambiguity. How does the DPD client that requested = three=20 paths tell the difference between the following=20 = answers:<BR><X-TAB> </X-T= AB>"I=20 gave you one path because it is the only one that=20 exists"<BR> =20 = and<BR><X-TAB> </X-TAB>"I= gave=20 you one path 'cause that's the way I was designed"<BR><BR>In the case = where=20 the single path failed, a client may need to know the=20 difference!<BR><BR>Careful selection of conformance requirements and = error=20 condition statements will be required to permit building single = answer DPD=20 servers.<BR><BR><U>Moving Forward<BR><BR></U>Here is my plan for = moving=20 forward...<BR><BR>I will start two threads for the remaining open=20 issues. I consider all other issues regarding the DPD/DPV = requirements=20 to be resolved.<BR><BR>Once the last two issues are resolved, I will = ask the=20 editors to post an -04 draft incorporating the currently agreed = changes and=20 the resolution to the two open issues. The -04 draft will be = forwarded=20 to the ADs.<BR><BR>Hope this works for = everyone.<BR><BR>Thanks,<BR><BR>Tim=20 Polk </BLOCKQUOTE></BODY></HTML> --Boundary_(ID_fqEx02Ti/Xa5gcPpcKftKQ)-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38HHIV26685 for ietf-pkix-bks; Mon, 8 Apr 2002 10:17:18 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g38HHGm26681 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 10:17:16 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 8 Apr 2002 17:16:17 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA10307 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 13:16:10 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g38HHKi26585 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 13:17:20 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1PY7B>; Mon, 8 Apr 2002 13:14:54 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.65]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1PY7A; Mon, 8 Apr 2002 13:14:53 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Tom Gindin <tgindin@us.ibm.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020408123412.039e8490@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 08 Apr 2002 13:17:11 -0400 Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt In-Reply-To: <OF61197954.37DF4E57-ON85256B95.004DB661@pok.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom: >The following is just a personal opinion, but one based on fairly >well-understood trends. I don't think that in-line logotypes are CURRENTLY >worth the space that they'd take up on a smart card, but I would guess that >they will be in two more smart-card generations and perhaps only one. >Given the amount of time between standard proposal and deployment, it's not >premature to standardize it. I tend to agree with your assessment of storage on smart cards. Today, all of the certificates stored on one smart card are likely to be associated with one community. Therefore, a logo will like appear on the smart card itself. Of course, there are other places that certificates and private keys are stored.... > However, I also have a question about the current data structure. >First, why is the URI optional (assuming that the only binary value is the >digest, as at present)? Second, why would we not permit in-line logotypes >(in which case the URI is suppressed)? This would require some edits to >LogotypeData, but nothing very difficult. One possibility would be: > LogotypeData ::= SEQUENCE { > typeOfLogotype TypeOfLogotype, > hashAlgorithm AlgorithmIdentifier, -- might be OPTIONAL, >it's not meaningful for GIF's > CHOICE { > logotypeDataHash OCTET STRING, > gif [0] IMPLICIT OCTET STRING > }, > logotypeDataUri IA5String OPTIONAL } > > Another would be: > LogotypeData ::= SEQUENCE { > typeOfLogotype TypeOfLogotype, > CHOICE { > logotypeReference VerifiedReference, > gif OCTET STRING > } > } > VerifiedReference ::= SEQUENCE { > hashAlgorithm AlgorithmIdentifier, > dataHash OCTET STRING, > CHOICE { > uri IA5String, > intlUri UTF8String } > } > > > IMO VerifiedReference is a generally useful type, so its names do not >contain reference to logotypes. My understanding of COMPONENTS OF, which >may be faulty, is that defining LogotypeData using COMPONENTS OF >VerifiedReference as an element of a CHOICE would not produce a useful >result because each of the elements of VerifiedReference would show up in >the CHOICE rather than merely hashAlgorithm going into the CHOICE with the >other fields added to LogotypeData's SEQUENCE. We are in the final steps of an updated I-D. It addresses some of these issues, but not all. Is there a reference for UTF8String URI? Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38GWou25804 for ietf-pkix-bks; Mon, 8 Apr 2002 09:32:50 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38GWmm25800 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 09:32:49 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA08598; Mon, 8 Apr 2002 18:35:22 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040818324508:109 ; Mon, 8 Apr 2002 18:32:45 +0200 Message-ID: <3CB1C629.72C24627@bull.net> Date: Mon, 08 Apr 2002 18:32:41 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap References: <OFD7A26913.A4127A43-ON85256B90.00711489@pok.ibm.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 08/04/2002 18:32:45, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 08/04/2002 18:32:49, Serialize complete at 08/04/2002 18:32:49 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, I have not forgotten this message, but I gave priority to the DPV thread. > Responses below. > The issue of who specifies the verifier's policy is > rather serious. If the policy to be used is expected to be the same as RFC > 3126's SignaturePolicy, we need to specify a step in which the verifier has > the right to reject such a policy or to consider it inapplicable to the > verifier's own current context. This is true. However, the text does not go at that level of detail: "Another model considers a set of rules that apply to an application context. Every application context may have a different set of rules. When choosing to use certificates in the context of that application, the EE selects the set of rules for that context. In a set of rules, one or more Top CAs may be trusted, each one may be associated with different constraints, like the certificate policies that are trusted or the naming constraints that apply. These constrains may be specified either in self-signed certificates or in addition to self-signed certificates when they do not incorporate these constraints. This set of rules is called a validation policy (when validating a certificate) or a signature policy (when validating a digital signature)." I do not think it is necesary to state it. If you think so, please provide a text and a placement for that text. > > Tom Gindin > > To: Tom Gindin/Watson/IBM@IBMUS > cc: ietf-pkix@imc.org > Subject: Re: WG Last Call: Roadmap > > Tom, > > > I have a few issues with this, and some corrections as well. > > > In comment 12, I have two issues. The first one, which is minor, > is > > that "one or more Top CA's may be trusted" should refer to root CA's > > instead - the two terms mean the same thing more often than not, but when > > they differ the trust point is the root rather than the top. > > PKIX-1 states: > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > Note: This is often also called a "Root CA," since in data structures > terms and in graph theory, the node at the top of a tree is the > "root." However, to minimize confusion in this document, we elect to > call this node a "Top CA," and reserve "Root CA" for the CA directly > trusted by the EE." > > The problem lies with the last sentence, i.e. "*the* CA directly trusted by > the EE.". The singular is being used which means that there is a single > one, multiple roots are not permitted, while multiple Top-CAs are > permitted. > > [TG] Where in PKIX-1 is this? I can't find the phrase "directly trusted" > in either RFC 2459 or in draft 12 of new-pkix-1. Sorry for the confusion: it is in the roadmap document, not PKIX-1. The current text in the roadmap is: " - Root CA - A CA that is directly trusted by an EE; that is, securely acquiring the value of a Root CA public key requires some out-of-band step(s). This term is not meant to imply that a Root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly. (...) Note: This is often also called a "Root CA," since in data structures terms and in graph theory, the node at the top of a tree is the "root." However, to minimize confusion in this document, we elect to call this node a "Top CA," and reserve "Root CA" for the CA directly trusted by the EE. Readers new to PKIX should be aware that these terms are not used consistently throughout the PKIX documents, as the Internet PKI profile [2459bis] uses "Root CA" to refer to what this and other documents call a "Top CA," and "most-trusted CA" to refer to what this and other documents call a "Root CA." There is no problem with PKIX-1 but a problem with the roadmap document. PKIX-1 does not use the term "root CA", and thus it is wrong to say in the roadmap that "these terms are not used consistently throughout the PKIX documents". I would thus propose to change the note in the following way: Note: Since in data structures terms and in graph theory, the node at the top of a tree is the "root", the term "root CA" is sometimes used. This term is not meant to imply that a Root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly. Then, on page 14, change: Additionally, once the Root CA ... with Additionally, once a Root CA ... on pages 29 and 30, change: (e.g., the DVCS's CA, or the Root CA in a hierarchy) with (e.g., the DVCS's CA, or a Root CA) Regards, Denis > Furthermore, if it does > appear in such a draft I hope that it will be with reference to a > particular validation path. Since one normally performs validation against > a specific context, only one trusted root is evaluated at a time. > > The second is less minor. Is it truly intended that a signing EE > > be permitted to specify the set of trusted CA's for an RP to use in > > verifying a signature? At a minimum, an RP in this model is responsible > > for validating the the set of rules is identical to one it has already > > decided to trust, but there is no reference in the model description to > > any active role for the RP. > > A verifier (not a signing EE as you mentioned) does not know what an anchor > is, but may know what a policy is. So by selecting the policy that applies > to the application, indirectly trust anchors (and much more) are selected. > Remember that the same verifier may verify digital signatures in various > contexts, e.g. for a Bank transaction or for a green reservation in a Golf > Club. The trust conditions are not necessarilly identical. Note also that a > verifier does not need to be a signer and may not have any certificate of > its own. > > [TG] My point is that the policy used to verify a signature is something > which the VERIFIER must decide on, rather than the signer, and signature > policies are things which you have defined as being specified by a signer > (see your own RFC 3126). A verifier is as likely to know what an anchor is > as what a signature policy is. If a signature policy includes a > specification of the trust anchors as well as of the verification mechanism > a user who does not know what a trust anchor is operating blindly in > accepting or choosing a signature policy. > > The case of a single (root) CA trusted for any kind of application is a > very > specific case and cannot be considered as the general case. > > > In your comment 5 (on page 15), replace "date of issue" by "date > and > > time of issue". > > This is fine. > > > At a slightly more substantive level, shouldn't the clarification > of > > the definition of Top CA on page 4 end "and reserve 'root CA' for a CA > > directly trusted by the EE."? This wording permits multiple trusted > roots. > > I do not think that PKIX-1 allows for this. See the quote above. > > > In your comment 4, shouldn't "CA certificate" be "hierarchical CA > > certificate"? Surely a Top CA's self-signed certificate is also a "CA > > certificate", and your definition excludes it. Then the sentence "Some > > people in the WG believe that a cross certificate is a special kind of CA > > certificate." is reversed to "... believe that a hierarchical CA > > certificate is a special kind of cross certificate". > > You say that the definition excludes the fact that a Top CA's self-signed > certificate is also a CA-certificate. This is correct, ... but was not > intended. > > So what about this full correction ? > > [2459bis] defines a cross-certificate as "a certificate issued by one CA to > another CA". [2459bis] does not provide a formal definition of a CA > certificate but implictly means a certificate where the subject of the > certificate is a CA. This means that self-signed certificates are CA > certificats but are not cross-certificates. Some people in the WG believe > that a cross certificate is a special kind of CA certificate issued by a CA > under one Top CA for another CA under a different Top CA. CAs in the same > hierarchy usually have part of their names imposed by the Top CA or by the > CAs under that Top CAs. When a cross certificate is issued, there is no > relationship between the names of the CAs. > > > In comment 11, the i.e. should remain "what are the root CA's" > rather > > than "what are the Top CA's", for the same reason as in comment 12. > > I do not think so. See my first comment. > > Regards, > > Denis > > > Tom Gindin > > > > Denis Pinkas <Denis.Pinkas@bull.net>@mail.imc.org on 03/26/2002 12:11:50 > PM > > > > Sent by: owner-ietf-pkix@mail.imc.org > > > > To: ietf-pkix@imc.org > > cc: Carlisle Adams <cadams@entrust.com> > > Subject: Re: WG Last Call: Roadmap > > > > Comments on the roadmap document draft-ietf-pkix-roadmap-07.txt > > > > (snip) > > COMMENT 3. A sentence states: "However, to minimize confusion in this > > document, we elect to call this node a "Top CA," and reserve "Root CA" > for > > the CA directly trusted by the EE". Since an EE may trust more than one > Top > > CA, shouldn't we say: > > > > "However, to minimize confusion in this document, we elect to call this > > node > > a "Top CA," and reserve "Root CA" when there is a single CA directly > > trusted > > by the EE." > > > > COMMENT 4. On page 14. A clarification needs to be done between > > cross-certificates and CA certificates. The text currently states: > > > > A cross-certificate is a PKC issued by one CA to another CA which > > contains a public CA key associated with the private CA signature key > > used for issuing PKCs. Typically, a cross-certificate is used to > > allow client systems or end entities in one administrative domain to > > communicate securely with client systems or end users in another > > administrative domain. Use of a cross-certificate issued from CA_1 to > > CA_2 allows user Alice, who trusts CA_1, to accept a PKC used by Bob, > > which was issued by CA_2. Cross-certificates can also be issued from > > one CA to another CA in the same administrative domain, if required. > > > > I would propose instead the following: > > > > " A CA certificate is a certificate in a hierarchy that is neither a > > self-signed certificate, nor an end-entity certificate. [2459bis] does > not > > make a difference between a CA certificate and a cross certificate since > it > > defines a cross-certificate as "a certificate issued by one CA to another > > CA". Some people in the WG believe that a cross certificate is a special > > kind of CA certificate. A cross certificate is issued by a CA under one > > Top CA for another CA under a different Top CA. CAs in the same hierarchy > > have part of their names imposed by the Top CA or by the CAs under that > > Top CAS. When a cross certificate is issued, there is no relationship > > between the names of the CAS. > > > > Typically, a cross-certificate is used to allow client systems or end > > entities in one administrative domain to communicate securely with client > > systems or end users in another administrative domain. Use of a > > cross-certificate issued from CA_1 to CA_2 allows user Alice, who trusts > > CA_1, to accept a PKC used by Bob, which was issued by CA_2. > > Cross-certificates can also be issued from one CA to another CA in the > same > > administrative domain, if required." > > > > COMMENT 5. On page 15, the text states: "A CRL is a time stamped list > > identifying revoked PKCs that is signed by a CA and made freely available > > in a public repository." > > > > I would prefer to avoid to use "time-stamped" in that context and thus I > > would propose the following wording: > > > > "A CRL is a list that identifies the references of revoked PKCs. This > list > > contains a date of issue and is signed by a CA and made freely available > in > > a public repository." > > > > (snip) > > > > COMMENT 11. On page 47. Section 5.5 talks about trust model, but only > > consider a single trust point: > > > > " An important design decision is where a particular EE's trust point > > is located (i.e., where is the EE's Root CA). There are a number of > > models that have been developed and depending on the environment some > > models may be more suited than others. The following provides some > > background on the models." > > > > I would rather propose to change it into: > > > > " An important design decision is, for a given application, where the > > particular EE's trust points are located (i.e. what are the Top CAs). > > There are a number of models that have been developed and depending on > > the environment some models may be more suited than others. The following > > provides some background on the models." > > > > COMMENT 12. On page 49. Section 5.5 I would propose to add another model. > > > > 5.5.5 Validation policies > > > > Another model considers a set of rules that apply to an application > > context. > > Every application context may have a different set of rules. When > choosing > > to use certificates in the context of that application, the EE selects > the > > set of rules for that context. In a set of rules, one or more Top CAs may > > be > > trusted, each one may be associated with different constraints, like the > > certificate policies that are trusted or the naming constraints that > apply. > > These constrains may be specified either in self-signed certificates or > in > > addition to self-signed certificates when they do not incorporate these > > constraints. This set of rules is called a validation policy (when > > validating a certificate) or a signature policy (when validating a > digital > > signature). > > > > Regards, > > > > Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38GMEP25537 for ietf-pkix-bks; Mon, 8 Apr 2002 09:22:14 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g38GM8m25533 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 09:22:08 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 8 Apr 2002 16:21:09 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id MAA05067 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 12:21:01 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g38GMBR20248 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 12:22:11 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1PX8A>; Mon, 8 Apr 2002 12:19:45 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.65]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1PX78; Mon, 8 Apr 2002 12:19:40 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Peter Williams <peterw@valicert.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020408121938.039e2bd0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 08 Apr 2002 12:21:49 -0400 Subject: RE: Open issue: DPV relay In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert. com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: I think you are changing the context of my statement. I said: "... the client asks one DPV server to perform an action. The response should come back, signed by that DPV server, or it is an error from the client's perspective." I did not say that the client could not have a trust relationship with more than one DPV server. Russ At 05:28 PM 4/5/2002 -0800, Peter Williams wrote: >Todd, > >I do not believe we should formulate any >particular use-model at this time, for DPV REQUIREMENTS; >leaving aside the philosophical issue of >whether use-modeling would or would not help IETF standards >adoption. The requirements should prepare for >protocol-specification, not establish operational >usage constraints. > >The only valuable use-issues topics I can forsee that might >serve us (in contradiction to the above) are precisely >those that Ambarish mentioned: do what OCSP did, >so succesfully in the Internet environment... for the >same issue; and dont lets sucumb to the temptation to >over-architect! > >-------------- > >In my view, on Russ side comment, constraining DPV to >require users to interact >with a service provider at a single access-point is >like setting the clock back on X.509, and requiring >the world to adopt the Entrust use-model >of PKC key management. Entrust's use-model makes >for a fine and highly-manageable system, but it >competes (successfully) with other domain-management >models that are equally succesful in the wider Internet >environment we server. > >The only trust issue for DPV requirments I can see >is this: > >Just, as Sharon recently indicated, PMI's SOAs >are trusted as authoritative for their policy >scope, so DPV servers are trusted. PMI deals >with privileges; DPV deals with remote processing >of chains against validation policies. The two >authority models are really identical, otherwise. > >Lets note that PMI didnt constrain an AC verifier to use >only a single SOA-headed source of AC paths. So >should the DPV requirements not constrain the >DPV client from accepting results from >any set of (possibly (out of IETF scope) constained) DPV >servers - whose service is provided at the >access point to which the client is bound (including >that operated, perhaps, by a simple-proxing or a >chaining&resigning DPV server). > > >-----Original Message----- >From: todd glassey [mailto:todd.glassey@worldnet.att.net] >Sent: Friday, April 05, 2002 3:52 PM >To: Housley, Russ; jim >Cc: stephen.farrell@baltimore.ie; Tim Polk; ietf-pkix@imc.org >Subject: Re: Open issue: DPV relay > > > >Russ is 100% dead on but this is about the mechanics of the use model more >than anything - let me demonstrate... > >----- Original Message ----- >From: "Housley, Russ" <rhousley@rsasecurity.com> >To: "jim" <jimhei@cablespeed.com> >Cc: <stephen.farrell@baltimore.ie>; "Tim Polk" <tim.polk@nist.gov>; ><ietf-pkix@imc.org> >Sent: Friday, April 05, 2002 12:42 PM >Subject: Re: Open issue: DPV relay > > > > > > Jim: > > > > I am not talking about trust in the X.500 system. I am talking about >trust > > in a DPV server. In my mind, the client asks one DPV server to perform an > > action. The response should come back, signed by that DPV server, or it >is > > an error from the client's perspective. > > > > I see no reason for the client to be made aware of an chaining or >multicasting. > > > > I do not think that we should include referrals in the DPV system at all. > >The only way this would not want to be true is if the trust model between >the requesting agents and the supplying agents had a pre-existing agreement >that the trust supplying agent could look beyond its own services as sources >of the trust model its looking for from this DPV server. It would then stand >as a referred trust provider when it cannot satisfy the trust request >itself. > >In fact from a use model perspective, it would seem that only the client >could authotize this for privacy reasons, and it seems that it would need >to be on a per transaction basis (I.e. the Trust provider says " my trust >processes cannon fulfill this request so I have passed it onward to someone >that can" ... the only problem is that you run the potential that the next >link in the trust envelope would also not be able to satisfy this request >either or coupdl get locked in a loop... so where does it stop???) > >The "what" of what you have now is a situation where the referring agent is >going around and shopping for an external DPV agent who can and is willing >to satisfy this trust validation request. And this seems at best kinda >clunky and potentially a real problem over privacy and context information >from the actual agent requesting this validation service. > >I suggest that becuase of this, that unless specifically authorized or >requested from the client, that the DPV services should be restruicted to >stay on a single platform... and it be the Client's responsibility to >hierarchicly check out the trust element in question. > > > > > Russ > >SNIP Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38GASU25276 for ietf-pkix-bks; Mon, 8 Apr 2002 09:10:28 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38GAPm25271 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 09:10:26 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id SAA25785; Mon, 8 Apr 2002 18:10:24 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Mon, 8 Apr 2002 18:10:24 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id SAA28647; Mon, 8 Apr 2002 18:10:23 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id SAA05966; Mon, 8 Apr 2002 18:10:23 +0200 (MET DST) Date: Mon, 8 Apr 2002 18:10:23 +0200 (MET DST) Message-Id: <200204081610.SAA05966@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net Subject: Re: Open issue: DPV relay Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, fortunately I know how to interprete 'French comments', I hope that you can interprete 'German comments', for the others, see PS. :-) > 1) "I see no reason for the client to be made aware of an chaining or > multicasting". I am not sure whether you can hide this completely. If the final answer MAY contain answer from other service, a client might get some idea, but I don't think that this creates a problem. I agree that it is probably not necssary to make explicitely available some information of the kind: "I have used a multicasting scheme among servers X to Z or chaining to Y'. The client or another relying party want to know whether it is valid and (maybe) why the server believes so. There may be: I have asked the following n servers and they all told me *no*. > 2) "I do not think that we should include referrals in the DPV system > at all". I am just a little bit careful asking about the meaning of this sentence. Do You want a specification: A conformming protocol MUST not specify any method that implies whatever kind of referral, or do you 'just don't care', i.e. a protocol MAY implement an extension to be used among consenting client/servers? see below. > > Now, taking the scenario depicted by Peter, with some important changes: > > End user A asks server S1 "validate cert". > client S1 asks server S2. > server S2 responds : don't know. S2 answers : Don't know, please go to service S3, here is a trustworthy cert of S3. > client S1 asks to another DPV server that it trusts, e.g. server S3. > server S3 responds to client S1 : the certificate is valid. > server S1 responds to end user A: the certificate is valid. > > This is not referral, but it works fine with a list of servers trusted > by server S1. Indeed, it works fine. But the *important change* removes the problem of the situation that may be interesting. One of the questions here is whether the protocol MAY/SHOULD/MUST provide for a means to transfer some 'trust', i.e. to inform a client (maybe not to real end users if they can be distinguished) about the trustworthiness of another server (for a particular request). I wouldn't mind about MAY if simplicity of a real end user client is guaranteed, i.e., in general, an end client SHOULD not be required to make more than one request to obtain a result. In general: Do we have to put into this specification protocol features that 'MAY' exist? Peter PS: French comment : 'no, absolutely unaceptable' ==> let's talk, more work is needed 'yes, that's already something' ==> go implement that, no need for discussion German comment : 'No, absolutely unacceptable' ==> no need for discussion, throw it away. 'Yes, that's already something' ==> let's talk, more work is needed If I remember it correctly, at least the ar of 1870 was created by a voluntary provocation of such a misunderstanding. "We ask you to consider to dismantle the Strasbourg garnison". "No way". "ok, then we might consider take the whole North East of France" "That is an absolutely unacceptable declaration of war." 'Here you have it". Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38F5Xe19392 for ietf-pkix-bks; Mon, 8 Apr 2002 08:05:33 -0700 (PDT) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38F5Um19383 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 08:05:30 -0700 (PDT) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA06756 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 17:08:04 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040817051971:93 ; Mon, 8 Apr 2002 17:05:19 +0200 Message-ID: <3CB1B1AC.CB7633D9@bull.net> Date: Mon, 08 Apr 2002 17:05:16 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: pkix <ietf-pkix@imc.org> Subject: Re: Open issue: DPV relay X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 08/04/2002 17:05:19, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 08/04/2002 17:05:31, Serialize complete at 08/04/2002 17:05:31 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, I fully agree with you: 1) "I see no reason for the client to be made aware of an chaining or multicasting". 2) "I do not think that we should include referrals in the DPV system at all". Now, taking the scenario depicted by Peter, with some important changes: End user A asks server S1 "validate cert". client S1 asks server S2. server S2 responds : don't know. client S1 asks to another DPV server that it trusts, e.g. server S3. server S3 responds to client S1 : the certificate is valid. server S1 responds to end user A: the certificate is valid. This is not referral, but it works fine with a list of servers trusted by server S1. Denis > Jim: > > I am not talking about trust in the X.500 system. I am talking about trust > in a DPV server. In my mind, the client asks one DPV server to perform an > action. The response should come back, signed by that DPV server, or it is > an error from the client's perspective. > > I see no reason for the client to be made aware of an chaining or multicasting. > > I do not think that we should include referrals in the DPV system at all. > > Russ > > At 02:50 PM 4/5/2002 -0500, jim wrote: > >A small addition, but X.500 directories also have the ability for > >multicasting in > >which case a number of other directories are queried for a certificate at > >the same > >time. Multicasting requires the greatest amount of directory and system > >overhead, > >but gets the quickest returns; where chaining requires the least and > >referral is > >the slowest, so there should be support for all three in the DPV > >capability. There > >are no associated trust issues with use of either of the three methods as > >far as I > >know. > >Jim > > > >"Housley, Russ" wrote: > > > > > Steve: > > > > > > In the X.500 directory, they two communication models are called chaining > > > referrals. Peter has asked for chaining support. You are asking whether > > > referrals should also be supported. > > > > > > I can see cases where chaining might be helpful. It does not change the > > > client's trust model. It asks a particular DPV server for a response, and > > > it gets one (signed by the same server that it asked). > > > > > > I think that referrals complicate the trust model. The client asks one DPV > > > server, then that server suggests that a different server might be better > > > able to help. If the client chooses to ask that server, it will get back a > > > response signed by the second server. Does the client trust it only > > > because the first server made a referral? What information need to be > > > stored by the client to prove that it was referred to this server? All of > > > this is more complication than I want. > > > > > > Russ > > > > > > At 02:21 PM 4/5/2002 +0100, Stephen Farrell wrote: > > > > > > >*If* relaying support/capability is to be considered as a > > > >MUST/SHOULD/MAY requirement for a DPV protocol, then should > > > >re-direction be handled similarly? (Note: I'm not proposing > > > >that it should be, just asking!) > > > > > > > >By re-direction I mean: > > > > > > > >Alice: Hey Bob - is this key good? > > > >Robert: Dunno Alice - but Charlie might know. > > > >Alice: Hey Charles - is this key good? > > > >Chaz: Yep. > > > > > > > >Stephen. > > > > > > > >Tim Polk wrote: > > > > > > > > > > Peter Sylvester has stated a requirement for DPV servers to relay > > requests > > > > > to one another: > > > > > > > > > > > > > > > > >There is a requirement, similar as for OCSP caches, > > > > > >that server just relays a request to another. This had been > > > > > >discussed several times, the differences had only been to > > > > > >what degree the relaying should become visible; whether one > > > > > >server can rewrite/resigns the answers of another etc. > > > > > >Relaying via cache is an obvious feature in many OCSP implementation, > > > > > >how do they protect itself against loops between two servers? > > > > > > > > > > > > > > > > I believe this is an open issue, and would like to start a new > > discussion > > > > > thread limited to this topic. > > > > > > > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > > > > servers. If a server cannot satisfy a request directly, it may > > relay the > > > > > request to a different server. We'll assume the server is smart > > enough not > > > > > to relay a request back to the requester. (That is, if server A > > relays a > > > > > request to Server B, B may relay it to Server C but not A.) > > > > > > > > > > (1) Assume Alice requests a valid path for Bob's certificate from > > Server A, > > > > > when none exists. > > > > > (2) Server A relays the request to Server B, since it cannot satisfy it > > > > > directly. (A could have chosen Server C; it is irrelevant.) > > > > > (3) Server B relays the request to Server C, since it cannot satisfy it > > > > > directly. (C could not choose A, since it was the requester.) > > > > > (4) Server C relays the request to Server A, since it cannot satisfy it > > > > > directly. (A could not choose B, since it was the requester.) > > > > > > > > > > At this point, either A must maintain state and recognize that the > > request > > > > > has cycled around or the protocol has to handle this by maintaining a > > > > > history list. > > > > > > > > > > Peter, please confirm that I have characterized the problem > > correctly (or > > > > > post the right scenario)! I am not personally convinced that blind > > > > > relaying amongst DPV servers is a requirement. > > > > > > > > > > IMHO, DPV relaying would be limited to the scenario where each > > Server was > > > > > authoritative for a particular community (perhaps based on > > privately held > > > > > status information). Alice directs all requests to Server A to > > simplify > > > > > her life. Server A would be able to determine which server (B or > > C) could > > > > > possibly satisfy the request based on Bob's certificate. > > > > > > > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > > > > imposing no additional requirements... > > > > > > > > > > Thanks, > > > > > > > > > > Tim Polk > > > > > > > >-- > > > >____________________________________________________________ > > > >Stephen Farrell > > > >Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > > >39 Parkgate Street, fax: +353 1 881 7000 > > > >Dublin 8. mailto:stephen.farrell@baltimore.ie > > > >Ireland http://www.baltimore.com Received: by above.proper.com (8.11.6/8.11.3) id g38Eao315730 for ietf-pkix-bks; Mon, 8 Apr 2002 07:36:50 -0700 (PDT) Received: from e4.ny.us.ibm.com (e4.ny.us.ibm.com [32.97.182.104]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38Eamm15726 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 07:36:48 -0700 (PDT) Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.56.224.150]) by e4.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g38EZecw108050; Mon, 8 Apr 2002 10:35:40 -0400 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g38EZc543474; Mon, 8 Apr 2002 10:35:38 -0400 Importance: Normal Sensitivity: Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: Stefan Santesson <stefan@addtrust.com>, "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF61197954.37DF4E57-ON85256B95.004DB661@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Mon, 8 Apr 2002 10:35:41 -0400 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/08/2002 10:35:39 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> The following is just a personal opinion, but one based on fairly well-understood trends. I don't think that in-line logotypes are CURRENTLY worth the space that they'd take up on a smart card, but I would guess that they will be in two more smart-card generations and perhaps only one. Given the amount of time between standard proposal and deployment, it's not premature to standardize it. However, I also have a question about the current data structure. First, why is the URI optional (assuming that the only binary value is the digest, as at present)? Second, why would we not permit in-line logotypes (in which case the URI is suppressed)? This would require some edits to LogotypeData, but nothing very difficult. One possibility would be: LogotypeData ::= SEQUENCE { typeOfLogotype TypeOfLogotype, hashAlgorithm AlgorithmIdentifier, -- might be OPTIONAL, it's not meaningful for GIF's CHOICE { logotypeDataHash OCTET STRING, gif [0] IMPLICIT OCTET STRING }, logotypeDataUri IA5String OPTIONAL } Another would be: LogotypeData ::= SEQUENCE { typeOfLogotype TypeOfLogotype, CHOICE { logotypeReference VerifiedReference, gif OCTET STRING } } VerifiedReference ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, dataHash OCTET STRING, CHOICE { uri IA5String, intlUri UTF8String } } IMO VerifiedReference is a generally useful type, so its names do not contain reference to logotypes. My understanding of COMPONENTS OF, which may be faulty, is that defining LogotypeData using COMPONENTS OF VerifiedReference as an element of a CHOICE would not produce a useful result because each of the elements of VerifiedReference would show up in the CHOICE rather than merely hashAlgorithm going into the CHOICE with the other fields added to LogotypeData's SEQUENCE. Tom Gindin Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38E5r114837 for ietf-pkix-bks; Mon, 8 Apr 2002 07:05:53 -0700 (PDT) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38E5pm14831 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 07:05:51 -0700 (PDT) Received: from tsg1 ([12.81.71.62]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020408140546.BYKO8815.mtiwmhc23.worldnet.att.net@tsg1>; Mon, 8 Apr 2002 14:05:46 +0000 Message-ID: <005c01c1df06$5574f290$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Peter Sylvester" <Peter.Sylvester@edelweb.fr>, <jimhei@cablespeed.com>, <rhousley@rsasecurity.com> Cc: <stephen.farrell@baltimore.ie>, <tim.polk@nist.gov>, <ietf-pkix@imc.org> References: <200204081110.NAA05894@emeriau.edelweb.fr> Subject: Re: Open issue: DPV relay Date: Mon, 8 Apr 2002 07:02:12 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Isnt the question we are looking to address here whether the DPV server can prosecute the processing of a DPV request to a response or a next node in that DPV server's or that Certificate's CHAIN OF TRUST. So there are two issues really on the table here: 1) Does the Client have the ability to a) Force the server to accept a particular chain of DPV services to resolve its trusatability to the next DPV NODE as per the Client b) Force the server to accept a particular chain of DPV services to resolve its trusatability to the next DPV NODE as per the Server 2) Does the Server have the ability a) To refer this request without the clients approval b) Just Say No... That is "Sorry I cannot service this request"... T. ----- Original Message ----- From: "Peter Sylvester" <Peter.Sylvester@edelweb.fr> To: <jimhei@cablespeed.com>; <rhousley@rsasecurity.com> Cc: <stephen.farrell@baltimore.ie>; <tim.polk@nist.gov>; <ietf-pkix@imc.org> Sent: Monday, April 08, 2002 4:10 AM Subject: Re: Open issue: DPV relay > > > > > Jim: > > > > I am not talking about trust in the X.500 system. I am talking about trust > > in a DPV server. In my mind, the client asks one DPV server to perform an > > action. The response should come back, signed by that DPV server, or it is > > an error from the client's perspective. > > I'd say this in a slightly slightly different way. > > A client MUST be able to authenticate the response at the moment when > he receives it. The authentication method should be as simple as possible. > Possible authentication methods include a signature (e.g. CMS > signedData), TLS/SSL authentication or evel lower layers. > > Whenever there is a need that another entity needs to reverify > a response "later" (which may not be necessary in all > circumstances), an appropriate method to authenticate > the response MUST be available, i.e., a combination > of protocol data and services MUST be available to ensure > this feature. > > > I see no reason for the client to be made aware of an chaining or multicasting. > I'd say that the response MUST include all essential > element that have contributed to the decision, this MAY mean to > include some responses or the identities of entities that > have contributed to the response. > > > I do not think that we should include referrals in the DPV system at all. > I'm rather reluctant to have a referral type of mode, but Stephen Farrell > gave an interesting example that may be slightly modified as > follows: > > End user A ask server S1 "validate cert". > S1 asks service S2. > S2 answers : Don't know, please go to service S3, here is a trustworthy cert of S3. > S1 answers S3 > S3 gives a signed response. > S1 validates the response agains the cert received by S3 and creates a final reponse > to end user. > > I can imagine that there may be servers like S2 that would like to operate > that way. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38Cubj12279 for ietf-pkix-bks; Mon, 8 Apr 2002 05:56:37 -0700 (PDT) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g38CuRm12273 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 05:56:35 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 8 Apr 2002 12:55:27 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id IAA10561 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 08:55:20 -0400 (EDT) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g38CuTC20919 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 08:56:29 -0400 (EDT) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1PTS4>; Mon, 8 Apr 2002 08:54:03 -0400 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.104]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1PTSR; Mon, 8 Apr 2002 08:53:56 -0400 From: "Housley, Russ" <rhousley@rsasecurity.com> To: jim <jimhei@cablespeed.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020408085314.0208d1c0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 08 Apr 2002 08:56:14 -0400 Subject: Re: Open issue: DPV relay In-Reply-To: <3CAE24C6.A0526A91@cablespeed.com> References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <5.1.0.14.2.20020405153917.02fc71d8@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Jim: You missed my point altogether. This discussion has nothing to do with directories. We are discussion DPV servers. The DPV server will do to a directory to obtain certificates and CRLs, go to OCSP responders, and (if needed) go to other DPV servers. In DPV, we only want to support a chaining model in the DPV client to DPV server communication. Russ At 05:27 PM 4/5/2002 -0500, jim wrote: >Russ, > But the exact point is that if you decide that creating trust with > directories >is the key instead of trust with the certificate holders and issuers, then >the only >type of directory interaction that can occur is referral, which increases >system >overhead, delays based on directory response times, and a general >inability to grow >large systems in which any individual cross-certifying PKI has a single >directory >to address. Every individual PKI implementation would have to have not only a >central directory, but also border directories and each border directory >would have >to hold the same level of trust as the central directory. This implies >constant >near-real-time updating of border directories or the threat of failed >validation. >Help me to understand how you envision the directory system that >successfully can >respond to a multitude of simultaneous or near-simultaneous requests for >validation. Thanks. Feel free to reply just to me if you wish as not >everyone may >be interested from this point forward. >Jim > >"Housley, Russ" wrote: > > > Jim: > > > > I am not talking about trust in the X.500 system. I am talking about trust > > in a DPV server. In my mind, the client asks one DPV server to perform an > > action. The response should come back, signed by that DPV server, or it is > > an error from the client's perspective. > > > > I see no reason for the client to be made aware of an chaining or > multicasting. > > > > I do not think that we should include referrals in the DPV system at all. > > > > Russ > > > > At 02:50 PM 4/5/2002 -0500, jim wrote: > > >A small addition, but X.500 directories also have the ability for > > >multicasting in > > >which case a number of other directories are queried for a certificate at > > >the same > > >time. Multicasting requires the greatest amount of directory and system > > >overhead, > > >but gets the quickest returns; where chaining requires the least and > > >referral is > > >the slowest, so there should be support for all three in the DPV > > >capability. There > > >are no associated trust issues with use of either of the three methods as > > >far as I > > >know. > > >Jim > > > > > >"Housley, Russ" wrote: > > > > > > > Steve: > > > > > > > > In the X.500 directory, they two communication models are called > chaining > > > > referrals. Peter has asked for chaining support. You are asking > whether > > > > referrals should also be supported. > > > > > > > > I can see cases where chaining might be helpful. It does not > change the > > > > client's trust model. It asks a particular DPV server for a > response, and > > > > it gets one (signed by the same server that it asked). > > > > > > > > I think that referrals complicate the trust model. The client asks > one DPV > > > > server, then that server suggests that a different server might be > better > > > > able to help. If the client chooses to ask that server, it will > get back a > > > > response signed by the second server. Does the client trust it only > > > > because the first server made a referral? What information need to be > > > > stored by the client to prove that it was referred to this server? > All of > > > > this is more complication than I want. > > > > > > > > Russ > > > > > > > > At 02:21 PM 4/5/2002 +0100, Stephen Farrell wrote: > > > > > > > > >*If* relaying support/capability is to be considered as a > > > > >MUST/SHOULD/MAY requirement for a DPV protocol, then should > > > > >re-direction be handled similarly? (Note: I'm not proposing > > > > >that it should be, just asking!) > > > > > > > > > >By re-direction I mean: > > > > > > > > > >Alice: Hey Bob - is this key good? > > > > >Robert: Dunno Alice - but Charlie might know. > > > > >Alice: Hey Charles - is this key good? > > > > >Chaz: Yep. > > > > > > > > > >Stephen. > > > > > > > > > >Tim Polk wrote: > > > > > > > > > > > > Peter Sylvester has stated a requirement for DPV servers to relay > > > requests > > > > > > to one another: > > > > > > > > > > > > > > > > > > > >There is a requirement, similar as for OCSP caches, > > > > > > >that server just relays a request to another. This had been > > > > > > >discussed several times, the differences had only been to > > > > > > >what degree the relaying should become visible; whether one > > > > > > >server can rewrite/resigns the answers of another etc. > > > > > > >Relaying via cache is an obvious feature in many OCSP > implementation, > > > > > > >how do they protect itself against loops between two servers? > > > > > > > > > > > > > > > > > > > I believe this is an open issue, and would like to start a new > > > discussion > > > > > > thread limited to this topic. > > > > > > > > > > > > As I understand Peter's scenario, there are three mutually > trusting DPV > > > > > > servers. If a server cannot satisfy a request directly, it may > > > relay the > > > > > > request to a different server. We'll assume the server is smart > > > enough not > > > > > > to relay a request back to the requester. (That is, if server A > > > relays a > > > > > > request to Server B, B may relay it to Server C but not A.) > > > > > > > > > > > > (1) Assume Alice requests a valid path for Bob's certificate from > > > Server A, > > > > > > when none exists. > > > > > > (2) Server A relays the request to Server B, since it cannot > satisfy it > > > > > > directly. (A could have chosen Server C; it is irrelevant.) > > > > > > (3) Server B relays the request to Server C, since it cannot > satisfy it > > > > > > directly. (C could not choose A, since it was the requester.) > > > > > > (4) Server C relays the request to Server A, since it cannot > satisfy it > > > > > > directly. (A could not choose B, since it was the requester.) > > > > > > > > > > > > At this point, either A must maintain state and recognize that the > > > request > > > > > > has cycled around or the protocol has to handle this by > maintaining a > > > > > > history list. > > > > > > > > > > > > Peter, please confirm that I have characterized the problem > > > correctly (or > > > > > > post the right scenario)! I am not personally convinced that blind > > > > > > relaying amongst DPV servers is a requirement. > > > > > > > > > > > > IMHO, DPV relaying would be limited to the scenario where each > > > Server was > > > > > > authoritative for a particular community (perhaps based on > > > privately held > > > > > > status information). Alice directs all requests to Server A to > > > simplify > > > > > > her life. Server A would be able to determine which server (B or > > > C) could > > > > > > possibly satisfy the request based on Bob's certificate. > > > > > > > > > > > > Even though relaying occurred, Server A acted as a simple DPV > client, > > > > > > imposing no additional requirements... > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Tim Polk > > > > > > > > > >-- > > > > >____________________________________________________________ > > > > >Stephen Farrell > > > > >Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > > > >39 Parkgate Street, fax: +353 1 881 7000 > > > > >Dublin 8. mailto:stephen.farrell@baltimore.ie > > > > >Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38BsGG07331 for ietf-pkix-bks; Mon, 8 Apr 2002 04:54:16 -0700 (PDT) Received: from mailrelay.tugraz.at (mailrelay.tu-graz.ac.at [129.27.3.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38Bs3m07324 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 04:54:03 -0700 (PDT) Received: from iaik.at (iaik.tu-graz.ac.at [129.27.152.30]) by mailrelay.tugraz.at (8.12.2/8.12.2) with ESMTP id g38Br270013994; Mon, 8 Apr 2002 13:53:03 +0200 (MEST) Received: from plato [129.27.152.123] by iaik.at (SMTPD32-7.05) id A1E22139011E; Mon, 08 Apr 2002 13:41:22 +0200 Received: from plato.iaik.at [127.0.0.1] by plato (IAIK S/MIME Mapper 2.01 18/May/2001); Mon, 08 Apr 2002 13:42:11 +0100 From: "Stefan Kraxberger" <Stefan.Kraxberger@iaik.at> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Peter Sylvester" <Peter.Sylvester@edelweb.fr>, <ramunno@polito.it>, "Andrea Caccia" <a.caccia@innovery.net>, "Stefan Kraxberger" <Stefan.Kraxberger@iaik.at>, <medina@ac.upc.es>, <h-iwanishi@pb.jp.nec.com>, "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, "Raffaello Galli" <r.galli@com-and.com>, "Romano Pedroli" <r.pedro@com-and.com>, <kent@bbn.com> Cc: <ietf-pkix@imc.org> Subject: Updated TSA Service Date: Mon, 8 Apr 2002 13:42:03 +0200 Message-ID: <FMEILCMDBHEJOCGOGOIJOEGICBAA.Stefan.Kraxberger@iaik.at> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; boundary="--IAIK.SMIME.MAPPER.67B06B63--"; protocol="application/x-pkcs7-signature" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multipart MIME message, it may require a MIME capable user agent. ----IAIK.SMIME.MAPPER.67B06B63-- Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi According to the test results from Thomas i have updated the our TSA service. Now the problems, documented in the test report, should be solved. The service is now running under an new address: Host: neurath.iaik.at Port: 318 Thomas, please can you try your test vectors against the this new version? If anyone has problems with the new implementation please let me know. /Stefan ---------------------------------------------------------------- Insitute for Applied Information Processing and Communication Graz University of Technology Inffeldgasse 16a, A-8010 Graz, Austria mailto:stefan.kraxberger@iaik.at phone:+43-664-2045544 ---------------------------------------------------------------- ----IAIK.SMIME.MAPPER.67B06B63-- Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAA oIIgqTCCBNYwggO+oAMCAQICFQC3HWS4/i03mbnh7A3pagLKv3pQqTANBgkqhkiG 9w0BAQUFADCBxDELMAkGA1UEBhMCQVQxJjAkBgNVBAoTHUdSQVogVU5JVkVSU0lU WSBPRiBURUNITk9MT0dZMUcwRQYDVQQLEz5JbnNpdHV0ZSBmb3IgQXBwbGllZCBJ bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEhMB8GA1UE CxMYSUFJSyBFdXJvUEtJIElOVFJBTkVUIENBMSEwHwYDVQQDExhJQUlLIEV1cm9Q S0kgVFUtR1JBWiBTSUcwHhcNMDExMTI5MTMyNzE2WhcNMDIxMjMwMjIwMDAwWjCB mjELMAkGA1UEBhMCQVQxJjAkBgNVBAoTHUdSQVogVU5JVkVSU0lUWSBPRiBURUNI Tk9MT0dZMUcwRQYDVQQLEz5JbnNpdHV0ZSBmb3IgQXBwbGllZCBJbmZvcm1hdGlv biBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEaMBgGA1UEAxMRU3RlZmFu IEtyYXhiZXJnZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIfTFg1Y/7xJ Z3LWZc9hycGVAHTAWpyTIBUeEZKhx4x213MRRx9SFTzGbFuro5vGLIgLYy/GROKS N5T4ADhjB5+OTFJ3VgMSLROOhQ4TBDWB+5PXNqLHJ5NxL/40Vz/mG9qk5qT+vPWe 4U6RfmD+zF9nR6BUxYJ3y2b0FcrJvEqtAgMBAAGjggFpMIIBZTAMBgNVHRMBAf8E AjAAMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBR4tVWhM72DJX/q8+eMt6Of lXOqezBUBgNVHSAETTBLMEkGDCsGAQQBlRIBAgIBAjA5MDcGCCsGAQUFBwIBFito dHRwOi8vZXVyb3BraS5pYWlrLmF0L2NhL2ludHJhbmV0L2Nwcy8xLjIvMEwGA1Ud HwRFMEMwQaA/oD2GO2h0dHA6Ly9ldXJvcGtpLmlhaWsuYXQvY2EvaW50cmFuZXQv Y3JsL2lhaWtfZXVyb3BraV9zaWcuY3JsMBEGCWCGSAGG+EIBAQQEAwIAIDAoBglg hkgBhvhCAQ0EGxYZVXNlci1DZXJ0aWZpY2F0ZSBJTlRSQU5FVDAkBgNVHREEHTAb gRlzdGVmYW4ua3JheGJlcmdlckBpYWlrLmF0MB0GA1UdDgQWBBS3HWS4/i03mbnh 7A3pagHgRzEPEDANBgkqhkiG9w0BAQUFAAOCAQEAQxdjAsPNy6A3S6sj3DxWkfCS 6D2YRrUZwsM1fwe4Y08Du5jfIwWZ0+HJCAfysGWUm4wmApCxD9IhMzaufkfqgJMM cXkdoXX75V839/FbrzXwMY+Ve6ba7WrNZvEUcl+/Xyg7UaAl/D7+QODLHgacuFVH 7FiFnQuiC5JHAMxMDKcrKSw7fJ75zTspRsRM2RXTu3HAoLe0MNxeNmFsvynTtb8Y zSz5afUcvWFFDOe2Uf7B34sc+MszUz26p8xat8DGqdp11kI7IdZDMD83BRZlYJ47 sJMVQiglalwAZLZLkOp1dJOa7/Ob086p3elkDD6TVwTqeIEqEMX/ZJZtAsPZVzCC BTwwggQkoAMCAQICFHi1VaEzvYMlf+rz54y3pIMcl/owMA0GCSqGSIb3DQEBBQUA MIHLMQswCQYDVQQGEwJBVDENMAsGA1UEBxMER3JhejEZMBcGA1UECRMQSW5mZmVs ZGdhc3NlIDE2YTEmMCQGA1UEChMdR1JBWiBVTklWRVJTSVRZIE9GIFRFQ0hOT0xP R1kxRzBFBgNVBAsTPkluc2l0dXRlIGZvciBBcHBsaWVkIEluZm9ybWF0aW9uIFBy b2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25zMSEwHwYDVQQDExhJQUlLIEV1cm9Q S0kgSW50cmFuZXQgQ0EwHhcNMDAxMjE5MTEyMTQ3WhcNMDIxMjMwMjI1OTMwWjCB xDELMAkGA1UEBhMCQVQxJjAkBgNVBAoTHUdSQVogVU5JVkVSU0lUWSBPRiBURUNI Tk9MT0dZMUcwRQYDVQQLEz5JbnNpdHV0ZSBmb3IgQXBwbGllZCBJbmZvcm1hdGlv biBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEhMB8GA1UECxMYSUFJSyBF dXJvUEtJIElOVFJBTkVUIENBMSEwHwYDVQQDExhJQUlLIEV1cm9QS0kgVFUtR1JB WiBTSUcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxWjtQORZimthv kSAAJlIL97tgPeJ8+151iGCyd44WFAyjHsP9oQrZHxazVAB+o8clYdPpp/ECognU 41o40iafdgkNIfsjyFMm3VvcWNx+F4vKYTHoLQascxRJUULgub+B4k4pb9A4URQn xkrMriQlISoFXeEY1l2Mv4DlXHF3qOEMiLW5B1vmZZaEpNvH/me8fuvJYLi9FWA+ Ojk/UybbrGybkeJY3RAq+FImnWkaB9BAoAhdROR+GXU8YvqZTzqUndKog1KccBKa FTBKwSz9RxOVPFORs1VLGItlnGRCn25uOiDTDfrU2D4D9cyFEVU+Qd55RzD6PfgP 8BbeUyTxAgMBAAGjggEbMIIBFzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB /wQEAwIBxjAfBgNVHSMEGDAWgBSEWAP+T9cNWn701+2abEq0uxAz0jBUBgNVHSAE TTBLMEkGDCsGAQQBlRIBAgIBATA5MDcGCCsGAQUFBwIBFitodHRwOi8vZXVyb3Br aS5pYWlrLmF0L2NhL2ludHJhbmV0L2Nwcy8xLjEvMEgGA1UdHwRBMD8wPaA7oDmG N2h0dHA6Ly9ldXJvcGtpLmlhaWsuYXQvY2EvaW50cmFuZXQvY3JsL2lhaWtfZXVy b3BraS5jcmwwEQYJYIZIAYb4QgEBBAQDAgACMB0GA1UdDgQWBBR4tVWhM72DJX/q 8+eMt6OflXOqezANBgkqhkiG9w0BAQUFAAOCAQEAscTGRuY2BJizRRfug1JU1qha LVOjZvYPOikXleQuPBPXFSoT9jwbzDkyN76QMnondlgf0F1Gr+w4LqljFKAdjqFG SXJxAzGjMFbjTjyv7mit0Ppk7wKohXM/c8ThDCEBnnAYcTgg504BtJhBmN0ThyL6 tAXYfRFqHsgn1rj58bS+6lAa6n9iepn/yznhnFWr24imSVvef8nbI2GwphBAhNXh +Jq+BWR1pr5uUJ9ilzL44elcZ+Omh4lsILiUf6YR1xR9+d3G4VQMMOmpfgf0GJVK NKcelVlK4PW/0VgvDxoyQQFVE2hiLd5r/jUzT4zlLy+5hk3FnxSUgnl14w/u3DCC BLMwggOboAMCAQICFQCEWAP+T9cNWn701+2abEuYPjyavTANBgkqhkiG9w0BAQUF ADBSMQswCQYDVQQGEwJBVDEQMA4GA1UEChMHRXVyb1BLSTExMC8GA1UEAxMoRXVy b1BLSSBBdXN0cmlhbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDEyMTgx NjUyMzFaFw0wMjEyMzAyMjU5MzBaMIHLMQswCQYDVQQGEwJBVDENMAsGA1UEBxME R3JhejEZMBcGA1UECRMQSW5mZmVsZGdhc3NlIDE2YTEmMCQGA1UEChMdR1JBWiBV TklWRVJTSVRZIE9GIFRFQ0hOT0xPR1kxRzBFBgNVBAsTPkluc2l0dXRlIGZvciBB cHBsaWVkIEluZm9ybWF0aW9uIFByb2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25z MSEwHwYDVQQDExhJQUlLIEV1cm9QS0kgSW50cmFuZXQgQ0EwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDPwrEj1RtzPWRZUGptWv2/KsgPQ0FyMHHYemhn /+QjUv51aD9fmcqqUU/CgroJE6sLtN6cZoQ91gnxIS/Gw95PNhUX6jZfN4PF5K/G Xz3ZUx/bcvcm4tjFGG12jxWT4IN9d3oT5SMMjh1Aw0BE35yySnlqBcfWHR7gtBps dAovw1Txy8Bt8vmBrhe27dY0d3bJitULO1CG19G0Q374rnJ/CY9ZEHsz0498Ej5+ eFnefSEilJ7kQNDNU2zCx7xuu0jdu0yrb5Y1+RBdgJHCoMldUbOA2HkNOz9YLyiY WPWRxT9fcPgXv9jSYu+t+DB0MMPz53ZcYILVsopsjhKduVO5AgMBAAGjggEEMIIB ADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAfBgNVHSMEGDAWgBQA emdURVCCrBm2toURUbtpOdgt1DBWBgNVHSAETzBNMEsGDCsGAQQBlRIBAgEBATA7 MDkGCCsGAQUFBwIBFi1odHRwOi8vZXVyb3BraS5pYWlrLmF0L2NhL2V1cm9wa2kt YXQvY3BzLzEuMS8wRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2V1cm9wa2kuaWFp ay5hdC9jYS9ldXJvcGtpLWF0L2NybC9hdXN0cmlhLmNybDAdBgNVHQ4EFgQUhFgD /k/XDVp+9NftmmxKtLsQM9IwDQYJKoZIhvcNAQEFBQADggEBAC8BA5jJSByaJAeD xiEW4O8mJJdSsuO/KyoEJVjcAyyMx9lJdHNtgwabhFHR2cUZz++vKkJFpmA+A7jg jRO5IwQxiMTordze8X7rxmBlZvizFJfxUwalTAUbJ9iaLjJza42qTwjRRPSEji4b 9hcg+6PpK4pOdZ++SrIrE1qIvRqx3fFqEo8LHkkR8ZHKB/tT4GKQck/tUfeuotfQ I/XlprqctmgzmjRC0giMEurV2Ogf6kxz9BzmibwGBtCqG0GLN5XKCr6fNBAD3W+X t0FoujZfZlJqK3bt6re712rdZnztVlOaCc6gSB9WY7ZrNFhAm9+a2HzlTc7ZS+eP jC8yLW4wggRQMIIDOKADAgECAgEJMA0GCSqGSIb3DQEBBAUAMEExEDAOBgNVBAoT B0V1cm9QS0kxLTArBgNVBAMTJEV1cm9QS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 dGhvcml0eTAeFw0wMDExMjMxNDI0NDVaFw0wMjEyMzExMjAwMDBaMFIxCzAJBgNV BAYTAkFUMRAwDgYDVQQKEwdFdXJvUEtJMTEwLwYDVQQDEyhFdXJvUEtJIEF1c3Ry aWFuIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAoE5gWK44kT3O3Yenp0GT6+gkypmIAlhqYAcmokavl3WaQ4Bh BlAv4ORtBF/hVObG1ugPCep7cTNyoXZ+sNIbmlLzBxzrRpT4nYQIEu3IXR108c6A PycH+9vbYIUQrsCKx8Qs/csU5rdOxc15pHsZLJiiCYATB0GWyrcbVcoNgAj6crv7 Lx37SlENgMAssOoG4E3/2wrCQ2n/QiqBEosscpnEqQs6ABvdQiLKSpfVQJA77l9u jQ1C/ugtlYwAr5GrtSOhOTYvKB4tuVleqlHFzJoA6XaWQRpD4Oy4ymF0+5IAe9q+ lOQ6U57rWIZ0MMr8xAmf7VZtmk0KJYCkAl3DPwIDAQABo4IBQDCCATwwTAYJYIZI AYb4QgENBD8WPUlzc3VlZCB1bmRlciBwb2xpY3k6CiBodHRwOi8vd3d3LmV1cm9w a2kub3JnL2NhL3Jvb3QvY3BzLzEuMS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDov L3d3dy5ldXJvcGtpLm9yZy9jYS9yb290L2NybC9jcmwuZGVyMA8GA1UdEwEB/wQF MAMBAf8wTgYDVR0gBEcwRTBDBgorBgEEAakHAQEBMDUwMwYIKwYBBQUHAgEWJ2h0 dHA6Ly93d3cuZXVyb3BraS5vcmcvY2Evcm9vdC9jcHMvMS4xLzAOBgNVHQ8BAf8E BAMCAf4wHQYDVR0OBBYEFAB6Z1RFUIKsGba2hRFRu2k52C3UMB8GA1UdIwQYMBaA FIzci7GlSpDnTohzGDyd1V5+5LLNMA0GCSqGSIb3DQEBBAUAA4IBAQD0VfvB2KWA /FyENfhXDK7/YQwRxdAJj/3VzpdvUPb9mHW9O1kry3ZeM9IfcYqbFPdP9ZvW/g2m WQI9k4vMKDtePnzQuy+ZUuvxuKlJ7taWAAHkiXTBbJoscHetWVlIINuPYCQF33DT d5otjcOxsE+U9xjqP5tCLMzQEmnmTaUdZYWZFIjfKzoLC2JEaeVjDUQrYYwL6OUY P6aWoML1gqUP2PFzRKQK/EMSjRQzTU9ZZLVvc+FS797ki6f8zRxPGqheV4EyjFXR bY03/4fjcZ5pwictxM97tFYmmlkmWmkEvI+7ToPZ/WtPyqXciKJ9ZT/OJWWWzfXg iz5ECXNBlO0DMIIDYDCCAkigAwIBAgIBADANBgkqhkiG9w0BAQQFADBBMRAwDgYD VQQKEwdFdXJvUEtJMS0wKwYDVQQDEyRFdXJvUEtJIFJvb3QgQ2VydGlmaWNhdGlv biBBdXRob3JpdHkwHhcNOTkxMjI5MTczMDM5WhcNMTAxMjMxMTIwMDAwWjBBMRAw DgYDVQQKEwdFdXJvUEtJMS0wKwYDVQQDEyRFdXJvUEtJIFJvb3QgQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD/ L/zLh4UggkIiJA2Jmuwd6/TLOoToZz3Dr0FoCgehip+ZNrX1ehBw0esCK6Z18SfD OeyDB+ia3qWaltedQVttLUQnVPdXmzubIVapWFoHm1u3oLhBgSp1mHBmAsKmGvHV /IYF4t709tUQlpeZgjIzpbjzN799Xoa2X2yJqGGBADzHKiJn5p80LsMnx3VR/UyI XZJEq611UlADfJH1qhwUzNa0F80j0tk7/paLhnWrZDsfZNGkAugQLBDUi+nBKUu4 FicpfYL7HGX4fRmtg+oLuQ1vHlYe2YVs+UGI47e7jd4Yf1vbjinQ0OUrx2nx8z+x o47lgXwMbEJ7VwrECjS3AgMBAAGjYzBhMB8GA1UdIwQYMBaAFIzci7GlSpDnTohz GDyd1V5+5LLNMB0GA1UdDgQWBBSM3IuxpUqQ506Icxg8ndVefuSyzTAOBgNVHQ8B Af8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOCAQEAW2j/ nnW9QhtCe1iQdV9KFy9rnOpKH43tHFjuUBlgpgvNv01/rXMXLn/W81nuLTmZwdhY cjldUZZR6WUGLtArOLQaUkTQMHjc/EkU/s0v8MuWNg5vhC3ZsFFNVtfR8iWa2a+g A4uBH17cXd6PuzqD0HMFA75P32kes3xblFWZ5qSYGQvy4aWoT/FDsbeJG/Upp8Fb Z2Z0pSqfi9cAWGqzRYlT0dgu8Z2RFwwd/vPvVpQldB1ScRkfpL6PCLvmmfMRHq8Z g0JMcqmIXYYg0PcPdJ+ECikSYd/7G50/uIfJDDZEOIkmpXVn3cQmcMDRauhvwsoR 6B2lCX/cEI0PEnMBaDCCBNkwggPBoAMCAQICFD9EDnR1EdQ3xFRjSEwGBggogBmx MA0GCSqGSIb3DQEBBQUAMIHGMQswCQYDVQQGEwJBVDEmMCQGA1UEChMdR1JBWiBV TklWRVJTSVRZIE9GIFRFQ0hOT0xPR1kxRzBFBgNVBAsTPkluc2l0dXRlIGZvciBB cHBsaWVkIEluZm9ybWF0aW9uIFByb2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25z MSEwHwYDVQQLExhJQUlLIEV1cm9QS0kgSU5UUkFORVQgQ0ExIzAhBgNVBAMTGklB SUsgRXVyb1BLSSBUVS1HUkFaIENSWVBUMB4XDTAxMTEyOTEzMjUwMVoXDTAyMTIz MDIyMDAwMFowgZoxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJ VFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQg SW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGjAYBgNV BAMTEVN0ZWZhbiBLcmF4YmVyZ2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQDEVxohomk0KckxKIduxV98fR68UbG7oAhiZas5KwNmw/eIWTWowzjNm7wEoIse tBq6fVNKHBIhIn47XqTk+N76hjoADWnNn1QAVztCxXDNZVfc7+1vUioJu1QYcWPZ NyAJskap8JOS9AKje5Hdnmnd5tWPxCigbo8QiEtLIcD8wQIDAQABo4IBazCCAWcw DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBDAwHwYDVR0jBBgwFoAUmikZ1hee wVHfzGeDobfkvw+4Qx0wVAYDVR0gBE0wSzBJBgwrBgEEAZUSAQICAQIwOTA3Bggr BgEFBQcCARYraHR0cDovL2V1cm9wa2kuaWFpay5hdC9jYS9pbnRyYW5ldC9jcHMv MS4yLzBOBgNVHR8ERzBFMEOgQaA/hj1odHRwOi8vZXVyb3BraS5pYWlrLmF0L2Nh L2ludHJhbmV0L2NybC9pYWlrX2V1cm9wa2lfY3J5cHQuY3JsMBEGCWCGSAGG+EIB AQQEAwIAIDAoBglghkgBhvhCAQ0EGxYZVXNlci1DZXJ0aWZpY2F0ZSBJTlRSQU5F VDAkBgNVHREEHTAbgRlzdGVmYW4ua3JheGJlcmdlckBpYWlrLmF0MB0GA1UdDgQW BBQ/RA50dRHUN8RUY0hMBgUdsDjWPjANBgkqhkiG9w0BAQUFAAOCAQEACK/LT4Q5 JodHhwc98Yuyv7wZfymxAOFyRJsO1sseOriRFPpp9WAjZORNRUTYRPMuhd9RS3BR /jTn79AlsHevONt06xO4eatRoU01qZXQjoDZBOYsPIeId2Egs/7IWqC4iY5RBS8X 6Y3Tne/OGhzMTNiiRh0J573yPNqTUO0JK6yeYq0nNb2W4An6z+VPOW2mDEJcEj3H /PjbR/sRbhi2DjkiN4JkjRDt4aRvT3yfnlqefoQqD4kakmdllaA98VasPjS9RLjh rXKNixXlu+zzIbs0tRsN+ewLsVAUgSWl6SFOgSzPa5vTXurFbLaLRkrus6k+J19J slSUkAIajSKpmTCCBT8wggQnoAMCAQICFQCaKRnWF57BUd/MZ4Oht+WilucS8TAN BgkqhkiG9w0BAQUFADCByzELMAkGA1UEBhMCQVQxDTALBgNVBAcTBEdyYXoxGTAX BgNVBAkTEEluZmZlbGRnYXNzZSAxNmExJjAkBgNVBAoTHUdSQVogVU5JVkVSU0lU WSBPRiBURUNITk9MT0dZMUcwRQYDVQQLEz5JbnNpdHV0ZSBmb3IgQXBwbGllZCBJ bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEhMB8GA1UE AxMYSUFJSyBFdXJvUEtJIEludHJhbmV0IENBMB4XDTAwMTIxOTExMzMxMVoXDTAy MTIzMDIyNTkzMFowgcYxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZF UlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxp ZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxITAf BgNVBAsTGElBSUsgRXVyb1BLSSBJTlRSQU5FVCBDQTEjMCEGA1UEAxMaSUFJSyBF dXJvUEtJIFRVLUdSQVogQ1JZUFQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDWIkt24ac2iD1RZW0BzsolEcM7k6C5Pb8EHxVojWsjJsscBB32XS9H2h2/ XmjVOLtCPoNiEaqm8WrqFky29IdoktkLdV6bvW4gN32k17mvPUNCPmqO78idaqXC m//ocXRMwUHpMCv1NN+5KUMJ18BDchltI/Zj1btYA7cZy4Ax01k6Z2zHUJkoAc7/ +x95o8Cm/1D9JxxZ5o6tHdiAYgyUjCA6Q3L0DmNQgLPOMWU5ZfcANDWfMTAH71c3 oRJaKIum3yCKzThyX24X7iSU/SI1mA2uJnOerEweuLNhmu5kJzH+079B2Jyscr92 1fzcz6KEEjEoEtnF8VSUvhFWxb2bAgMBAAGjggEbMIIBFzASBgNVHRMBAf8ECDAG AQH/AgEAMA4GA1UdDwEB/wQEAwIBxjAfBgNVHSMEGDAWgBSEWAP+T9cNWn701+2a bEq0uxAz0jBUBgNVHSAETTBLMEkGDCsGAQQBlRIBAgIBATA5MDcGCCsGAQUFBwIB FitodHRwOi8vZXVyb3BraS5pYWlrLmF0L2NhL2ludHJhbmV0L2Nwcy8xLjEvMEgG A1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9ldXJvcGtpLmlhaWsuYXQvY2EvaW50cmFu ZXQvY3JsL2lhaWtfZXVyb3BraS5jcmwwEQYJYIZIAYb4QgEBBAQDAgACMB0GA1Ud DgQWBBSaKRnWF57BUd/MZ4Oht+S/D7hDHTANBgkqhkiG9w0BAQUFAAOCAQEAQJx9 PjiaQ085JR96Xq1xrjg5YYZJZzOm39jim/QXlHhc2i9OOHl17kKql9mHUUHbDM+C eBz8oN7nkPXK0W3p9jrQbGij6v3MSPztnfkwbZl7askTeeyrmI3rC/jR6mWTL/AC Cxn7btTc8U/9IJIFv1OQM+I9o1L68CzxsbddTSgGn6hjzZO6TnkMW+I8aWQe+uOj tthe/1Erhl9YGSHv8EkqLOWfJroKc9mmKs2iYNcEbT8VFg7K5+/cCqqpp68vFLsY Jtmlyq7vU60XNFMSaA5mgzc4wrB8ObMO98roBRJsMfKSAirSXugiKkRRyoPdC+rx siaVKay2Xd7GDSu5pDGCAy0wggMpAgEBMIHeMIHEMQswCQYDVQQGEwJBVDEmMCQG A1UEChMdR1JBWiBVTklWRVJTSVRZIE9GIFRFQ0hOT0xPR1kxRzBFBgNVBAsTPklu c2l0dXRlIGZvciBBcHBsaWVkIEluZm9ybWF0aW9uIFByb2Nlc3NpbmcgYW5kIENv bW11bmljYXRpb25zMSEwHwYDVQQLExhJQUlLIEV1cm9QS0kgSU5UUkFORVQgQ0Ex ITAfBgNVBAMTGElBSUsgRXVyb1BLSSBUVS1HUkFaIFNJRwIVALcdZLj+LTeZueHs DelqAsq/elCpMAkGBSsOAwIaBQCgggGkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTAyMDQwODExNDIxMVowIwYJKoZIhvcNAQkEMRYE FNzKztAnOnLTi/PXNudpDix2mLeiMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEo MAcGBSsOAwIHMIHwBgkrBgEEAYI3EAQxgeIwgd8wgcYxCzAJBgNVBAYTAkFUMSYw JAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UECxM+ SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQg Q29tbXVuaWNhdGlvbnMxITAfBgNVBAsTGElBSUsgRXVyb1BLSSBJTlRSQU5FVCBD QTEjMCEGA1UEAxMaSUFJSyBFdXJvUEtJIFRVLUdSQVogQ1JZUFQCFD9EDnR1EdQ3 xFRjSEwGBggogBmxMA0GCSqGSIb3DQEBAQUABIGAVRyLzHSGixp9f+rVHtFm4nag nASRzYUnoKmmCXRM/+qj7UHaPzpCU6t6YqJBVhbq6kIzMnT5h9H7n61bW8U0Iklh qaIOR3HfNriJGto0bJkagkWI2gXCI+gDsY+OeSIftmzyYbDtVADjIN6jvDMUKcS4 QNx9+QhDAJNKgNbnNxgAAAAAAAA= ----IAIK.SMIME.MAPPER.67B06B63---- Received: by above.proper.com (8.11.6/8.11.3) id g38BAup04999 for ietf-pkix-bks; Mon, 8 Apr 2002 04:10:56 -0700 (PDT) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38BApm04990 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 04:10:51 -0700 (PDT) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id NAA24554; Mon, 8 Apr 2002 13:10:30 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Mon, 8 Apr 2002 13:10:30 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id NAA27895; Mon, 8 Apr 2002 13:10:29 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id NAA05894; Mon, 8 Apr 2002 13:10:28 +0200 (MET DST) Date: Mon, 8 Apr 2002 13:10:28 +0200 (MET DST) Message-Id: <200204081110.NAA05894@emeriau.edelweb.fr> To: jimhei@cablespeed.com, rhousley@rsasecurity.com Subject: Re: Open issue: DPV relay Cc: stephen.farrell@baltimore.ie, tim.polk@nist.gov, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Jim: > > I am not talking about trust in the X.500 system. I am talking about trust > in a DPV server. In my mind, the client asks one DPV server to perform an > action. The response should come back, signed by that DPV server, or it is > an error from the client's perspective. I'd say this in a slightly slightly different way. A client MUST be able to authenticate the response at the moment when he receives it. The authentication method should be as simple as possible. Possible authentication methods include a signature (e.g. CMS signedData), TLS/SSL authentication or evel lower layers. Whenever there is a need that another entity needs to reverify a response "later" (which may not be necessary in all circumstances), an appropriate method to authenticate the response MUST be available, i.e., a combination of protocol data and services MUST be available to ensure this feature. > I see no reason for the client to be made aware of an chaining or multicasting. I'd say that the response MUST include all essential element that have contributed to the decision, this MAY mean to include some responses or the identities of entities that have contributed to the response. > I do not think that we should include referrals in the DPV system at all. I'm rather reluctant to have a referral type of mode, but Stephen Farrell gave an interesting example that may be slightly modified as follows: End user A ask server S1 "validate cert". S1 asks service S2. S2 answers : Don't know, please go to service S3, here is a trustworthy cert of S3. S1 answers S3 S3 gives a signed response. S1 validates the response agains the cert received by S3 and creates a final reponse to end user. I can imagine that there may be servers like S2 that would like to operate that way. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g38ADME29852 for ietf-pkix-bks; Mon, 8 Apr 2002 03:13:22 -0700 (PDT) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g38ADGm29847 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 03:13:17 -0700 (PDT) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g38ADGb27611 for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 11:13:16 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a21ad7ad10a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Mon, 8 Apr 2002 11:07:53 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id LAA31699; Mon, 8 Apr 2002 11:13:07 +0100 Message-ID: <3CB16D38.9D32AC11@baltimore.ie> Date: Mon, 08 Apr 2002 11:13:12 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: Tim Polk <tim.polk@nist.gov>, ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Russ, I do tend to agree that re-direct/referral carries some complexity and therefore adding it might not be warranted at this stage. However, if we are adding relay (though I'm not sure what requirement on a protocol is being added - is it: "MAY have the ability to be used in relaying fashion"?) then thinking about re-direct/referral seems appropriate. I would think that the closest-to-real use case for this is actually a combination of relaying and referral as in: Alice -> Bob - is this a good key? Robert -> Charlie - is this a good key? (relaying) Chaz -> Robert - I dunno, ask Denis (re-direct/referral) Robbie -> Denis - is this a good key? Denis -> Rob - I strongly disagree (with apologies:-) Robert -> Alice - Nope That has some nice properties for hiding internal structure, using fewer trust points, avoiding firewall problems, not making the client more complicated than necessary etc that I think you don't get with relaying alone. I also agree that the following is an intresting question that would have to be answered by any protocol that claimed to support re-direct/referral: "if I trust you for DPV, does it follow that I trust you to tell me who else I trust for DPV?". On the one hand the client is no more exposed since the first DPV server can always cheat, on the other hand, this smacks of some meta-protocol, so I don't know the answer. Cheers, Stephen. "Housley, Russ" wrote: > > Steve: > > In the X.500 directory, they two communication models are called chaining > referrals. Peter has asked for chaining support. You are asking whether > referrals should also be supported. > > I can see cases where chaining might be helpful. It does not change the > client's trust model. It asks a particular DPV server for a response, and > it gets one (signed by the same server that it asked). > > I think that referrals complicate the trust model. The client asks one DPV > server, then that server suggests that a different server might be better > able to help. If the client chooses to ask that server, it will get back a > response signed by the second server. Does the client trust it only > because the first server made a referral? What information need to be > stored by the client to prove that it was referred to this server? All of > this is more complication than I want. > > Russ > > At 02:21 PM 4/5/2002 +0100, Stephen Farrell wrote: > > >*If* relaying support/capability is to be considered as a > >MUST/SHOULD/MAY requirement for a DPV protocol, then should > >re-direction be handled similarly? (Note: I'm not proposing > >that it should be, just asking!) > > > >By re-direction I mean: > > > >Alice: Hey Bob - is this key good? > >Robert: Dunno Alice - but Charlie might know. > >Alice: Hey Charles - is this key good? > >Chaz: Yep. > > > >Stephen. > > > >Tim Polk wrote: > > > > > > Peter Sylvester has stated a requirement for DPV servers to relay requests > > > to one another: > > > > > > > > > > >There is a requirement, similar as for OCSP caches, > > > >that server just relays a request to another. This had been > > > >discussed several times, the differences had only been to > > > >what degree the relaying should become visible; whether one > > > >server can rewrite/resigns the answers of another etc. > > > >Relaying via cache is an obvious feature in many OCSP implementation, > > > >how do they protect itself against loops between two servers? > > > > > > > > > > I believe this is an open issue, and would like to start a new discussion > > > thread limited to this topic. > > > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > > servers. If a server cannot satisfy a request directly, it may relay the > > > request to a different server. We'll assume the server is smart enough not > > > to relay a request back to the requester. (That is, if server A relays a > > > request to Server B, B may relay it to Server C but not A.) > > > > > > (1) Assume Alice requests a valid path for Bob's certificate from Server A, > > > when none exists. > > > (2) Server A relays the request to Server B, since it cannot satisfy it > > > directly. (A could have chosen Server C; it is irrelevant.) > > > (3) Server B relays the request to Server C, since it cannot satisfy it > > > directly. (C could not choose A, since it was the requester.) > > > (4) Server C relays the request to Server A, since it cannot satisfy it > > > directly. (A could not choose B, since it was the requester.) > > > > > > At this point, either A must maintain state and recognize that the request > > > has cycled around or the protocol has to handle this by maintaining a > > > history list. > > > > > > Peter, please confirm that I have characterized the problem correctly (or > > > post the right scenario)! I am not personally convinced that blind > > > relaying amongst DPV servers is a requirement. > > > > > > IMHO, DPV relaying would be limited to the scenario where each Server was > > > authoritative for a particular community (perhaps based on privately held > > > status information). Alice directs all requests to Server A to simplify > > > her life. Server A would be able to determine which server (B or C) could > > > possibly satisfy the request based on Bob's certificate. > > > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > > imposing no additional requirements... > > > > > > Thanks, > > > > > > Tim Polk > > > >-- > >____________________________________________________________ > >Stephen Farrell > >Baltimore Technologies, tel: (direct line) +353 1 881 6716 > >39 Parkgate Street, fax: +353 1 881 7000 > >Dublin 8. mailto:stephen.farrell@baltimore.ie > >Ireland http://www.baltimore.com -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g36E9Yx08987 for ietf-pkix-bks; Sat, 6 Apr 2002 06:09:34 -0800 (PST) Received: from mtiwmhc22.worldnet.att.net (mtiwmhc22.worldnet.att.net [204.127.131.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g36E9Wm08982 for <ietf-pkix@imc.org>; Sat, 6 Apr 2002 06:09:32 -0800 (PST) Received: from tsg1 ([12.81.65.90]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020406140926.EVKP38.mtiwmhc22.worldnet.att.net@tsg1>; Sat, 6 Apr 2002 14:09:26 +0000 Message-ID: <001901c1dd74$8d26a730$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Peter Williams" <peterw@valicert.com> Cc: <ietf-pkix@imc.org> References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert.com> Subject: NEW THREAD: Too Complex - WAS - Re: Open issue: DPV relay Date: Sat, 6 Apr 2002 06:06:40 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter - All - I agree with you to some extent but let me also that there is another side and its about a bigger picture. And in this bigger picture PKIX is way out of control. What it really needs is to have a thread of commonality drawn through all that PKIX produces. What I mean by that is that the entire process of complex-decision-support and evidentiary processing of x.509 certs is out of control. What we as a culture really need is something like CDSA only for PKIX. What I would conceptually propose as the PKIX streamlined PKI architecture. A common PKIX transaction architecture and process model. A simpler one, and one that does not allow recursion or ambiguity that is unchecked. What PKIX needs to do is to simplify everything it does. The intent would be to identify: 1) Is there any value in making all this PKI ware at the Network Transport Level. I.e will the evidentiary needs of the world need and use what we are proposing. Will it fit into Human Law and Process currently accepted or, like the TSA, will it need artificial stimulus in the form of something like Italy's mandating some EU approved timestamp process without understanding exactly what the TSA provides relative to simple receipts (i.e. not much at this point but we should spin that off as a separate thread!). 2) How can the same services be used for both Evidentiary Service Models and for Decision Support (Hey Stephen - I going Cap Crazy!)... 3) And who we are going to work with. What has happened so far is that with its key architects, this WG has come up with so many pieces that it is freakin impossible to come to any gross agreements about anything. Take this argument - "Should DPV servers refer their requests to another node in a chain if local policy is failed or exceeded?" - it is totally constrained by how this system is being used and what types of legal frameworks are manding functionality under it. This is more than a problem with PKIX and people submitting technologies that while the use seems mechanically cool, do not satisfy the existing legal or process framework. And to that end PKIX and the IETF force the world to tau-tau to its goals rather that the IETF doing what its supposed to and that is to build protocols for the real world. Well the real world is commercial transaction processing and without it there would be no Internet. Todd ----- Original Message ----- From: "Peter Williams" <peterw@valicert.com> To: "'todd glassey'" <todd.glassey@worldnet.att.net> Cc: <ietf-pkix@imc.org> Sent: Friday, April 05, 2002 5:28 PM Subject: RE: Open issue: DPV relay > > Todd, > > I do not believe we should formulate any > particular use-model at this time, for DPV REQUIREMENTS; > leaving aside the philosophical issue of > whether use-modeling would or would not help IETF standards > adoption. The requirements should prepare for > protocol-specification, not establish operational > usage constraints. > > The only valuable use-issues topics I can forsee that might > serve us (in contradiction to the above) are precisely > those that Ambarish mentioned: do what OCSP did, > so succesfully in the Internet environment... for the > same issue; and dont lets sucumb to the temptation to > over-architect! > > -------------- > > In my view, on Russ side comment, constraining DPV to > require users to interact > with a service provider at a single access-point is > like setting the clock back on X.509, and requiring > the world to adopt the Entrust use-model > of PKC key management. Entrust's use-model makes > for a fine and highly-manageable system, but it > competes (successfully) with other domain-management > models that are equally succesful in the wider Internet > environment we server. > > The only trust issue for DPV requirments I can see > is this: > > Just, as Sharon recently indicated, PMI's SOAs > are trusted as authoritative for their policy > scope, so DPV servers are trusted. PMI deals > with privileges; DPV deals with remote processing > of chains against validation policies. The two > authority models are really identical, otherwise. > > Lets note that PMI didnt constrain an AC verifier to use > only a single SOA-headed source of AC paths. So > should the DPV requirements not constrain the > DPV client from accepting results from > any set of (possibly (out of IETF scope) constained) DPV > servers - whose service is provided at the > access point to which the client is bound (including > that operated, perhaps, by a simple-proxing or a > chaining&resigning DPV server). > > > -----Original Message----- > From: todd glassey [mailto:todd.glassey@worldnet.att.net] > Sent: Friday, April 05, 2002 3:52 PM > To: Housley, Russ; jim > Cc: stephen.farrell@baltimore.ie; Tim Polk; ietf-pkix@imc.org > Subject: Re: Open issue: DPV relay > > > > Russ is 100% dead on but this is about the mechanics of the use model more > than anything - let me demonstrate... > > ----- Original Message ----- > From: "Housley, Russ" <rhousley@rsasecurity.com> > To: "jim" <jimhei@cablespeed.com> > Cc: <stephen.farrell@baltimore.ie>; "Tim Polk" <tim.polk@nist.gov>; > <ietf-pkix@imc.org> > Sent: Friday, April 05, 2002 12:42 PM > Subject: Re: Open issue: DPV relay > > > > > > Jim: > > > > I am not talking about trust in the X.500 system. I am talking about > trust > > in a DPV server. In my mind, the client asks one DPV server to perform an > > action. The response should come back, signed by that DPV server, or it > is > > an error from the client's perspective. > > > > I see no reason for the client to be made aware of an chaining or > multicasting. > > > > I do not think that we should include referrals in the DPV system at all. > > The only way this would not want to be true is if the trust model between > the requesting agents and the supplying agents had a pre-existing agreement > that the trust supplying agent could look beyond its own services as sources > of the trust model its looking for from this DPV server. It would then stand > as a referred trust provider when it cannot satisfy the trust request > itself. > > In fact from a use model perspective, it would seem that only the client > could authotize this for privacy reasons, and it seems that it would need > to be on a per transaction basis (I.e. the Trust provider says " my trust > processes cannon fulfill this request so I have passed it onward to someone > that can" ... the only problem is that you run the potential that the next > link in the trust envelope would also not be able to satisfy this request > either or coupdl get locked in a loop... so where does it stop???) > > The "what" of what you have now is a situation where the referring agent is > going around and shopping for an external DPV agent who can and is willing > to satisfy this trust validation request. And this seems at best kinda > clunky and potentially a real problem over privacy and context information > from the actual agent requesting this validation service. > > I suggest that becuase of this, that unless specifically authorized or > requested from the client, that the DPV services should be restruicted to > stay on a single platform... and it be the Client's responsibility to > hierarchicly check out the trust element in question. > > > > > Russ > > SNIP > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g36E9PM08980 for ietf-pkix-bks; Sat, 6 Apr 2002 06:09:25 -0800 (PST) Received: from mtiwmhc22.worldnet.att.net (mtiwmhc22.worldnet.att.net [204.127.131.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g36E9Nm08976 for <ietf-pkix@imc.org>; Sat, 6 Apr 2002 06:09:23 -0800 (PST) Received: from tsg1 ([12.81.65.90]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020406140915.EVID38.mtiwmhc22.worldnet.att.net@tsg1>; Sat, 6 Apr 2002 14:09:15 +0000 Message-ID: <001801c1dd74$8703c2c0$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Peter Williams" <peterw@valicert.com> Cc: <ietf-pkix@imc.org> References: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert.com> Subject: Re: Open issue: DPV relay Date: Sat, 6 Apr 2002 06:03:02 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter - ----- Original Message ----- From: "Peter Williams" <peterw@valicert.com> To: "'todd glassey'" <todd.glassey@worldnet.att.net> Cc: <ietf-pkix@imc.org> Sent: Friday, April 05, 2002 5:28 PM Subject: RE: Open issue: DPV relay > Todd, > > I do not believe we should formulate any > particular use-model at this time, for DPV REQUIREMENTS; Then how can we make a determination on what its supposed to do in the real world and how the policy is supposed to work? This one especially, I think, needs a use model. o- Jane calls DPV server with the embedded clients in her document or event authenticator applet. o- The applet transfers the query to the DPV server and then awaits response. (and how is gross DPV discovery done anyhow?) o- Server responds - "No data, sorry Jane. But I do want to ask "should I forward this request to the next link in the chain or what?" o- Jane responds through her applet - "Yeah go ahead and forward it." (except that I see Safe Harbor violations in this so large that no one in their right mind uses it without constraints.) > leaving aside the philosophical issue of > whether use-modeling would or would not help IETF standards > adoption. Yes lets as Stephen will not be happy if I or you open that can of worms again (anyone else or an Earthworm?) > The requirements should prepare for > protocol-specification, not establish operational > usage constraints. Except that this context is supposed to carry data that is directly impacted by any number of already in place legal regimens. The concept that Safe Harmor is not relative to what PKIX does is more than stupid its negligent as no protocol that would violate what these laws were setup to do will fly. > > The only valuable use-issues topics I can forsee that might > serve us (in contradiction to the above) are precisely > those that Ambarish mentioned: do what OCSP did, OCSP also suffers the same set of problems but to a lessor degree. By the way Myers -I never complimented you on OCSP but it is a stroke of genius. Especially since it can be used as the policy control transport itself of a transaction process. (Sorry for the rathole there.) > so succesfully in the Internet environment... for the > same issue; and dont lets sucumb to the temptation to > over-architect! > > -------------- > > In my view, on Russ side comment, constraining DPV to > require users to interact > with a service provider at a single access-point is > like setting the clock back on X.509, and requiring > the world to adopt the Entrust use-model > of PKC key management. Sure from a mechanical standpoint but the world is not a totally meshed set of governments and we are still a planet of individual laws and jurisdictions and so not paying attention to tools that could have impact there is more than dumb. Its dumber. > Entrust's use-model makes > for a fine and highly-manageable system, but it > competes (successfully) with other domain-management > models that are equally succesful in the wider Internet > environment we server. That's the point. > > The only trust issue for DPV requirments I can see > is this: > > Just, as Sharon recently indicated, PMI's SOAs > are trusted as authoritative for their policy > scope, so DPV servers are trusted. OK then should the source of the trust have the ability to refer you to another trust node as the source of the trust its proferring to you. Remeber that the request and servicing of a trust process may in many legal senses be a contract and as such it has peculiar nuances that we as technogeeks are usually unconcerned with. But its time to wake up and get concerned. So lets look what actually happens to a contract model wherein the end-node trust service refers that trust process to a second or follow-on server... The contract is still between the first two players, eh? - not likely - so then what is the difference in DPV being driven by the Client Side as opposed to authmatically being referred onward to the next node in a web of trust? Simple - If the client is responsible for all escalation of the/up the DPV Proofing Chain (thats my term for the identified chain of trust verifiers for any given "D"), then the legal issues become more one for the client application to address and this is a much safer method of dealing with the process I think. > PMI deals > with privileges; DPV deals with remote processing > of chains against validation policies. The two > authority models are really identical, otherwise. > > Lets note that PMI didnt constrain an AC verifier to use > only a single SOA-headed source of AC paths. So > should the DPV requirements not constrain the > DPV client from accepting results from > any set of (possibly (out of IETF scope) constained) DPV > servers - whose service is provided at the > access point to which the client is bound (including > that operated, perhaps, by a simple-proxing or a > chaining&resigning DPV server). > > > -----Original Message----- > From: todd glassey [mailto:todd.glassey@worldnet.att.net] > Sent: Friday, April 05, 2002 3:52 PM > To: Housley, Russ; jim > Cc: stephen.farrell@baltimore.ie; Tim Polk; ietf-pkix@imc.org > Subject: Re: Open issue: DPV relay > > > > Russ is 100% dead on but this is about the mechanics of the use model more > than anything - let me demonstrate... > > ----- Original Message ----- > From: "Housley, Russ" <rhousley@rsasecurity.com> > To: "jim" <jimhei@cablespeed.com> > Cc: <stephen.farrell@baltimore.ie>; "Tim Polk" <tim.polk@nist.gov>; > <ietf-pkix@imc.org> > Sent: Friday, April 05, 2002 12:42 PM > Subject: Re: Open issue: DPV relay > > > > > > Jim: > > > > I am not talking about trust in the X.500 system. I am talking about > trust > > in a DPV server. In my mind, the client asks one DPV server to perform an > > action. The response should come back, signed by that DPV server, or it > is > > an error from the client's perspective. > > > > I see no reason for the client to be made aware of an chaining or > multicasting. > > > > I do not think that we should include referrals in the DPV system at all. > > The only way this would not want to be true is if the trust model between > the requesting agents and the supplying agents had a pre-existing agreement > that the trust supplying agent could look beyond its own services as sources > of the trust model its looking for from this DPV server. It would then stand > as a referred trust provider when it cannot satisfy the trust request > itself. > > In fact from a use model perspective, it would seem that only the client > could authotize this for privacy reasons, and it seems that it would need > to be on a per transaction basis (I.e. the Trust provider says " my trust > processes cannon fulfill this request so I have passed it onward to someone > that can" ... the only problem is that you run the potential that the next > link in the trust envelope would also not be able to satisfy this request > either or coupdl get locked in a loop... so where does it stop???) > > The "what" of what you have now is a situation where the referring agent is > going around and shopping for an external DPV agent who can and is willing > to satisfy this trust validation request. And this seems at best kinda > clunky and potentially a real problem over privacy and context information > from the actual agent requesting this validation service. > > I suggest that becuase of this, that unless specifically authorized or > requested from the client, that the DPV services should be restruicted to > stay on a single platform... and it be the Client's responsibility to > hierarchicly check out the trust element in question. > > > > > Russ > > SNIP > > Received: by above.proper.com (8.11.6/8.11.3) id g3620ZK18725 for ietf-pkix-bks; Fri, 5 Apr 2002 18:00:35 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3620Xm18721 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 18:00:33 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g3620PC28174; Sat, 6 Apr 2002 02:00:25 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020405172059.01743dd8@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 05 Apr 2002 18:00:36 -0800 To: Christopher Oliva <Chris.Oliva@entrust.com> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: RE: LDAP Certificate transfer syntax Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> In-Reply-To: <BFB44293CE13C9419B7AFE7CBC35B9390120D787@sottmxs08.entrust .com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 03:27 PM 2002-04-05, Christopher Oliva wrote: >I don't believe there is agreement on your supposition that the 3 cases you have outlined are non conformant. Well, I rather not rehash the whole discussion, but I believe each actually is. >Here are some observations on the three cases: > >a) and b) >RFC 2252 clause 6.5 only mandates a binary encoding. >As previously pointed out by others, there is no absolute imperative that requires the use of the ";binary" option. How else would you indicate that the "binary" encoding was requested/used instead of the "string" encoding? >The part referring to the userCertificiate;binary and caCertificate;binary are merely examples of how one could generate the binary encoding. >If one were to include the use of the attribute descriptions as part of the absolute imperative, this would make it impossible to construct legal add and modify messages since this clause only allows the requesting and returning of attributes. So, trimming the imperative down to its essence: Values in this syntax MUST only be transferred using the binary encoding. RFC 2251 says: If the "binary" option is present in an AttributeDescription, it overrides any string-based encoding representation defined for that attribute in [5]. Instead the attribute is to be transferred as a binary value encoded using the Basic Encoding Rules [11]. That is, if ;binary is not present, the string-based ("native") encoding is used. >I'm sure you are referring to the "MUST NOT expect" clause of RFC 2251 >clause 4.1.5.1. No, I'm referring to the technical specification as a whole. In particular the first paragraph of RFC 2251, 4.1.5.1 and RFC 2252, 4.3. >c) >Nowhere in the ldapv3 RFCs is there a description of the behavior for this case. There is no justification to label this as non conformant. You are right in that the RFC does not explicit state this. But it should be obvious that "CN;binary" should not be returned unless "CN;binary" was requested. Same goes for userCertificate. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g361TFX18316 for ietf-pkix-bks; Fri, 5 Apr 2002 17:29:15 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g361TDm18310 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 17:29:13 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU400G01HD33C@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 5 Apr 2002 17:27:03 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU400FL8HD3AW@ext-mail.valicert.com>; Fri, 05 Apr 2002 17:27:03 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570P4QP>; Fri, 05 Apr 2002 17:28:39 -0800 Content-return: allowed Date: Fri, 05 Apr 2002 17:28:38 -0800 From: Peter Williams <peterw@valicert.com> Subject: RE: Open issue: DPV relay To: "'todd glassey'" <todd.glassey@worldnet.att.net> Cc: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E01F4A599@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Todd, I do not believe we should formulate any particular use-model at this time, for DPV REQUIREMENTS; leaving aside the philosophical issue of whether use-modeling would or would not help IETF standards adoption. The requirements should prepare for protocol-specification, not establish operational usage constraints. The only valuable use-issues topics I can forsee that might serve us (in contradiction to the above) are precisely those that Ambarish mentioned: do what OCSP did, so succesfully in the Internet environment... for the same issue; and dont lets sucumb to the temptation to over-architect! -------------- In my view, on Russ side comment, constraining DPV to require users to interact with a service provider at a single access-point is like setting the clock back on X.509, and requiring the world to adopt the Entrust use-model of PKC key management. Entrust's use-model makes for a fine and highly-manageable system, but it competes (successfully) with other domain-management models that are equally succesful in the wider Internet environment we server. The only trust issue for DPV requirments I can see is this: Just, as Sharon recently indicated, PMI's SOAs are trusted as authoritative for their policy scope, so DPV servers are trusted. PMI deals with privileges; DPV deals with remote processing of chains against validation policies. The two authority models are really identical, otherwise. Lets note that PMI didnt constrain an AC verifier to use only a single SOA-headed source of AC paths. So should the DPV requirements not constrain the DPV client from accepting results from any set of (possibly (out of IETF scope) constained) DPV servers - whose service is provided at the access point to which the client is bound (including that operated, perhaps, by a simple-proxing or a chaining&resigning DPV server). -----Original Message----- From: todd glassey [mailto:todd.glassey@worldnet.att.net] Sent: Friday, April 05, 2002 3:52 PM To: Housley, Russ; jim Cc: stephen.farrell@baltimore.ie; Tim Polk; ietf-pkix@imc.org Subject: Re: Open issue: DPV relay Russ is 100% dead on but this is about the mechanics of the use model more than anything - let me demonstrate... ----- Original Message ----- From: "Housley, Russ" <rhousley@rsasecurity.com> To: "jim" <jimhei@cablespeed.com> Cc: <stephen.farrell@baltimore.ie>; "Tim Polk" <tim.polk@nist.gov>; <ietf-pkix@imc.org> Sent: Friday, April 05, 2002 12:42 PM Subject: Re: Open issue: DPV relay > > Jim: > > I am not talking about trust in the X.500 system. I am talking about trust > in a DPV server. In my mind, the client asks one DPV server to perform an > action. The response should come back, signed by that DPV server, or it is > an error from the client's perspective. > > I see no reason for the client to be made aware of an chaining or multicasting. > > I do not think that we should include referrals in the DPV system at all. The only way this would not want to be true is if the trust model between the requesting agents and the supplying agents had a pre-existing agreement that the trust supplying agent could look beyond its own services as sources of the trust model its looking for from this DPV server. It would then stand as a referred trust provider when it cannot satisfy the trust request itself. In fact from a use model perspective, it would seem that only the client could authotize this for privacy reasons, and it seems that it would need to be on a per transaction basis (I.e. the Trust provider says " my trust processes cannon fulfill this request so I have passed it onward to someone that can" ... the only problem is that you run the potential that the next link in the trust envelope would also not be able to satisfy this request either or coupdl get locked in a loop... so where does it stop???) The "what" of what you have now is a situation where the referring agent is going around and shopping for an external DPV agent who can and is willing to satisfy this trust validation request. And this seems at best kinda clunky and potentially a real problem over privacy and context information from the actual agent requesting this validation service. I suggest that becuase of this, that unless specifically authorized or requested from the client, that the DPV services should be restruicted to stay on a single platform... and it be the Client's responsibility to hierarchicly check out the trust element in question. > > Russ SNIP Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35NuSh16850 for ietf-pkix-bks; Fri, 5 Apr 2002 15:56:28 -0800 (PST) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35NuQm16846 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 15:56:27 -0800 (PST) Received: from tsg1 ([12.81.79.244]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020405235623.QQJS8815.mtiwmhc23.worldnet.att.net@tsg1>; Fri, 5 Apr 2002 23:56:23 +0000 Message-ID: <005e01c1dcfd$61ec7e90$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Housley, Russ" <rhousley@rsasecurity.com>, "jim" <jimhei@cablespeed.com> Cc: <stephen.farrell@baltimore.ie>, "Tim Polk" <tim.polk@nist.gov>, <ietf-pkix@imc.org> References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <5.1.0.14.2.20020405153917.02fc71d8@exna07.securitydynamics.com> Subject: Re: Open issue: DPV relay Date: Fri, 5 Apr 2002 15:52:17 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ is 100% dead on but this is about the mechanics of the use model more than anything - let me demonstrate... ----- Original Message ----- From: "Housley, Russ" <rhousley@rsasecurity.com> To: "jim" <jimhei@cablespeed.com> Cc: <stephen.farrell@baltimore.ie>; "Tim Polk" <tim.polk@nist.gov>; <ietf-pkix@imc.org> Sent: Friday, April 05, 2002 12:42 PM Subject: Re: Open issue: DPV relay > > Jim: > > I am not talking about trust in the X.500 system. I am talking about trust > in a DPV server. In my mind, the client asks one DPV server to perform an > action. The response should come back, signed by that DPV server, or it is > an error from the client's perspective. > > I see no reason for the client to be made aware of an chaining or multicasting. > > I do not think that we should include referrals in the DPV system at all. The only way this would not want to be true is if the trust model between the requesting agents and the supplying agents had a pre-existing agreement that the trust supplying agent could look beyond its own services as sources of the trust model its looking for from this DPV server. It would then stand as a referred trust provider when it cannot satisfy the trust request itself. In fact from a use model perspective, it would seem that only the client could authotize this for privacy reasons, and it seems that it would need to be on a per transaction basis (I.e. the Trust provider says " my trust processes cannon fulfill this request so I have passed it onward to someone that can" ... the only problem is that you run the potential that the next link in the trust envelope would also not be able to satisfy this request either or coupdl get locked in a loop... so where does it stop???) The "what" of what you have now is a situation where the referring agent is going around and shopping for an external DPV agent who can and is willing to satisfy this trust validation request. And this seems at best kinda clunky and potentially a real problem over privacy and context information from the actual agent requesting this validation service. I suggest that becuase of this, that unless specifically authorized or requested from the client, that the DPV services should be restruicted to stay on a single platform... and it be the Client's responsibility to hierarchicly check out the trust element in question. > > Russ SNIP Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35NSDp16340 for ietf-pkix-bks; Fri, 5 Apr 2002 15:28:13 -0800 (PST) Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35NSCm16334 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 15:28:12 -0800 (PST) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <2LVTBGAJ>; Fri, 5 Apr 2002 18:28:00 -0500 Message-ID: <BFB44293CE13C9419B7AFE7CBC35B9390120D787@sottmxs08.entrust.com> From: Christopher Oliva <Chris.Oliva@entrust.com> To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, David Chadwick <d.w.chadwick@salford.ac.uk> Cc: Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Fri, 5 Apr 2002 18:27:59 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DCF9.85BDF230" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DCF9.85BDF230 Content-Type: text/plain; charset="iso-8859-1" I don't believe there is agreement on your supposition that the 3 cases you have outlined are non conformant. Here are some observations on the three cases: a) and b) RFC 2252 clause 6.5 only mandates a binary encoding. As previously pointed out by others, there is no absolute imperative that requires the use of the ";binary" option. The part referring to the userCertificiate;binary and caCertificate;binary are merely examples of how one could generate the binary encoding. If one were to include the use of the attribute descriptions as part of the absolute imperative, this would make it impossible to construct legal add and modify messages since this clause only allows the requesting and returning of attributes. I'm sure you are referring to the "MUST NOT expect" clause of RFC 2251 clause 4.1.5.1. Nowhere does the RFC explain how to apply this clause to an implementation of the protocol specification (the precise impact of "MUST NOT expect" in an implementation is undefined). The query is legal and nothing prohibits the server from replying. If the intent had been to disallow this query, the specification would have said something like " ... if the client performs a query for an attribute by name without the ;binary option, the server MUST NOT return the value in the binary encoding." c) Nowhere in the ldapv3 RFCs is there a description of the behavior for this case. There is no justification to label this as non conformant. Chris. -----Original Message----- From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] Sent: Friday, April 05, 2002 3:35 PM To: David Chadwick Cc: Mark Wahl; steven.legg@adacel.com.au; 'LDAP BIS'; 'PKIX' Subject: Re: LDAP Certificate transfer syntax I think adding a LDAP-specific "native" encoding to certificate is a bad idea and will actually cause more problems than it solves. AFAIK, there are no interoperability problem between clients and servers which adhere to the technical specification. Things are basically okay. This I-D attempts to resolve interoperability problems between non-conforming implementations and conforming implementations by altering the specification to require conforming implementations to accept and support the syntax and semantics of non-conforming implementations. However, there are a number of different ways implementations have not conformed to the specification. I have seen, in the wild, clients which: a) request "userCertificate" and expect the return of "userCertificate" using the (updated) LDAPv2 native string encoding. b) request "userCertificate" and expect the return of "userCertificate;binary" using binary transfer. c) request "*" and expect the return of "userCertificate;binary" using binary transfer. This I-D caters to case a) in a manner which disallows servers from supporting case b) and c). I believe cases b) and c) are actually for more common than case a). I know of implemenations which are liberal in accepting b) or c). While there may be implementations which are liberal in accepting a), it should be noted that a) requires the server not to be strict in what it sends. I also note that b) and c) are generally the result of the specification not be as clear as it should have been. Where a) is the result of someone apply LDAPv2 syntax and semantics to LDAPv3. However, my objection to adding this I-D is that it that client and server implementations of it won't interoperate with existing server and client implementations which conform to the existing specification. I suggest we only make the minimal changes necessary to resolve the issues which caused this schema to be removed from the LDAP "core" technical specification. It was removed become of normative reference issues (e.g., 2nd v 3rd v ... edition of X.500) and to align the schema with that provided by X.509 (e.g., matching rules). I note that it was NOT removed because of lack of multiple independently developed implementations. We need to be careful to not to require changes to implementations which have already demonstrated interoperability. Kurt ------_=_NextPart_001_01C1DCF9.85BDF230 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: LDAP Certificate transfer syntax</TITLE> </HEAD> <BODY> <BR> <P><FONT SIZE=3D2>I don't believe there is agreement on your = supposition that the 3 cases you have outlined are non = conformant.</FONT> </P> <P><FONT SIZE=3D2>Here are some observations on the three cases:</FONT> </P> <P><FONT SIZE=3D2>a) and b)</FONT> <BR><FONT SIZE=3D2>RFC 2252 clause 6.5 only mandates a binary encoding. = As previously pointed out by others, there is no absolute imperative = that requires the use of the ";binary" option. The part = referring to the userCertificiate;binary and caCertificate;binary are = merely examples of how one could generate the binary encoding. If one = were to include the use of the attribute descriptions as part of the = absolute imperative, this would make it impossible to construct legal = add and modify messages since this clause only allows the requesting = and returning of attributes.</FONT></P> <P><FONT SIZE=3D2>I'm sure you are referring to the "MUST NOT = expect" clause of RFC 2251 clause 4.1.5.1. Nowhere does the RFC = explain how to apply this clause to an implementation of the protocol = specification (the precise impact of "MUST NOT expect" in an = implementation is undefined). The query is legal and nothing prohibits = the server from replying. If the intent had been to disallow this = query, the specification would have said something like " ... if = the client performs a query for an attribute by name without the = ;binary option, the server MUST NOT return the value in the binary = encoding."</FONT></P> <P><FONT SIZE=3D2>c)</FONT> <BR><FONT SIZE=3D2>Nowhere in the ldapv3 RFCs is there a description of = the behavior for this case. There is no justification to label this as = non conformant.</FONT></P> <P><FONT SIZE=3D2>Chris.</FONT> </P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Kurt D. Zeilenga [<A = HREF=3D"mailto:Kurt@OpenLDAP.org">mailto:Kurt@OpenLDAP.org</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Friday, April 05, 2002 3:35 PM</FONT> <BR><FONT SIZE=3D2>To: David Chadwick</FONT> <BR><FONT SIZE=3D2>Cc: Mark Wahl; steven.legg@adacel.com.au; 'LDAP = BIS'; 'PKIX'</FONT> <BR><FONT SIZE=3D2>Subject: Re: LDAP Certificate transfer syntax</FONT> </P> <BR> <P><FONT SIZE=3D2>I think adding a LDAP-specific "native" = encoding to certificate</FONT> <BR><FONT SIZE=3D2>is a bad idea and will actually cause more problems = than it</FONT> <BR><FONT SIZE=3D2>solves.</FONT> </P> <P><FONT SIZE=3D2>AFAIK, there are no interoperability problem between = clients</FONT> <BR><FONT SIZE=3D2>and servers which adhere to the technical = specification. Things</FONT> <BR><FONT SIZE=3D2>are basically okay.</FONT> </P> <P><FONT SIZE=3D2>This I-D attempts to resolve interoperability = problems between</FONT> <BR><FONT SIZE=3D2>non-conforming implementations and conforming = implementations</FONT> <BR><FONT SIZE=3D2>by altering the specification to require conforming = implementations</FONT> <BR><FONT SIZE=3D2>to accept and support the syntax and semantics of = non-conforming</FONT> <BR><FONT SIZE=3D2>implementations. However, there are a number = of different</FONT> <BR><FONT SIZE=3D2>ways implementations have not conformed to the = specification.</FONT> </P> <P><FONT SIZE=3D2>I have seen, in the wild, clients which:</FONT> <BR> <FONT SIZE=3D2>a) = request "userCertificate" and expect the return of</FONT> <BR> <FONT = SIZE=3D2>"userCertificate" using the (updated) LDAPv2 = native</FONT> <BR> <FONT SIZE=3D2>string = encoding.</FONT> <BR> <FONT SIZE=3D2>b) = request "userCertificate" and expect the return of</FONT> <BR> <FONT = SIZE=3D2>"userCertificate;binary" using binary = transfer.</FONT> <BR> <FONT SIZE=3D2>c) = request "*" and expect the return of</FONT> <BR> <FONT = SIZE=3D2>"userCertificate;binary" using binary = transfer.</FONT> </P> <P><FONT SIZE=3D2>This I-D caters to case a) in a manner which = disallows servers</FONT> <BR><FONT SIZE=3D2>from supporting case b) and c). I = believe cases b) and c)</FONT> <BR><FONT SIZE=3D2>are actually for more common than case a). I = know of</FONT> <BR><FONT SIZE=3D2>implemenations which are liberal in accepting b) or = c). While</FONT> <BR><FONT SIZE=3D2>there may be implementations which are liberal in = accepting</FONT> <BR><FONT SIZE=3D2>a), it should be noted that a) requires the server = not to</FONT> <BR><FONT SIZE=3D2>be strict in what it sends.</FONT> </P> <P><FONT SIZE=3D2>I also note that b) and c) are generally the result = of</FONT> <BR><FONT SIZE=3D2>the specification not be as clear as it should have = been.</FONT> <BR><FONT SIZE=3D2>Where a) is the result of someone apply LDAPv2 = syntax and</FONT> <BR><FONT SIZE=3D2>semantics to LDAPv3.</FONT> </P> <P><FONT SIZE=3D2>However, my objection to adding this I-D is that it = that</FONT> <BR><FONT SIZE=3D2>client and server implementations of it won't = interoperate</FONT> <BR><FONT SIZE=3D2>with existing server and client implementations = which</FONT> <BR><FONT SIZE=3D2>conform to the existing specification.</FONT> </P> <P><FONT SIZE=3D2>I suggest we only make the minimal changes necessary = to</FONT> <BR><FONT SIZE=3D2>resolve the issues which caused this schema to be = removed</FONT> <BR><FONT SIZE=3D2>from the LDAP "core" technical = specification. It was</FONT> <BR><FONT SIZE=3D2>removed become of normative reference issues = (e.g.,</FONT> <BR><FONT SIZE=3D2>2nd v 3rd v ... edition of X.500) and to align = the</FONT> <BR><FONT SIZE=3D2>schema with that provided by X.509 (e.g., matching = rules).</FONT> </P> <P><FONT SIZE=3D2>I note that it was NOT removed because of lack of = multiple</FONT> <BR><FONT SIZE=3D2>independently developed implementations. We = need to</FONT> <BR><FONT SIZE=3D2>be careful to not to require changes to = implementations</FONT> <BR><FONT SIZE=3D2>which have already demonstrated = interoperability.</FONT> </P> <P><FONT SIZE=3D2>Kurt</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1DCF9.85BDF230-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35MNr312952 for ietf-pkix-bks; Fri, 5 Apr 2002 14:23:53 -0800 (PST) Received: from mail.cablespeed.com (mail.cablespeed.com [216.45.96.99]) by above.proper.com (8.11.6/8.11.3) with SMTP id g35MNpm12948 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 14:23:51 -0800 (PST) Received: (qmail 29309 invoked by uid 0); 5 Apr 2002 22:23:49 -0000 Received: from unknown (HELO cablespeed.com) (216.45.82.31) by mail.cablespeed.com with SMTP; 5 Apr 2002 22:23:49 -0000 Message-ID: <3CAE24C6.A0526A91@cablespeed.com> Date: Fri, 05 Apr 2002 17:27:18 -0500 From: jim <jimhei@cablespeed.com> X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; I) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> <5.1.0.14.2.20020405153917.02fc71d8@exna07.securitydynamics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, But the exact point is that if you decide that creating trust with directories is the key instead of trust with the certificate holders and issuers, then the only type of directory interaction that can occur is referral, which increases system overhead, delays based on directory response times, and a general inability to grow large systems in which any individual cross-certifying PKI has a single directory to address. Every individual PKI implementation would have to have not only a central directory, but also border directories and each border directory would have to hold the same level of trust as the central directory. This implies constant near-real-time updating of border directories or the threat of failed validation. Help me to understand how you envision the directory system that successfully can respond to a multitude of simultaneous or near-simultaneous requests for validation. Thanks. Feel free to reply just to me if you wish as not everyone may be interested from this point forward. Jim "Housley, Russ" wrote: > Jim: > > I am not talking about trust in the X.500 system. I am talking about trust > in a DPV server. In my mind, the client asks one DPV server to perform an > action. The response should come back, signed by that DPV server, or it is > an error from the client's perspective. > > I see no reason for the client to be made aware of an chaining or multicasting. > > I do not think that we should include referrals in the DPV system at all. > > Russ > > At 02:50 PM 4/5/2002 -0500, jim wrote: > >A small addition, but X.500 directories also have the ability for > >multicasting in > >which case a number of other directories are queried for a certificate at > >the same > >time. Multicasting requires the greatest amount of directory and system > >overhead, > >but gets the quickest returns; where chaining requires the least and > >referral is > >the slowest, so there should be support for all three in the DPV > >capability. There > >are no associated trust issues with use of either of the three methods as > >far as I > >know. > >Jim > > > >"Housley, Russ" wrote: > > > > > Steve: > > > > > > In the X.500 directory, they two communication models are called chaining > > > referrals. Peter has asked for chaining support. You are asking whether > > > referrals should also be supported. > > > > > > I can see cases where chaining might be helpful. It does not change the > > > client's trust model. It asks a particular DPV server for a response, and > > > it gets one (signed by the same server that it asked). > > > > > > I think that referrals complicate the trust model. The client asks one DPV > > > server, then that server suggests that a different server might be better > > > able to help. If the client chooses to ask that server, it will get back a > > > response signed by the second server. Does the client trust it only > > > because the first server made a referral? What information need to be > > > stored by the client to prove that it was referred to this server? All of > > > this is more complication than I want. > > > > > > Russ > > > > > > At 02:21 PM 4/5/2002 +0100, Stephen Farrell wrote: > > > > > > >*If* relaying support/capability is to be considered as a > > > >MUST/SHOULD/MAY requirement for a DPV protocol, then should > > > >re-direction be handled similarly? (Note: I'm not proposing > > > >that it should be, just asking!) > > > > > > > >By re-direction I mean: > > > > > > > >Alice: Hey Bob - is this key good? > > > >Robert: Dunno Alice - but Charlie might know. > > > >Alice: Hey Charles - is this key good? > > > >Chaz: Yep. > > > > > > > >Stephen. > > > > > > > >Tim Polk wrote: > > > > > > > > > > Peter Sylvester has stated a requirement for DPV servers to relay > > requests > > > > > to one another: > > > > > > > > > > > > > > > > >There is a requirement, similar as for OCSP caches, > > > > > >that server just relays a request to another. This had been > > > > > >discussed several times, the differences had only been to > > > > > >what degree the relaying should become visible; whether one > > > > > >server can rewrite/resigns the answers of another etc. > > > > > >Relaying via cache is an obvious feature in many OCSP implementation, > > > > > >how do they protect itself against loops between two servers? > > > > > > > > > > > > > > > > I believe this is an open issue, and would like to start a new > > discussion > > > > > thread limited to this topic. > > > > > > > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > > > > servers. If a server cannot satisfy a request directly, it may > > relay the > > > > > request to a different server. We'll assume the server is smart > > enough not > > > > > to relay a request back to the requester. (That is, if server A > > relays a > > > > > request to Server B, B may relay it to Server C but not A.) > > > > > > > > > > (1) Assume Alice requests a valid path for Bob's certificate from > > Server A, > > > > > when none exists. > > > > > (2) Server A relays the request to Server B, since it cannot satisfy it > > > > > directly. (A could have chosen Server C; it is irrelevant.) > > > > > (3) Server B relays the request to Server C, since it cannot satisfy it > > > > > directly. (C could not choose A, since it was the requester.) > > > > > (4) Server C relays the request to Server A, since it cannot satisfy it > > > > > directly. (A could not choose B, since it was the requester.) > > > > > > > > > > At this point, either A must maintain state and recognize that the > > request > > > > > has cycled around or the protocol has to handle this by maintaining a > > > > > history list. > > > > > > > > > > Peter, please confirm that I have characterized the problem > > correctly (or > > > > > post the right scenario)! I am not personally convinced that blind > > > > > relaying amongst DPV servers is a requirement. > > > > > > > > > > IMHO, DPV relaying would be limited to the scenario where each > > Server was > > > > > authoritative for a particular community (perhaps based on > > privately held > > > > > status information). Alice directs all requests to Server A to > > simplify > > > > > her life. Server A would be able to determine which server (B or > > C) could > > > > > possibly satisfy the request based on Bob's certificate. > > > > > > > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > > > > imposing no additional requirements... > > > > > > > > > > Thanks, > > > > > > > > > > Tim Polk > > > > > > > >-- > > > >____________________________________________________________ > > > >Stephen Farrell > > > >Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > > >39 Parkgate Street, fax: +353 1 881 7000 > > > >Dublin 8. mailto:stephen.farrell@baltimore.ie > > > >Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35Kgic10021 for ietf-pkix-bks; Fri, 5 Apr 2002 12:42:44 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g35Kggm10016 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 12:42:42 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 5 Apr 2002 20:41:47 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id PAA03631; Fri, 5 Apr 2002 15:41:37 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g35KggX27266; Fri, 5 Apr 2002 15:42:43 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1P1Y1>; Fri, 5 Apr 2002 15:40:18 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.12]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1P1YB; Fri, 5 Apr 2002 15:40:13 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: jim <jimhei@cablespeed.com> Cc: stephen.farrell@baltimore.ie, Tim Polk <tim.polk@nist.gov>, ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020405153917.02fc71d8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 05 Apr 2002 15:42:31 -0500 Subject: Re: Open issue: DPV relay In-Reply-To: <3CADFFEA.927C442C@cablespeed.com> References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Jim: I am not talking about trust in the X.500 system. I am talking about trust in a DPV server. In my mind, the client asks one DPV server to perform an action. The response should come back, signed by that DPV server, or it is an error from the client's perspective. I see no reason for the client to be made aware of an chaining or multicasting. I do not think that we should include referrals in the DPV system at all. Russ At 02:50 PM 4/5/2002 -0500, jim wrote: >A small addition, but X.500 directories also have the ability for >multicasting in >which case a number of other directories are queried for a certificate at >the same >time. Multicasting requires the greatest amount of directory and system >overhead, >but gets the quickest returns; where chaining requires the least and >referral is >the slowest, so there should be support for all three in the DPV >capability. There >are no associated trust issues with use of either of the three methods as >far as I >know. >Jim > >"Housley, Russ" wrote: > > > Steve: > > > > In the X.500 directory, they two communication models are called chaining > > referrals. Peter has asked for chaining support. You are asking whether > > referrals should also be supported. > > > > I can see cases where chaining might be helpful. It does not change the > > client's trust model. It asks a particular DPV server for a response, and > > it gets one (signed by the same server that it asked). > > > > I think that referrals complicate the trust model. The client asks one DPV > > server, then that server suggests that a different server might be better > > able to help. If the client chooses to ask that server, it will get back a > > response signed by the second server. Does the client trust it only > > because the first server made a referral? What information need to be > > stored by the client to prove that it was referred to this server? All of > > this is more complication than I want. > > > > Russ > > > > At 02:21 PM 4/5/2002 +0100, Stephen Farrell wrote: > > > > >*If* relaying support/capability is to be considered as a > > >MUST/SHOULD/MAY requirement for a DPV protocol, then should > > >re-direction be handled similarly? (Note: I'm not proposing > > >that it should be, just asking!) > > > > > >By re-direction I mean: > > > > > >Alice: Hey Bob - is this key good? > > >Robert: Dunno Alice - but Charlie might know. > > >Alice: Hey Charles - is this key good? > > >Chaz: Yep. > > > > > >Stephen. > > > > > >Tim Polk wrote: > > > > > > > > Peter Sylvester has stated a requirement for DPV servers to relay > requests > > > > to one another: > > > > > > > > > > > > > >There is a requirement, similar as for OCSP caches, > > > > >that server just relays a request to another. This had been > > > > >discussed several times, the differences had only been to > > > > >what degree the relaying should become visible; whether one > > > > >server can rewrite/resigns the answers of another etc. > > > > >Relaying via cache is an obvious feature in many OCSP implementation, > > > > >how do they protect itself against loops between two servers? > > > > > > > > > > > > > I believe this is an open issue, and would like to start a new > discussion > > > > thread limited to this topic. > > > > > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > > > servers. If a server cannot satisfy a request directly, it may > relay the > > > > request to a different server. We'll assume the server is smart > enough not > > > > to relay a request back to the requester. (That is, if server A > relays a > > > > request to Server B, B may relay it to Server C but not A.) > > > > > > > > (1) Assume Alice requests a valid path for Bob's certificate from > Server A, > > > > when none exists. > > > > (2) Server A relays the request to Server B, since it cannot satisfy it > > > > directly. (A could have chosen Server C; it is irrelevant.) > > > > (3) Server B relays the request to Server C, since it cannot satisfy it > > > > directly. (C could not choose A, since it was the requester.) > > > > (4) Server C relays the request to Server A, since it cannot satisfy it > > > > directly. (A could not choose B, since it was the requester.) > > > > > > > > At this point, either A must maintain state and recognize that the > request > > > > has cycled around or the protocol has to handle this by maintaining a > > > > history list. > > > > > > > > Peter, please confirm that I have characterized the problem > correctly (or > > > > post the right scenario)! I am not personally convinced that blind > > > > relaying amongst DPV servers is a requirement. > > > > > > > > IMHO, DPV relaying would be limited to the scenario where each > Server was > > > > authoritative for a particular community (perhaps based on > privately held > > > > status information). Alice directs all requests to Server A to > simplify > > > > her life. Server A would be able to determine which server (B or > C) could > > > > possibly satisfy the request based on Bob's certificate. > > > > > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > > > imposing no additional requirements... > > > > > > > > Thanks, > > > > > > > > Tim Polk > > > > > >-- > > >____________________________________________________________ > > >Stephen Farrell > > >Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > >39 Parkgate Street, fax: +353 1 881 7000 > > >Dublin 8. mailto:stephen.farrell@baltimore.ie > > >Ireland http://www.baltimore.com Received: by above.proper.com (8.11.6/8.11.3) id g35KZO109879 for ietf-pkix-bks; Fri, 5 Apr 2002 12:35:24 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35KZNm09874 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 12:35:23 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g35KZCC26866; Fri, 5 Apr 2002 20:35:12 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020405110554.027a9008@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 05 Apr 2002 12:35:23 -0800 To: David Chadwick <d.w.chadwick@salford.ac.uk> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: Re: LDAP Certificate transfer syntax Cc: Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> In-Reply-To: <3CACD9EE.1FF0F4EA@salford.ac.uk> References: <001001c1db7f$751e3cd0$a518200a@osmium.mtwav.adacel.com.au> <3CAC5086.281238EE@salford.ac.uk> <3CACB80A.17AEDA19@sun.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I think adding a LDAP-specific "native" encoding to certificate is a bad idea and will actually cause more problems than it solves. AFAIK, there are no interoperability problem between clients and servers which adhere to the technical specification. Things are basically okay. This I-D attempts to resolve interoperability problems between non-conforming implementations and conforming implementations by altering the specification to require conforming implementations to accept and support the syntax and semantics of non-conforming implementations. However, there are a number of different ways implementations have not conformed to the specification. I have seen, in the wild, clients which: a) request "userCertificate" and expect the return of "userCertificate" using the (updated) LDAPv2 native string encoding. b) request "userCertificate" and expect the return of "userCertificate;binary" using binary transfer. c) request "*" and expect the return of "userCertificate;binary" using binary transfer. This I-D caters to case a) in a manner which disallows servers from supporting case b) and c). I believe cases b) and c) are actually for more common than case a). I know of implemenations which are liberal in accepting b) or c). While there may be implementations which are liberal in accepting a), it should be noted that a) requires the server not to be strict in what it sends. I also note that b) and c) are generally the result of the specification not be as clear as it should have been. Where a) is the result of someone apply LDAPv2 syntax and semantics to LDAPv3. However, my objection to adding this I-D is that it that client and server implementations of it won't interoperate with existing server and client implementations which conform to the existing specification. I suggest we only make the minimal changes necessary to resolve the issues which caused this schema to be removed from the LDAP "core" technical specification. It was removed become of normative reference issues (e.g., 2nd v 3rd v ... edition of X.500) and to align the schema with that provided by X.509 (e.g., matching rules). I note that it was NOT removed because of lack of multiple independently developed implementations. We need to be careful to not to require changes to implementations which have already demonstrated interoperability. Kurt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35Jke803204 for ietf-pkix-bks; Fri, 5 Apr 2002 11:46:40 -0800 (PST) Received: from mail.cablespeed.com (mail.cablespeed.com [216.45.96.99]) by above.proper.com (8.11.6/8.11.3) with SMTP id g35Jkcm03199 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 11:46:39 -0800 (PST) Received: (qmail 23274 invoked by uid 0); 5 Apr 2002 19:46:32 -0000 Received: from unknown (HELO cablespeed.com) (216.45.82.31) by mail.cablespeed.com with SMTP; 5 Apr 2002 19:46:32 -0000 Message-ID: <3CADFFEA.927C442C@cablespeed.com> Date: Fri, 05 Apr 2002 14:50:02 -0500 From: jim <jimhei@cablespeed.com> X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; I) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: stephen.farrell@baltimore.ie, Tim Polk <tim.polk@nist.gov>, ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> A small addition, but X.500 directories also have the ability for multicasting in which case a number of other directories are queried for a certificate at the same time. Multicasting requires the greatest amount of directory and system overhead, but gets the quickest returns; where chaining requires the least and referral is the slowest, so there should be support for all three in the DPV capability. There are no associated trust issues with use of either of the three methods as far as I know. Jim "Housley, Russ" wrote: > Steve: > > In the X.500 directory, they two communication models are called chaining > referrals. Peter has asked for chaining support. You are asking whether > referrals should also be supported. > > I can see cases where chaining might be helpful. It does not change the > client's trust model. It asks a particular DPV server for a response, and > it gets one (signed by the same server that it asked). > > I think that referrals complicate the trust model. The client asks one DPV > server, then that server suggests that a different server might be better > able to help. If the client chooses to ask that server, it will get back a > response signed by the second server. Does the client trust it only > because the first server made a referral? What information need to be > stored by the client to prove that it was referred to this server? All of > this is more complication than I want. > > Russ > > At 02:21 PM 4/5/2002 +0100, Stephen Farrell wrote: > > >*If* relaying support/capability is to be considered as a > >MUST/SHOULD/MAY requirement for a DPV protocol, then should > >re-direction be handled similarly? (Note: I'm not proposing > >that it should be, just asking!) > > > >By re-direction I mean: > > > >Alice: Hey Bob - is this key good? > >Robert: Dunno Alice - but Charlie might know. > >Alice: Hey Charles - is this key good? > >Chaz: Yep. > > > >Stephen. > > > >Tim Polk wrote: > > > > > > Peter Sylvester has stated a requirement for DPV servers to relay requests > > > to one another: > > > > > > > > > > >There is a requirement, similar as for OCSP caches, > > > >that server just relays a request to another. This had been > > > >discussed several times, the differences had only been to > > > >what degree the relaying should become visible; whether one > > > >server can rewrite/resigns the answers of another etc. > > > >Relaying via cache is an obvious feature in many OCSP implementation, > > > >how do they protect itself against loops between two servers? > > > > > > > > > > I believe this is an open issue, and would like to start a new discussion > > > thread limited to this topic. > > > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > > servers. If a server cannot satisfy a request directly, it may relay the > > > request to a different server. We'll assume the server is smart enough not > > > to relay a request back to the requester. (That is, if server A relays a > > > request to Server B, B may relay it to Server C but not A.) > > > > > > (1) Assume Alice requests a valid path for Bob's certificate from Server A, > > > when none exists. > > > (2) Server A relays the request to Server B, since it cannot satisfy it > > > directly. (A could have chosen Server C; it is irrelevant.) > > > (3) Server B relays the request to Server C, since it cannot satisfy it > > > directly. (C could not choose A, since it was the requester.) > > > (4) Server C relays the request to Server A, since it cannot satisfy it > > > directly. (A could not choose B, since it was the requester.) > > > > > > At this point, either A must maintain state and recognize that the request > > > has cycled around or the protocol has to handle this by maintaining a > > > history list. > > > > > > Peter, please confirm that I have characterized the problem correctly (or > > > post the right scenario)! I am not personally convinced that blind > > > relaying amongst DPV servers is a requirement. > > > > > > IMHO, DPV relaying would be limited to the scenario where each Server was > > > authoritative for a particular community (perhaps based on privately held > > > status information). Alice directs all requests to Server A to simplify > > > her life. Server A would be able to determine which server (B or C) could > > > possibly satisfy the request based on Bob's certificate. > > > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > > imposing no additional requirements... > > > > > > Thanks, > > > > > > Tim Polk > > > >-- > >____________________________________________________________ > >Stephen Farrell > >Baltimore Technologies, tel: (direct line) +353 1 881 6716 > >39 Parkgate Street, fax: +353 1 881 7000 > >Dublin 8. mailto:stephen.farrell@baltimore.ie > >Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35IH5n28840 for ietf-pkix-bks; Fri, 5 Apr 2002 10:17:05 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35IH4m28832 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 10:17:04 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g35IH3C26301; Fri, 5 Apr 2002 18:17:03 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020405092657.026c3970@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 05 Apr 2002 10:17:14 -0800 To: "Ramsay, Ron" <Ron.Ramsay@ca.com> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: RE: LDAPbis scope issue (Was: LDAP Certificate transfer syntax) Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> In-Reply-To: <A7E3A4B51615D511BCB6009027D0D18C045C29AD@aspams01.ca.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 06:38 PM 2002-04-04, Ramsay, Ron wrote: >Quite apart from the meaning of "core", the last sentence above seems to be >your way of offering carte blanche to the certificate work? The PKIX WG has undertaken the engineering of the PKI schema for LDAP specification. LDAPbis is providing review. No carte blanche is (nor can be) given. Kurt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35HjHU27515 for ietf-pkix-bks; Fri, 5 Apr 2002 09:45:17 -0800 (PST) Received: from poseidon.coastside.net (poseidon.coastside.net [207.213.212.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35HjGm27511 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 09:45:16 -0800 (PST) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g35HjCkI029513; Fri, 5 Apr 2002 09:45:13 -0800 (PST) From: "Michael Myers" <myers@coastside.net> To: "Tim Polk" <tim.polk@nist.gov>, "Denis Pinkas" <Denis.Pinkas@bull.net>, "Ambarish Malpani" <ambarish@valicert.com> Cc: "'Housley, Russ'" <rhousley@rsasecurity.com>, "Santosh Chokhani" <chokhani@orionsec.com>, <ietf-pkix@imc.org> Subject: RE: One last comment on DPD requirements Date: Fri, 5 Apr 2002 09:42:28 -0800 Message-ID: <EOEGJNFMMIBDKGFONJJDKEGGCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-reply-to: <4.2.0.58.20020405102347.01bd2f00@email.nist.gov> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, I think I agree with Denis (at least if I'm reading him correctly). One of the needs that drove DPD into existence in the first place was the observation that a DPV server, due to its use of a signing key, would fall within scope of various trusted systems certification programs while a server strictly limited in its design and implementation to DPD functionality could arguably avoid that. Thus, a DPV server would be trusted from a system certification perspective even though a client of that server may choose not to fully delegate its trust to that server. Not to say that DPD server could not also be so certified, but the value of doing so would be minimal. This is all hypothetical of course since it's not within our scope in this forum to set rules for what does and does not require such certification, but predictable enough that Stephen, Carlisle and I went around and around on the issues way back when and thus why DPD was initially proposed to the WG as basically a subset of a DPV functionality. Just thought that context might be useful FWIW. Mike > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Tim Polk > Sent: Friday, April 05, 2002 7:30 AM > To: Denis Pinkas; Ambarish Malpani > Cc: 'Housley, Russ'; Santosh Chokhani; ietf-pkix@imc.org > Subject: Re: One last comment on DPD requirements > > > > Denis, > > At 02:50 PM 4/5/02 +0200, Denis Pinkas wrote: > > >Ambarish, > > > > > Russ, > > > > > A minor nit - a DPD server might also be a > DPV server, who > > > a client is not willing to trust (and whose work > the client wants > > > to verify for itself). > > > >This is not a minor nit. A DPV server is always > trusted by the client, while > >a DPD server does not need to be trusted. A DPV > server is not necessarily > >trusted by *other* clients. So the case of an > untrusted DPV server, as > >mentionned, does not exist. > > I disagree strongly. If a client requests that a DPV > server return the > certification path, it may do so for either of two reasons: > (1) it wishes to cache the information for audit purposes; or > (2) the client does not trust the DPV server for this > application, and will > perform the path validation locally as well. > > The same client may trust the DPV server for low > value applications (e.g., > email) but organizational policy may demand that the > client perform path > validation locally for funds transfer or other high > value applications. It > makes perfect sense for the client to use the DPV > server in both cases. > > Note that only the client can tell which mode it > operates in... > > Thanks, > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35GxkW26020 for ietf-pkix-bks; Fri, 5 Apr 2002 08:59:46 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g35Gxjm26015 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 08:59:45 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 5 Apr 2002 16:58:49 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA11993; Fri, 5 Apr 2002 11:58:42 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g35Gxmn01540; Fri, 5 Apr 2002 11:59:48 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1PALV>; Fri, 5 Apr 2002 11:57:23 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.145]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1PALT; Fri, 5 Apr 2002 11:57:18 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: stephen.farrell@baltimore.ie Cc: Tim Polk <tim.polk@nist.gov>, ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020405114835.0206fea0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 05 Apr 2002 11:54:39 -0500 Subject: Re: Open issue: DPV relay In-Reply-To: <3CADA4C5.4D39FFD8@baltimore.ie> References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve: In the X.500 directory, they two communication models are called chaining referrals. Peter has asked for chaining support. You are asking whether referrals should also be supported. I can see cases where chaining might be helpful. It does not change the client's trust model. It asks a particular DPV server for a response, and it gets one (signed by the same server that it asked). I think that referrals complicate the trust model. The client asks one DPV server, then that server suggests that a different server might be better able to help. If the client chooses to ask that server, it will get back a response signed by the second server. Does the client trust it only because the first server made a referral? What information need to be stored by the client to prove that it was referred to this server? All of this is more complication than I want. Russ At 02:21 PM 4/5/2002 +0100, Stephen Farrell wrote: >*If* relaying support/capability is to be considered as a >MUST/SHOULD/MAY requirement for a DPV protocol, then should >re-direction be handled similarly? (Note: I'm not proposing >that it should be, just asking!) > >By re-direction I mean: > >Alice: Hey Bob - is this key good? >Robert: Dunno Alice - but Charlie might know. >Alice: Hey Charles - is this key good? >Chaz: Yep. > >Stephen. > >Tim Polk wrote: > > > > Peter Sylvester has stated a requirement for DPV servers to relay requests > > to one another: > > > > > > > >There is a requirement, similar as for OCSP caches, > > >that server just relays a request to another. This had been > > >discussed several times, the differences had only been to > > >what degree the relaying should become visible; whether one > > >server can rewrite/resigns the answers of another etc. > > >Relaying via cache is an obvious feature in many OCSP implementation, > > >how do they protect itself against loops between two servers? > > > > > > > I believe this is an open issue, and would like to start a new discussion > > thread limited to this topic. > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > servers. If a server cannot satisfy a request directly, it may relay the > > request to a different server. We'll assume the server is smart enough not > > to relay a request back to the requester. (That is, if server A relays a > > request to Server B, B may relay it to Server C but not A.) > > > > (1) Assume Alice requests a valid path for Bob's certificate from Server A, > > when none exists. > > (2) Server A relays the request to Server B, since it cannot satisfy it > > directly. (A could have chosen Server C; it is irrelevant.) > > (3) Server B relays the request to Server C, since it cannot satisfy it > > directly. (C could not choose A, since it was the requester.) > > (4) Server C relays the request to Server A, since it cannot satisfy it > > directly. (A could not choose B, since it was the requester.) > > > > At this point, either A must maintain state and recognize that the request > > has cycled around or the protocol has to handle this by maintaining a > > history list. > > > > Peter, please confirm that I have characterized the problem correctly (or > > post the right scenario)! I am not personally convinced that blind > > relaying amongst DPV servers is a requirement. > > > > IMHO, DPV relaying would be limited to the scenario where each Server was > > authoritative for a particular community (perhaps based on privately held > > status information). Alice directs all requests to Server A to simplify > > her life. Server A would be able to determine which server (B or C) could > > possibly satisfy the request based on Bob's certificate. > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > imposing no additional requirements... > > > > Thanks, > > > > Tim Polk > >-- >____________________________________________________________ >Stephen Farrell >Baltimore Technologies, tel: (direct line) +353 1 881 6716 >39 Parkgate Street, fax: +353 1 881 7000 >Dublin 8. mailto:stephen.farrell@baltimore.ie >Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35GkMM25368 for ietf-pkix-bks; Fri, 5 Apr 2002 08:46:22 -0800 (PST) Received: from poseidon.coastside.net (poseidon.coastside.net [207.213.212.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35GkLm25364 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 08:46:21 -0800 (PST) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g35GkBkI023966; Fri, 5 Apr 2002 08:46:11 -0800 (PST) From: "Michael Myers" <myers@coastside.net> To: "Tim Polk" <tim.polk@nist.gov>, <ietf-pkix@imc.org> Cc: "Peter Sylvester" <Peter.Sylvester@edelweb.fr> Subject: RE: Open issue: DPV relay Date: Fri, 5 Apr 2002 08:43:26 -0800 Message-ID: <EOEGJNFMMIBDKGFONJJDGEGFCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-reply-to: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, FWIW I think relay should be supported. Is the core question stateful servers vs. stateful protocol? Mike Michael Myers t: +415.819.1362 e: mailto:mike@traceroutesecurity.com w: http://www.traceroutesecurity.com > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Tim Polk > Sent: Thursday, April 04, 2002 3:11 PM > To: ietf-pkix@imc.org > Cc: Peter Sylvester > Subject: Open issue: DPV relay > > > > Peter Sylvester has stated a requirement for DPV > servers to relay requests > to one another: > > > > >There is a requirement, similar as for OCSP caches, > >that server just relays a request to another. This had been > >discussed several times, the differences had only been to > >what degree the relaying should become visible; whether one > >server can rewrite/resigns the answers of another etc. > >Relaying via cache is an obvious feature in many > OCSP implementation, > >how do they protect itself against loops between > two servers? > > > > I believe this is an open issue, and would like to > start a new discussion > thread limited to this topic. > > As I understand Peter's scenario, there are three > mutually trusting DPV > servers. If a server cannot satisfy a request > directly, it may relay the > request to a different server. We'll assume the > server is smart enough not > to relay a request back to the requester. (That is, > if server A relays a > request to Server B, B may relay it to Server C but not A.) > > (1) Assume Alice requests a valid path for Bob's > certificate from Server A, > when none exists. > (2) Server A relays the request to Server B, since it > cannot satisfy it > directly. (A could have chosen Server C; it is irrelevant.) > (3) Server B relays the request to Server C, since it > cannot satisfy it > directly. (C could not choose A, since it was the requester.) > (4) Server C relays the request to Server A, since it > cannot satisfy it > directly. (A could not choose B, since it was the requester.) > > At this point, either A must maintain state and > recognize that the request > has cycled around or the protocol has to handle this > by maintaining a > history list. > > Peter, please confirm that I have characterized the > problem correctly (or > post the right scenario)! I am not personally > convinced that blind > relaying amongst DPV servers is a requirement. > > IMHO, DPV relaying would be limited to the scenario > where each Server was > authoritative for a particular community (perhaps > based on privately held > status information). Alice directs all requests to > Server A to simplify > her life. Server A would be able to determine which > server (B or C) could > possibly satisfy the request based on Bob's certificate. > > Even though relaying occurred, Server A acted as a > simple DPV client, > imposing no additional requirements... > > Thanks, > > Tim Polk > > Received: by above.proper.com (8.11.6/8.11.3) id g35G3t221050 for ietf-pkix-bks; Fri, 5 Apr 2002 08:03:55 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g35G3rm21043 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 08:03:53 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 5 Apr 2002 16:02:57 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA06496 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 11:02:51 -0500 (EST) Received: from exrsa01.rsa.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g35G3uX25067 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 11:03:56 -0500 (EST) Received: by exrsa01.rsa.com with Internet Mail Service (5.5.2653.19) id <FVAZ1NA9>; Fri, 5 Apr 2002 08:03:52 -0800 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.145]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13024; Fri, 5 Apr 2002 11:01:25 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: "Jacoby, Jeffrey" <jjacoby@rsasecurity.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020405105755.03b795e8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 05 Apr 2002 11:00:56 -0500 Subject: Re: One last comment on DPD requirements In-Reply-To: <3CACFCDC.4F2A0FF1@rsasecurity.com> References: <5.1.0.14.2.20020404163623.02edeba8@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Jeff: > > Tim Polk and I just discussed this on the phone. I will share my > > conclusion form the conversation (which might be different than Tim's > > conclusion). I think that we need to allow for multiple certificates to > > be > > returned, but the default should be to return just one. If the client > > wants more than one, it needs to explicitly request them (up to a > > maximum > > number). If the server does not support returning extra certificates, > > then > > it should just return one, but it should include a status code that > > says, > > "I do not support the option you requested, but I thought that I should > > give you one just in case it meets your needs." > >I think such a status code may be unnecessary. If a multi-path-capable >client >gets only one path back -- either because there really was only one path, >or the >server couldn't support multiple paths -- what can it usefully do with >that status code? >In other words, what would/could it do differently if it saw that status >code or not? Recall that we are discussing DPD (not DPV). So, if the client finds that the single path that was returned is unacceptable, then the client could go to a different (untrusted) DPD server in the hopes of getting a collection of paths (or at least a different one). Clearly, this is not optimal. But, the client needs to know that the first server did not even try to find more than one path. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35G3GG21029 for ietf-pkix-bks; Fri, 5 Apr 2002 08:03:16 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35G3Fm21025 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 08:03:15 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU300B01R5TZ5@ext-mail.valicert.com> for ietf-pkix@imc.org; Fri, 5 Apr 2002 08:01:05 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU300B3RR5TVN@ext-mail.valicert.com>; Fri, 05 Apr 2002 08:01:05 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PRZL>; Fri, 05 Apr 2002 08:02:41 -0800 Content-return: allowed Date: Fri, 05 Apr 2002 08:02:40 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: Open issue: DPV relay To: "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>, ietf-pkix@imc.org, tim.polk@nist.gov Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E536A@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Peter, I agree with your desire to have a DPV response included where one would allow CRLs or OCSP responses to be included to prove how a server obtained the status of a certificate. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Peter Sylvester [mailto:Peter.Sylvester@edelweb.fr] > Sent: Friday, April 05, 2002 4:02 AM > To: ietf-pkix@imc.org; tim.polk@nist.gov > Cc: Peter.Sylvester@edelweb.fr > Subject: Re: Open issue: DPV relay > > ... (Stuff deleted) > > *** Issue 2 ***: > > > A DPV server may want to determine the validity status of > an intermediate CA certificate, (or even obtain responses > from other DPV servers confirming a validity decision). > > Another scenario is a company server that validates an > certificate of another company, it asks the other companies > server, and obtains a result. The server *may* choose to > create its own response withour revealing the response > from the other server (blind relaying?), but it may also > choose to give the answer back to the client allow to maintain > a proof that the 'other company' has cooperated. > > Simular to OCSP responses or CRLs which represent > assertions about the validity of some cert, a DPV response > is also such kind of assertion. > > I see a requirement that a server may want to add > DPV responses in his response in order to create a complete > picture of all the assertions he obtained. > > Answers from Denis always seem to indicate that > a DPV response MUST NOT be included in a final response > (since *we* do not support relaying). > > I do not see an essential difference between > a CRL repository, an OCSP response and a DPV response. > There I propose to add behind > > "... As an > example, an S/MIME message might include such information, and the > client can simply copy that information into the DPV request." > > the text: > > DPV responses may use information obtained by other DPV transactions > performed by the DPV server in order to determine the validity of > some certificate in the path. The server MUST be able to include > such response in its own final response. > > Or to replace in the preceding paragraph 'revocation information' > by "'status information' such an revocation information of CRLs > or OCSP but also other DPV responses.". > > > *** A little nit-picking: > > Would the authors try and avoid characters like "AE" instead > of "'" as in DPV serverAEs. > > > > > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35Fts020482 for ietf-pkix-bks; Fri, 5 Apr 2002 07:55:54 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35Ftqm20478 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 07:55:52 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA25986; Fri, 5 Apr 2002 17:58:20 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040517553579:243 ; Fri, 5 Apr 2002 17:55:35 +0200 Message-ID: <3CADC8E2.EBB9112@bull.net> Date: Fri, 05 Apr 2002 17:55:14 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tim Polk <tim.polk@nist.gov> CC: ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5363@polaris.valicert.com> <4.2.0.58.20020405102347.01bd2f00@email.nist.gov> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 17:55:35, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 17:55:50, Serialize complete at 05/04/2002 17:55:50 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, > Denis, > > At 02:50 PM 4/5/02 +0200, Denis Pinkas wrote: > > >Ambarish, > > > > > Russ, > > > > > A minor nit - a DPD server might also be a DPV server, who > > > a client is not willing to trust (and whose work the client wants > > > to verify for itself). > > > >This is not a minor nit. A DPV server is always trusted by the client, while > >a DPD server does not need to be trusted. A DPV server is not necessarily > >trusted by *other* clients. So the case of an untrusted DPV server, as > >mentionned, does not exist. > > I disagree strongly. What a strong word for a "minor nit" ! :-) > If a client requests that a DPV server return the > certification path, it may do so for either of two reasons: > (1) it wishes to cache the information for audit purposes; or Not exactly. Audit is not the reason. The reason is that *another* party will not necessarilly trust the "valid" answer from that server. However that other party might want to test the validity of the certificate later on and may not trust the same DPV server. Since later on all the information to do the validation may not be available, it is captured with the "valid answer" so that this other party can use it as as "useful information" with a request made later on to another DPV server that it trusts. > (2) the client does not trust the DPV server for this application, and will > perform the path validation locally as well. DPV is first designed for thin clients or clients unable to perform the path validation themselves. If they would, then they would use DPD. Now, nothing would prevent an application to do what you say, but it does not make sense. > The same client may trust the DPV server for low value applications (e.g., > email) but organizational policy may demand that the client perform path > validation locally for funds transfer or other high value applications. It > makes perfect sense for the client to use the DPV server in both cases. I would disagree as well. Now, I do not remember that this comment was raised during the last call period ... or could you refer to which comment number it relates ? Thanks, Denis > Note that only the client can tell which mode it operates in... > > Thanks, > > Tim > > >Denis > > > > > > > To summarize, what I think what I hear you, Santosh and Steve say > > > is that it might make sense to require a DPD server to return a > > > single path back, but if we want to enable that, we need to let > > > the client specify his requirements more precisely. Is that > > > correct? > > > > > > It would make sense to show (in the protocol doc), what those > > > requirements are for protocols like S/MIME, TLS, IPSec and let > > > other protocols define their own requirements if they can't > > > fit into one of the three above. > > > > > > Does that make sense to you? What about others on the list? > > > > > > Regards, > > > Ambarish > > > > > > --------------------------------------------------------------------- > > > Ambarish Malpani > > > Chief Architect 650.567.5457 > > > ValiCert, Inc. ambarish@valicert.com > > > 1215 Terra Bella Ave. http://www.valicert.com > > > Mountain View, CA 94043 > > > > > > > -----Original Message----- > > > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > > > Sent: Thursday, April 04, 2002 7:00 AM > > > > To: Santosh Chokhani > > > > Cc: ietf-pkix@imc.org > > > > Subject: RE: One last comment on DPD requirements > > > > > > > > > > > > > > > > Santosh: > > > > > > > > I think that a DPD server will likely perform path > > > > validation. Clients > > > > will not be happy if the paths that they are given are often > > > > invalid. Clearly, the DPD server cannot know all of the > > > > parameters that > > > > the client will use for path validation (otherwise it would be a DPV > > > > server), but it can make some very reasonable assumptions to > > > > ensure that > > > > grossly invalid paths are not returned. > > > > > > > > Russ > > > > > > > > At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: > > > > >Russ: > > > > > > > > > >I agree with you, but for a different reason. I do not think this is > > > > >application specific issue. I think it is the path > > > > validation issue. I > > > > >do not think that the DPD server can know which paths are > > > > good without > > > > >doing a validation also, specially to see if there will be any name > > > > >constraints or certificate policy related failures. > > > > > > > > > >-----Original Message----- > > > > >From: owner-ietf-pkix@mail.imc.org > > > > [mailto:owner-ietf-pkix@mail.imc.org] > > > > >On Behalf Of Housley, Russ > > > > >Sent: Wednesday, April 03, 2002 2:12 PM > > > > >To: Ambarish Malpani; Stephen Kent > > > > >Cc: ietf-pkix@imc.org > > > > >Subject: Re: One last comment on DPD requirements > > > > > > > > > > > > > > > > > > > >Steve & Ambarish: > > > > > > > > > > >>Hi Group, > > > > > >> One last (slightly late) comment on the DPD > > > > requirements that has > > > > > > > > > > >>been troubling me: > > > > > >> > > > > > >>In the DPD requirements, there is a reasonable amount of text that > > > > > >>talks about how a server can return multiple paths back > > > > to the client > > > > > >>(to allow the client to decide which path is the best). > > > > > >> > > > > > >>The main goal of DPD is to try and simplify the client. > > > > In how many > > > > > >>cases do people really want multiple paths back from the > > > > server. While > > > > > > > > > > >>it is the right requirement in principal, do folks really think > > > > > >>clients will want multiple paths back from a DPD server? > > > > Are we adding > > > > > > > > > > >>the additional flexiblity/complexity just for technical purity? > > > > > >> > > > > > >>Comments will be appreciated. > > > > > >> > > > > > >>Regards, > > > > > >>Ambarish > > > > > > > > > > > >I too would favor simplifying the protocol requirement > > > > here. Some folks > > > > > >have suggested motivations for multiple paths, but this > > > > does seem to > > > > > >conflict with the fundamental goal of creating a protocol > > > > to satisfy > > > > >the > > > > > >needs of thin clients. > > > > > > > > > > > >Steve > > > > > > > > > >I agree with your goal. It is far better for the client to tell the > > > > >server > > > > >what it wants, then get back a single path that satisfies all of the > > > > >requirements. To do this, we need to be able to fully specify the > > > > >clients > > > > >criteria and send them to the server. I think that we know how to do > > > > >this > > > > >for many PKI-enabled applications, but I am not sure that we > > > > know how to > > > > >do > > > > >it for all applications, especially ones that are yet to be > > > > developed. > > > > > > > > > >This leaves us with two choices. Either the protocol > > > > returns multiple > > > > >certification paths (the approach in the current document) or the > > > > >protocol > > > > >requires the client to adequately specify its criteria. > > > > This could be > > > > >done > > > > >with the path discovery policy. If we adopt this > > > > alternative, we should > > > > > > > > > >include additional text so that implements expect > > > > application-specific > > > > >(perhaps several application-specific path discovery policy > > > > if there are > > > > > > > > > >multiple roles in the application). > > > > > > > > > >Russ > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35FrRB20375 for ietf-pkix-bks; Fri, 5 Apr 2002 07:53:27 -0800 (PST) Received: from poseidon.coastside.net (poseidon.coastside.net [207.213.212.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35FrQm20371 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 07:53:26 -0800 (PST) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g35FrHkI020032; Fri, 5 Apr 2002 07:53:17 -0800 (PST) From: "Michael Myers" <myers@coastside.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net> Cc: <ietf-pkix@imc.org> Subject: RE: A few comments re: dpv-dpd requirements Date: Fri, 5 Apr 2002 07:50:34 -0800 Message-ID: <EOEGJNFMMIBDKGFONJJDEEGECJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <3CAD7E79.E47C4E2B@bull.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > -----Original Message----- > > > > "The DPV response MUST indicate one of the following three > > status alternatives: > > > > 1) the certificate is valid according to the > validation policy. > > 2) the certificate is not valid according to the validation > > policy. > > 3) the certificate is unknown to the validation server." > > I do not think you really mean this, but rather: > > 3) the validity of the certificate is unknown > according to the > validation policy. > > > Denis Denis, That is fine. Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35FVNv18299 for ietf-pkix-bks; Fri, 5 Apr 2002 07:31:23 -0800 (PST) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35FVKm18289 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 07:31:20 -0800 (PST) Received: from st25 (st25.ncsl.nist.gov [129.6.54.67]) by email.nist.gov (8.12.2/8.12.2) with ESMTP id g35FVICl003369; Fri, 5 Apr 2002 10:31:18 -0500 (EST) Message-Id: <4.2.0.58.20020405102347.01bd2f00@email.nist.gov> X-Sender: wpolk@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 05 Apr 2002 10:29:40 -0500 To: Denis Pinkas <Denis.Pinkas@bull.net>, Ambarish Malpani <ambarish@valicert.com> From: Tim Polk <tim.polk@nist.gov> Subject: Re: One last comment on DPD requirements Cc: "'Housley, Russ'" <rhousley@rsasecurity.com>, Santosh Chokhani <chokhani@orionsec.com>, ietf-pkix@imc.org In-Reply-To: <3CAD9DAA.BBC59C24@bull.net> References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5363@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, At 02:50 PM 4/5/02 +0200, Denis Pinkas wrote: >Ambarish, > > > Russ, > > > A minor nit - a DPD server might also be a DPV server, who > > a client is not willing to trust (and whose work the client wants > > to verify for itself). > >This is not a minor nit. A DPV server is always trusted by the client, while >a DPD server does not need to be trusted. A DPV server is not necessarily >trusted by *other* clients. So the case of an untrusted DPV server, as >mentionned, does not exist. I disagree strongly. If a client requests that a DPV server return the certification path, it may do so for either of two reasons: (1) it wishes to cache the information for audit purposes; or (2) the client does not trust the DPV server for this application, and will perform the path validation locally as well. The same client may trust the DPV server for low value applications (e.g., email) but organizational policy may demand that the client perform path validation locally for funds transfer or other high value applications. It makes perfect sense for the client to use the DPV server in both cases. Note that only the client can tell which mode it operates in... Thanks, Tim >Denis > > > > To summarize, what I think what I hear you, Santosh and Steve say > > is that it might make sense to require a DPD server to return a > > single path back, but if we want to enable that, we need to let > > the client specify his requirements more precisely. Is that > > correct? > > > > It would make sense to show (in the protocol doc), what those > > requirements are for protocols like S/MIME, TLS, IPSec and let > > other protocols define their own requirements if they can't > > fit into one of the three above. > > > > Does that make sense to you? What about others on the list? > > > > Regards, > > Ambarish > > > > --------------------------------------------------------------------- > > Ambarish Malpani > > Chief Architect 650.567.5457 > > ValiCert, Inc. ambarish@valicert.com > > 1215 Terra Bella Ave. http://www.valicert.com > > Mountain View, CA 94043 > > > > > -----Original Message----- > > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > > Sent: Thursday, April 04, 2002 7:00 AM > > > To: Santosh Chokhani > > > Cc: ietf-pkix@imc.org > > > Subject: RE: One last comment on DPD requirements > > > > > > > > > > > > Santosh: > > > > > > I think that a DPD server will likely perform path > > > validation. Clients > > > will not be happy if the paths that they are given are often > > > invalid. Clearly, the DPD server cannot know all of the > > > parameters that > > > the client will use for path validation (otherwise it would be a DPV > > > server), but it can make some very reasonable assumptions to > > > ensure that > > > grossly invalid paths are not returned. > > > > > > Russ > > > > > > At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: > > > >Russ: > > > > > > > >I agree with you, but for a different reason. I do not think this is > > > >application specific issue. I think it is the path > > > validation issue. I > > > >do not think that the DPD server can know which paths are > > > good without > > > >doing a validation also, specially to see if there will be any name > > > >constraints or certificate policy related failures. > > > > > > > >-----Original Message----- > > > >From: owner-ietf-pkix@mail.imc.org > > > [mailto:owner-ietf-pkix@mail.imc.org] > > > >On Behalf Of Housley, Russ > > > >Sent: Wednesday, April 03, 2002 2:12 PM > > > >To: Ambarish Malpani; Stephen Kent > > > >Cc: ietf-pkix@imc.org > > > >Subject: Re: One last comment on DPD requirements > > > > > > > > > > > > > > > >Steve & Ambarish: > > > > > > > > >>Hi Group, > > > > >> One last (slightly late) comment on the DPD > > > requirements that has > > > > > > > > >>been troubling me: > > > > >> > > > > >>In the DPD requirements, there is a reasonable amount of text that > > > > >>talks about how a server can return multiple paths back > > > to the client > > > > >>(to allow the client to decide which path is the best). > > > > >> > > > > >>The main goal of DPD is to try and simplify the client. > > > In how many > > > > >>cases do people really want multiple paths back from the > > > server. While > > > > > > > > >>it is the right requirement in principal, do folks really think > > > > >>clients will want multiple paths back from a DPD server? > > > Are we adding > > > > > > > > >>the additional flexiblity/complexity just for technical purity? > > > > >> > > > > >>Comments will be appreciated. > > > > >> > > > > >>Regards, > > > > >>Ambarish > > > > > > > > > >I too would favor simplifying the protocol requirement > > > here. Some folks > > > > >have suggested motivations for multiple paths, but this > > > does seem to > > > > >conflict with the fundamental goal of creating a protocol > > > to satisfy > > > >the > > > > >needs of thin clients. > > > > > > > > > >Steve > > > > > > > >I agree with your goal. It is far better for the client to tell the > > > >server > > > >what it wants, then get back a single path that satisfies all of the > > > >requirements. To do this, we need to be able to fully specify the > > > >clients > > > >criteria and send them to the server. I think that we know how to do > > > >this > > > >for many PKI-enabled applications, but I am not sure that we > > > know how to > > > >do > > > >it for all applications, especially ones that are yet to be > > > developed. > > > > > > > >This leaves us with two choices. Either the protocol > > > returns multiple > > > >certification paths (the approach in the current document) or the > > > >protocol > > > >requires the client to adequately specify its criteria. > > > This could be > > > >done > > > >with the path discovery policy. If we adopt this > > > alternative, we should > > > > > > > >include additional text so that implements expect > > > application-specific > > > >(perhaps several application-specific path discovery policy > > > if there are > > > > > > > >multiple roles in the application). > > > > > > > >Russ > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35E4hZ15495 for ietf-pkix-bks; Fri, 5 Apr 2002 06:04:43 -0800 (PST) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35E4em15491 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 06:04:41 -0800 (PST) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g35E4ab17047 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 15:04:36 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a130e39ee0a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 14:59:16 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id PAA01965; Fri, 5 Apr 2002 15:04:33 +0100 Message-ID: <3CADAEF3.512E140F@baltimore.ie> Date: Fri, 05 Apr 2002 15:04:35 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <3CADA4C5.4D39FFD8@baltimore.ie> <3CADA776.8F4D7E6A@bull.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Denis Pinkas wrote: > > Steve, > > > *If* relaying support/capability is to be considered as a > > MUST/SHOULD/MAY requirement for a DPV protocol, then should > > re-direction be handled similarly? (Note: I'm not proposing > > that it should be, just asking!) > > > > By re-direction I mean: > > > > Alice: Hey Bob - is this key good? > > Robert: Dunno Alice - but Charlie might know. > > Alice: Hey Charles - is this key good? > > Chaz: Yep. > > This is not relaying, but referral. Depends whether you're of DAP or HTTP vintage I guess:-) > Referral is not supported. That is one possible answer and may well be the concensus, I guess we'll see. In any case, re-direct/referral would only be an issue depending on what happens with relaying is my guess. Stephen. > > Denis > > > Stephen. > > > > Tim Polk wrote: > > > > > > Peter Sylvester has stated a requirement for DPV servers to relay requests > > > to one another: > > > > > > > > > > >There is a requirement, similar as for OCSP caches, > > > >that server just relays a request to another. This had been > > > >discussed several times, the differences had only been to > > > >what degree the relaying should become visible; whether one > > > >server can rewrite/resigns the answers of another etc. > > > >Relaying via cache is an obvious feature in many OCSP implementation, > > > >how do they protect itself against loops between two servers? > > > > > > > > > > I believe this is an open issue, and would like to start a new discussion > > > thread limited to this topic. > > > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > > servers. If a server cannot satisfy a request directly, it may relay the > > > request to a different server. We'll assume the server is smart enough not > > > to relay a request back to the requester. (That is, if server A relays a > > > request to Server B, B may relay it to Server C but not A.) > > > > > > (1) Assume Alice requests a valid path for Bob's certificate from Server A, > > > when none exists. > > > (2) Server A relays the request to Server B, since it cannot satisfy it > > > directly. (A could have chosen Server C; it is irrelevant.) > > > (3) Server B relays the request to Server C, since it cannot satisfy it > > > directly. (C could not choose A, since it was the requester.) > > > (4) Server C relays the request to Server A, since it cannot satisfy it > > > directly. (A could not choose B, since it was the requester.) > > > > > > At this point, either A must maintain state and recognize that the request > > > has cycled around or the protocol has to handle this by maintaining a > > > history list. > > > > > > Peter, please confirm that I have characterized the problem correctly (or > > > post the right scenario)! I am not personally convinced that blind > > > relaying amongst DPV servers is a requirement. > > > > > > IMHO, DPV relaying would be limited to the scenario where each Server was > > > authoritative for a particular community (perhaps based on privately held > > > status information). Alice directs all requests to Server A to simplify > > > her life. Server A would be able to determine which server (B or C) could > > > possibly satisfy the request based on Bob's certificate. > > > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > > imposing no additional requirements... > > > > > > Thanks, > > > > > > Tim Polk > > > > -- > > ____________________________________________________________ > > Stephen Farrell > > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > > 39 Parkgate Street, fax: +353 1 881 7000 > > Dublin 8. mailto:stephen.farrell@baltimore.ie > > Ireland http://www.baltimore.com -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35DXLK11941 for ietf-pkix-bks; Fri, 5 Apr 2002 05:33:21 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35DXJm11937 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 05:33:20 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA12680; Fri, 5 Apr 2002 15:35:48 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040515324718:215 ; Fri, 5 Apr 2002 15:32:47 +0200 Message-ID: <3CADA776.8F4D7E6A@bull.net> Date: Fri, 05 Apr 2002 15:32:38 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: stephen.farrell@baltimore.ie CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> <3CADA4C5.4D39FFD8@baltimore.ie> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 15:32:47, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 15:33:18, Serialize complete at 05/04/2002 15:33:18 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve, > *If* relaying support/capability is to be considered as a > MUST/SHOULD/MAY requirement for a DPV protocol, then should > re-direction be handled similarly? (Note: I'm not proposing > that it should be, just asking!) > > By re-direction I mean: > > Alice: Hey Bob - is this key good? > Robert: Dunno Alice - but Charlie might know. > Alice: Hey Charles - is this key good? > Chaz: Yep. This is not relaying, but referral. The issue was about relaying, not referral. Referral is not supported. Denis > Stephen. > > Tim Polk wrote: > > > > Peter Sylvester has stated a requirement for DPV servers to relay requests > > to one another: > > > > > > > >There is a requirement, similar as for OCSP caches, > > >that server just relays a request to another. This had been > > >discussed several times, the differences had only been to > > >what degree the relaying should become visible; whether one > > >server can rewrite/resigns the answers of another etc. > > >Relaying via cache is an obvious feature in many OCSP implementation, > > >how do they protect itself against loops between two servers? > > > > > > > I believe this is an open issue, and would like to start a new discussion > > thread limited to this topic. > > > > As I understand Peter's scenario, there are three mutually trusting DPV > > servers. If a server cannot satisfy a request directly, it may relay the > > request to a different server. We'll assume the server is smart enough not > > to relay a request back to the requester. (That is, if server A relays a > > request to Server B, B may relay it to Server C but not A.) > > > > (1) Assume Alice requests a valid path for Bob's certificate from Server A, > > when none exists. > > (2) Server A relays the request to Server B, since it cannot satisfy it > > directly. (A could have chosen Server C; it is irrelevant.) > > (3) Server B relays the request to Server C, since it cannot satisfy it > > directly. (C could not choose A, since it was the requester.) > > (4) Server C relays the request to Server A, since it cannot satisfy it > > directly. (A could not choose B, since it was the requester.) > > > > At this point, either A must maintain state and recognize that the request > > has cycled around or the protocol has to handle this by maintaining a > > history list. > > > > Peter, please confirm that I have characterized the problem correctly (or > > post the right scenario)! I am not personally convinced that blind > > relaying amongst DPV servers is a requirement. > > > > IMHO, DPV relaying would be limited to the scenario where each Server was > > authoritative for a particular community (perhaps based on privately held > > status information). Alice directs all requests to Server A to simplify > > her life. Server A would be able to determine which server (B or C) could > > possibly satisfy the request based on Bob's certificate. > > > > Even though relaying occurred, Server A acted as a simple DPV client, > > imposing no additional requirements... > > > > Thanks, > > > > Tim Polk > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35DLDf11660 for ietf-pkix-bks; Fri, 5 Apr 2002 05:21:13 -0800 (PST) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35DLAm11654 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 05:21:11 -0800 (PST) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g35DLAb15914 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 14:21:10 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a12e677a50a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 14:15:50 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id OAA01188; Fri, 5 Apr 2002 14:21:07 +0100 Message-ID: <3CADA4C5.4D39FFD8@baltimore.ie> Date: Fri, 05 Apr 2002 14:21:09 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Tim Polk <tim.polk@nist.gov> CC: ietf-pkix@imc.org Subject: Re: Open issue: DPV relay References: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> *If* relaying support/capability is to be considered as a MUST/SHOULD/MAY requirement for a DPV protocol, then should re-direction be handled similarly? (Note: I'm not proposing that it should be, just asking!) By re-direction I mean: Alice: Hey Bob - is this key good? Robert: Dunno Alice - but Charlie might know. Alice: Hey Charles - is this key good? Chaz: Yep. Stephen. Tim Polk wrote: > > Peter Sylvester has stated a requirement for DPV servers to relay requests > to one another: > > > > >There is a requirement, similar as for OCSP caches, > >that server just relays a request to another. This had been > >discussed several times, the differences had only been to > >what degree the relaying should become visible; whether one > >server can rewrite/resigns the answers of another etc. > >Relaying via cache is an obvious feature in many OCSP implementation, > >how do they protect itself against loops between two servers? > > > > I believe this is an open issue, and would like to start a new discussion > thread limited to this topic. > > As I understand Peter's scenario, there are three mutually trusting DPV > servers. If a server cannot satisfy a request directly, it may relay the > request to a different server. We'll assume the server is smart enough not > to relay a request back to the requester. (That is, if server A relays a > request to Server B, B may relay it to Server C but not A.) > > (1) Assume Alice requests a valid path for Bob's certificate from Server A, > when none exists. > (2) Server A relays the request to Server B, since it cannot satisfy it > directly. (A could have chosen Server C; it is irrelevant.) > (3) Server B relays the request to Server C, since it cannot satisfy it > directly. (C could not choose A, since it was the requester.) > (4) Server C relays the request to Server A, since it cannot satisfy it > directly. (A could not choose B, since it was the requester.) > > At this point, either A must maintain state and recognize that the request > has cycled around or the protocol has to handle this by maintaining a > history list. > > Peter, please confirm that I have characterized the problem correctly (or > post the right scenario)! I am not personally convinced that blind > relaying amongst DPV servers is a requirement. > > IMHO, DPV relaying would be limited to the scenario where each Server was > authoritative for a particular community (perhaps based on privately held > status information). Alice directs all requests to Server A to simplify > her life. Server A would be able to determine which server (B or C) could > possibly satisfy the request based on Bob's certificate. > > Even though relaying occurred, Server A acted as a simple DPV client, > imposing no additional requirements... > > Thanks, > > Tim Polk -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35DJBd11608 for ietf-pkix-bks; Fri, 5 Apr 2002 05:19:11 -0800 (PST) Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35DJ9m11603 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 05:19:09 -0800 (PST) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <225VAPKC>; Fri, 5 Apr 2002 08:18:55 -0500 Message-ID: <9A4F653B0A375841AC75A8D17712B9C9030D2275@sottmxs04.entrust.com> From: Tim Moses <tim.moses@entrust.com> To: "'Ambarish Malpani'" <ambarish@valicert.com>, "'Tim Polk'" <tim.polk@nist.gov>, ietf-pkix@imc.org Cc: Peter Sylvester <Peter.Sylvester@edelweb.fr> Subject: RE: Open issue: DPV relay Date: Fri, 5 Apr 2002 08:18:54 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DCA4.6F83F230" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DCA4.6F83F230 Content-Type: text/plain; charset="iso-8859-1" Colleagues - For the sake of generality, I prefer that the protocol be designed to handle paths of arbitrary length, rather than being "hard-wired" to a length of two. As Tim points out, this can be achieved quite easily by allowing a "trace" field in the request. All the best. Tim. ----------------------------------------- Tim Moses Tel: 613.270.3183 -----Original Message----- From: Ambarish Malpani [mailto:ambarish@valicert.com] Sent: Thursday, April 04, 2002 8:44 PM To: 'Tim Polk'; ietf-pkix@imc.org Cc: Peter Sylvester Subject: RE: Open issue: DPV relay Tim, I agree on this - DPV relaying should be supported. I don't think it imposes any additional requirements on the protocol. You wouldn't normally get into loops unless a server were pretty badly misconfigured. In general, the way most OCSP servers work is that they respond for a set of CAs. For others, they either go to a URL specified by the client application or one configured in the server itself. It is possible to set up loops that can have server A ask B who asks A, but I haven't seen this happen practically. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Tim Polk [mailto:tim.polk@nist.gov] > Sent: Thursday, April 04, 2002 3:11 PM > To: ietf-pkix@imc.org > Cc: Peter Sylvester > Subject: Open issue: DPV relay > > > > Peter Sylvester has stated a requirement for DPV servers to > relay requests > to one another: > > > > >There is a requirement, similar as for OCSP caches, > >that server just relays a request to another. This had been > >discussed several times, the differences had only been to > >what degree the relaying should become visible; whether one > >server can rewrite/resigns the answers of another etc. > >Relaying via cache is an obvious feature in many OCSP > implementation, > >how do they protect itself against loops between two servers? > > > > I believe this is an open issue, and would like to start a > new discussion > thread limited to this topic. > > As I understand Peter's scenario, there are three mutually > trusting DPV > servers. If a server cannot satisfy a request directly, it > may relay the > request to a different server. We'll assume the server is > smart enough not > to relay a request back to the requester. (That is, if > server A relays a > request to Server B, B may relay it to Server C but not A.) > > (1) Assume Alice requests a valid path for Bob's certificate > from Server A, > when none exists. > (2) Server A relays the request to Server B, since it cannot > satisfy it > directly. (A could have chosen Server C; it is irrelevant.) > (3) Server B relays the request to Server C, since it cannot > satisfy it > directly. (C could not choose A, since it was the requester.) > (4) Server C relays the request to Server A, since it cannot > satisfy it > directly. (A could not choose B, since it was the requester.) > > At this point, either A must maintain state and recognize > that the request > has cycled around or the protocol has to handle this by maintaining a > history list. > > Peter, please confirm that I have characterized the problem > correctly (or > post the right scenario)! I am not personally convinced that blind > relaying amongst DPV servers is a requirement. > > IMHO, DPV relaying would be limited to the scenario where > each Server was > authoritative for a particular community (perhaps based on > privately held > status information). Alice directs all requests to Server A > to simplify > her life. Server A would be able to determine which server > (B or C) could > possibly satisfy the request based on Bob's certificate. > > Even though relaying occurred, Server A acted as a simple DPV client, > imposing no additional requirements... > > Thanks, > > Tim Polk > ------_=_NextPart_001_01C1DCA4.6F83F230 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: Open issue: DPV relay</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Colleagues - For the sake of generality, I prefer = that the protocol be designed to handle paths of arbitrary length, = rather than being "hard-wired" to a length of two. As = Tim points out, this can be achieved quite easily by allowing a = "trace" field in the request. All the best. = Tim.</FONT></P> <P><FONT SIZE=3D2>-----------------------------------------</FONT> <BR><FONT SIZE=3D2>Tim Moses</FONT> <BR><FONT SIZE=3D2>Tel: 613.270.3183</FONT> </P> <BR> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Ambarish Malpani [<A = HREF=3D"mailto:ambarish@valicert.com">mailto:ambarish@valicert.com</A>]<= /FONT> <BR><FONT SIZE=3D2>Sent: Thursday, April 04, 2002 8:44 PM</FONT> <BR><FONT SIZE=3D2>To: 'Tim Polk'; ietf-pkix@imc.org</FONT> <BR><FONT SIZE=3D2>Cc: Peter Sylvester</FONT> <BR><FONT SIZE=3D2>Subject: RE: Open issue: DPV relay</FONT> </P> <BR> <BR> <BR> <P><FONT SIZE=3D2>Tim,</FONT> <BR><FONT SIZE=3D2> I agree on this - DPV relaying = should be supported. I don't</FONT> <BR><FONT SIZE=3D2>think it imposes any additional requirements on the = protocol.</FONT> <BR><FONT SIZE=3D2>You wouldn't normally get into loops unless a server = were pretty</FONT> <BR><FONT SIZE=3D2>badly misconfigured.</FONT> </P> <P><FONT SIZE=3D2>In general, the way most OCSP servers work is that = they respond</FONT> <BR><FONT SIZE=3D2>for a set of CAs. For others, they either go to a = URL specified</FONT> <BR><FONT SIZE=3D2>by the client application or one configured in the = server itself.</FONT> </P> <P><FONT SIZE=3D2>It is possible to set up loops that can have server A = ask B who asks</FONT> <BR><FONT SIZE=3D2>A, but I haven't seen this happen = practically.</FONT> </P> <P><FONT SIZE=3D2>Regards,</FONT> <BR><FONT SIZE=3D2>Ambarish</FONT> </P> <P><FONT = SIZE=3D2>---------------------------------------------------------------= ------</FONT> <BR><FONT SIZE=3D2>Ambarish Malpani</FONT> <BR><FONT SIZE=3D2>Chief = Architect &nb= sp; &nb= sp; &nb= sp; 650.567.5457</FONT> <BR><FONT SIZE=3D2>ValiCert, = Inc. &n= bsp; &n= bsp; = ambarish@valicert.com</FONT> <BR><FONT SIZE=3D2>1215 Terra Bella = Ave. &n= bsp; &n= bsp; <A HREF=3D"http://www.valicert.com" = TARGET=3D"_blank">http://www.valicert.com</A></FONT> <BR><FONT SIZE=3D2>Mountain View, CA 94043</FONT> </P> <BR> <P><FONT SIZE=3D2>> -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> From: Tim Polk [<A = HREF=3D"mailto:tim.polk@nist.gov">mailto:tim.polk@nist.gov</A>]</FONT> <BR><FONT SIZE=3D2>> Sent: Thursday, April 04, 2002 3:11 PM</FONT> <BR><FONT SIZE=3D2>> To: ietf-pkix@imc.org</FONT> <BR><FONT SIZE=3D2>> Cc: Peter Sylvester</FONT> <BR><FONT SIZE=3D2>> Subject: Open issue: DPV relay</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Peter Sylvester has stated a requirement for = DPV servers to </FONT> <BR><FONT SIZE=3D2>> relay requests </FONT> <BR><FONT SIZE=3D2>> to one another:</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> >There is a requirement, similar as = for OCSP caches,</FONT> <BR><FONT SIZE=3D2>> >that server just relays a request to = another. This had been</FONT> <BR><FONT SIZE=3D2>> >discussed several times, the = differences had only been to</FONT> <BR><FONT SIZE=3D2>> >what degree the relaying should = become visible; whether one</FONT> <BR><FONT SIZE=3D2>> >server can rewrite/resigns the = answers of another etc.</FONT> <BR><FONT SIZE=3D2>> >Relaying via cache is an obvious = feature in many OCSP </FONT> <BR><FONT SIZE=3D2>> implementation,</FONT> <BR><FONT SIZE=3D2>> >how do they protect itself against = loops between two servers?</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> I believe this is an open issue, and would like = to start a </FONT> <BR><FONT SIZE=3D2>> new discussion </FONT> <BR><FONT SIZE=3D2>> thread limited to this topic.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> As I understand Peter's scenario, there are = three mutually </FONT> <BR><FONT SIZE=3D2>> trusting DPV </FONT> <BR><FONT SIZE=3D2>> servers. If a server cannot satisfy a = request directly, it </FONT> <BR><FONT SIZE=3D2>> may relay the </FONT> <BR><FONT SIZE=3D2>> request to a different server. We'll = assume the server is </FONT> <BR><FONT SIZE=3D2>> smart enough not </FONT> <BR><FONT SIZE=3D2>> to relay a request back to the requester. = (That is, if </FONT> <BR><FONT SIZE=3D2>> server A relays a </FONT> <BR><FONT SIZE=3D2>> request to Server B, B may relay it to Server C = but not A.)</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> (1) Assume Alice requests a valid path for = Bob's certificate </FONT> <BR><FONT SIZE=3D2>> from Server A, </FONT> <BR><FONT SIZE=3D2>> when none exists.</FONT> <BR><FONT SIZE=3D2>> (2) Server A relays the request to Server B, = since it cannot </FONT> <BR><FONT SIZE=3D2>> satisfy it </FONT> <BR><FONT SIZE=3D2>> directly. (A could have chosen Server C; it is = irrelevant.)</FONT> <BR><FONT SIZE=3D2>> (3) Server B relays the request to Server C, = since it cannot </FONT> <BR><FONT SIZE=3D2>> satisfy it </FONT> <BR><FONT SIZE=3D2>> directly. (C could not choose A, since it = was the requester.)</FONT> <BR><FONT SIZE=3D2>> (4) Server C relays the request to Server A, = since it cannot </FONT> <BR><FONT SIZE=3D2>> satisfy it </FONT> <BR><FONT SIZE=3D2>> directly. (A could not choose B, since it = was the requester.)</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> At this point, either A must maintain state and = recognize </FONT> <BR><FONT SIZE=3D2>> that the request </FONT> <BR><FONT SIZE=3D2>> has cycled around or the protocol has to handle = this by maintaining a </FONT> <BR><FONT SIZE=3D2>> history list.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Peter, please confirm that I have characterized = the problem </FONT> <BR><FONT SIZE=3D2>> correctly (or </FONT> <BR><FONT SIZE=3D2>> post the right scenario)! I am not = personally convinced that blind </FONT> <BR><FONT SIZE=3D2>> relaying amongst DPV servers is a = requirement.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> IMHO, DPV relaying would be limited to the = scenario where </FONT> <BR><FONT SIZE=3D2>> each Server was </FONT> <BR><FONT SIZE=3D2>> authoritative for a particular community = (perhaps based on </FONT> <BR><FONT SIZE=3D2>> privately held </FONT> <BR><FONT SIZE=3D2>> status information). Alice directs all = requests to Server A </FONT> <BR><FONT SIZE=3D2>> to simplify </FONT> <BR><FONT SIZE=3D2>> her life. Server A would be able to = determine which server </FONT> <BR><FONT SIZE=3D2>> (B or C) could </FONT> <BR><FONT SIZE=3D2>> possibly satisfy the request based on Bob's = certificate.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Even though relaying occurred, Server A acted = as a simple DPV client, </FONT> <BR><FONT SIZE=3D2>> imposing no additional requirements...</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Thanks,</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Tim Polk</FONT> <BR><FONT SIZE=3D2>> </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1DCA4.6F83F230-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35D2lp11300 for ietf-pkix-bks; Fri, 5 Apr 2002 05:02:47 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35D2jm11296 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 05:02:45 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA26098; Fri, 5 Apr 2002 15:05:14 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040515022123:209 ; Fri, 5 Apr 2002 15:02:21 +0200 Message-ID: <3CADA058.7B099920@bull.net> Date: Fri, 05 Apr 2002 15:02:16 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tim Polk <tim.polk@nist.gov> CC: ietf-pkix@imc.org Subject: Re: Summary:open issues for draft-ietf-pkix-dpv-dpd-req-03.txt References: <200203291203.HAA09250@ietf.org> <4.2.0.58.20020404163809.01ba0560@email.nist.gov> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 15:02:21, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 15:02:43, Serialize complete at 05/04/2002 15:02:43 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, > Folks, > > I think the discussion is converging here, and thought a summary was in > order. > > There are a number of issues that were raised on the list and have > demonstrated consensus on the list. (I will not enumerate them.) > Proposed text has been submitted to the list and I sense general > satisfaction with that text. > > However, there are two open issues that must be resolved before we forward > the document to the Area Directors. > Open Issue #1 > The first issue involves "DPV relay". Peter Sylvester has stated a > requirement for DPV servers to relay requests to one another: > >There is a requirement, similar as for OCSP caches, > >that server just relays a request to another. This had been > >discussed several times, the differences had only been to > >what degree the relaying should become visible; whether one > >server can rewrite/resigns the answers of another etc. > >Relaying via cache is an obvious feature in many OCSP implementation, > >how do they protect itself against loops between two servers? > I understand this issue remains open. The proposed resolution to close this issue is the following: " In case a DPV server chooses to relay the request to another server using the same protocol, a method to detect loops MUST be supported by that relaying server." > Open Issue #2 > The second issue is conformance requirements for multiple paths in the DPD > service. As I read it, the current draft requires support for multiple > paths at the server, but not the client. The client may request a maximum > number of paths N; if the request does not specify N, it defaults to one. > The DPD server includes zero, one, or up to N paths in a response. If the > number of paths is less than N, this indicates that the server could not > find as many paths as the client requested. > Since the DPD process is performed with respect to a policy, just as in > DPV, Not exactly. A validation policy does not equate a path discovery policy. A validation policy shall be set to return a path that meets all the criteria from the requester since one and only path valid path is returned. A path discovery policy may be much more simple and, for example, only specify one trust anchor and say that all CRLs that may be found should be returned. So in that case, many certification paths could be returned and the client will locally apply additional criteria. > it has been suggested that a DPD server could be designed to always > return a single path. The suggestion has been made, but this does not work. See the argument above. > If the specified policy matches the path validation > process performed at the client (e.g., same certificate policies and same > trust anchor) the client should be able to use that path. > However, this could result in an ambiguity. How does the DPD client that > requested three paths tell the difference between the following answers: > "I gave you one path because it is the only one that exists" > and > "I gave you one path 'cause that's the way I was designed" > > In the case where the single path failed, a client may need to know the > difference! This problem would exist *if* the suggestion that a DPD server could be designed to always return a single path was valid, but it is not. No change to the current wording of the document is needed. I hope we can close this issue too. Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35CpQ911055 for ietf-pkix-bks; Fri, 5 Apr 2002 04:51:26 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35CpOm11051 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 04:51:24 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA20988; Fri, 5 Apr 2002 14:53:39 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040514505421:207 ; Fri, 5 Apr 2002 14:50:54 +0200 Message-ID: <3CAD9DAA.BBC59C24@bull.net> Date: Fri, 05 Apr 2002 14:50:50 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Ambarish Malpani <ambarish@valicert.com> CC: "'Housley, Russ'" <rhousley@rsasecurity.com>, Santosh Chokhani <chokhani@orionsec.com>, ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5363@polaris.valicert.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 14:50:54, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 14:51:09, Serialize complete at 05/04/2002 14:51:09 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ambarish, > Russ, > A minor nit - a DPD server might also be a DPV server, who > a client is not willing to trust (and whose work the client wants > to verify for itself). This is not a minor nit. A DPV server is always trusted by the client, while a DPD server does not need to be trusted. A DPV server is not necessarily trusted by *other* clients. So the case of an untrusted DPV server, as mentionned, does not exist. Denis > To summarize, what I think what I hear you, Santosh and Steve say > is that it might make sense to require a DPD server to return a > single path back, but if we want to enable that, we need to let > the client specify his requirements more precisely. Is that > correct? > > It would make sense to show (in the protocol doc), what those > requirements are for protocols like S/MIME, TLS, IPSec and let > other protocols define their own requirements if they can't > fit into one of the three above. > > Does that make sense to you? What about others on the list? > > Regards, > Ambarish > > --------------------------------------------------------------------- > Ambarish Malpani > Chief Architect 650.567.5457 > ValiCert, Inc. ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043 > > > -----Original Message----- > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > Sent: Thursday, April 04, 2002 7:00 AM > > To: Santosh Chokhani > > Cc: ietf-pkix@imc.org > > Subject: RE: One last comment on DPD requirements > > > > > > > > Santosh: > > > > I think that a DPD server will likely perform path > > validation. Clients > > will not be happy if the paths that they are given are often > > invalid. Clearly, the DPD server cannot know all of the > > parameters that > > the client will use for path validation (otherwise it would be a DPV > > server), but it can make some very reasonable assumptions to > > ensure that > > grossly invalid paths are not returned. > > > > Russ > > > > At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: > > >Russ: > > > > > >I agree with you, but for a different reason. I do not think this is > > >application specific issue. I think it is the path > > validation issue. I > > >do not think that the DPD server can know which paths are > > good without > > >doing a validation also, specially to see if there will be any name > > >constraints or certificate policy related failures. > > > > > >-----Original Message----- > > >From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] > > >On Behalf Of Housley, Russ > > >Sent: Wednesday, April 03, 2002 2:12 PM > > >To: Ambarish Malpani; Stephen Kent > > >Cc: ietf-pkix@imc.org > > >Subject: Re: One last comment on DPD requirements > > > > > > > > > > > >Steve & Ambarish: > > > > > > >>Hi Group, > > > >> One last (slightly late) comment on the DPD > > requirements that has > > > > > > >>been troubling me: > > > >> > > > >>In the DPD requirements, there is a reasonable amount of text that > > > >>talks about how a server can return multiple paths back > > to the client > > > >>(to allow the client to decide which path is the best). > > > >> > > > >>The main goal of DPD is to try and simplify the client. > > In how many > > > >>cases do people really want multiple paths back from the > > server. While > > > > > > >>it is the right requirement in principal, do folks really think > > > >>clients will want multiple paths back from a DPD server? > > Are we adding > > > > > > >>the additional flexiblity/complexity just for technical purity? > > > >> > > > >>Comments will be appreciated. > > > >> > > > >>Regards, > > > >>Ambarish > > > > > > > >I too would favor simplifying the protocol requirement > > here. Some folks > > > >have suggested motivations for multiple paths, but this > > does seem to > > > >conflict with the fundamental goal of creating a protocol > > to satisfy > > >the > > > >needs of thin clients. > > > > > > > >Steve > > > > > >I agree with your goal. It is far better for the client to tell the > > >server > > >what it wants, then get back a single path that satisfies all of the > > >requirements. To do this, we need to be able to fully specify the > > >clients > > >criteria and send them to the server. I think that we know how to do > > >this > > >for many PKI-enabled applications, but I am not sure that we > > know how to > > >do > > >it for all applications, especially ones that are yet to be > > developed. > > > > > >This leaves us with two choices. Either the protocol > > returns multiple > > >certification paths (the approach in the current document) or the > > >protocol > > >requires the client to adequately specify its criteria. > > This could be > > >done > > >with the path discovery policy. If we adopt this > > alternative, we should > > > > > >include additional text so that implements expect > > application-specific > > >(perhaps several application-specific path discovery policy > > if there are > > > > > >multiple roles in the application). > > > > > >Russ > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35Cj1g10768 for ietf-pkix-bks; Fri, 5 Apr 2002 04:45:01 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35Cj0m10757 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 04:45:00 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA20958; Fri, 5 Apr 2002 14:47:26 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040514444595:206 ; Fri, 5 Apr 2002 14:44:45 +0200 Message-ID: <3CAD9C3A.BF231036@bull.net> Date: Fri, 05 Apr 2002 14:44:42 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com>, Ambarish Malpani <ambarish@valicert.com> CC: ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <5.1.0.14.2.20020404164143.02f11d00@exna07.securitydynamics.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 14:44:46, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 14:44:55, Serialize complete at 05/04/2002 14:44:55 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Ambarish: > I am fine with this. .. but I am not. > Russ > > At 11:35 AM 4/4/2002 -0800, Ambarish Malpani wrote: > > >Denis, Russ, > > I agree with the first phrase: > > > > > "The protocol MUST prevent replay attacks, and the replay prevention > > > mechanism employed by the protocol MUST NOT rely on clocks being > > > synchronized with UTC." > >I don't agree with the requirement that a response needs to > >contain all the information from the query in itself. That could > >result in a lot of extra information that needs to be carried in > >the response over what might be a bandwidth constrained channel. The proposal does not mandate this. The proposal from Russ (and I fully agree with his proposal) is: "The DPV client MUST be able to confirm that the DPV server-generated response was constructed from the client's request. When the response indicates certificate validity, the response MUST allow the DPV client to readily confirm that the response was made for the requested certificate and for the requested validation policy, including associated parameters, if any." The first sentence is easily met using a hash from the request. Hence the response does not need to contain all the information from the query. > >In all cases, being able to tie the response to the request does > >the job. If a client needs to be able to show that this response > >was for a particular certificate, it can retain the original > >request. This is exactly what is *not* desirable for thin clients, because the argument you raised would then apply: this would result in a lot of extra information that needs to be kept by the thin client. > If the client doesn't need to be able to prove that, it > >can discard the request after it gets the response. I don't see > >why the response needs to contain > > "the requested validation policy, including associated > > parameters, if any." Exactly for the reason that it is not desirable to keep the whole request, e.g. when it is needed to prove two years later that you got a valid response. Hence the reason to maintain the second sentence: "When the response indicates certificate validity, the response MUST allow the DPV client to readily confirm that the response was made for the requested certificate and for the requested validation policy, including associated parameters, if any." Denis > >I would prefer the second statement to read: > > > >The DPV client MUST be able to confirm that the DPV server-generated > >response was constructed for the client's request. > > > >(NOTE: I changed Russ's "from" to "for") > > > >A > > > > > > > > > >--------------------------------------------------------------------- > >Ambarish Malpani > >Chief Architect 650.567.5457 > >ValiCert, Inc. ambarish@valicert.com > >1215 Terra Bella Ave. http://www.valicert.com > >Mountain View, CA 94043 > > > > > > > -----Original Message----- > > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > > Sent: Thursday, April 04, 2002 8:21 AM > > > To: Denis Pinkas > > > Cc: ambarish@valicert.com; ietf-pkix@imc.org > > > Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > > Denis: > > > > > > I prefer the following wording. I think it provides the same > > > end result. > > > > > > "The protocol MUST prevent replay attacks, and the replay prevention > > > mechanism employed by the protocol MUST NOT rely on clocks being > > > synchronized with UTC." > > > > > > (...) > > > > > > The DPV client MUST be able to confirm that the DPV server-generated > > > response was constructed from the client's request. When the > > > response > > > indicates certificate validity, the response MUST allow the > > > DPV client to > > > readily confirm that the response was made for the requested > > > certificate > > > and for the requested validation policy, including associated > > > parameters, > > > if any." > > > > > > Russ > > > > > > > > > At 03:30 PM 4/4/2002 +0200, Denis Pinkas wrote: > > > >"The protocol MUST prevent replay attacks, including for the > > > case where > > > >the client does not have a clock synchronized with UTC. > > > > > > > >(...) > > > > > > > >The requester MUST be able to verify that the response was > > > constructed > > > >taking into consideration all the parameters from the > > > request. In addition, > > > >without the need to store the request, a requester SHALL be > > > able to prove > > > >that a valid DPV response was made for a given certificate > > > and for a given > > > >validation policy, including associated parameters, if any." > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35CcL610368 for ietf-pkix-bks; Fri, 5 Apr 2002 04:38:21 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35CcJm10363 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 04:38:19 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id OAA06706; Fri, 5 Apr 2002 14:40:42 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040514380521:204 ; Fri, 5 Apr 2002 14:38:05 +0200 Message-ID: <3CAD9AA9.B22FBD07@bull.net> Date: Fri, 05 Apr 2002 14:38:01 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: Ambarish Malpani <ambarish@valicert.com>, ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements References: <5.1.0.14.2.20020404163623.02edeba8@exna07.securitydynamics.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 14:38:05, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 14:38:12, Serialize complete at 05/04/2002 14:38:12 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, > Ambarish: > > Tim Polk and I just discussed this on the phone. I will share my > conclusion form the conversation (which might be different than Tim's > conclusion). I think that we need to allow for multiple certificates to be > returned, but the default should be to return just one. If the client > wants more than one, it needs to explicitly request them (up to a maximum > number). I fully agree. > If the server does not support returning extra certificates, then Hum ... I guess, this is not what you mean. A DPD server returns certification paths, not certificates. > it should just return one, but it should include a status code that says, > "I do not support the option you requested, but I thought that I should > give you one just in case it meets your needs." I have problems with that complicated meaning. All returned paths must meet the criteria set by the path discovery policy. Paths that do not meet the criteria are not returned. Such a (complicated) status is not needed. Denis > Russ > > At 11:11 AM 4/4/2002 -0800, Ambarish Malpani wrote: > > >Russ, > > A minor nit - a DPD server might also be a DPV server, who > >a client is not willing to trust (and whose work the client wants > >to verify for itself). > > > >To summarize, what I think what I hear you, Santosh and Steve say > >is that it might make sense to require a DPD server to return a > >single path back, but if we want to enable that, we need to let > >the client specify his requirements more precisely. Is that > >correct? > > > >It would make sense to show (in the protocol doc), what those > >requirements are for protocols like S/MIME, TLS, IPSec and let > >other protocols define their own requirements if they can't > >fit into one of the three above. > > > >Does that make sense to you? What about others on the list? > > > >Regards, > >Ambarish > > > > > > > >--------------------------------------------------------------------- > >Ambarish Malpani > >Chief Architect 650.567.5457 > >ValiCert, Inc. ambarish@valicert.com > >1215 Terra Bella Ave. http://www.valicert.com > >Mountain View, CA 94043 > > > > > > > -----Original Message----- > > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > > Sent: Thursday, April 04, 2002 7:00 AM > > > To: Santosh Chokhani > > > Cc: ietf-pkix@imc.org > > > Subject: RE: One last comment on DPD requirements > > > > > > > > > > > > Santosh: > > > > > > I think that a DPD server will likely perform path > > > validation. Clients > > > will not be happy if the paths that they are given are often > > > invalid. Clearly, the DPD server cannot know all of the > > > parameters that > > > the client will use for path validation (otherwise it would be a DPV > > > server), but it can make some very reasonable assumptions to > > > ensure that > > > grossly invalid paths are not returned. > > > > > > Russ > > > > > > At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: > > > >Russ: > > > > > > > >I agree with you, but for a different reason. I do not think this is > > > >application specific issue. I think it is the path > > > validation issue. I > > > >do not think that the DPD server can know which paths are > > > good without > > > >doing a validation also, specially to see if there will be any name > > > >constraints or certificate policy related failures. > > > > > > > >-----Original Message----- > > > >From: owner-ietf-pkix@mail.imc.org > > > [mailto:owner-ietf-pkix@mail.imc.org] > > > >On Behalf Of Housley, Russ > > > >Sent: Wednesday, April 03, 2002 2:12 PM > > > >To: Ambarish Malpani; Stephen Kent > > > >Cc: ietf-pkix@imc.org > > > >Subject: Re: One last comment on DPD requirements > > > > > > > > > > > > > > > >Steve & Ambarish: > > > > > > > > >>Hi Group, > > > > >> One last (slightly late) comment on the DPD > > > requirements that has > > > > > > > > >>been troubling me: > > > > >> > > > > >>In the DPD requirements, there is a reasonable amount of text that > > > > >>talks about how a server can return multiple paths back > > > to the client > > > > >>(to allow the client to decide which path is the best). > > > > >> > > > > >>The main goal of DPD is to try and simplify the client. > > > In how many > > > > >>cases do people really want multiple paths back from the > > > server. While > > > > > > > > >>it is the right requirement in principal, do folks really think > > > > >>clients will want multiple paths back from a DPD server? > > > Are we adding > > > > > > > > >>the additional flexiblity/complexity just for technical purity? > > > > >> > > > > >>Comments will be appreciated. > > > > >> > > > > >>Regards, > > > > >>Ambarish > > > > > > > > > >I too would favor simplifying the protocol requirement > > > here. Some folks > > > > >have suggested motivations for multiple paths, but this > > > does seem to > > > > >conflict with the fundamental goal of creating a protocol > > > to satisfy > > > >the > > > > >needs of thin clients. > > > > > > > > > >Steve > > > > > > > >I agree with your goal. It is far better for the client to tell the > > > >server > > > >what it wants, then get back a single path that satisfies all of the > > > >requirements. To do this, we need to be able to fully specify the > > > >clients > > > >criteria and send them to the server. I think that we know how to do > > > >this > > > >for many PKI-enabled applications, but I am not sure that we > > > know how to > > > >do > > > >it for all applications, especially ones that are yet to be > > > developed. > > > > > > > >This leaves us with two choices. Either the protocol > > > returns multiple > > > >certification paths (the approach in the current document) or the > > > >protocol > > > >requires the client to adequately specify its criteria. > > > This could be > > > >done > > > >with the path discovery policy. If we adopt this > > > alternative, we should > > > > > > > >include additional text so that implements expect > > > application-specific > > > >(perhaps several application-specific path discovery policy > > > if there are > > > > > > > >multiple roles in the application). > > > > > > > >Russ > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35C1xn08506 for ietf-pkix-bks; Fri, 5 Apr 2002 04:01:59 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35C1um08502 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 04:01:56 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id OAA14636; Fri, 5 Apr 2002 14:01:55 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Fri, 5 Apr 2002 14:01:55 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id OAA18628; Fri, 5 Apr 2002 14:01:54 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id OAA04885; Fri, 5 Apr 2002 14:01:54 +0200 (MET DST) Date: Fri, 5 Apr 2002 14:01:54 +0200 (MET DST) Message-Id: <200204051201.OAA04885@emeriau.edelweb.fr> To: ietf-pkix@imc.org, tim.polk@nist.gov Subject: Re: Open issue: DPV relay Cc: Peter.Sylvester@edelweb.fr Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Thanks Tim for trying to summarize the open points: Actually there are two open issues concerning 'relaying'. *** Issue 1 ***: This is about loop detection and control (of blind relaying??) > > At this point, either A must maintain state and recognize that the request > has cycled around or the protocol has to handle this by maintaining a > history list. You can already have a loop between two entities. The protocol is not necessairily symmetric. You may not necessarily know that the entity you get the request from is the same that you will contact via an URL etc. Yes, and I see a difficulty to maintain state, since the only information you might count on, is the certificate to be validated, and there could be two valid requests for the same cert. > Peter, please confirm that I have characterized the problem correctly (or > post the right scenario)! I am not personally convinced that blind > relaying amongst DPV servers is a requirement. What do you mean by 'blind relaying'? > IMHO, DPV relaying would be limited to the scenario where each Server was > authoritative for a particular community (perhaps based on privately held > status information). Alice directs all requests to Server A to simplify > her life. Server A would be able to determine which server (B or C) could > possibly satisfy the request based on Bob's certificate. > > Even though relaying occurred, Server A acted as a simple DPV client, > imposing no additional requirements... Even if A know that either B or C will finally satisfy a request, A cannot know whether B or C will try to contact another server etc. for whatever reason. Thus, some mechanisms of state keeping or trace or hop count or is needed, statekeeping would require ... left as an exercise to developpers. Thanks to Ambarish's message about potential OCSP problems. The fact that in real life it doesn't happen very often happens ... :-) I'd propose to add a text somewhere? In case a DPV (or DPD) service chooses to relay the request to another service, a method to detect and prohibit loops MUST be applied. *** Issue 2 ***: A DPV server may want to determine the validity status of an intermediate CA certificate, (or even obtain responses from other DPV servers confirming a validity decision). Another scenario is a company server that validates an certificate of another company, it asks the other companies server, and obtains a result. The server *may* choose to create its own response withour revealing the response from the other server (blind relaying?), but it may also choose to give the answer back to the client allow to maintain a proof that the 'other company' has cooperated. Simular to OCSP responses or CRLs which represent assertions about the validity of some cert, a DPV response is also such kind of assertion. I see a requirement that a server may want to add DPV responses in his response in order to create a complete picture of all the assertions he obtained. Answers from Denis always seem to indicate that a DPV response MUST NOT be included in a final response (since *we* do not support relaying). I do not see an essential difference between a CRL repository, an OCSP response and a DPV response. There I propose to add behind "... As an example, an S/MIME message might include such information, and the client can simply copy that information into the DPV request." the text: DPV responses may use information obtained by other DPV transactions performed by the DPV server in order to determine the validity of some certificate in the path. The server MUST be able to include such response in its own final response. Or to replace in the preceding paragraph 'revocation information' by "'status information' such an revocation information of CRLs or OCSP but also other DPV responses.". *** A little nit-picking: Would the authors try and avoid characters like "Æ" instead of "'" as in DPV serverÆs. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g35AcTw01859 for ietf-pkix-bks; Fri, 5 Apr 2002 02:38:29 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g35AcRm01855 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 02:38:27 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id MAA20362; Fri, 5 Apr 2002 12:40:48 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040512374604:184 ; Fri, 5 Apr 2002 12:37:46 +0200 Message-ID: <3CAD7E79.E47C4E2B@bull.net> Date: Fri, 05 Apr 2002 12:37:45 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: ietf-pkix@imc.org Subject: Re: A few comments re: dpv-dpd requirements References: <EOEGJNFMMIBDKGFONJJDKEFKCJAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 12:37:46, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 12:38:21, Serialize complete at 05/04/2002 12:38:21 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Michael, > Russ, Denis: > > The state "unknown" is missing in Section 4, "Delegated Path > Validation Protocol Requirements". The -03 draft currently > reads: > > "The DPV response MUST indicate one of the following two status > alternatives: > > 1) the certificate is valid according to the validation policy. > 2) the certificate is not valid according to the validation > policy." > > I think -04 should read: > > "The DPV response MUST indicate one of the following three > status alternatives: > > 1) the certificate is valid according to the validation policy. > 2) the certificate is not valid according to the validation > policy. > 3) the certificate is unknown to the validation server." I do not think you really mean this, but rather: 3) the validity of the certificate is unknown according to the validation policy. Denis > Thus we remain at {valid, invalid, unknown} as primary initial > states per list-based consensus. Apologies for digging into > this, but it has relevance to the design of state machines. > > Mike Received: by above.proper.com (8.11.6/8.11.3) id g358AYP12403 for ietf-pkix-bks; Fri, 5 Apr 2002 00:10:34 -0800 (PST) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g358AXm12394 for <ietf-pkix@imc.org>; Fri, 5 Apr 2002 00:10:33 -0800 (PST) Received: from sit.fraunhofer.de (pc-pisa [141.12.37.18]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id KAA19731; Fri, 5 Apr 2002 10:09:46 +0200 (MET DST) Message-ID: <3CAD5C04.E61F5D8A@sit.fraunhofer.de> Date: Fri, 05 Apr 2002 10:10:44 +0200 From: Brian Hunter <brian.hunter@sit.fraunhofer.de> X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Steve Hanna <steve.hanna@sun.com> CC: Denis Pinkas <Denis.Pinkas@bull.net>, "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> <5.1.0.14.2.20020403114844.031ba150@exna07.securitydynamics.com> <3CAC1879.533482E1@sit.fraunhofer.de> <3CAC54F4.915D3F1B@bull.net> <3CAC93D8.4C405829@sun.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Actually, trust anchors are *never* part of the path for son-of-2459. > See section 6.1, which defines the valid path as "a sequence of n > certificates [that] satisfies the following conditions: <snip> > So non-self-signed trust anchors (and self-signed trust anchors) > should NOT be considered part of the path for the purposes of > DPD/DPV. True. And thanks for correcting my oversight. Brian Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g357b9p06729 for ietf-pkix-bks; Thu, 4 Apr 2002 23:37:09 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g357b8m06718 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 23:37:08 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA24192; Fri, 5 Apr 2002 09:35:42 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040509325257:142 ; Fri, 5 Apr 2002 09:32:52 +0200 Message-ID: <3CAD5323.B40296E3@bull.net> Date: Fri, 05 Apr 2002 09:32:51 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: "=?iso-8859-1?Q?Jos=E9?= A. =?iso-8859-1?Q?Ma=F1as?=" <jmanas@dit.upm.es> CC: "hermes3.si.c-s.fr" <antoine.bourrouilh@trustycom.fr>, ietf-pkix@imc.org Subject: Re: Comment on RFC 3161 References: <EBZWTNRLKXVMH3WE9ZUOKEY3143.3cabe72d@saturne> <3CAC30A6.9552D46E@dit.upm.es> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 09:32:52, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 05/04/2002 09:33:11, Serialize complete at 05/04/2002 09:33:11 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g357b9m06723 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Good catch ! Here is a proposal to fix it and replace the whole 4.1 : When the reason code extension indicates keyCompromise then all the tokens that have been signed with the corresponding private key SHALL be considered as invalid. When the reason code extension indicates other reasons like affiliationChanged (3) or cessationOfOperation (5), then this reason code is definitive. However, should a key compromise happen later on, it will not be reported by the CA. A good practice will be for the TSA to warn its subscribers in advance for a future revocation, so that they can apply another time-stamp token over the previous one and capture the CRL from the CA that has issued the certificate to the previous time- stamping unit. Denis Note: ISO is working on an extension that will allow to announce in advance the revocation of one certificate or a set of certificates. Once this is done we could consider to support this extension in PKIX. > I think you are right, > and I think it is a problem with any signature: > the status of the cert must be ok when the verification is run. > > For the case of time-stamping, > there is renewal procedure such that an old time-stamp token > is enveloped within a new token thus extending the value > of the first token from the original instant to the > end of the validity of the enveloping token. > If renewal is applied regularly > (always before the outmost key is compromised) > the value may be extended indefinitely. > > Hope it helps, > jam > > "hermes3.si.c-s.fr" wrote: > > > > Hi! > > > > I wonder something about the first security considerations of RFC 3161 (§4.1). > > > > It says that if the TSA private key shall not be used any more and > > is not compromised , > > the corresponding certificate shall be revoked with a reason code. > > Thus any token signed with the corresponding key before the revocation time > > will remain valid. > > > > However we could imagine that the key becomes compromised after the > > revocation, allowing > > the "hacker" to generate time-stamp tokens with a date previous to > > the revocation time. > > Thus false tokens will be consider as valid... > > > > The point is how to get the crucial "before" in " ... before the > > revocation time" . > > > > If someone can help ... > > > > Antoine Bourrouilh > > -- > ----------------------------------------------------------- > Prof. Jose A. Manas mailto:jmanas@dit.upm.es > Dpt. Telematica http://www.dit.upm.es/~pepe/ > E.T.S.I. Telecomunicacion tel: [+34] 91 336 73 25 > Ciudad Universitaria gsm: [+34] 607 73 38 94 > E-28040 Madrid gsm: [+34] 609 62 70 98 > SPAIN fax: [+34] 91.336 73 33 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g356lV327921 for ietf-pkix-bks; Thu, 4 Apr 2002 22:47:31 -0800 (PST) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g356lTm27915 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 22:47:29 -0800 (PST) Received: from northrelay02.pok.ibm.com (northrelay02.pok.us.ibm.com [9.117.200.22]) by e1.ny.us.ibm.com (8.12.2/8.12.2) with ESMTP id g356hUVq333732; Fri, 5 Apr 2002 01:43:30 -0500 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g356ks0146078; Fri, 5 Apr 2002 01:46:54 -0500 Importance: Normal Sensitivity: Subject: Re: WG Last Call: Roadmap To: "todd glassey" <todd.glassey@worldnet.att.net> Cc: "Denis Pinkas" <Denis.Pinkas@bull.net>, <ietf-pkix@imc.org> X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OF78D3D0DD.630AC103-ON85256B92.00222926@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Fri, 5 Apr 2002 01:46:45 -0500 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/05/2002 01:46:54 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Responses below, set off by [Tom] - no initials, for obvious reasons. I don't actually understand why a self-signed certificate is preferable to a cross certificate with constraints as a trust anchor in cases where both exist and refer to the same CA. Tom Gindin "todd glassey" <todd.glassey@worldnet.att.net> on 04/04/2002 12:33:29 PM To: "Denis Pinkas" <Denis.Pinkas@bull.net>, Tom Gindin/Watson/IBM@IBMUS cc: <ietf-pkix@imc.org> Subject: Re: WG Last Call: Roadmap ----- Original Message ----- From: "Denis Pinkas" <Denis.Pinkas@bull.net> To: "Tom Gindin" <tgindin@us.ibm.com> Cc: <ietf-pkix@imc.org> Sent: Wednesday, April 03, 2002 8:15 AM Subject: Re: WG Last Call: Roadmap > > Tom, > > > I have a few issues with this, and some corrections as well. > > > In comment 12, I have two issues. The first one, which is minor, is > > that "one or more Top CA's may be trusted" should refer to root CA's > > instead - the two terms mean the same thing more often than not, but when > > they differ the trust point is the root rather than the top. Perhaps but I would like to point out that the terminology invites confusion. It should refer to whatever is the trust anchor here. The key problem with this use is that the indemnetor or guarantor of the trust may not be the systems operator and so then the "CA's uses only" will stand for first-person models. [Tom] Actually, Todd, the main purpose of distinguishing "root" from "Top" here is to define "root" as equivalent to trust anchor. Perhaps using near-synonyms for these terms is a bad idea, but it's surely better than using the same word for both. > > PKIX-1 states: > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > Note: This is often also called a "Root CA," since in data structures > terms and in graph theory, the node at the top of a tree is the > "root." However, to minimize confusion in this document, we elect to > call this node a "Top CA," and reserve "Root CA" for the CA directly > trusted by the EE." > > The problem lies with the last sentence, i.e. "*the* CA directly trusted by > the EE.". The singular is being used which means that there is a single > one, multiple roots are not permitted, while multiple Top-CAs are permitted. > > > The second is less minor. Is it truly intended that a signing EE > > be permitted to specify the set of trusted CA's for an RP to use in > > verifying a signature? At a minimum, an RP in this model is responsible > > for validating the the set of rules is identical to one it has already > > decided to trust, but there is no reference in the model description to > > any active role for the RP. > > A verifier (not a signing EE as you mentioned) does not know what an anchor > is, but may know what a policy is. So by selecting the policy that applies > to the application, indirectly trust anchors (and much more) are selected. > Remember that the same verifier may verify digital signatures in various > contexts, e.g. for a Bank transaction or for a green reservation in a Golf > Club. The trust conditions are not necessarilly identical. Note also that a > verifier does not need to be a signer and may not have any certificate of > its own. > > The case of a single (root) CA trusted for any kind of application is a very > specific case and cannot be considered as the general case. > > > In your comment 5 (on page 15), replace "date of issue" by "date and > > time of issue". > > This is fine. > > > At a slightly more substantive level, shouldn't the clarification of > > the definition of Top CA on page 4 end "and reserve 'root CA' for a CA > > directly trusted by the EE."? This wording permits multiple trusted roots. > > I do not think that PKIX-1 allows for this. See the quote above. > > > In your comment 4, shouldn't "CA certificate" be "hierarchical CA > > certificate"? Surely a Top CA's self-signed certificate is also a "CA > > certificate", and your definition excludes it. Then the sentence "Some > > people in the WG believe that a cross certificate is a special kind of CA > > certificate." is reversed to "... believe that a hierarchical CA > > certificate is a special kind of cross certificate". Here again we might refer to the Trust Anchor for this transaction rather than the CA itself. There is too much complexity in a free form trust system that has no global standards for its use to date. A better solution would be to use a more general and as such higher level language about the Anchoring process or otherwise use of the certificates. [Tom] This particular comment distinguishes types of CA certificates. We do go into trust anchors at other points, but being specific about CA's is useful here. > > You say that the definition excludes the fact that a Top CA's self-signed > certificate is also a CA-certificate. This is correct, ... but was not > intended. > > So what about this full correction ? > > [2459bis] defines a cross-certificate as "a certificate issued by one CA to > another CA". [2459bis] does not provide a formal definition of a CA > certificate but implictly means a certificate where the subject of the > certificate is a CA. > This means that self-signed certificates are CA > certificates but are not cross-certificates. cant or better yet, shouldn't the ultimate source of any trust chain have a self-signed cert as its core anchor? Just makes sense I think. [Tom] Why is a self-signed certificate a better anchor than a cross-certificate with constraints in it? This question is most applicable to cases where the trust anchor is NOT a top CA. > Some people in the WG believe > that a cross certificate is a special kind of CA certificate issued by a CA > under one Top CA for another CA under a different Top CA. these are use rules and have little to do with the protocol itself. > CAs in the same > hierarchy usually have part of their names imposed by the Top CA or by the > CAs under that Top CAs. When a cross certificate is issued, there is no > relationship between the names of the CAs. > > > In comment 11, the i.e. should remain "what are the root CA's" rather > > than "what are the Top CA's", for the same reason as in comment 12. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g352d9o21021 for ietf-pkix-bks; Thu, 4 Apr 2002 18:39:09 -0800 (PST) Received: from aspams52.ca.com (aspams52.cai.com [155.35.248.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g352d8m21017 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 18:39:08 -0800 (PST) Received: by aspams52.ca.com with Internet Mail Service (5.5.2655.55) id <H5DC15DK>; Fri, 5 Apr 2002 12:37:30 +1000 Message-ID: <A7E3A4B51615D511BCB6009027D0D18C045C29AD@aspams01.ca.com> From: "Ramsay, Ron" <Ron.Ramsay@ca.com> To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: RE: LDAPbis scope issue (Was: LDAP Certificate transfer syntax) Date: Fri, 5 Apr 2002 12:38:40 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I'm not getting a feeling for the meaning of 'core': The certificate IDs "can be independently progressed from the rest of the "core" specification." The "the engineers may consider "new features" (something which LDAPbis cannot do)." Quite apart from the meaning of "core", the last sentence above seems to be your way of offering carte blanche to the certificate work? Ron. -----Original Message----- From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] Sent: Friday, 5 April 2002 3:45 To: Ramsay, Ron Cc: Mark Wahl; LDAP BIS; PKIX Subject: LDAPbis scope issue (Was: LDAP Certificate transfer syntax) At 05:02 PM 2002-04-03, Ramsay, Ron wrote: >I thought certificate syntax was being removed from the LDAP v3 specs and, >therefore, certificate syntax was not an issue for DLAPbis? The LDAPbis WG is chartered specifically to revise the LDAP "core" technical specification (RFC 2251-2256, 2829-2830). This schema is part of that "core" specification. The WG has decided to split the certificate schema into separate I-Ds that can be independently progressed from the rest of the "core" specification and to allow individuals and/or the PKIX WG to taken on this work while LDAPbis focuses on the rest of the "core". As the engineering is being done outside of LDAPbis, the engineers may consider "new features" (something which LDAPbis cannot do). However, LDAPbis is still responsible for the "core" specification and should provide review for any I-D updating the "core" specification. This I-D will update both RFC 2252 and RFC 2256 (if published before LDAPbis works are published) and, hence, should be subject to a LDAPbis WG review. To this end, the PKIX and LDAPbis chairs have agreed that this work be subject to a joint PKIX/LDAPbis WG Last Call. Kurt, LDAPbis co-chair Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g351j1I19778 for ietf-pkix-bks; Thu, 4 Apr 2002 17:45:01 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g351j0m19774 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 17:45:00 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU200801NFII8@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 4 Apr 2002 17:42:54 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU20080TNFHHI@ext-mail.valicert.com>; Thu, 04 Apr 2002 17:42:53 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PPM0>; Thu, 04 Apr 2002 17:44:30 -0800 Content-return: allowed Date: Thu, 04 Apr 2002 17:44:27 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: Open issue: DPV relay To: "'Tim Polk'" <tim.polk@nist.gov>, ietf-pkix@imc.org Cc: Peter Sylvester <Peter.Sylvester@edelweb.fr> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5369@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tim, I agree on this - DPV relaying should be supported. I don't think it imposes any additional requirements on the protocol. You wouldn't normally get into loops unless a server were pretty badly misconfigured. In general, the way most OCSP servers work is that they respond for a set of CAs. For others, they either go to a URL specified by the client application or one configured in the server itself. It is possible to set up loops that can have server A ask B who asks A, but I haven't seen this happen practically. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Tim Polk [mailto:tim.polk@nist.gov] > Sent: Thursday, April 04, 2002 3:11 PM > To: ietf-pkix@imc.org > Cc: Peter Sylvester > Subject: Open issue: DPV relay > > > > Peter Sylvester has stated a requirement for DPV servers to > relay requests > to one another: > > > > >There is a requirement, similar as for OCSP caches, > >that server just relays a request to another. This had been > >discussed several times, the differences had only been to > >what degree the relaying should become visible; whether one > >server can rewrite/resigns the answers of another etc. > >Relaying via cache is an obvious feature in many OCSP > implementation, > >how do they protect itself against loops between two servers? > > > > I believe this is an open issue, and would like to start a > new discussion > thread limited to this topic. > > As I understand Peter's scenario, there are three mutually > trusting DPV > servers. If a server cannot satisfy a request directly, it > may relay the > request to a different server. We'll assume the server is > smart enough not > to relay a request back to the requester. (That is, if > server A relays a > request to Server B, B may relay it to Server C but not A.) > > (1) Assume Alice requests a valid path for Bob's certificate > from Server A, > when none exists. > (2) Server A relays the request to Server B, since it cannot > satisfy it > directly. (A could have chosen Server C; it is irrelevant.) > (3) Server B relays the request to Server C, since it cannot > satisfy it > directly. (C could not choose A, since it was the requester.) > (4) Server C relays the request to Server A, since it cannot > satisfy it > directly. (A could not choose B, since it was the requester.) > > At this point, either A must maintain state and recognize > that the request > has cycled around or the protocol has to handle this by maintaining a > history list. > > Peter, please confirm that I have characterized the problem > correctly (or > post the right scenario)! I am not personally convinced that blind > relaying amongst DPV servers is a requirement. > > IMHO, DPV relaying would be limited to the scenario where > each Server was > authoritative for a particular community (perhaps based on > privately held > status information). Alice directs all requests to Server A > to simplify > her life. Server A would be able to determine which server > (B or C) could > possibly satisfy the request based on Bob's certificate. > > Even though relaying occurred, Server A acted as a simple DPV client, > imposing no additional requirements... > > Thanks, > > Tim Polk > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g351PmV19152 for ietf-pkix-bks; Thu, 4 Apr 2002 17:25:48 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g351Pkm19148 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 17:25:46 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 5 Apr 2002 01:24:53 UT Received: from tuna.rsa.com (tuna.rsa.com [10.80.211.153]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id UAA21290; Thu, 4 Apr 2002 20:24:46 -0500 (EST) Received: from rsasecurity.com (vanquish.rsa.com [10.81.217.242]) by tuna.rsa.com (8.8.8+Sun/8.8.8) with ESMTP id RAA15835; Thu, 4 Apr 2002 17:30:40 -0800 (PST) Message-ID: <3CACFCDC.4F2A0FF1@rsasecurity.com> Date: Thu, 04 Apr 2002 17:24:44 -0800 From: Jeff Jacoby <jjacoby@rsasecurity.com> Organization: RSA Security, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements References: <5.1.0.14.2.20020404163623.02edeba8@exna07.securitydynamics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, "Housley, Russ" wrote: > > Ambarish: > > Tim Polk and I just discussed this on the phone. I will share my > conclusion form the conversation (which might be different than Tim's > conclusion). I think that we need to allow for multiple certificates to > be > returned, but the default should be to return just one. If the client > wants more than one, it needs to explicitly request them (up to a > maximum > number). If the server does not support returning extra certificates, > then > it should just return one, but it should include a status code that > says, > "I do not support the option you requested, but I thought that I should > give you one just in case it meets your needs." I think such a status code may be unnecessary. If a multi-path-capable client gets only one path back -- either because there really was only one path, or the server couldn't support multiple paths -- what can it usefully do with that status code? In other words, what would/could it do differently if it saw that status code or not? > > Russ > > At 11:11 AM 4/4/2002 -0800, Ambarish Malpani wrote: > > >Russ, > > A minor nit - a DPD server might also be a DPV server, who > >a client is not willing to trust (and whose work the client wants > >to verify for itself). > > > >To summarize, what I think what I hear you, Santosh and Steve say > >is that it might make sense to require a DPD server to return a > >single path back, but if we want to enable that, we need to let > >the client specify his requirements more precisely. Is that > >correct? > > > >It would make sense to show (in the protocol doc), what those > >requirements are for protocols like S/MIME, TLS, IPSec and let > >other protocols define their own requirements if they can't > >fit into one of the three above. > > > >Does that make sense to you? What about others on the list? > > > >Regards, > >Ambarish [big snippage] Jeff -- Jeff Jacoby, Sr. Programmer RSA Security Inc., SMDC jjacoby@rsasecurity.com 2955 Campus Dr., Ste. 400 (650) 295-7569 San Mateo, CA 94403 Received: by above.proper.com (8.11.6/8.11.3) id g350rHB18489 for ietf-pkix-bks; Thu, 4 Apr 2002 16:53:17 -0800 (PST) Received: from poseidon.coastside.net (poseidon.coastside.net [207.213.212.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g350rGm18485 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 16:53:16 -0800 (PST) Received: from laptop (dsl-63-194-153-52.coastside.net [63.194.153.52]) by poseidon.coastside.net with SMTP id g350rHkI027836 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 16:53:17 -0800 (PST) From: "Michael Myers" <myers@coastside.net> To: <ietf-pkix@imc.org> Subject: A few comments re: dpv-dpd requirements Date: Thu, 4 Apr 2002 16:50:31 -0800 Message-ID: <EOEGJNFMMIBDKGFONJJDKEFKCJAA.myers@coastside.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <200203291203.HAA09250@ietf.org> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, Denis: The state "unknown" is missing in Section 4, "Delegated Path Validation Protocol Requirements". The -03 draft currently reads: "The DPV response MUST indicate one of the following two status alternatives: 1) the certificate is valid according to the validation policy. 2) the certificate is not valid according to the validation policy." I think -04 should read: "The DPV response MUST indicate one of the following three status alternatives: 1) the certificate is valid according to the validation policy. 2) the certificate is not valid according to the validation policy. 3) the certificate is unknown to the validation server." Thus we remain at {valid, invalid, unknown} as primary initial states per list-based consensus. Apologies for digging into this, but it has relevance to the design of state machines. Mike Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34NM0F16478 for ietf-pkix-bks; Thu, 4 Apr 2002 15:22:00 -0800 (PST) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34NLwm16470 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 15:21:58 -0800 (PST) Received: from st25 (st25.ncsl.nist.gov [129.6.54.67]) by email.nist.gov (8.12.2/8.12.2) with ESMTP id g34NM1Cl023303 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 18:22:01 -0500 (EST) Message-Id: <4.2.0.58.20020404181303.01bc3220@email.nist.gov> X-Sender: wpolk@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 04 Apr 2002 18:20:25 -0500 To: <ietf-pkix@imc.org> From: Tim Polk <tim.polk@nist.gov> Subject: Open Issue: Multiple paths in DPD service (Was RE: One last comment on DPD requirements) In-Reply-To: <002a01c1dc0f$9a260e50$a300a8c0@Chokhani> References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5363@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Folks, I posted the following summary of this thread/issue in a summary for DPD/DPV, and identified it as one of the two FINAL issues to be resolved so that we can forward this specification. Please take a look at my summary, and correct it where appropriate! Open Issue #2 The second issue is conformance requirements for multiple paths in the DPD service. As I read it, the current draft requires support for multiple paths at the server, but not the client. The client may request a maximum number of paths N; if the request does not specify N, it defaults to one. The DPD server includes zero, one, or up to N paths in a response. If the number of paths is less than N, this indicates that the server could not find as many paths as the client requested. Since the DPD process is performed with respect to a policy, just as in DPV, it has been suggested that a DPD server could be designed to always return a single path. If the specified policy matches the path validation process performed at the client (e.g., same certificate policies and same trust anchor) the client should be able to use that path. However, this could result in an ambiguity. How does the DPD client that requested three paths tell the difference between the following answers: "I gave you one path because it is the only one that exists" and "I gave you one path 'cause that's the way I was designed" In the case where the single path failed, a client may need to know the difference! Careful selection of conformance requirements and error condition statements will be required to permit building single answer DPD servers. --- Have I characterized this correctly? It seems that permitting single answer DPD servers demands an ability to clarify a response with M paths where M < N the requested number of paths. Given that, can we reach consensus that a conforming DPD server may be designed to always return a single path? Thanks, Tim Polk Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34NDBa16315 for ietf-pkix-bks; Thu, 4 Apr 2002 15:13:11 -0800 (PST) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34ND9m16310 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 15:13:10 -0800 (PST) Received: from st25 (st25.ncsl.nist.gov [129.6.54.67]) by email.nist.gov (8.12.2/8.12.2) with ESMTP id g34ND4Cl013463; Thu, 4 Apr 2002 18:13:04 -0500 (EST) Message-Id: <4.2.0.58.20020404165531.01bd55e0@email.nist.gov> X-Sender: wpolk@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 04 Apr 2002 18:11:28 -0500 To: ietf-pkix@imc.org From: Tim Polk <tim.polk@nist.gov> Subject: Open issue: DPV relay Cc: Peter Sylvester <Peter.Sylvester@edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter Sylvester has stated a requirement for DPV servers to relay requests to one another: > >There is a requirement, similar as for OCSP caches, >that server just relays a request to another. This had been >discussed several times, the differences had only been to >what degree the relaying should become visible; whether one >server can rewrite/resigns the answers of another etc. >Relaying via cache is an obvious feature in many OCSP implementation, >how do they protect itself against loops between two servers? > I believe this is an open issue, and would like to start a new discussion thread limited to this topic. As I understand Peter's scenario, there are three mutually trusting DPV servers. If a server cannot satisfy a request directly, it may relay the request to a different server. We'll assume the server is smart enough not to relay a request back to the requester. (That is, if server A relays a request to Server B, B may relay it to Server C but not A.) (1) Assume Alice requests a valid path for Bob's certificate from Server A, when none exists. (2) Server A relays the request to Server B, since it cannot satisfy it directly. (A could have chosen Server C; it is irrelevant.) (3) Server B relays the request to Server C, since it cannot satisfy it directly. (C could not choose A, since it was the requester.) (4) Server C relays the request to Server A, since it cannot satisfy it directly. (A could not choose B, since it was the requester.) At this point, either A must maintain state and recognize that the request has cycled around or the protocol has to handle this by maintaining a history list. Peter, please confirm that I have characterized the problem correctly (or post the right scenario)! I am not personally convinced that blind relaying amongst DPV servers is a requirement. IMHO, DPV relaying would be limited to the scenario where each Server was authoritative for a particular community (perhaps based on privately held status information). Alice directs all requests to Server A to simplify her life. Server A would be able to determine which server (B or C) could possibly satisfy the request based on Bob's certificate. Even though relaying occurred, Server A acted as a simple DPV client, imposing no additional requirements... Thanks, Tim Polk Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34N7jf16197 for ietf-pkix-bks; Thu, 4 Apr 2002 15:07:45 -0800 (PST) Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34N7hm16187 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 15:07:43 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta03-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020404230744.TGSE303.mta03-svc.ntlworld.com@salford.ac.uk>; Fri, 5 Apr 2002 00:07:44 +0100 Message-ID: <3CACDDAF.3D0AFA50@salford.ac.uk> Date: Fri, 05 Apr 2002 00:11:43 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Olaf.Schlueter@secartis.com CC: ietf-ldapbis@OpenLDAP.org, ietf-pkix@imc.org, Jim Sermersheim <JIMSE@novell.com>, Kurt@OpenLDAP.org, owner-ietf-pkix@mail.imc.org Subject: Re: LDAP Certificate transfer syntax [Virus checked] References: <OF46F52F2C.816623C4-ONC1256B91.006CEB19@domino.intern> Content-Type: multipart/mixed; boundary="------------EDC8A52A63C717DDF957B824" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------EDC8A52A63C717DDF957B824 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Olaf.Schlueter@secartis.com wrote: > > I am puzzled. Within the PKI projects that I did participate, and those > that I am aware of, retrieving certificates from an directory, either one > dedicated to the use of PKI or an PKI-enhanced corporate directory, has > never been a problem once the correct node has been known. Neither with > special applications nor with standard ones like the popular e-mail clients > Outlook (Express) or Netscape. So Certificate transfer syntax is not a > problem, all applications that I am aware of are happily expecting a > DER-encoded X.509 certificate binary blob as the certificate, and that is a > workable solution obviously, no need for a change. Unfortunately some PKIs are having problems e.g, with a mixture of LDAPv2 and v3 clients from multiple vendors, using multiple servers from different vendors. >The only "standard" that > we are missing is a directory profile that allows us in a standardized way > to look up user certificates by typical search items like e-mail adress or > username (a de-facto standard ldap search query is implemented in Outlook, this is precisely what the PKIX LDAP schema ID is defining - matching rules that allow you to search for certificates based on their internal fields. > Netscape and Lotus Notes), and CA certificates (and CA nodes) by a given > issuer name (no de-facto standard is existing). The solution proposed in > this thread "DIT DN match subject DN" does not resolve the "retrieve a > user certificate by search item" problem, and is for reasons already been > given by others on this list a bad solution for retrieving CA nodes by > issuer DN. What we really need is an extension of the objectClass pkiCA or > certificationAuthority by an standard attribute of type DN containing the > subject name of the CA certificate. this is a simplistic solution that does not cater for searching for certificates with particular expiry dates, or key usage fields, or alternate subject names, or particular CRL distribution points etc. Further it requires someone to pull the CA name out of the cert and to stick it in a separate attribute. What the LDAP schema ID is defining is a general mechanism to allow a client to store a certificate on its own (no extra attributes are needed) and then search for it based on ANY of its embedded fields. We have started to implement this now in OpenLDAP. >In our projects we are currently > (mis)using the objectClass "organizationalRole" for that purpose as it > contains an attribute "RoleOccupant" with the appropriate type at least.. We > are probably missing the semantics of that class here, but it is working. > Yes, its a short term quick fix that works. Lets hope you wont have to use it for too long. > Whatever you do with LDAP specs, do not break existing systems, especially > not existing PKI-aware applications on the market. Thanks for this. We should not do this of course, but we also need to address existing problems today as well. David > _____________________________________________________ > > Olaf Schlüter > Professional Services PKI > > Secartis AG -- eSolutions by Giesecke & Devrient > Bretonischer Ring 3, D-85630 Grasbrunn, Germany > > Phone: +49 (0) 89 4119-7041, Fax; +49 (0) 89 4119-7402 > Mobile: +49 (0) 172 8979425, > Email: olaf.schlueter@secartis.com, Home: www.secartis.com > _____________________________________________________ > > > David Chadwick > <d.w.chadwick@salf To: Jim Sermersheim <JIMSE@novell.com> > ord.ac.uk> cc: Kurt@OpenLDAP.org, ietf-pkix@imc.org, ietf-ldapbis@OpenLDAP.org > Sent by: Subject: Re: LDAP Certificate transfer syntax [Virus checked] > owner-ietf-pkix@ma > il.imc.org > > > 04.04.2002 14:52 > > > > Jim > > these are very good points that you make. They go part way to showing > that a reason for the confused situation we have gotten into is by not > previously being precise enough about certificate syntax definitions (in > fact there was not a workable one defined). I hope the new PKIX schema > ID can be precise enough to ensure that future problems dont occur. Do > you have any suggestions to the proposed wording that I sent out > > David > > Jim Sermersheim wrote: > > > > I note that 2252 and 2256 both have problems with the language used to > > specify this. > > > > 2252 says that values of the Certificate syntax MUST be transferred > > using the binary encoding. It then gives two attribute descriptions > > "userCertificate;binary" and caCertificate;binary". If I create an > > attribute called printerCertificate, what am I supposed to refer to it > > as? > > > > It can be argued that the MUST here refers to the encoding, and the > > attribute descriptions are merely examples of the day. > > > > 2256 says "This attribute is to be stored and requested in the binary > > form, as 'userCertificate;binary'". Am I to believe that I must somehow > > store the ;binary option in my database? Aside from that sillines, there > > is no MUST imperative here. > > > > Jim > > > > >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 04/03/02 11:36AM >>> > > This text does not clearly "MUST" the use of ;binary as > > RFC 2252 and RFC 2256 did. As previously noted, this > > "MUST" should not be dropped as doing so will cause > > interoperability problems between implementations of > > the current technical specification and the revised > > technical specification. > > > > Kurt > > > > At 05:29 AM 2002-04-01, David Chadwick wrote: > > >Colleagues > > > > > >Here is my proposed change to the section describing the LDAP syntax > > for > > >cerificates in the PKIX id > > ><draft-pkix-ldap-schema-03.txt> which should be published before the > > end > > >of April. As this is likely to be the most contentious part of the > > new > > >ID, I thought it would be useful to distribute this text at the > > earlier > > >possible moment. > > > > > >All constructive comments welcomed > > > > > >David > > > > > > > > >3.3 Certificate Syntax > > > > > >A value in this transfer syntax is the binary octet string that > > results > > >from BER or DER-encoding of an X.509 public key certificate. The > > >following string states the OID assigned to this syntax: > > > > > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > > > > > >Servers must preserve values in this syntax exactly as given when > > >storing and retrieving them. > > > > > >Note. Due to the changes from X.509(1988) to X.509(1993) and > > subsequent > > >changes to the ASN.1 definition to support certificate extensions in > > >X.509(1997), no character string transfer syntax is defined for > > >certificates. The BNF notation in RFC 1778 [12] for "User > > Certificate" > > >MUST NOT be used. Values in this syntax MUST be transferred as BER or > > >DER encoded octets. The use of the ;binary encoding option, i.e. by > > >requesting or returning the attributes with descriptions > > >"userCertificate;binary" or "caCertificate;binary" has no effect on > > the > > >transfer syntax. > > -- > ***************************************************************** > > David W. Chadwick, BSc PhD > Professor of Information Systems Security > IS Institute, University of Salford, Salford M5 4WT > Tel: +44 161 295 5351 Fax +44 161 745 8169 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@salford.ac.uk > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > Research Projects: http://sec.isi.salford.ac.uk > Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** > (See attached file: d.w.chadwick.vcf) -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------EDC8A52A63C717DDF957B824 Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------EDC8A52A63C717DDF957B824-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34N2nE16094 for ietf-pkix-bks; Thu, 4 Apr 2002 15:02:49 -0800 (PST) Received: from email.nist.gov (email.nist.gov [129.6.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34N2lm16090 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 15:02:47 -0800 (PST) Received: from st25 (st25.ncsl.nist.gov [129.6.54.67]) by email.nist.gov (8.12.2/8.12.2) with ESMTP id g34N2lCl001090 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 18:02:47 -0500 (EST) Message-Id: <4.2.0.58.20020404163809.01ba0560@email.nist.gov> X-Sender: wpolk@email.nist.gov X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 04 Apr 2002 18:01:06 -0500 To: ietf-pkix@imc.org From: Tim Polk <tim.polk@nist.gov> Subject: Summary:open issues for draft-ietf-pkix-dpv-dpd-req-03.txt In-Reply-To: <4.2.0.58.20020329174936.017d7e00@email.nist.gov> References: <200203291203.HAA09250@ietf.org> Mime-Version: 1.0 Content-Type: text/html; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> <html> Folks,<br> <br> I think the discussion is converging here, and thought a summary was in order.<br> <br> There are a number of issues that were raised on the list and have demonstrated consensus on the list. (I will not enumerate them.) Proposed text has been submitted to the list and I sense general satisfaction with that text.<br> <br> However, there are two open issues that must be resolved before we forward the document to the Area Directors.<br> <br> <u>Open Issue #1<br> <br> </u>The first issue involves "DPV relay". Peter Sylvester has stated a requirement for DPV servers to relay requests to one another:<br> <br> ><br> >There is a requirement, similar as for OCSP caches, <br> >that server just relays a request to another. This had been <br> >discussed several times, the differences had only been to <br> >what degree the relaying should become visible; whether one <br> >server can rewrite/resigns the answers of another etc. <br> >Relaying via cache is an obvious feature in many OCSP implementation, <br> >how do they protect itself against loops between two servers? <br> ><br> <br> I understand this issue remains open.<br> <br> <u>Open Issue #2<br> <br> </u>The second issue is conformance requirements for multiple paths in the DPD service. As I read it, the current draft requires support for multiple paths at the server, but not the client. The client may request a maximum number of paths N; if the request does not specify N, it defaults to one. The DPD server includes zero, one, or up to N paths in a response. If the number of paths is less than N, this indicates that the server could not find as many paths as the client requested.<br> <br> Since the DPD process is performed with respect to a policy, just as in DPV, it has been suggested that a DPD server could be designed to always return a single path. If the specified policy matches the path validation process performed at the client (e.g., same certificate policies and same trust anchor) the client should be able to use that path.<br> <br> However, this could result in an ambiguity. How does the DPD client that requested three paths tell the difference between the following answers:<br> <x-tab> </x-tab>"I gave you one path because it is the only one that exists"<br> and<br> <x-tab> </x-tab>"I gave you one path 'cause that's the way I was designed"<br> <br> In the case where the single path failed, a client may need to know the difference!<br> <br> Careful selection of conformance requirements and error condition statements will be required to permit building single answer DPD servers.<br> <br> <u>Moving Forward<br> <br> </u>Here is my plan for moving forward...<br> <br> I will start two threads for the remaining open issues. I consider all other issues regarding the DPD/DPV requirements to be resolved.<br> <br> Once the last two issues are resolved, I will ask the editors to post an -04 draft incorporating the currently agreed changes and the resolution to the two open issues. The -04 draft will be forwarded to the ADs.<br> <br> Hope this works for everyone.<br> <br> Thanks,<br> <br> Tim Polk</html> Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34MtjW15320 for ietf-pkix-bks; Thu, 4 Apr 2002 14:55:45 -0800 (PST) Received: from mail3.microsoft.com (mail3.microsoft.com [131.107.3.123]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Mthm15313 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 14:55:43 -0800 (PST) Received: from INET-VRS-03.redmond.corp.microsoft.com ([157.54.5.27]) by mail3.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Thu, 4 Apr 2002 14:55:40 -0800 Received: from 157.54.6.150 by INET-VRS-03.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Thu, 04 Apr 2002 14:55:41 -0800 Received: from red-imc-01.redmond.corp.microsoft.com ([157.54.9.102]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Thu, 4 Apr 2002 14:55:41 -0800 Received: from win-imc-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.39]) by red-imc-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Thu, 4 Apr 2002 14:55:40 -0800 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-01.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3604.0); Thu, 4 Apr 2002 14:52:05 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.0.6157.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: One last comment on DPD requirements Date: Thu, 4 Apr 2002 14:52:07 -0800 Message-ID: <4AEE3169443CDD4796CA8A00B02191CD02F95962@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: One last comment on DPD requirements thread-index: AcHb6dGvuYYHKUuoQoqQesCN7n0qDgAQbWZA From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Stephen Kent" <kent@bbn.com> Cc: <ietf-pkix@imc.org> X-OriginalArrivalTime: 04 Apr 2002 22:52:05.0125 (UTC) FILETIME=[57686B50:01C1DC2B] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g34Mthm15315 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Steve, I agree having the server return a flag if there are more chains available if the client only requested a single chain be returned makes sense. Trevor -----Original Message----- From: Stephen Kent [mailto:kent@bbn.com] Sent: Thursday, April 04, 2002 7:05 AM To: Trevor Freeman Cc: ietf-pkix@imc.org Subject: RE: One last comment on DPD requirements At 4:25 PM -0800 4/3/02, Trevor Freeman wrote: >To state that a client has to be exacting over its specification and >only wants one chain returned is presupposing the application model. >There are applications which are more comfortable with making a vague >request, getting back multiple chains to which they apply their own >policy. One of the specifications to the server can be find me all >paths that meet these criteria. I think the simple case on only wanting >a single chain is the most common so making that the default is fine. Trevor, That may a good way to reconcile this issue. Make single path return the default and require support for that by all clients. Require a client that wants multiple paths, and is capable of using them, to explicitly enable a multi-path return option, so that only such clients receive multiple paths. Maybe we also could have a return code to signal that even though only one path was returned, as per the client's (default) request, that other paths are available from the server (relative to this request). Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34Mph514724 for ietf-pkix-bks; Thu, 4 Apr 2002 14:51:43 -0800 (PST) Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Mpfm14718 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 14:51:42 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta07-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020404225143.SHPL7757.mta07-svc.ntlworld.com@salford.ac.uk>; Thu, 4 Apr 2002 23:51:43 +0100 Message-ID: <3CACD9EE.1FF0F4EA@salford.ac.uk> Date: Thu, 04 Apr 2002 23:55:42 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Mark Wahl <Mark.Wahl@sun.com> CC: steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <001001c1db7f$751e3cd0$a518200a@osmium.mtwav.adacel.com.au> <3CAC5086.281238EE@salford.ac.uk> <3CACB80A.17AEDA19@sun.com> Content-Type: multipart/mixed; boundary="------------1AF941EC9AD3712F35B81790" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------1AF941EC9AD3712F35B81790 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mark Wahl wrote: > > David Chadwick wrote: > > But this does raise the more general issue of how does a user who asks > > for "all" attributes, deal with those which are returned, whose native > > encoding he is unfamiliar with. > > An application which asks for all attributes will need to expect to see > returned in the search result entry some attributes whose syntax OID is not > one known to it. thats fine. But it does not quite go far enough. There are multiple cases to consider by the server (irrespective of what the client knows or does not know). The server might receive on an Add operation i) an attribute whose LDAP syntax OID is known to the server and whose native encoding is known e.g telephoneNumber ii) an attribute whose LDAP syntax OID is known and whose native encoding is not defined e.g. certificates and Steven Legg's multiple examples of ACI etc (although it seems a bit odd to allocate an LDAP syntax OID and not define what it means) iii) an attribute whose syntax OID is not known and is sent to the server as ;binary e.g. foobar;binary iv) an attribute whose syntax OID is not known and is sent to the server in a native encoding known to the client e.g foobar I suspect that the server must reject case iv). I dont know what it will do in case iii) when such an attribute is recieved. The server could just store it as a binary BER blob (assuming the attribute type has been configured in), or refuse to accept it. In fact case ii) and iii) dont appear to be too dissimilar to me, since the LDAP syntax OID is not passed in protocol, and in case ii) it is a pretty meaningless thing to have as it is not defined? So a server could treat case ii) and iii) the same. Can you clarify this for me Mark please. The client submitting the attribute might well be different to the one retrieving it, and have different amounts of schema knowledge. A dumb client might not know any schema definitions! So in general a client might expect to recieve i) an attribute whose native encoding it knows, in native encoding e.g telephoneNumber ii) an attribute whose native encoding it knows, in ;binary encoding e.g. telephoneNumber;binary iii) an attribute whose native encoding it does not know, in native encoding e.g. foobar iv) an attribute whose native encoding it does not know, in binary encoding e.g. foobar;binary All of the above 8 cases (both receipt by the server and the client) need to be described in the LDAPbis documents as they are general cases independent of the certificate discussion. Dont you agree? > > RFC 2256 section 4.3.1 states that clients which request that all > attributes be returned from entries MUST be prepared to receive values > in binary (e.g. userCertificate;binary) and SHOULD NOT simply display > binary or unrecognized values to users. > > What the application does with this is analogous to an email or web client > that receives a Content-Type: application/x-foo-bar. It might > - ignore it, > - report an error, > - save the bytes to the file, > - attempt to 'guess' (e.g. if all the bytes are in a pattern that matches > the UTF-8 rules, then maybe it is UTF-8). > > > Does the server assume the client knows (in which case ;binary will only > > be used on those attributes with no native encoding defined) or does not > > know (in which case ;binary will need to be used on all attributes that > > are not defined in Internet standard RFCs). > > A server knows nothing about client's schema capabilities. There is no > operation for a client to 'upload' a syntax table to the server. The > ;binary is used when the client requests it, either on the Add or Modify > which introduces the attribute and value to the entry, or when the client > requests it in the search's attribute description list. What happens if a client Adds telephoneNumber;binary? This should be readable in either native format or ;binary format, shouldn't it? One could interpret what you said above that once submitted in the ;binary form it is only ever readable in ;binary format. You did not imply this did you? Thanks David > > Mark Wahl > Sun Microsystems Inc. -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------1AF941EC9AD3712F35B81790 Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------1AF941EC9AD3712F35B81790-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34Lw9512392 for ietf-pkix-bks; Thu, 4 Apr 2002 13:58:09 -0800 (PST) Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Lw8m12388 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 13:58:08 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta02-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020404215810.VDVD286.mta02-svc.ntlworld.com@salford.ac.uk>; Thu, 4 Apr 2002 22:58:10 +0100 Message-ID: <3CACCD60.9937F736@salford.ac.uk> Date: Thu, 04 Apr 2002 23:02:08 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> CC: steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <001001c1db7f$751e3cd0$a518200a@osmium.mtwav.adacel.com.au> <5.1.0.14.0.20020404091310.02796bc0@127.0.0.1> Content-Type: multipart/mixed; boundary="------------44013F5621BF9142B96E031A" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------44013F5621BF9142B96E031A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Kurt D. Zeilenga" wrote: > I think it very important certificate schema not be a 'special > case'. Yes I agree with this. I think there really should be no special cases, and that the core LDAPv3 specs should be able to cater for all eventualities, such as native encoding exists, native encoding does not exist, how to handle "any" in both cases etc. > I am concerned that adding a 'native' encoding to > certificate schema will necessity the need for a 'special case'. > In particular, in the handling of '*' as the general handling > is to return the native encoding (no transfer option) if one > is defined and supported. > The special case will be needed by the enhanced LDAPv3 server that understands the certificate native encoding, so does not need to provide ;binary in the response, but might do so as to be backwards compatible with clients that expect ;binary (ie. do not know the native encoding). But this special case is not really so special anyway, because a) is not mandatory so the server does not have to keep this backwards compatibility if it does not want to and b) this case is no different to a server that knows about a private attribute "foobar" with a locally defined native encoding, when returning this to a remote client from another domain. The server does not have to provide ;binary encoding, but ought to because the remote client wont know the native encoding. This is why I said that ;binary can only be ignored for attributes whose native syntax is defined in an RFC, and is internationally known, but not for locally defined attributes. David > >Seems like ASN.1 DAP had some advantages after all :-) > > DAP, in many ways, is lighter than LDAP. :-( > > Kurt -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------44013F5621BF9142B96E031A Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------44013F5621BF9142B96E031A-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34LkgU12147 for ietf-pkix-bks; Thu, 4 Apr 2002 13:46:42 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g34Lkem12143 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 13:46:41 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 4 Apr 2002 21:45:46 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA06553 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 16:45:40 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g34LkiZ06410 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 16:46:44 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13WDT>; Thu, 4 Apr 2002 16:44:20 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.139]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13WDR; Thu, 4 Apr 2002 16:44:13 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Ambarish Malpani <ambarish@valicert.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020404164143.02f11d00@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 16:42:48 -0500 Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E028E5366@polaris.valicert. com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ambarish: I am fine with this. Russ At 11:35 AM 4/4/2002 -0800, Ambarish Malpani wrote: >Denis, Russ, > I agree with the first phrase: > > > "The protocol MUST prevent replay attacks, and the replay prevention > > mechanism employed by the protocol MUST NOT rely on clocks being > > synchronized with UTC." > >I don't agree with the requirement that a response needs to >contain all the information from the query in itself. That could >result in a lot of extra information that needs to be carried in >the response over what might be a bandwidth constrained channel. > >In all cases, being able to tie the response to the request does >the job. If a client needs to be able to show that this response >was for a particular certificate, it can retain the original >request. If the client doesn't need to be able to prove that, it >can discard the request after it gets the response. I don't see >why the response needs to contain > "the requested validation policy, including associated > parameters, if any." > >I would prefer the second statement to read: > >The DPV client MUST be able to confirm that the DPV server-generated >response was constructed for the client's request. > >(NOTE: I changed Russ's "from" to "for") > >A > > > > >--------------------------------------------------------------------- >Ambarish Malpani >Chief Architect 650.567.5457 >ValiCert, Inc. ambarish@valicert.com >1215 Terra Bella Ave. http://www.valicert.com >Mountain View, CA 94043 > > > > -----Original Message----- > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > Sent: Thursday, April 04, 2002 8:21 AM > > To: Denis Pinkas > > Cc: ambarish@valicert.com; ietf-pkix@imc.org > > Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > Denis: > > > > I prefer the following wording. I think it provides the same > > end result. > > > > "The protocol MUST prevent replay attacks, and the replay prevention > > mechanism employed by the protocol MUST NOT rely on clocks being > > synchronized with UTC." > > > > (...) > > > > The DPV client MUST be able to confirm that the DPV server-generated > > response was constructed from the client's request. When the > > response > > indicates certificate validity, the response MUST allow the > > DPV client to > > readily confirm that the response was made for the requested > > certificate > > and for the requested validation policy, including associated > > parameters, > > if any." > > > > Russ > > > > > > At 03:30 PM 4/4/2002 +0200, Denis Pinkas wrote: > > >"The protocol MUST prevent replay attacks, including for the > > case where > > >the client does not have a clock synchronized with UTC. > > > > > >(...) > > > > > >The requester MUST be able to verify that the response was > > constructed > > >taking into consideration all the parameters from the > > request. In addition, > > >without the need to store the request, a requester SHALL be > > able to prove > > >that a valid DPV response was made for a given certificate > > and for a given > > >validation policy, including associated parameters, if any." > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34Lefn11986 for ietf-pkix-bks; Thu, 4 Apr 2002 13:40:41 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g34Lecm11980 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 13:40:39 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 4 Apr 2002 21:39:44 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id QAA06019 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 16:39:38 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g34LegK05755 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 16:40:42 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13WAA>; Thu, 4 Apr 2002 16:38:17 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.139]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13V00; Thu, 4 Apr 2002 16:38:15 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Ambarish Malpani <ambarish@valicert.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020404163623.02edeba8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 16:40:34 -0500 Subject: RE: One last comment on DPD requirements In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E028E5363@polaris.valicert. com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ambarish: Tim Polk and I just discussed this on the phone. I will share my conclusion form the conversation (which might be different than Tim's conclusion). I think that we need to allow for multiple certificates to be returned, but the default should be to return just one. If the client wants more than one, it needs to explicitly request them (up to a maximum number). If the server does not support returning extra certificates, then it should just return one, but it should include a status code that says, "I do not support the option you requested, but I thought that I should give you one just in case it meets your needs." Russ At 11:11 AM 4/4/2002 -0800, Ambarish Malpani wrote: >Russ, > A minor nit - a DPD server might also be a DPV server, who >a client is not willing to trust (and whose work the client wants >to verify for itself). > >To summarize, what I think what I hear you, Santosh and Steve say >is that it might make sense to require a DPD server to return a >single path back, but if we want to enable that, we need to let >the client specify his requirements more precisely. Is that >correct? > >It would make sense to show (in the protocol doc), what those >requirements are for protocols like S/MIME, TLS, IPSec and let >other protocols define their own requirements if they can't >fit into one of the three above. > >Does that make sense to you? What about others on the list? > >Regards, >Ambarish > > > >--------------------------------------------------------------------- >Ambarish Malpani >Chief Architect 650.567.5457 >ValiCert, Inc. ambarish@valicert.com >1215 Terra Bella Ave. http://www.valicert.com >Mountain View, CA 94043 > > > > -----Original Message----- > > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > > Sent: Thursday, April 04, 2002 7:00 AM > > To: Santosh Chokhani > > Cc: ietf-pkix@imc.org > > Subject: RE: One last comment on DPD requirements > > > > > > > > Santosh: > > > > I think that a DPD server will likely perform path > > validation. Clients > > will not be happy if the paths that they are given are often > > invalid. Clearly, the DPD server cannot know all of the > > parameters that > > the client will use for path validation (otherwise it would be a DPV > > server), but it can make some very reasonable assumptions to > > ensure that > > grossly invalid paths are not returned. > > > > Russ > > > > At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: > > >Russ: > > > > > >I agree with you, but for a different reason. I do not think this is > > >application specific issue. I think it is the path > > validation issue. I > > >do not think that the DPD server can know which paths are > > good without > > >doing a validation also, specially to see if there will be any name > > >constraints or certificate policy related failures. > > > > > >-----Original Message----- > > >From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org] > > >On Behalf Of Housley, Russ > > >Sent: Wednesday, April 03, 2002 2:12 PM > > >To: Ambarish Malpani; Stephen Kent > > >Cc: ietf-pkix@imc.org > > >Subject: Re: One last comment on DPD requirements > > > > > > > > > > > >Steve & Ambarish: > > > > > > >>Hi Group, > > > >> One last (slightly late) comment on the DPD > > requirements that has > > > > > > >>been troubling me: > > > >> > > > >>In the DPD requirements, there is a reasonable amount of text that > > > >>talks about how a server can return multiple paths back > > to the client > > > >>(to allow the client to decide which path is the best). > > > >> > > > >>The main goal of DPD is to try and simplify the client. > > In how many > > > >>cases do people really want multiple paths back from the > > server. While > > > > > > >>it is the right requirement in principal, do folks really think > > > >>clients will want multiple paths back from a DPD server? > > Are we adding > > > > > > >>the additional flexiblity/complexity just for technical purity? > > > >> > > > >>Comments will be appreciated. > > > >> > > > >>Regards, > > > >>Ambarish > > > > > > > >I too would favor simplifying the protocol requirement > > here. Some folks > > > >have suggested motivations for multiple paths, but this > > does seem to > > > >conflict with the fundamental goal of creating a protocol > > to satisfy > > >the > > > >needs of thin clients. > > > > > > > >Steve > > > > > >I agree with your goal. It is far better for the client to tell the > > >server > > >what it wants, then get back a single path that satisfies all of the > > >requirements. To do this, we need to be able to fully specify the > > >clients > > >criteria and send them to the server. I think that we know how to do > > >this > > >for many PKI-enabled applications, but I am not sure that we > > know how to > > >do > > >it for all applications, especially ones that are yet to be > > developed. > > > > > >This leaves us with two choices. Either the protocol > > returns multiple > > >certification paths (the approach in the current document) or the > > >protocol > > >requires the client to adequately specify its criteria. > > This could be > > >done > > >with the path discovery policy. If we adopt this > > alternative, we should > > > > > >include additional text so that implements expect > > application-specific > > >(perhaps several application-specific path discovery policy > > if there are > > > > > >multiple roles in the application). > > > > > >Russ > > Received: by above.proper.com (8.11.6/8.11.3) id g34KUUb09746 for ietf-pkix-bks; Thu, 4 Apr 2002 12:30:30 -0800 (PST) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34KUTm09742 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 12:30:29 -0800 (PST) Received: from rowlf.Central.Sun.COM ([129.153.131.70]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id MAA27014; Thu, 4 Apr 2002 12:30:29 -0800 (PST) Received: from sun.com (dhcp-aus09-222 [129.153.130.222]) by rowlf.Central.Sun.COM (8.11.6+Sun/8.11.6/ENSMAIL,v2.2) with ESMTP id g34KUQe03767; Thu, 4 Apr 2002 14:30:27 -0600 (CST) Message-ID: <3CACB80A.17AEDA19@sun.com> Date: Thu, 04 Apr 2002 14:31:06 -0600 From: Mark Wahl <Mark.Wahl@sun.com> X-Mailer: Mozilla 4.77 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: David Chadwick <d.w.chadwick@salford.ac.uk> CC: steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <001001c1db7f$751e3cd0$a518200a@osmium.mtwav.adacel.com.au> <3CAC5086.281238EE@salford.ac.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David Chadwick wrote: > > Steven > > thanks for your messages that have clearly stated the case that ;binary > is needed as a general transfer encoding, and that many attributes exist > without a native LDAP encoding being defined for them. > > But this does raise the more general issue of how does a user who asks > for "all" attributes, deal with those which are returned, whose native > encoding he is unfamiliar with. An application which asks for all attributes will need to expect to see returned in the search result entry some attributes whose syntax OID is not one known to it. RFC 2256 section 4.3.1 states that clients which request that all attributes be returned from entries MUST be prepared to receive values in binary (e.g. userCertificate;binary) and SHOULD NOT simply display binary or unrecognized values to users. What the application does with this is analogous to an email or web client that receives a Content-Type: application/x-foo-bar. It might - ignore it, - report an error, - save the bytes to the file, - attempt to 'guess' (e.g. if all the bytes are in a pattern that matches the UTF-8 rules, then maybe it is UTF-8). > Does the server assume the client knows (in which case ;binary will only > be used on those attributes with no native encoding defined) or does not > know (in which case ;binary will need to be used on all attributes that > are not defined in Internet standard RFCs). A server knows nothing about client's schema capabilities. There is no operation for a client to 'upload' a syntax table to the server. The ;binary is used when the client requests it, either on the Add or Modify which introduces the attribute and value to the entry, or when the client requests it in the search's attribute description list. Mark Wahl Sun Microsystems Inc. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34KJOd09456 for ietf-pkix-bks; Thu, 4 Apr 2002 12:19:24 -0800 (PST) Received: from fw1.gdm.de (fw1.gdm.de [193.108.184.254]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34KJMm09448; Thu, 4 Apr 2002 12:19:23 -0800 (PST) Received: (from root@localhost) by fw1.gdm.de (8.11.6/8.11.6) id g34KIZT12684; Thu, 4 Apr 2002 22:18:35 +0200 (CEST) Received: (from localhost) by fw1.gdm.de (MSCAN) id 3/fw1.gdm.de/smtp-gw/mscan; Thu Apr 4 22:18:35 2002 Subject: Re: LDAP Certificate transfer syntax [Virus checked] To: David Chadwick <d.w.chadwick@salford.ac.uk> Cc: ietf-ldapbis@OpenLDAP.org, ietf-pkix@imc.org, Jim Sermersheim <JIMSE@novell.com>, Kurt@OpenLDAP.org, owner-ietf-pkix@mail.imc.org X-Mailer: Lotus Notes Release 5.07a May 14, 2001 Message-ID: <OF46F52F2C.816623C4-ONC1256B91.006CEB19@domino.intern> From: Olaf.Schlueter@secartis.com Date: Thu, 4 Apr 2002 22:14:35 +0200 X-MIMETrack: Serialize by Router on NOTESDMZ1/SRV/GuD(Release 5.0.8 |June 18, 2001) at 04/04/2002 10:21:59 PM MIME-Version: 1.0 Content-type: multipart/mixed; Boundary="0__=C1256B91006CEB198f9e8a93df938690918cC1256B91006CEB19" Content-Disposition: inline Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --0__=C1256B91006CEB198f9e8a93df938690918cC1256B91006CEB19 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable I am puzzled. Within the PKI projects that I did participate, and those= that I am aware of, retrieving certificates from an directory, either o= ne dedicated to the use of PKI or an PKI-enhanced corporate directory, has= never been a problem once the correct node has been known. Neither with= special applications nor with standard ones like the popular e-mail cli= ents Outlook (Express) or Netscape. So Certificate transfer syntax is not a problem, all applications that I am aware of are happily expecting a DER-encoded X.509 certificate binary blob as the certificate, and that = is a workable solution obviously, no need for a change. The only "standard" = that we are missing is a directory profile that allows us in a standardized = way to look up user certificates by typical search items like e-mail adress= or username (a de-facto standard ldap search query is implemented in Outlo= ok, Netscape and Lotus Notes), and CA certificates (and CA nodes) by a give= n issuer name (no de-facto standard is existing). The solution proposed i= n this thread "DIT DN match subject DN" does not resolve the "retrieve a= user certificate by search item" problem, and is for reasons already be= en given by others on this list a bad solution for retrieving CA nodes by issuer DN. What we really need is an extension of the objectClass pkiCA= or certificationAuthority by an standard attribute of type DN containing t= he subject name of the CA certificate. In our projects we are currently (mis)using the objectClass "organizationalRole" for that purpose as it contains an attribute "RoleOccupant" with the appropriate type at least= .. We are probably missing the semantics of that class here, but it is workin= g. Whatever you do with LDAP specs, do not break existing systems, especia= lly not existing PKI-aware applications on the market. _____________________________________________________ Olaf Schl=FCter Professional Services PKI Secartis AG -- eSolutions by Giesecke & Devrient Bretonischer Ring 3, D-85630 Grasbrunn, Germany Phone: +49 (0) 89 4119-7041, Fax; +49 (0) 89 4119-7402 Mobile: +49 (0) 172 8979425, Email: olaf.schlueter@secartis.com, Home: www.secartis.com _____________________________________________________ = =20 David Chadwick = =20 <d.w.chadwick@salf To: Jim Sermersheim <J= IMSE@novell.com> =20 ord.ac.uk> cc: Kurt@OpenLDAP.org,= ietf-pkix@imc.org, ietf-ldapbis@OpenLDAP.org =20 Sent by: Subject: Re: LDAP Cert= ificate transfer syntax [Virus checked] =20 owner-ietf-pkix@ma = =20 il.imc.org = =20 = =20 = =20 04.04.2002 14:52 = =20 = =20 = =20 Jim these are very good points that you make. They go part way to showing that a reason for the confused situation we have gotten into is by not previously being precise enough about certificate syntax definitions (i= n fact there was not a workable one defined). I hope the new PKIX schema ID can be precise enough to ensure that future problems dont occur. Do you have any suggestions to the proposed wording that I sent out David Jim Sermersheim wrote: > > I note that 2252 and 2256 both have problems with the language used t= o > specify this. > > 2252 says that values of the Certificate syntax MUST be transferred > using the binary encoding. It then gives two attribute descriptions > "userCertificate;binary" and caCertificate;binary". If I create an > attribute called printerCertificate, what am I supposed to refer to i= t > as? > > It can be argued that the MUST here refers to the encoding, and the > attribute descriptions are merely examples of the day. > > 2256 says "This attribute is to be stored and requested in the binary= > form, as 'userCertificate;binary'". Am I to believe that I must someh= ow > store the ;binary option in my database? Aside from that sillines, th= ere > is no MUST imperative here. > > Jim > > >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 04/03/02 11:36AM >>> > This text does not clearly "MUST" the use of ;binary as > RFC 2252 and RFC 2256 did. As previously noted, this > "MUST" should not be dropped as doing so will cause > interoperability problems between implementations of > the current technical specification and the revised > technical specification. > > Kurt > > At 05:29 AM 2002-04-01, David Chadwick wrote: > >Colleagues > > > >Here is my proposed change to the section describing the LDAP syntax= > for > >cerificates in the PKIX id > ><draft-pkix-ldap-schema-03.txt> which should be published before the= > end > >of April. As this is likely to be the most contentious part of the > new > >ID, I thought it would be useful to distribute this text at the > earlier > >possible moment. > > > >All constructive comments welcomed > > > >David > > > > > >3.3 Certificate Syntax > > > >A value in this transfer syntax is the binary octet string that > results > >from BER or DER-encoding of an X.509 public key certificate. The > >following string states the OID assigned to this syntax: > > > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > > > >Servers must preserve values in this syntax exactly as given when > >storing and retrieving them. > > > >Note. Due to the changes from X.509(1988) to X.509(1993) and > subsequent > >changes to the ASN.1 definition to support certificate extensions in= > >X.509(1997), no character string transfer syntax is defined for > >certificates. The BNF notation in RFC 1778 [12] for "User > Certificate" > >MUST NOT be used. Values in this syntax MUST be transferred as BER o= r > >DER encoded octets. The use of the ;binary encoding option, i.e. by > >requesting or returning the attributes with descriptions > >"userCertificate;binary" or "caCertificate;binary" has no effect on > the > >transfer syntax. -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** (See attached file: d.w.chadwick.vcf) = --0__=C1256B91006CEB198f9e8a93df938690918cC1256B91006CEB19 Content-type: application/octet-stream; name="=?iso-8859-1?Q?d.w.chadwick.vcf?=" Content-Disposition: attachment; filename="=?iso-8859-1?Q?d.w.chadwick.vcf?=" Content-transfer-encoding: base64 YmVnaW46dmNhcmQgDQpuOkNoYWR3aWNrO0RhdmlkDQp0ZWw7Y2VsbDorNDQgNzcgOTYgNDQgNzE4 NA0KdGVsO2ZheDorNDQgMTQ4NCA1MzI5MzANCnRlbDtob21lOis0NCAxNDg0IDM1MjIzOA0KdGVs O3dvcms6KzQ0IDE2MSAyOTUgNTM1MQ0KeC1tb3ppbGxhLWh0bWw6RkFMU0UNCnVybDpodHRwOi8v d3d3LnNhbGZvcmQuYWMudWsvaXRzMDI0L2NoYWR3aWNrLmh0bQ0Kb3JnOlVuaXZlcnNpdHkgb2Yg U2FsZm9yZDtJUyBJbnN0aXR1dGUNCnZlcnNpb246Mi4xDQplbWFpbDtpbnRlcm5ldDpkLncuY2hh ZHdpY2tAc2FsZm9yZC5hYy51aw0KdGl0bGU6UHJvZmVzc29yIG9mIEluZm9ybWF0aW9uIFNlY3Vy aXR5DQphZHI7cXVvdGVkLXByaW50YWJsZTo7O1RoZSBDcmVzY2VudD0wRD0wQTtTYWxmb3JkO0dy ZWF0ZXIgTWFuY2hlc3RlcjtNNSA0V1Q7RW5nbGFuZA0Kbm90ZTtxdW90ZWQtcHJpbnRhYmxlOlJl c2VhcmNoIFByb2plY3RzOiBodHRwOi8vc2VjLmlzaS5zYWxmb3JkLmFjLnVrLi4uLi4uLi4uLi4u Li4uLi4uLi4uLi49MEQ9MEE9MEQ9MEFVbmRlcnN0YW5kaW5nIFguNTAwOiAgaHR0cDovL3d3dy5z YWxmb3JkLmFjLnVrL2l0czAyNC9YNTAwLmh0bSAuLi4uLi4uLi4uLi4uLi4uLi4uLi4uLj0wRD0w QT0wRD0wQVguNTAwL0xEQVAgU2VtaW5hcnM6IGh0dHA6Ly93d3cuc2FsZm9yZC5hYy51ay9pdHMw MjQvc2VtaW5hcnMuaHRtLi4uLi4uLi4uLi4uLi4uLi4uLj0wRD0wQT0wRD0wQUVudHJ1c3Qga2V5 IHZhbGlkYXRpb24gc3RyaW5nOiBDSjk0LUxLV0QtQlNYQiAuLi4uLi4uLi4uLj0wRD0wQT0wRD0w QVBHUCBLZXkgSUQgaXMgMHhCQzIzOERFNQ0KeC1tb3ppbGxhLWNwdDo7LTQ4NTYNCmZuOkRhdmlk IENoYWR3aWNrDQplbmQ6dmNhcmQNCg== --0__=C1256B91006CEB198f9e8a93df938690918cC1256B91006CEB19-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34JZmf05665 for ietf-pkix-bks; Thu, 4 Apr 2002 11:35:48 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34JZlm05661 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 11:35:47 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU2006016C43M@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 4 Apr 2002 11:33:40 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU2005AM6C3OH@ext-mail.valicert.com>; Thu, 04 Apr 2002 11:33:40 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PNWK>; Thu, 04 Apr 2002 11:35:16 -0800 Content-return: allowed Date: Thu, 04 Apr 2002 11:35:14 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt To: "'Housley, Russ'" <rhousley@rsasecurity.com>, Denis Pinkas <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5366@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Russ, I agree with the first phrase: > "The protocol MUST prevent replay attacks, and the replay prevention > mechanism employed by the protocol MUST NOT rely on clocks being > synchronized with UTC." I don't agree with the requirement that a response needs to contain all the information from the query in itself. That could result in a lot of extra information that needs to be carried in the response over what might be a bandwidth constrained channel. In all cases, being able to tie the response to the request does the job. If a client needs to be able to show that this response was for a particular certificate, it can retain the original request. If the client doesn't need to be able to prove that, it can discard the request after it gets the response. I don't see why the response needs to contain "the requested validation policy, including associated parameters, if any." I would prefer the second statement to read: The DPV client MUST be able to confirm that the DPV server-generated response was constructed for the client's request. (NOTE: I changed Russ's "from" to "for") A --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Thursday, April 04, 2002 8:21 AM > To: Denis Pinkas > Cc: ambarish@valicert.com; ietf-pkix@imc.org > Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt > > > Denis: > > I prefer the following wording. I think it provides the same > end result. > > "The protocol MUST prevent replay attacks, and the replay prevention > mechanism employed by the protocol MUST NOT rely on clocks being > synchronized with UTC." > > (...) > > The DPV client MUST be able to confirm that the DPV server-generated > response was constructed from the client's request. When the > response > indicates certificate validity, the response MUST allow the > DPV client to > readily confirm that the response was made for the requested > certificate > and for the requested validation policy, including associated > parameters, > if any." > > Russ > > > At 03:30 PM 4/4/2002 +0200, Denis Pinkas wrote: > >"The protocol MUST prevent replay attacks, including for the > case where > >the client does not have a clock synchronized with UTC. > > > >(...) > > > >The requester MUST be able to verify that the response was > constructed > >taking into consideration all the parameters from the > request. In addition, > >without the need to store the request, a requester SHALL be > able to prove > >that a valid DPV response was made for a given certificate > and for a given > >validation policy, including associated parameters, if any." > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34JVra05593 for ietf-pkix-bks; Thu, 4 Apr 2002 11:31:53 -0800 (PST) Received: from mtiwmhc22.worldnet.att.net (mtiwmhc22.worldnet.att.net [204.127.131.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34JVqm05589 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 11:31:52 -0800 (PST) Received: from Chokhani ([12.78.128.169]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020404193148.YJYY38.mtiwmhc22.worldnet.att.net@Chokhani>; Thu, 4 Apr 2002 19:31:48 +0000 From: "Santosh Chokhani" <chokhani@orionsec.com> To: "'Ambarish Malpani'" <ambarish@valicert.com>, "'Housley, Russ'" <rhousley@rsasecurity.com> Cc: <ietf-pkix@imc.org> Subject: RE: One last comment on DPD requirements Date: Thu, 4 Apr 2002 14:33:30 -0500 Message-ID: <002a01c1dc0f$9a260e50$a300a8c0@Chokhani> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E028E5363@polaris.valicert.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ambarish: Your language is acceptable to me as long as the returned path will satisfy the client requirements for certification path validation. -----Original Message----- From: Ambarish Malpani [mailto:ambarish@valicert.com] Sent: Thursday, April 04, 2002 2:12 PM To: 'Housley, Russ'; Santosh Chokhani Cc: ietf-pkix@imc.org Subject: RE: One last comment on DPD requirements Russ, A minor nit - a DPD server might also be a DPV server, who a client is not willing to trust (and whose work the client wants to verify for itself). To summarize, what I think what I hear you, Santosh and Steve say is that it might make sense to require a DPD server to return a single path back, but if we want to enable that, we need to let the client specify his requirements more precisely. Is that correct? It would make sense to show (in the protocol doc), what those requirements are for protocols like S/MIME, TLS, IPSec and let other protocols define their own requirements if they can't fit into one of the three above. Does that make sense to you? What about others on the list? Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Thursday, April 04, 2002 7:00 AM > To: Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: One last comment on DPD requirements > > > > Santosh: > > I think that a DPD server will likely perform path > validation. Clients > will not be happy if the paths that they are given are often > invalid. Clearly, the DPD server cannot know all of the > parameters that > the client will use for path validation (otherwise it would be a DPV > server), but it can make some very reasonable assumptions to > ensure that > grossly invalid paths are not returned. > > Russ > > At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: > >Russ: > > > >I agree with you, but for a different reason. I do not think this is > >application specific issue. I think it is the path > validation issue. I > >do not think that the DPD server can know which paths are > good without > >doing a validation also, specially to see if there will be any name > >constraints or certificate policy related failures. > > > >-----Original Message----- > >From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] > >On Behalf Of Housley, Russ > >Sent: Wednesday, April 03, 2002 2:12 PM > >To: Ambarish Malpani; Stephen Kent > >Cc: ietf-pkix@imc.org > >Subject: Re: One last comment on DPD requirements > > > > > > > >Steve & Ambarish: > > > > >>Hi Group, > > >> One last (slightly late) comment on the DPD > requirements that has > > > > >>been troubling me: > > >> > > >>In the DPD requirements, there is a reasonable amount of text that > > >>talks about how a server can return multiple paths back > to the client > > >>(to allow the client to decide which path is the best). > > >> > > >>The main goal of DPD is to try and simplify the client. > In how many > > >>cases do people really want multiple paths back from the > server. While > > > > >>it is the right requirement in principal, do folks really think > > >>clients will want multiple paths back from a DPD server? > Are we adding > > > > >>the additional flexiblity/complexity just for technical purity? > > >> > > >>Comments will be appreciated. > > >> > > >>Regards, > > >>Ambarish > > > > > >I too would favor simplifying the protocol requirement > here. Some folks > > >have suggested motivations for multiple paths, but this > does seem to > > >conflict with the fundamental goal of creating a protocol > to satisfy > >the > > >needs of thin clients. > > > > > >Steve > > > >I agree with your goal. It is far better for the client to tell the > >server what it wants, then get back a single path that satisfies all > >of the requirements. To do this, we need to be able to fully specify > >the clients > >criteria and send them to the server. I think that we know how to do > >this > >for many PKI-enabled applications, but I am not sure that we > know how to > >do > >it for all applications, especially ones that are yet to be > developed. > > > >This leaves us with two choices. Either the protocol > returns multiple > >certification paths (the approach in the current document) or the > >protocol requires the client to adequately specify its criteria. > This could be > >done > >with the path discovery policy. If we adopt this > alternative, we should > > > >include additional text so that implements expect > application-specific > >(perhaps several application-specific path discovery policy > if there are > > > >multiple roles in the application). > > > >Russ > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34JCMK05076 for ietf-pkix-bks; Thu, 4 Apr 2002 11:12:22 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34JCMm05072 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 11:12:22 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU200501592UB@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 4 Apr 2002 11:10:15 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU20050W592T2@ext-mail.valicert.com>; Thu, 04 Apr 2002 11:10:14 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PNQZ>; Thu, 04 Apr 2002 11:11:50 -0800 Content-return: allowed Date: Thu, 04 Apr 2002 11:11:49 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: One last comment on DPD requirements To: "'Housley, Russ'" <rhousley@rsasecurity.com>, Santosh Chokhani <chokhani@orionsec.com> Cc: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5363@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, A minor nit - a DPD server might also be a DPV server, who a client is not willing to trust (and whose work the client wants to verify for itself). To summarize, what I think what I hear you, Santosh and Steve say is that it might make sense to require a DPD server to return a single path back, but if we want to enable that, we need to let the client specify his requirements more precisely. Is that correct? It would make sense to show (in the protocol doc), what those requirements are for protocols like S/MIME, TLS, IPSec and let other protocols define their own requirements if they can't fit into one of the three above. Does that make sense to you? What about others on the list? Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Thursday, April 04, 2002 7:00 AM > To: Santosh Chokhani > Cc: ietf-pkix@imc.org > Subject: RE: One last comment on DPD requirements > > > > Santosh: > > I think that a DPD server will likely perform path > validation. Clients > will not be happy if the paths that they are given are often > invalid. Clearly, the DPD server cannot know all of the > parameters that > the client will use for path validation (otherwise it would be a DPV > server), but it can make some very reasonable assumptions to > ensure that > grossly invalid paths are not returned. > > Russ > > At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: > >Russ: > > > >I agree with you, but for a different reason. I do not think this is > >application specific issue. I think it is the path > validation issue. I > >do not think that the DPD server can know which paths are > good without > >doing a validation also, specially to see if there will be any name > >constraints or certificate policy related failures. > > > >-----Original Message----- > >From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] > >On Behalf Of Housley, Russ > >Sent: Wednesday, April 03, 2002 2:12 PM > >To: Ambarish Malpani; Stephen Kent > >Cc: ietf-pkix@imc.org > >Subject: Re: One last comment on DPD requirements > > > > > > > >Steve & Ambarish: > > > > >>Hi Group, > > >> One last (slightly late) comment on the DPD > requirements that has > > > > >>been troubling me: > > >> > > >>In the DPD requirements, there is a reasonable amount of text that > > >>talks about how a server can return multiple paths back > to the client > > >>(to allow the client to decide which path is the best). > > >> > > >>The main goal of DPD is to try and simplify the client. > In how many > > >>cases do people really want multiple paths back from the > server. While > > > > >>it is the right requirement in principal, do folks really think > > >>clients will want multiple paths back from a DPD server? > Are we adding > > > > >>the additional flexiblity/complexity just for technical purity? > > >> > > >>Comments will be appreciated. > > >> > > >>Regards, > > >>Ambarish > > > > > >I too would favor simplifying the protocol requirement > here. Some folks > > >have suggested motivations for multiple paths, but this > does seem to > > >conflict with the fundamental goal of creating a protocol > to satisfy > >the > > >needs of thin clients. > > > > > >Steve > > > >I agree with your goal. It is far better for the client to tell the > >server > >what it wants, then get back a single path that satisfies all of the > >requirements. To do this, we need to be able to fully specify the > >clients > >criteria and send them to the server. I think that we know how to do > >this > >for many PKI-enabled applications, but I am not sure that we > know how to > >do > >it for all applications, especially ones that are yet to be > developed. > > > >This leaves us with two choices. Either the protocol > returns multiple > >certification paths (the approach in the current document) or the > >protocol > >requires the client to adequately specify its criteria. > This could be > >done > >with the path discovery policy. If we adopt this > alternative, we should > > > >include additional text so that implements expect > application-specific > >(perhaps several application-specific path discovery policy > if there are > > > >multiple roles in the application). > > > >Russ > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34J6qX04953 for ietf-pkix-bks; Thu, 4 Apr 2002 11:06:52 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34J6pm04949 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 11:06:51 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU2005014ZWSQ@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 4 Apr 2002 11:04:44 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU2004PG4ZWPA@ext-mail.valicert.com>; Thu, 04 Apr 2002 11:04:44 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PNP7>; Thu, 04 Apr 2002 11:06:20 -0800 Content-return: allowed Date: Thu, 04 Apr 2002 11:06:19 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: One last comment on DPD requirements To: "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie>, ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5362@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve, I think our goal with both DPV and DPD is to simplify the client. Yes, we can all come up with outlying cases where the only way to make things work is to return multiple paths - but if 99% of the clients don't care about those configurations/cases, why should we address them in DPV/DPD? Let's make things easier for the majority of apps. If an app wants to deal with a really complicated PKI - let them do their own path gathering and validation. Makes sense? Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: Thursday, April 04, 2002 2:35 AM > To: ietf-pkix@imc.org > Subject: Re: One last comment on DPD requirements > > > > > And adding another reason: multiple paths may exist which only > really differ in their validity fields. Unless the requirements > call for a pretty complex time specifier in the request the > simplest thing is for the server to send back all such paths > found and let the client sort it out (i.e. even if the client > picks a single point in time, there may still be >1 path such > that the paths only differ in validity; to close this down some > fairly hairy time specifier in the request would have to be > defined and no clients would bother filling that in properly > in any case). > > Stephen. > > Santosh Chokhani wrote: > > > > Russ: > > > > I agree with you, but for a different reason. I do not > think this is > > application specific issue. I think it is the path > validation issue. I > > do not think that the DPD server can know which paths are > good without > > doing a validation also, specially to see if there will be any name > > constraints or certificate policy related failures. > > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > [mailto:owner-ietf-pkix@mail.imc.org] > > On Behalf Of Housley, Russ > > Sent: Wednesday, April 03, 2002 2:12 PM > > To: Ambarish Malpani; Stephen Kent > > Cc: ietf-pkix@imc.org > > Subject: Re: One last comment on DPD requirements > > > > Steve & Ambarish: > > > > >>Hi Group, > > >> One last (slightly late) comment on the DPD > requirements that has > > > > >>been troubling me: > > >> > > >>In the DPD requirements, there is a reasonable amount of text that > > >>talks about how a server can return multiple paths back > to the client > > >>(to allow the client to decide which path is the best). > > >> > > >>The main goal of DPD is to try and simplify the client. > In how many > > >>cases do people really want multiple paths back from the > server. While > > > > >>it is the right requirement in principal, do folks really think > > >>clients will want multiple paths back from a DPD server? > Are we adding > > > > >>the additional flexiblity/complexity just for technical purity? > > >> > > >>Comments will be appreciated. > > >> > > >>Regards, > > >>Ambarish > > > > > >I too would favor simplifying the protocol requirement > here. Some folks > > >have suggested motivations for multiple paths, but this > does seem to > > >conflict with the fundamental goal of creating a protocol > to satisfy > > the > > >needs of thin clients. > > > > > >Steve > > > > I agree with your goal. It is far better for the client to tell the > > server > > what it wants, then get back a single path that satisfies all of the > > requirements. To do this, we need to be able to fully specify the > > clients > > criteria and send them to the server. I think that we know > how to do > > this > > for many PKI-enabled applications, but I am not sure that > we know how to > > do > > it for all applications, especially ones that are yet to be > developed. > > > > This leaves us with two choices. Either the protocol > returns multiple > > certification paths (the approach in the current document) or the > > protocol > > requires the client to adequately specify its criteria. > This could be > > done > > with the path discovery policy. If we adopt this > alternative, we should > > > > include additional text so that implements expect > application-specific > > (perhaps several application-specific path discovery policy > if there are > > > > multiple roles in the application). > > > > Russ > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34Hxcn00549 for ietf-pkix-bks; Thu, 4 Apr 2002 09:59:38 -0800 (PST) Received: from kathmandu.sun.com (kathmandu.sun.com [192.18.98.36]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Hxam00544 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 09:59:37 -0800 (PST) Received: from sunlabs.East.Sun.COM ([129.148.75.250]) by kathmandu.sun.com (8.9.3+Sun/8.9.3) with ESMTP id KAA29471; Thu, 4 Apr 2002 10:59:38 -0700 (MST) Received: from sun.com (dhcp75-167 [129.148.75.167]) by sunlabs.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v2.2) with ESMTP id MAA14052; Thu, 4 Apr 2002 12:59:37 -0500 (EST) Message-ID: <3CAC93D8.4C405829@sun.com> Date: Thu, 04 Apr 2002 12:56:40 -0500 From: Steve Hanna <steve.hanna@sun.com> X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Denis Pinkas <Denis.Pinkas@bull.net> CC: Brian Hunter <brian.hunter@sit.fraunhofer.de>, "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> <5.1.0.14.2.20020403114844.031ba150@exna07.securitydynamics.com> <3CAC1879.533482E1@sit.fraunhofer.de> <3CAC54F4.915D3F1B@bull.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Actually, trust anchors are *never* part of the path for son-of-2459. See section 6.1, which defines the valid path as "a sequence of n certificates [that] satisfies the following conditions: (a) for all x in {1, ..., n-1}, the subject of certificate x is the issuer of certificate x+1; (b) certificate 1 is issued by the trust anchor;" The text quoted by Brian is just a clarification that a self-signed certificate is not part of the path, even though it could meet the criteria given above. So non-self-signed trust anchors (and self-signed trust anchors) should NOT be considered part of the path for the purposes of DPD/DPV. -Steve Denis Pinkas wrote: > > Brian, > > I concur. > > Denis > > > Russ, > > > > > >5. Section 5 Para 4 > > > Trust anchors can be established using self-signed certificates or by other > > > means, either way, the trust anchor is not included. Perhaps this point > > > is only adding confusion. > > > > Not including non-self-signed trust anchors is contrary to Denis' change > > sent to Ambarish. I agree with Denis' clarification because it aligns > > DPD with path validation in 2459bis section 6.1 para 7: > > > > "When the trust anchor is provided in the form of a self-signed > > certificate, this self-signed certificate is not included as part of the > > prospective certification path." > > > > > >9. Section 9 Last paragraph point (3) > > > > Is it intended that the validation time should be adjusted for only > > > >one of the four points, hence the use of "or" after point three? I would > > > >suggest the use of "and". > > > > > > I disagree. The time could be adjusted for one or more of these > > > reasons. It is an inclusive or. > > > > See Denis' response to me agreeing with the change to "and". > > All in all, I think this is a small point, in the scope of this > > document, but to clarify the meaning, perhaps the use of "and/or" would > > be appropriate. > > > > Brian Received: by above.proper.com (8.11.6/8.11.3) id g34HjYq00136 for ietf-pkix-bks; Thu, 4 Apr 2002 09:45:34 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34HjXm00130 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 09:45:33 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g34HjUC18726; Thu, 4 Apr 2002 17:45:30 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020404092415.028b0bd0@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 09:45:08 -0800 To: "Ramsay, Ron" <Ron.Ramsay@ca.com> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: LDAPbis scope issue (Was: LDAP Certificate transfer syntax) Cc: Mark Wahl <Mark.Wahl@sun.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> In-Reply-To: <A7E3A4B51615D511BCB6009027D0D18C0457EA45@aspams01.ca.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 05:02 PM 2002-04-03, Ramsay, Ron wrote: >I thought certificate syntax was being removed from the LDAP v3 specs and, >therefore, certificate syntax was not an issue for DLAPbis? The LDAPbis WG is chartered specifically to revise the LDAP "core" technical specification (RFC 2251-2256, 2829-2830). This schema is part of that "core" specification. The WG has decided to split the certificate schema into separate I-Ds that can be independently progressed from the rest of the "core" specification and to allow individuals and/or the PKIX WG to taken on this work while LDAPbis focuses on the rest of the "core". As the engineering is being done outside of LDAPbis, the engineers may consider "new features" (something which LDAPbis cannot do). However, LDAPbis is still responsible for the "core" specification and should provide review for any I-D updating the "core" specification. This I-D will update both RFC 2252 and RFC 2256 (if published before LDAPbis works are published) and, hence, should be subject to a LDAPbis WG review. To this end, the PKIX and LDAPbis chairs have agreed that this work be subject to a joint PKIX/LDAPbis WG Last Call. Kurt, LDAPbis co-chair Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34HYGL29796 for ietf-pkix-bks; Thu, 4 Apr 2002 09:34:16 -0800 (PST) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34HYFm29792 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 09:34:15 -0800 (PST) Received: from tsg1 ([12.81.79.27]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020404173410.XJSY8815.mtiwmhc23.worldnet.att.net@tsg1>; Thu, 4 Apr 2002 17:34:10 +0000 Message-ID: <005401c1dbfe$d6e4cea0$020aff0c@tsg1> From: "todd glassey" <todd.glassey@worldnet.att.net> To: "Denis Pinkas" <Denis.Pinkas@bull.net>, "Tom Gindin" <tgindin@us.ibm.com> Cc: <ietf-pkix@imc.org> References: <OFE222ECDC.37138E03-ON85256B8B.0046F852@pok.ibm.com> <3CAB2ABA.646EDA1A@bull.net> Subject: Re: WG Last Call: Roadmap Date: Thu, 4 Apr 2002 09:33:29 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> ----- Original Message ----- From: "Denis Pinkas" <Denis.Pinkas@bull.net> To: "Tom Gindin" <tgindin@us.ibm.com> Cc: <ietf-pkix@imc.org> Sent: Wednesday, April 03, 2002 8:15 AM Subject: Re: WG Last Call: Roadmap > > Tom, > > > I have a few issues with this, and some corrections as well. > > > In comment 12, I have two issues. The first one, which is minor, is > > that "one or more Top CA's may be trusted" should refer to root CA's > > instead - the two terms mean the same thing more often than not, but when > > they differ the trust point is the root rather than the top. Perhaps but I would like to point out that the terminology invites confusion. It should refer to whatever is the trust anchor here. The key problem with this use is that the indemnetor or guarantor of the trust may not be the systems operator and so then the "CA's uses only" will stand for first-person models. > > PKIX-1 states: > > " - Top CA - A CA that is at the top of a PKI hierarchy. > > Note: This is often also called a "Root CA," since in data structures > terms and in graph theory, the node at the top of a tree is the > "root." However, to minimize confusion in this document, we elect to > call this node a "Top CA," and reserve "Root CA" for the CA directly > trusted by the EE." > > The problem lies with the last sentence, i.e. "*the* CA directly trusted by > the EE.". The singular is being used which means that there is a single > one, multiple roots are not permitted, while multiple Top-CAs are permitted. > > > The second is less minor. Is it truly intended that a signing EE > > be permitted to specify the set of trusted CA's for an RP to use in > > verifying a signature? At a minimum, an RP in this model is responsible > > for validating the the set of rules is identical to one it has already > > decided to trust, but there is no reference in the model description to > > any active role for the RP. > > A verifier (not a signing EE as you mentioned) does not know what an anchor > is, but may know what a policy is. So by selecting the policy that applies > to the application, indirectly trust anchors (and much more) are selected. > Remember that the same verifier may verify digital signatures in various > contexts, e.g. for a Bank transaction or for a green reservation in a Golf > Club. The trust conditions are not necessarilly identical. Note also that a > verifier does not need to be a signer and may not have any certificate of > its own. > > The case of a single (root) CA trusted for any kind of application is a very > specific case and cannot be considered as the general case. > > > In your comment 5 (on page 15), replace "date of issue" by "date and > > time of issue". > > This is fine. > > > At a slightly more substantive level, shouldn't the clarification of > > the definition of Top CA on page 4 end "and reserve 'root CA' for a CA > > directly trusted by the EE."? This wording permits multiple trusted roots. > > I do not think that PKIX-1 allows for this. See the quote above. > > > In your comment 4, shouldn't "CA certificate" be "hierarchical CA > > certificate"? Surely a Top CA's self-signed certificate is also a "CA > > certificate", and your definition excludes it. Then the sentence "Some > > people in the WG believe that a cross certificate is a special kind of CA > > certificate." is reversed to "... believe that a hierarchical CA > > certificate is a special kind of cross certificate". Here again we might refer to the Trust Anchor for this transaction rather than the CA itself. There is too much complexity in a free form trust system that has no global standards for its use to date. A better solution would be to use a more general and as such higher level language about the Anchoring process or otherwise use of the certificates. > > You say that the definition excludes the fact that a Top CA's self-signed > certificate is also a CA-certificate. This is correct, ... but was not > intended. > > So what about this full correction ? > > [2459bis] defines a cross-certificate as "a certificate issued by one CA to > another CA". [2459bis] does not provide a formal definition of a CA > certificate but implictly means a certificate where the subject of the > certificate is a CA. > This means that self-signed certificates are CA > certificates but are not cross-certificates. cant or better yet, shouldn't the ultimate source of any trust chain have a self-signed cert as its core anchor? Just makes sense I think. > Some people in the WG believe > that a cross certificate is a special kind of CA certificate issued by a CA > under one Top CA for another CA under a different Top CA. these are use rules and have little to do with the protocol itself. > CAs in the same > hierarchy usually have part of their names imposed by the Top CA or by the > CAs under that Top CAs. When a cross certificate is issued, there is no > relationship between the names of the CAs. > > > In comment 11, the i.e. should remain "what are the root CA's" rather > > than "what are the Top CA's", for the same reason as in comment 12. > Received: by above.proper.com (8.11.6/8.11.3) id g34HMtf29518 for ietf-pkix-bks; Thu, 4 Apr 2002 09:22:55 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34HMsm29514 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 09:22:54 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g34HMkC18627; Thu, 4 Apr 2002 17:22:46 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020404091310.02796bc0@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 09:22:58 -0800 To: David Chadwick <d.w.chadwick@salford.ac.uk> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: Re: LDAP Certificate transfer syntax Cc: steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> In-Reply-To: <3CAC5086.281238EE@salford.ac.uk> References: <001001c1db7f$751e3cd0$a518200a@osmium.mtwav.adacel.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 05:09 AM 2002-04-04, David Chadwick wrote: >thanks for your messages that have clearly stated the case that ;binary >is needed as a general transfer encoding, and that many attributes exist >without a native LDAP encoding being defined for them. > >But this does raise the more general issue of how does a user who asks >for "all" attributes, deal with those which are returned, whose native >encoding he is unfamiliar with. Does the server assume the client knows >(in which case ;binary will only be used on those attributes with no >native encoding defined) or does not know (in which case ;binary will >need to be used on all attributes that are not defined in Internet >standard RFCs). This is being addressed, in general, in the LDAPbis protocol I-D (draft-ietf-ldapbis-protocol-xx.txt). I think we have consensus on the handling of options, including transfer options, in general. However, IIRC, Jim needs to revise the text slightly to address a couple of cases (such as handling of '*'). I think it very important certificate schema not be a 'special case'. I am concerned that adding a 'native' encoding to certificate schema will necessity the need for a 'special case'. In particular, in the handling of '*' as the general handling is to return the native encoding (no transfer option) if one is defined and supported. >Seems like ASN.1 DAP had some advantages after all :-) DAP, in many ways, is lighter than LDAP. :-( Kurt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34GLU925345 for ietf-pkix-bks; Thu, 4 Apr 2002 08:21:30 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g34GLTm25338 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 08:21:29 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 4 Apr 2002 16:20:34 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA03172; Thu, 4 Apr 2002 11:20:28 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g34GLW426986; Thu, 4 Apr 2002 11:21:32 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13PZ7>; Thu, 4 Apr 2002 11:19:08 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.66]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13PZ6; Thu, 4 Apr 2002 11:19:06 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: ambarish@valicert.com, ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020404110035.02ea8d68@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 11:21:25 -0500 Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt In-Reply-To: <3CAC5593.9B362294@bull.net> References: <200204031802.UAA04158@emeriau.edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis: I prefer the following wording. I think it provides the same end result. "The protocol MUST prevent replay attacks, and the replay prevention mechanism employed by the protocol MUST NOT rely on clocks being synchronized with UTC." (...) The DPV client MUST be able to confirm that the DPV server-generated response was constructed from the client's request. When the response indicates certificate validity, the response MUST allow the DPV client to readily confirm that the response was made for the requested certificate and for the requested validation policy, including associated parameters, if any." Russ At 03:30 PM 4/4/2002 +0200, Denis Pinkas wrote: >"The protocol MUST prevent replay attacks, including for the case where >the client does not have a clock synchronized with UTC. > >(...) > >The requester MUST be able to verify that the response was constructed >taking into consideration all the parameters from the request. In addition, >without the need to store the request, a requester SHALL be able to prove >that a valid DPV response was made for a given certificate and for a given >validation policy, including associated parameters, if any." Received: by above.proper.com (8.11.6/8.11.3) id g34GGl624555 for ietf-pkix-bks; Thu, 4 Apr 2002 08:16:47 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g34GGem24535 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 08:16:40 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 4 Apr 2002 16:15:45 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA02653; Thu, 4 Apr 2002 11:15:39 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g34GGhv26343; Thu, 4 Apr 2002 11:16:43 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13PW2>; Thu, 4 Apr 2002 11:14:19 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.66]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13PWF; Thu, 4 Apr 2002 11:14:16 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Brian Hunter <brian.hunter@sit.fraunhofer.de> Cc: Denis.Pinkas@bull.net, ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020404105842.020536c0@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 10:59:35 -0500 Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt In-Reply-To: <3CAC1879.533482E1@sit.fraunhofer.de> References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> <5.1.0.14.2.20020403114844.031ba150@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Brian: > > >5. Section 5 Para 4 > > Trust anchors can be established using self-signed certificates or by other > > means, either way, the trust anchor is not included. Perhaps this point > > is only adding confusion. > >Not including non-self-signed trust anchors is contrary to Denis' change >sent to Ambarish. I agree with Denis' clarification because it aligns >DPD with path validation in 2459bis section 6.1 para 7: > >"When the trust anchor is provided in the form of a self-signed >certificate, this self-signed certificate is not included as part of the >prospective certification path." Fine. > > >9. Section 9 Last paragraph point (3) > > > Is it intended that the validation time should be adjusted for only > > >one of the four points, hence the use of "or" after point three? I would > > >suggest the use of "and". > > > > I disagree. The time could be adjusted for one or more of these > > reasons. It is an inclusive or. > >See Denis' response to me agreeing with the change to "and". >All in all, I think this is a small point, in the scope of this >document, but to clarify the meaning, perhaps the use of "and/or" would >be appropriate. I can live with "and/or" Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34F6LP20744 for ietf-pkix-bks; Thu, 4 Apr 2002 07:06:21 -0800 (PST) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34F6Jm20738 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 07:06:20 -0800 (PST) Received: from [128.89.88.34] (comsec.bbn.com [128.89.88.34]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id KAA06053; Thu, 4 Apr 2002 10:06:14 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05100300b8d151bd0ef5@[128.89.88.34]> In-Reply-To: <4AEE3169443CDD4796CA8A00B02191CDEE5F0E@win-msg-01.wingroup.windeploy.ntde v.microsoft.com> References: <4AEE3169443CDD4796CA8A00B02191CDEE5F0E@win-msg-01.wingroup.windeploy.ntde v.microsoft.com> Date: Thu, 4 Apr 2002 10:05:12 -0500 To: "Trevor Freeman" <trevorf@windows.microsoft.com> From: Stephen Kent <kent@bbn.com> Subject: RE: One last comment on DPD requirements Cc: <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 4:25 PM -0800 4/3/02, Trevor Freeman wrote: >To state that a client has to be exacting over its specification and >only wants one chain returned is presupposing the application model. >There are applications which are more comfortable with making a vague >request, getting back multiple chains to which they apply their own >policy. One of the specifications to the server can be find me all paths >that meet these criteria. I think the simple case on only wanting a >single chain is the most common so making that the default is fine. Trevor, That may a good way to reconcile this issue. Make single path return the default and require support for that by all clients. Require a client that wants multiple paths, and is capable of using them, to explicitly enable a multi-path return option, so that only such clients receive multiple paths. Maybe we also could have a return code to signal that even though only one path was returned, as per the client's (default) request, that other paths are available from the server (relative to this request). Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34Exsv20455 for ietf-pkix-bks; Thu, 4 Apr 2002 06:59:54 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g34Exqm20451 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 06:59:52 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 4 Apr 2002 14:58:57 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id JAA23259 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 09:58:51 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g34ExtZ15144 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 09:59:55 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX133C1>; Thu, 4 Apr 2002 09:57:31 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.181]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX133CA; Thu, 4 Apr 2002 09:57:25 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Santosh Chokhani <chokhani@orionsec.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020404095641.02e7f538@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 09:59:43 -0500 Subject: RE: One last comment on DPD requirements In-Reply-To: <003b01c1db76$ee825fb0$a300a8c0@Chokhani> References: <5.1.0.14.2.20020403135748.02d1a950@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Santosh: I think that a DPD server will likely perform path validation. Clients will not be happy if the paths that they are given are often invalid. Clearly, the DPD server cannot know all of the parameters that the client will use for path validation (otherwise it would be a DPV server), but it can make some very reasonable assumptions to ensure that grossly invalid paths are not returned. Russ At 08:20 PM 4/3/2002 -0500, Santosh Chokhani wrote: >Russ: > >I agree with you, but for a different reason. I do not think this is >application specific issue. I think it is the path validation issue. I >do not think that the DPD server can know which paths are good without >doing a validation also, specially to see if there will be any name >constraints or certificate policy related failures. > >-----Original Message----- >From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] >On Behalf Of Housley, Russ >Sent: Wednesday, April 03, 2002 2:12 PM >To: Ambarish Malpani; Stephen Kent >Cc: ietf-pkix@imc.org >Subject: Re: One last comment on DPD requirements > > > >Steve & Ambarish: > > >>Hi Group, > >> One last (slightly late) comment on the DPD requirements that has > > >>been troubling me: > >> > >>In the DPD requirements, there is a reasonable amount of text that > >>talks about how a server can return multiple paths back to the client > >>(to allow the client to decide which path is the best). > >> > >>The main goal of DPD is to try and simplify the client. In how many > >>cases do people really want multiple paths back from the server. While > > >>it is the right requirement in principal, do folks really think > >>clients will want multiple paths back from a DPD server? Are we adding > > >>the additional flexiblity/complexity just for technical purity? > >> > >>Comments will be appreciated. > >> > >>Regards, > >>Ambarish > > > >I too would favor simplifying the protocol requirement here. Some folks > >have suggested motivations for multiple paths, but this does seem to > >conflict with the fundamental goal of creating a protocol to satisfy >the > >needs of thin clients. > > > >Steve > >I agree with your goal. It is far better for the client to tell the >server >what it wants, then get back a single path that satisfies all of the >requirements. To do this, we need to be able to fully specify the >clients >criteria and send them to the server. I think that we know how to do >this >for many PKI-enabled applications, but I am not sure that we know how to >do >it for all applications, especially ones that are yet to be developed. > >This leaves us with two choices. Either the protocol returns multiple >certification paths (the approach in the current document) or the >protocol >requires the client to adequately specify its criteria. This could be >done >with the path discovery policy. If we adopt this alternative, we should > >include additional text so that implements expect application-specific >(perhaps several application-specific path discovery policy if there are > >multiple roles in the application). > >Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34EHb818476 for ietf-pkix-bks; Thu, 4 Apr 2002 06:17:37 -0800 (PST) Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34EHYm18472 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 06:17:34 -0800 (PST) Received: from stsIBMT20.addtrust.com ([213.64.0.113]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Thu, 4 Apr 2002 16:17:27 +0200 Message-Id: <5.1.0.14.2.20020404155407.02cd5958@mail.addtrust.com> X-Sender: sts@mail.addtrust.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 16:10:51 +0200 To: Denis Pinkas <Denis.Pinkas@bull.net>, "Housley, Russ" <rhousley@rsasecurity.com> From: Stefan Santesson <stefan@addtrust.com> Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt Cc: ietf-pkix@imc.org In-Reply-To: <3CAB2606.EA5D914D@bull.net> References: <5.1.0.14.2.20020327131915.02f3f5d8@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-OriginalArrivalTime: 04 Apr 2002 14:17:28.0383 (UTC) FILETIME=[736F7CF0:01C1DBE3] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, I absolutely welcome a technical discussion and my last mail was not intended to offend you by any means. I'll try to answer all "technical" questions I can find. At 17:55 2002-04-03 +0200, Denis Pinkas wrote: >Russ, > >Thank you for this long reply ... that did not convinced me. >The argumentation you provided is not crystal clear to me. > >See my comments below. > > > Denis: > > > > I fear that you have missed the point of the logotypes draft > > altogether. The authors recognize that the introduction needs to be > > expanded, so we may be to blame for any misunderstanding. To try and clear > > up the misunderstanding, I offer some general observations before > > responding to your specific comments. > > > > The logotype extension will aid in two situations: > > 1. Certificate-based Identification > > 2. Selection of Certificates > > > > In the first case, the need for human recognition > >1) Recognition of what ? or of which characteristics ? > Please be precise. > >2) Recognized by which entity ? Please be precise. > I would guess a human being acting as a relying party. Yes. > > depends on the manner in > > which certificates are used and whether certificates need to be visible to > > human users. If certificates are to be used in open environments and in > > applications that bring the user in conscious contact with the result of a > > certificate-based identification process, then human recognition is highly > > relevant, and it may be a necessity. > > > > Most applications provide the human user with an opportunity to view the > > results of a successful certificate-based identification process. When the > > user takes the steps necessary to view these results, the user is presented > > with a view of a certificate. This solution has two major problems. First, > > the function to view a certificate is often rather hard to find for a > > non-technical user. Second, the presentation of the certificate is rather > > technical; it is not user friendly. It contains no graphic symbols or > > logotypes to enhance human recognition. > > > In the second case, there are software applications that expose human users > > to certificates for the selection of a single certificate from a portfolio > > of certificates. In some circumstances, the software application can use > > information within the certificates to determine suitability; however, the > > user must be queried if more than one certificate is suitable. The human > > user must select one of them. > >I would guess that is that case it is a recognition by the subscriber. >Is it what you mean ? Are there other cases you are thinking of ? >Please be precise. Can't understand your question. Please clarify. > > This situation is comparable to a person selecting a suitable plastic card > > from his wallet. In this situation, substantial assistance is provided by > > card color, location, and branding. > > > > In order provide similar support for certificate selection, the users need > > tools to easily recognize and distinguish certificates. Introduction of > > logotypes into certificates provides the necessary graphic. > > > Now, for your specific comments. > > > > COMMENT 1: Subject logotype. > > > > Currently a "subject organization logotype" is proposed. It definition is > > as follows: "a logotype representing the organization identified in the > > subject name in the certificate". > > > > From this definition only a single logotype would be allowed for a > > subject. It can make sense to attach more that one logotype to a subject, > > that does not reflect necessarily the organization a user belongs to (e.g. > > an individual is a Red Cross member) so the definition should be changed > > to: > > > > "subject logotype" "a logotype representing any characteristic of the > > entity identified in the subject name in the certificate". > > > > RESPONSE 1. > > > > We are allowing a graphical identity of the user to facilitate certificate > > selection or acceptance. We are not trying to graphically represent every > > attribute of the user. We certainly do not want to overwhelm the designers > > of graphic user interfaces. We need to keep it simple. > >I do not buy this argument. The current proposal limits to logo type to the >logo of the organization, whereas this limitation is not appropriate. A >subject may even have no O (Organization) component in the DN and there >could >be other logos attached to the subject field. Not a technical issue but an issue regarding the intent of the solution. The intent of the solution is to represent the subject organization. If you have other usage scenarios please describe them in more clarity. > > COMMENT 2: Issuer logotype. > > > > Currently an "issuer organization logotype" is proposed. It definition is > > as follows: "a logotype representing the organization identified as part of > > the issuer name in the certificate". > > > > From this definition a single logotype would be allowed for an issuer. It > > can make sense to attach more that one logotype to an issuer, that does not > > reflect necessarily the organization an issuer belongs to (e.g. an issuer > > may support a "Privacy Policy" and be a member from two different trade > > associations), so the definition should be changed to: > > > > "issuer logotype: a logotype representing any characteristic of the issuer > > identified as part of the issuer name in the certificate". > > > > RESPONSE 2. > > > > Again, we are allowing a graphical identity of the user to facilitate > > certificate selection or acceptance. We are not trying to graphically > > represent every attribute of the issuer. > >I do not buy this argument. The current proposal limits to logo type to the >logo of the issuer, whereas this limitation is not appropriate. See my >examples again. > > > COMMENT 3: The "concept logotype", also renamed "community logotype" during > > the last IETF meeting or " shared community logotype" in the minutes from > > the same meeting is more hazy. > > > > The current text states:" Many issuers may use the concept logotypes to > > co-brand with a global concept in order to gain global recognition of its > > local service provision. This type of concept branding is very common in > > credit card business where local independent card issuers issue cards > > within a globally branded concept (such as VISA and MasterCard)". > > > > The current text also states: " the relationship between the issuer and > > either the issuer organization logotype or the concept logotype". > > > > A logotype is adding "human processable" information to enhance the > > properties of an already existing field from a certificate. To this respect > > it is sensible to add one (or more) logotypes that characterizes the issuer > > and the subject. The real question is to which field the "concept > > logotype / community logotype / shared community logotype" relates. > > > > It may relate : > > - either to the issuer, to state that an issuer belongs to some > group, or > > - to the certificate policy to state that the policy under which the > > certificate is issued obeys to some rules imposed by the organization > > whose logo is referenced. > > > > This leads to two possible ways: > > 1) only consider two logotypes: issuer logotype and subject logotypes. > > 2) consider three logotypes: issuer logotypes, subject logotypes and > > policy logotypes. > > > > I would favor the former, but would have no major problem to go with the > > later. In that case the policy logotype would be defined as follows: > > > > "Policy logotype: a logotype representing any characteristic of the > > certificate policy under which the certificate is issued". > > > > RESPONSE 3. > > > > Policy implies the wrong connotation. We are not trying to graphically > > represent a certificate policy or anything about how the certificate was > > issued. The community (or concept) logotype simply allows CA to enter into > > collective branding relationships. > >A branding of what ? Please be precise. > > > I suppose that a large group that share a common security policy could > > register a logo for that policy and use it as a community logo. While this > > was not the model that we considered, it certainly is accommodated. > > > > COMMENT 4: Logotypes are not "claimed" by the issuer, but always *verified* > > to some extend by the issuer. The current text is misleading: > > > > "The relationship between the subject organization and the subject > > organization logotype and the relationship between the issuer and > > either the issuer organization logotype or the concept logotype, are > > relationships *claimed* by the issuer." > > > > RESPONSE 4. > > > > The issuer is responsible for the verification of anything that is included > > in the certificate. After all, the issuer signature covers it. Thus, the > > issuer is claiming that the logotypes are appropriate. > >Don't twist the wording. :-) > >We agree on the concept, but we should try to use another wording and avoid >to use the word "claim". > > > COMMENT 5: During the meeting, it has been proposed to add a small image of > > the logotype in the certificate itself. In this WG we always have had a > > concern about the size of the certificate, so that it can be lodged in some > > small devices. So I would not favor to allow such provision in a > > extension standardized by this WG. > > > > RESPONSE 5. > > > > There are environments where the client cannot access the Internet until > > after the certificate is used. Consider certificate-based authentication > > to an ISP. A small logotype in the certificate could be useful to aid > > certificate selection in this situation. The inclusion of a small logotype > > is, of course, optional. > >...and instead of certificates between 1 K and 2 K bytes, have certificates >with at least one more K ! > >Denis This issue is a matter of balance between space and functionality.I don't believe you can argue that there is any right and wrong here. Personally I believe that the space used is worth it in many cases. Do you have any "technical" issues with this. e.g. cases where this would create certain problems we should be aware about. > > > COMMENT 6: It should be made clear that this extension in non-critical. > > > > RESPONSE 6. > > > > Agree. The logotype extension was never intended to be critical. > > > > COMMENT 7: The document includes many typos to be corrected. > > > > RESPONSE 7. > > > > We will make every effort to correct them before the next draft is > published. > > > > Russ /Stefan Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34DegP15939 for ietf-pkix-bks; Thu, 4 Apr 2002 05:40:42 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Deem15933 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 05:40:40 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA21668; Thu, 4 Apr 2002 15:42:58 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040415401478:69 ; Thu, 4 Apr 2002 15:40:14 +0200 Message-ID: <3CAC56A1.D5E88DBA@bull.net> Date: Thu, 04 Apr 2002 15:35:29 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Trevor Freeman <trevorf@windows.microsoft.com> CC: "Housley, Russ" <rhousley@rsasecurity.com>, Ambarish Malpani <ambarish@valicert.com>, Stephen Kent <kent@bbn.com>, ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements References: <4AEE3169443CDD4796CA8A00B02191CDEE5F0E@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:40:14, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:40:29, Serialize complete at 04/04/2002 15:40:29 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Trevor, I agree with you. The current text states that some forms of path discovery policy can be simple. This is because rough selection criteria can be set for DPD, while more precise are needed for DPV. It does make sense to return multiple path, if specifially requested. Denis > To state that a client has to be exacting over its specification and > only wants one chain returned is presupposing the application model. > There are applications which are more comfortable with making a vague > request, getting back multiple chains to which they apply their own > policy. One of the specifications to the server can be find me all paths > that meet these criteria. I think the simple case on only wanting a > single chain is the most common so making that the default is fine. > > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Wednesday, April 03, 2002 11:12 AM > To: Ambarish Malpani; Stephen Kent > Cc: ietf-pkix@imc.org > Subject: Re: One last comment on DPD requirements > > Steve & Ambarish: > > >>Hi Group, > >> One last (slightly late) comment on the DPD requirements that > >>has been troubling me: > >> > >>In the DPD requirements, there is a reasonable amount of text that > >>talks about how a server can return multiple paths back to the > >>client (to allow the client to decide which path is the best). > >> > >>The main goal of DPD is to try and simplify the client. In how many > >>cases do people really want multiple paths back from the server. > >>While it is the right requirement in principal, do folks really > >>think clients will want multiple paths back from a DPD server? Are > >>we adding the additional flexiblity/complexity just for > >>technical purity? > >> > >>Comments will be appreciated. > >> > >>Regards, > >>Ambarish > > > >I too would favor simplifying the protocol requirement here. Some folks > > >have suggested motivations for multiple paths, but this does seem to > >conflict with the fundamental goal of creating a protocol to satisfy > the > >needs of thin clients. > > > >Steve > > I agree with your goal. It is far better for the client to tell the > server > what it wants, then get back a single path that satisfies all of the > requirements. To do this, we need to be able to fully specify the > clients > criteria and send them to the server. I think that we know how to do > this > for many PKI-enabled applications, but I am not sure that we know how to > do > it for all applications, especially ones that are yet to be developed. > > This leaves us with two choices. Either the protocol returns multiple > certification paths (the approach in the current document) or the > protocol > requires the client to adequately specify its criteria. This could be > done > with the path discovery policy. If we adopt this alternative, we should > > include additional text so that implements expect application-specific > (perhaps several application-specific path discovery policy if there are > > multiple roles in the application). > > Russ Received: by above.proper.com (8.11.6/8.11.3) id g34DaLw15428 for ietf-pkix-bks; Thu, 4 Apr 2002 05:36:21 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34DaKm15422 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 05:36:20 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA03646; Thu, 4 Apr 2002 15:38:45 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040415354326:67 ; Thu, 4 Apr 2002 15:35:43 +0200 Message-ID: <3CAC5593.9B362294@bull.net> Date: Thu, 04 Apr 2002 15:30:59 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: ambarish@valicert.com CC: ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <200204031802.UAA04158@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:35:43, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:36:15, Serialize complete at 04/04/2002 15:36:15 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ambarish, > > If the protocol does choose to return the requestHash in the response, do > > you see any benefit to adding a requestNonce in the response? If not, the > > requirement should go. I think it would be better for the requirements doc > > to say what is desired: "Prevent replay attacks on responses" and let the > > protocol decide how to do it. > > > I seem to agree with Ambarish that the current texts is an overspecification. > Thus, a simple text like: "The protocol MUST provide a means to > protect itself against replay attacks." seems sufficient for this > document. The current text is: "In order to prevent replay attacks, the DPV client MUST be able to include a nonce in the DPV request. When the nonce is present in the request, then the DPV server MUST include the same nonce in the response. (...) The DPV response MUST be bound to the DPV request. This can be accomplished by repeating the important components from the request in the response or by including a one-way hash of the request in the response." The new proposal is: "The protocol MUST prevent replay attacks, including for the case where the client does not have a clock synchronized with UTC. (...) The requester MUST be able to verify that the response was constructed taking into consideration all the parameters from the request. In addition, without the need to store the request, a requester SHALL be able to prove that a valid DPV response was made for a given certificate and for a given validation policy, including associated parameters, if any." Now, a few explanations: 1) The sentence "including for the case where the client does not have a clock synchronized with UTC" implies the use of a nonce. 2) Placing a requestHash in the response is fine to make sure that no information has been dropped or changed on its way to the server. However this is not sufficient. Clients would like to store valid responses, without the need to store the whole request as well, that may include a bunch of certificates, CRLs and OCSP responses. In many cases, clients want to store the "YES" answer and only prove that the YES is about THIS certificate and THIS validation POLICY. Hence the need to include in the response both the reference of the certificate and the reference of the policy to keep the response as short as possible (in particular for thin clients). It is anticipated that in many applications, clients will only need a valid DPV response, without the path and the associated revocation information. Denis > Peter Received: by above.proper.com (8.11.6/8.11.3) id g34DXdU15198 for ietf-pkix-bks; Thu, 4 Apr 2002 05:33:39 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34DXbm15194 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 05:33:37 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA17964; Thu, 4 Apr 2002 15:35:57 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040415330081:65 ; Thu, 4 Apr 2002 15:33:00 +0200 Message-ID: <3CAC54F4.915D3F1B@bull.net> Date: Thu, 04 Apr 2002 15:28:20 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Brian Hunter <brian.hunter@sit.fraunhofer.de> CC: "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> <5.1.0.14.2.20020403114844.031ba150@exna07.securitydynamics.com> <3CAC1879.533482E1@sit.fraunhofer.de> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:33:00, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:33:27, Serialize complete at 04/04/2002 15:33:27 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Brian, I concur. Denis > Russ, > > > >5. Section 5 Para 4 > > Trust anchors can be established using self-signed certificates or by other > > means, either way, the trust anchor is not included. Perhaps this point > > is only adding confusion. > > Not including non-self-signed trust anchors is contrary to Denis' change > sent to Ambarish. I agree with Denis' clarification because it aligns > DPD with path validation in 2459bis section 6.1 para 7: > > "When the trust anchor is provided in the form of a self-signed > certificate, this self-signed certificate is not included as part of the > prospective certification path." > > > >9. Section 9 Last paragraph point (3) > > > Is it intended that the validation time should be adjusted for only > > >one of the four points, hence the use of "or" after point three? I would > > >suggest the use of "and". > > > > I disagree. The time could be adjusted for one or more of these > > reasons. It is an inclusive or. > > See Denis' response to me agreeing with the change to "and". > All in all, I think this is a small point, in the scope of this > document, but to clarify the meaning, perhaps the use of "and/or" would > be appropriate. > > Brian Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34DWqZ15075 for ietf-pkix-bks; Thu, 4 Apr 2002 05:32:52 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34DWom15067 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 05:32:50 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA10372; Thu, 4 Apr 2002 15:35:15 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040415323433:64 ; Thu, 4 Apr 2002 15:32:34 +0200 Message-ID: <3CAC54DA.21585336@bull.net> Date: Thu, 04 Apr 2002 15:27:54 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Stefan Santesson <stefan@addtrust.com> CC: "Housley, Russ" <rhousley@rsasecurity.com>, ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt References: <5.1.0.14.2.20020327131915.02f3f5d8@exna07.securitydynamics.com> <5.1.0.14.2.20020404011004.02e54ec8@mail.addtrust.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:32:34, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 04/04/2002 15:32:45, Serialize complete at 04/04/2002 15:32:45 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Stefan, Your "feeling" is wrong. At the Minneapolis meeting you welcomed a technical discussion on that topic. Please, go back to a technical discussion. Regards, Denis > Denis, > > Generally I have some problems with your way of arguing. My observation is > that you ask us to be precise where there is no point in being precise and > you fail to be precise yourself where your arguments need to be backed by > facts and examples. > > At least I think it would be fair of you to try to understand what the > draft was written to solve and either argue that we try to find a solution > to the wrong problem or that we try to solve the right problem the wrong way. > > Right now I feel that you claim that we solve the wrong problem the wrong > way, which is a rather hopeless originating discussion point. > > /Stefan > > At 17:55 2002-04-03 +0200, Denis Pinkas wrote: > > >Russ, > > > >Thank you for this long reply ... that did not convinced me. > >The argumentation you provided is not crystal clear to me. > > > >See my comments below. > > > > > Denis: > > > > > > I fear that you have missed the point of the logotypes draft > > > altogether. The authors recognize that the introduction needs to be > > > expanded, so we may be to blame for any misunderstanding. To try and clear > > > up the misunderstanding, I offer some general observations before > > > responding to your specific comments. > > > > > > The logotype extension will aid in two situations: > > > 1. Certificate-based Identification > > > 2. Selection of Certificates > > > > > > In the first case, the need for human recognition > > > >1) Recognition of what ? or of which characteristics ? > > Please be precise. > > > >2) Recognized by which entity ? Please be precise. > > I would guess a human being acting as a relying party. > > > > > depends on the manner in > > > which certificates are used and whether certificates need to be visible to > > > human users. If certificates are to be used in open environments and in > > > applications that bring the user in conscious contact with the result of a > > > certificate-based identification process, then human recognition is highly > > > relevant, and it may be a necessity. > > > > > > Most applications provide the human user with an opportunity to view the > > > results of a successful certificate-based identification process. When the > > > user takes the steps necessary to view these results, the user is presented > > > with a view of a certificate. This solution has two major problems. First, > > > the function to view a certificate is often rather hard to find for a > > > non-technical user. Second, the presentation of the certificate is rather > > > technical; it is not user friendly. It contains no graphic symbols or > > > logotypes to enhance human recognition. > > > > > In the second case, there are software applications that expose human users > > > to certificates for the selection of a single certificate from a portfolio > > > of certificates. In some circumstances, the software application can use > > > information within the certificates to determine suitability; however, the > > > user must be queried if more than one certificate is suitable. The human > > > user must select one of them. > > > >I would guess that is that case it is a recognition by the subscriber. > >Is it what you mean ? Are there other cases you are thinking of ? > >Please be precise. > > > > > This situation is comparable to a person selecting a suitable plastic card > > > from his wallet. In this situation, substantial assistance is provided by > > > card color, location, and branding. > > > > > > In order provide similar support for certificate selection, the users need > > > tools to easily recognize and distinguish certificates. Introduction of > > > logotypes into certificates provides the necessary graphic. > > > > > Now, for your specific comments. > > > > > > COMMENT 1: Subject logotype. > > > > > > Currently a "subject organization logotype" is proposed. It definition is > > > as follows: "a logotype representing the organization identified in the > > > subject name in the certificate". > > > > > > From this definition only a single logotype would be allowed for a > > > subject. It can make sense to attach more that one logotype to a subject, > > > that does not reflect necessarily the organization a user belongs to (e.g. > > > an individual is a Red Cross member) so the definition should be changed > > > to: > > > > > > "subject logotype" "a logotype representing any characteristic of the > > > entity identified in the subject name in the certificate". > > > > > > RESPONSE 1. > > > > > > We are allowing a graphical identity of the user to facilitate certificate > > > selection or acceptance. We are not trying to graphically represent every > > > attribute of the user. We certainly do not want to overwhelm the designers > > > of graphic user interfaces. We need to keep it simple. > > > >I do not buy this argument. The current proposal limits to logo type to the > >logo of the organization, whereas this limitation is not appropriate. A > >subject may even have no O (Organization) component in the DN and there > >could > >be other logos attached to the subject field. > > > > > COMMENT 2: Issuer logotype. > > > > > > Currently an "issuer organization logotype" is proposed. It definition is > > > as follows: "a logotype representing the organization identified as part of > > > the issuer name in the certificate". > > > > > > From this definition a single logotype would be allowed for an issuer. It > > > can make sense to attach more that one logotype to an issuer, that does not > > > reflect necessarily the organization an issuer belongs to (e.g. an issuer > > > may support a "Privacy Policy" and be a member from two different trade > > > associations), so the definition should be changed to: > > > > > > "issuer logotype: a logotype representing any characteristic of the issuer > > > identified as part of the issuer name in the certificate". > > > > > > RESPONSE 2. > > > > > > Again, we are allowing a graphical identity of the user to facilitate > > > certificate selection or acceptance. We are not trying to graphically > > > represent every attribute of the issuer. > > > >I do not buy this argument. The current proposal limits to logo type to the > >logo of the issuer, whereas this limitation is not appropriate. See my > >examples again. > > > > > COMMENT 3: The "concept logotype", also renamed "community logotype" during > > > the last IETF meeting or " shared community logotype" in the minutes from > > > the same meeting is more hazy. > > > > > > The current text states:" Many issuers may use the concept logotypes to > > > co-brand with a global concept in order to gain global recognition of its > > > local service provision. This type of concept branding is very common in > > > credit card business where local independent card issuers issue cards > > > within a globally branded concept (such as VISA and MasterCard)". > > > > > > The current text also states: " the relationship between the issuer and > > > either the issuer organization logotype or the concept logotype". > > > > > > A logotype is adding "human processable" information to enhance the > > > properties of an already existing field from a certificate. To this respect > > > it is sensible to add one (or more) logotypes that characterizes the issuer > > > and the subject. The real question is to which field the "concept > > > logotype / community logotype / shared community logotype" relates. > > > > > > It may relate : > > > - either to the issuer, to state that an issuer belongs to some > > group, or > > > - to the certificate policy to state that the policy under which the > > > certificate is issued obeys to some rules imposed by the organization > > > whose logo is referenced. > > > > > > This leads to two possible ways: > > > 1) only consider two logotypes: issuer logotype and subject logotypes. > > > 2) consider three logotypes: issuer logotypes, subject logotypes and > > > policy logotypes. > > > > > > I would favor the former, but would have no major problem to go with the > > > later. In that case the policy logotype would be defined as follows: > > > > > > "Policy logotype: a logotype representing any characteristic of the > > > certificate policy under which the certificate is issued". > > > > > > RESPONSE 3. > > > > > > Policy implies the wrong connotation. We are not trying to graphically > > > represent a certificate policy or anything about how the certificate was > > > issued. The community (or concept) logotype simply allows CA to enter into > > > collective branding relationships. > > > >A branding of what ? Please be precise. > > > > > I suppose that a large group that share a common security policy could > > > register a logo for that policy and use it as a community logo. While this > > > was not the model that we considered, it certainly is accommodated. > > > > > > COMMENT 4: Logotypes are not "claimed" by the issuer, but always *verified* > > > to some extend by the issuer. The current text is misleading: > > > > > > "The relationship between the subject organization and the subject > > > organization logotype and the relationship between the issuer and > > > either the issuer organization logotype or the concept logotype, are > > > relationships *claimed* by the issuer." > > > > > > RESPONSE 4. > > > > > > The issuer is responsible for the verification of anything that is included > > > in the certificate. After all, the issuer signature covers it. Thus, the > > > issuer is claiming that the logotypes are appropriate. > > > >Don't twist the wording. :-) > > > >We agree on the concept, but we should try to use another wording and avoid > >to use the word "claim". > > > > > COMMENT 5: During the meeting, it has been proposed to add a small image of > > > the logotype in the certificate itself. In this WG we always have had a > > > concern about the size of the certificate, so that it can be lodged in some > > > small devices. So I would not favor to allow such provision in a > > > extension standardized by this WG. > > > > > > RESPONSE 5. > > > > > > There are environments where the client cannot access the Internet until > > > after the certificate is used. Consider certificate-based authentication > > > to an ISP. A small logotype in the certificate could be useful to aid > > > certificate selection in this situation. The inclusion of a small logotype > > > is, of course, optional. > > > >...and instead of certificates between 1 K and 2 K bytes, have certificates > >with at least one more K ! > > > >Denis > > > > > > > COMMENT 6: It should be made clear that this extension in non-critical. > > > > > > RESPONSE 6. > > > > > > Agree. The logotype extension was never intended to be critical. > > > > > > COMMENT 7: The document includes many typos to be corrected. > > > > > > RESPONSE 7. > > > > > > We will make every effort to correct them before the next draft is > > published. > > > > > > Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34D5Tb13737 for ietf-pkix-bks; Thu, 4 Apr 2002 05:05:29 -0800 (PST) Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34D5Rm13733 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 05:05:27 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta02-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020404130527.CTRU286.mta02-svc.ntlworld.com@salford.ac.uk>; Thu, 4 Apr 2002 14:05:27 +0100 Message-ID: <3CAC5086.281238EE@salford.ac.uk> Date: Thu, 04 Apr 2002 14:09:26 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: steven.legg@adacel.com.au CC: "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <001001c1db7f$751e3cd0$a518200a@osmium.mtwav.adacel.com.au> Content-Type: multipart/mixed; boundary="------------FE6E2BACF90276BB15E89ADB" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------FE6E2BACF90276BB15E89ADB Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Steven thanks for your messages that have clearly stated the case that ;binary is needed as a general transfer encoding, and that many attributes exist without a native LDAP encoding being defined for them. But this does raise the more general issue of how does a user who asks for "all" attributes, deal with those which are returned, whose native encoding he is unfamiliar with. Does the server assume the client knows (in which case ;binary will only be used on those attributes with no native encoding defined) or does not know (in which case ;binary will need to be used on all attributes that are not defined in Internet standard RFCs). Seems like ASN.1 DAP had some advantages after all :-) David Steven Legg wrote: > > David, > > David Chadwick wrote: > > Sent: Thursday, 4 April 2002 8:45 > > To: Kurt D. Zeilenga > > Cc: Sharon Boeyen; 'Mark Wahl'; Mark C Smith; LDAP BIS; PKIX > > Subject: Re: LDAP Certificate transfer syntax > > > > In David's table, he shows that existing LDAPv3 implementations > > > are "OK". That is, LDAPv3 is not broken in this regard. The > > > specification is clear and there multiple interoperable > > > LDAPv3 implementations. > > > > > > > But LDAP (v2 and v3) is deficient in that it has never specified a > > workable "native" transfer encoding for certificates. The > > LDAPv2 attempt > > was broken as we know, and v3 never replaced it - until my > > proposed text > > now. Are certificates the only commonly used attributes without a > > "native" encoding? I cant think of any others. > > I commonly use entryACI, prescriptiveACI and subentry ACI (ACI Item > syntax) and subtreeSpecification (Subtree Specification syntax). > Neither of the syntaxes for these attributes has a defined > LDAP-specific (i.e. native) encoding in RFC 2252 or RFC 2256. > > > So this is a deficiency > > that should be rectified in my opinion. > > Recent I-Ds have proposed human readable character string encodings > for both the ACI Item syntax and the Subtree Specification syntax, > by referencing the Generic String Encoding Rules, to correct the > deficiency in these syntaxes. This is in keeping with the statement > in RFC 2252 that "The encoding rules defined for a given attribute > syntax must produce octet strings. To the greatest extent possible, > encoded octet strings should be usable in their native encoded form > for display purposes". > > Thus a "right" way to fix the Certificate syntax is to define > the LDAP-specific/native encoding to be the GSER encoding :-). > > Had the ACI Item and Subtree Specification syntaxes previously been > defined such that their LDAP-specific encoding was the same as > their ;binary encoding it would not now be possible to define the > default format to be a human readable character string encoding. > > > > That is, this suggest change will implementations to updated to > > > support it. This will include some clients (such as those which > > > as for "*" and expect userCertificate;binary) > > > > agreed, if a server is to be consistent it probably would not put > > ;binary on any returned attributes, although I believe that todays > > LDAPv3 servers will put ;binary on certificates because of the MUST > > requirement. If they continued to do this in the future it would not > > cause any problems with the clients, but would be inconsistent > > behaviour. > > > > >and most (if not > > > all) servers. That's bad! > > > > > > > I think the change would not have been necessary if all existing > > products had implemented the current spec. And thats bad!! > > The fault is in the incorrectly implemented products. The obligation > to change is on them, not the correctly implemented products. > > > > Hence, for LDAPv3 interoperability sake, the specification needs > > > to continue to MUST the use of ;binary for these attributes except > > > where the client and server have a prior agreement that the > > > OPTIONAL native encoding is to be used. > > > > > > > As a general rule I think that continuing to mandate one particular > > tranfer encoding just for certificates is wrong and leaves us > > in hole in > > the future if new transfer encodings are developed, such as XML (which > > incidentally has now been standardised for certificates). So how would > > you propose to cater for XML encodings in the future? > > One way is to provide an update to the Certificate syntax to say that > values in the syntax MUST NOT be requested or returned without an > explicit transfer option. We could also say that now, in the current > draft. > > > > Of course, one ought to wonder why any LDAPv3 implementation > > > would support this OPTIONAL native encoding when the REQUIRED > > > encoding is more broadly implemented and provides the same > > > functionality. It seems redundant to me. > > > > > > > Clearly there is redundancy once a native encoding is > > specified and this > > happens to be the same as the ;binary encoding, that is not in doubt. > > But who is to say which one is the redundant one? It could be > > the use of > > ;binary. Maybe this transfer encoding is no longer needed by LDAPv3 > > (just being devil's advocate here :-) > > Only about a third of the syntaxes I support have defined LDAP-specific > encodings. I need a standard way to represent attribute values of the > other two thirds in LDAP and LDIF. The ;binary option serves that > purpose. Now if someone were to mandate that all additional LDAP syntaxes > must use GSER for the LDAP-specific encoding then I wouldn't need ;binary. > > Regards, > Steven > > > > > David > > > > > > > Kurt > > > > -- > > ***************************************************************** > > > > David W. Chadwick, BSc PhD > > Professor of Information Systems Security > > IS Institute, University of Salford, Salford M5 4WT > > Tel: +44 161 295 5351 Fax +44 161 745 8169 > > Mobile: +44 77 96 44 7184 > > Email: D.W.Chadwick@salford.ac.uk > > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > > Research Projects: http://sec.isi.salford.ac.uk > > Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > > X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > > Entrust key validation string: MLJ9-DU5T-HV8J > > PGP Key ID is 0xBC238DE5 > > > > ***************************************************************** -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------FE6E2BACF90276BB15E89ADB Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------FE6E2BACF90276BB15E89ADB-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34Cpje13387 for ietf-pkix-bks; Thu, 4 Apr 2002 04:51:45 -0800 (PST) Received: from e1.esmtp.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Cphm13383 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 04:51:43 -0800 (PST) Received: from northrelay02.pok.ibm.com (northrelay02.pok.us.ibm.com [9.117.200.22]) by e1.esmtp.ibm.com (8.12.2/8.12.2) with ESMTP id g34ClbDc421248; Thu, 4 Apr 2002 07:47:37 -0500 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g34Cp1044960; Thu, 4 Apr 2002 07:51:01 -0500 Importance: Normal Sensitivity: Subject: Re: WG Last Call: Roadmap To: Denis Pinkas <Denis.Pinkas@bull.net> Cc: ietf-pkix@imc.org X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OFD7A26913.A4127A43-ON85256B90.00711489@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Thu, 4 Apr 2002 07:50:50 -0500 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/04/2002 07:51:02 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Responses below. The issue of who specifies the verifier's policy is rather serious. If the policy to be used is expected to be the same as RFC 3126's SignaturePolicy, we need to specify a step in which the verifier has the right to reject such a policy or to consider it inapplicable to the verifier's own current context. Tom Gindin Denis Pinkas <Denis.Pinkas@bull.net> on 04/03/2002 11:15:54 AM To: Tom Gindin/Watson/IBM@IBMUS cc: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap Tom, > I have a few issues with this, and some corrections as well. > In comment 12, I have two issues. The first one, which is minor, is > that "one or more Top CA's may be trusted" should refer to root CA's > instead - the two terms mean the same thing more often than not, but when > they differ the trust point is the root rather than the top. PKIX-1 states: " - Top CA - A CA that is at the top of a PKI hierarchy. Note: This is often also called a "Root CA," since in data structures terms and in graph theory, the node at the top of a tree is the "root." However, to minimize confusion in this document, we elect to call this node a "Top CA," and reserve "Root CA" for the CA directly trusted by the EE." The problem lies with the last sentence, i.e. "*the* CA directly trusted by the EE.". The singular is being used which means that there is a single one, multiple roots are not permitted, while multiple Top-CAs are permitted. [TG] Where in PKIX-1 is this? I can't find the phrase "directly trusted" in either RFC 2459 or in draft 12 of new-pkix-1. Furthermore, if it does appear in such a draft I hope that it will be with reference to a particular validation path. Since one normally performs validation against a specific context, only one trusted root is evaluated at a time. > The second is less minor. Is it truly intended that a signing EE > be permitted to specify the set of trusted CA's for an RP to use in > verifying a signature? At a minimum, an RP in this model is responsible > for validating the the set of rules is identical to one it has already > decided to trust, but there is no reference in the model description to > any active role for the RP. A verifier (not a signing EE as you mentioned) does not know what an anchor is, but may know what a policy is. So by selecting the policy that applies to the application, indirectly trust anchors (and much more) are selected. Remember that the same verifier may verify digital signatures in various contexts, e.g. for a Bank transaction or for a green reservation in a Golf Club. The trust conditions are not necessarilly identical. Note also that a verifier does not need to be a signer and may not have any certificate of its own. [TG] My point is that the policy used to verify a signature is something which the VERIFIER must decide on, rather than the signer, and signature policies are things which you have defined as being specified by a signer (see your own RFC 3126). A verifier is as likely to know what an anchor is as what a signature policy is. If a signature policy includes a specification of the trust anchors as well as of the verification mechanism a user who does not know what a trust anchor is operating blindly in accepting or choosing a signature policy. The case of a single (root) CA trusted for any kind of application is a very specific case and cannot be considered as the general case. > In your comment 5 (on page 15), replace "date of issue" by "date and > time of issue". This is fine. > At a slightly more substantive level, shouldn't the clarification of > the definition of Top CA on page 4 end "and reserve 'root CA' for a CA > directly trusted by the EE."? This wording permits multiple trusted roots. I do not think that PKIX-1 allows for this. See the quote above. > In your comment 4, shouldn't "CA certificate" be "hierarchical CA > certificate"? Surely a Top CA's self-signed certificate is also a "CA > certificate", and your definition excludes it. Then the sentence "Some > people in the WG believe that a cross certificate is a special kind of CA > certificate." is reversed to "... believe that a hierarchical CA > certificate is a special kind of cross certificate". You say that the definition excludes the fact that a Top CA's self-signed certificate is also a CA-certificate. This is correct, ... but was not intended. So what about this full correction ? [2459bis] defines a cross-certificate as "a certificate issued by one CA to another CA". [2459bis] does not provide a formal definition of a CA certificate but implictly means a certificate where the subject of the certificate is a CA. This means that self-signed certificates are CA certificats but are not cross-certificates. Some people in the WG believe that a cross certificate is a special kind of CA certificate issued by a CA under one Top CA for another CA under a different Top CA. CAs in the same hierarchy usually have part of their names imposed by the Top CA or by the CAs under that Top CAs. When a cross certificate is issued, there is no relationship between the names of the CAs. > In comment 11, the i.e. should remain "what are the root CA's" rather > than "what are the Top CA's", for the same reason as in comment 12. I do not think so. See my first comment. Regards, Denis > Tom Gindin > > Denis Pinkas <Denis.Pinkas@bull.net>@mail.imc.org on 03/26/2002 12:11:50 PM > > Sent by: owner-ietf-pkix@mail.imc.org > > To: ietf-pkix@imc.org > cc: Carlisle Adams <cadams@entrust.com> > Subject: Re: WG Last Call: Roadmap > > Comments on the roadmap document draft-ietf-pkix-roadmap-07.txt > > (snip) > COMMENT 3. A sentence states: "However, to minimize confusion in this > document, we elect to call this node a "Top CA," and reserve "Root CA" for > the CA directly trusted by the EE". Since an EE may trust more than one Top > CA, shouldn't we say: > > "However, to minimize confusion in this document, we elect to call this > node > a "Top CA," and reserve "Root CA" when there is a single CA directly > trusted > by the EE." > > COMMENT 4. On page 14. A clarification needs to be done between > cross-certificates and CA certificates. The text currently states: > > A cross-certificate is a PKC issued by one CA to another CA which > contains a public CA key associated with the private CA signature key > used for issuing PKCs. Typically, a cross-certificate is used to > allow client systems or end entities in one administrative domain to > communicate securely with client systems or end users in another > administrative domain. Use of a cross-certificate issued from CA_1 to > CA_2 allows user Alice, who trusts CA_1, to accept a PKC used by Bob, > which was issued by CA_2. Cross-certificates can also be issued from > one CA to another CA in the same administrative domain, if required. > > I would propose instead the following: > > " A CA certificate is a certificate in a hierarchy that is neither a > self-signed certificate, nor an end-entity certificate. [2459bis] does not > make a difference between a CA certificate and a cross certificate since it > defines a cross-certificate as "a certificate issued by one CA to another > CA". Some people in the WG believe that a cross certificate is a special > kind of CA certificate. A cross certificate is issued by a CA under one > Top CA for another CA under a different Top CA. CAs in the same hierarchy > have part of their names imposed by the Top CA or by the CAs under that > Top CAS. When a cross certificate is issued, there is no relationship > between the names of the CAS. > > Typically, a cross-certificate is used to allow client systems or end > entities in one administrative domain to communicate securely with client > systems or end users in another administrative domain. Use of a > cross-certificate issued from CA_1 to CA_2 allows user Alice, who trusts > CA_1, to accept a PKC used by Bob, which was issued by CA_2. > Cross-certificates can also be issued from one CA to another CA in the same > administrative domain, if required." > > COMMENT 5. On page 15, the text states: "A CRL is a time stamped list > identifying revoked PKCs that is signed by a CA and made freely available > in a public repository." > > I would prefer to avoid to use "time-stamped" in that context and thus I > would propose the following wording: > > "A CRL is a list that identifies the references of revoked PKCs. This list > contains a date of issue and is signed by a CA and made freely available in > a public repository." > > (snip) > > COMMENT 11. On page 47. Section 5.5 talks about trust model, but only > consider a single trust point: > > " An important design decision is where a particular EE's trust point > is located (i.e., where is the EE's Root CA). There are a number of > models that have been developed and depending on the environment some > models may be more suited than others. The following provides some > background on the models." > > I would rather propose to change it into: > > " An important design decision is, for a given application, where the > particular EE's trust points are located (i.e. what are the Top CAs). > There are a number of models that have been developed and depending on > the environment some models may be more suited than others. The following > provides some background on the models." > > COMMENT 12. On page 49. Section 5.5 I would propose to add another model. > > 5.5.5 Validation policies > > Another model considers a set of rules that apply to an application > context. > Every application context may have a different set of rules. When choosing > to use certificates in the context of that application, the EE selects the > set of rules for that context. In a set of rules, one or more Top CAs may > be > trusted, each one may be associated with different constraints, like the > certificate policies that are trusted or the naming constraints that apply. > These constrains may be specified either in self-signed certificates or in > addition to self-signed certificates when they do not incorporate these > constraints. This set of rules is called a validation policy (when > validating a certificate) or a signature policy (when validating a digital > signature). > > Regards, > > Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34CnrS13341 for ietf-pkix-bks; Thu, 4 Apr 2002 04:49:53 -0800 (PST) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Ch5m13130; Thu, 4 Apr 2002 04:43:06 -0800 (PST) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g34Ch6b18330; Thu, 4 Apr 2002 13:43:06 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a0d9d42040a9919350f8@emeairlsw1.baltimore.com>; Thu, 4 Apr 2002 13:37:46 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id NAA16409; Thu, 4 Apr 2002 13:43:01 +0100 Message-ID: <3CAC4A57.FA27780C@baltimore.ie> Date: Thu, 04 Apr 2002 13:43:03 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: xme <stephen.farrell@baltimore.ie>, Shivaram Mysore <Shivaram.Mysore@sun.com> Subject: xkms requirements document last call Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi, This mail is to ask for your comments on the W3C XKMS requirements document. See below for details. Sorry for the short notice - however, we will welcome comments for a while after the official end of the last-call period. Thanks, Stephen. On behalf of the W3C XML Key Managment Service WG [1], we are pleased to announce the publication of the "XKMS Requirements" Last Call Working Draft. This is one of the deliverables of the WG. The document address is: http://www.w3.org/TR/xkms2-req Abstract This document lists the design principles, scope and requirements for XML Key Management specifications and trust server key management implementations. It includes requirements as they relate to the key management syntax, processing, security and coordination with other standards activities. Status of this Document This is the Last Call for the requirements Working Draft of the XML Key Management Working Group (Activity Statement). This version represents the consensus of the Working Group. The last call period is 3 weeks, ending on 15 April 2002. Please send review comments by that date to the editors - fjh@alum.mit.edu, mike.just@entrust.com and cc: www-xkms@w3.org, shivaram.mysore@sun.com, stephen.farrell@baltimore.ie [1] http://www.w3.org/2001/XKMS -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34Cm5w13301 for ietf-pkix-bks; Thu, 4 Apr 2002 04:48:05 -0800 (PST) Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34Cm4m13297 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 04:48:04 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta05-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020404124803.LLJU17294.mta05-svc.ntlworld.com@salford.ac.uk>; Thu, 4 Apr 2002 13:48:03 +0100 Message-ID: <3CAC4C73.9C0F1BDC@salford.ac.uk> Date: Thu, 04 Apr 2002 13:52:03 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Jim Sermersheim <JIMSE@novell.com> CC: Kurt@OpenLDAP.org, ietf-pkix@imc.org, ietf-ldapbis@OpenLDAP.org Subject: Re: LDAP Certificate transfer syntax References: <scab441d.077@prv-mail20.provo.novell.com> Content-Type: multipart/mixed; boundary="------------B98CD197C7340D1E49FA4375" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------B98CD197C7340D1E49FA4375 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Jim these are very good points that you make. They go part way to showing that a reason for the confused situation we have gotten into is by not previously being precise enough about certificate syntax definitions (in fact there was not a workable one defined). I hope the new PKIX schema ID can be precise enough to ensure that future problems dont occur. Do you have any suggestions to the proposed wording that I sent out David Jim Sermersheim wrote: > > I note that 2252 and 2256 both have problems with the language used to > specify this. > > 2252 says that values of the Certificate syntax MUST be transferred > using the binary encoding. It then gives two attribute descriptions > "userCertificate;binary" and caCertificate;binary". If I create an > attribute called printerCertificate, what am I supposed to refer to it > as? > > It can be argued that the MUST here refers to the encoding, and the > attribute descriptions are merely examples of the day. > > 2256 says "This attribute is to be stored and requested in the binary > form, as 'userCertificate;binary'". Am I to believe that I must somehow > store the ;binary option in my database? Aside from that sillines, there > is no MUST imperative here. > > Jim > > >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 04/03/02 11:36AM >>> > This text does not clearly "MUST" the use of ;binary as > RFC 2252 and RFC 2256 did. As previously noted, this > "MUST" should not be dropped as doing so will cause > interoperability problems between implementations of > the current technical specification and the revised > technical specification. > > Kurt > > At 05:29 AM 2002-04-01, David Chadwick wrote: > >Colleagues > > > >Here is my proposed change to the section describing the LDAP syntax > for > >cerificates in the PKIX id > ><draft-pkix-ldap-schema-03.txt> which should be published before the > end > >of April. As this is likely to be the most contentious part of the > new > >ID, I thought it would be useful to distribute this text at the > earlier > >possible moment. > > > >All constructive comments welcomed > > > >David > > > > > >3.3 Certificate Syntax > > > >A value in this transfer syntax is the binary octet string that > results > >from BER or DER-encoding of an X.509 public key certificate. The > >following string states the OID assigned to this syntax: > > > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > > > >Servers must preserve values in this syntax exactly as given when > >storing and retrieving them. > > > >Note. Due to the changes from X.509(1988) to X.509(1993) and > subsequent > >changes to the ASN.1 definition to support certificate extensions in > >X.509(1997), no character string transfer syntax is defined for > >certificates. The BNF notation in RFC 1778 [12] for "User > Certificate" > >MUST NOT be used. Values in this syntax MUST be transferred as BER or > >DER encoded octets. The use of the ;binary encoding option, i.e. by > >requesting or returning the attributes with descriptions > >"userCertificate;binary" or "caCertificate;binary" has no effect on > the > >transfer syntax. -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------B98CD197C7340D1E49FA4375 Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------B98CD197C7340D1E49FA4375-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34ArOa04248 for ietf-pkix-bks; Thu, 4 Apr 2002 02:53:24 -0800 (PST) Received: from mail.dit.upm.es (IDENT:root@mail.dit.upm.es [138.4.2.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34ArNm04244 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 02:53:23 -0800 (PST) Received: from jungla.dit.upm.es (IDENT:root@jungla.dit.upm.es [138.4.5.11]) by mail.dit.upm.es (8.11.6/8.9.3) with ESMTP id g34ArJ911326; Thu, 4 Apr 2002 12:53:19 +0200 Received: from dit.upm.es (toro-2.dit.upm.es [138.4.21.2]) by jungla.dit.upm.es (8.11.6/8.9.3) with ESMTP id g34ArHi11288; Thu, 4 Apr 2002 12:53:17 +0200 Message-ID: <3CAC30A6.9552D46E@dit.upm.es> Date: Thu, 04 Apr 2002 12:53:26 +0200 From: "=?iso-8859-1?Q?Jos=E9?= A. =?iso-8859-1?Q?Ma=F1as?=" <jmanas@dit.upm.es> X-Mailer: Mozilla 4.76 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: "hermes3.si.c-s.fr" <antoine.bourrouilh@trustycom.fr> CC: ietf-pkix@imc.org Subject: Re: Comment on RFC 3161 References: <EBZWTNRLKXVMH3WE9ZUOKEY3143.3cabe72d@saturne> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g34ArOm04245 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I think you are right, and I think it is a problem with any signature: the status of the cert must be ok when the verification is run. For the case of time-stamping, there is renewal procedure such that an old time-stamp token is enveloped within a new token thus extending the value of the first token from the original instant to the end of the validity of the enveloping token. If renewal is applied regularly (always before the outmost key is compromised) the value may be extended indefinitely. Hope it helps, jam "hermes3.si.c-s.fr" wrote: > > Hi! > > I wonder something about the first security considerations of RFC 3161 (§4.1). > > It says that if the TSA private key shall not be used any more and > is not compromised , > the corresponding certificate shall be revoked with a reason code. > Thus any token signed with the corresponding key before the revocation time > will remain valid. > > However we could imagine that the key becomes compromised after the > revocation, allowing > the "hacker" to generate time-stamp tokens with a date previous to > the revocation time. > Thus false tokens will be consider as valid... > > The point is how to get the crucial "before" in " ... before the > revocation time" . > > If someone can help ... > > Antoine Bourrouilh -- ----------------------------------------------------------- Prof. Jose A. Manas mailto:jmanas@dit.upm.es Dpt. Telematica http://www.dit.upm.es/~pepe/ E.T.S.I. Telecomunicacion tel: [+34] 91 336 73 25 Ciudad Universitaria gsm: [+34] 607 73 38 94 E-28040 Madrid gsm: [+34] 609 62 70 98 SPAIN fax: [+34] 91.336 73 33 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34AYxT03739 for ietf-pkix-bks; Thu, 4 Apr 2002 02:34:59 -0800 (PST) Received: from ocasey.baltimore.com (ocasey.baltimore.com [193.41.17.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34AYum03735 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 02:34:56 -0800 (PST) Received: from Baltimore-FW1 ([172.19.1.1]) by ocasey.baltimore.com (8.11.6/8.9.3) with SMTP id g34AYtb15625 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 11:34:55 +0100 Received: from Baltimore-FW1 (wilde-i-1.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.5) with SMTP id <T5a0d27eb510a9919350f8@emeairlsw1.baltimore.com> for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 11:29:36 +0100 Received: from baltimore.ie (wks140-4.ie.baltimore.com [10.153.4.140]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id LAA14559 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 11:34:52 +0100 Message-ID: <3CAC2C4D.372B04BF@baltimore.ie> Date: Thu, 04 Apr 2002 11:34:53 +0100 From: Stephen Farrell <stephen.farrell@baltimore.ie> Reply-To: stephen.farrell@baltimore.ie Organization: Baltimore Technologies Ltd. X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements References: <003b01c1db76$ee825fb0$a300a8c0@Chokhani> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> And adding another reason: multiple paths may exist which only really differ in their validity fields. Unless the requirements call for a pretty complex time specifier in the request the simplest thing is for the server to send back all such paths found and let the client sort it out (i.e. even if the client picks a single point in time, there may still be >1 path such that the paths only differ in validity; to close this down some fairly hairy time specifier in the request would have to be defined and no clients would bother filling that in properly in any case). Stephen. Santosh Chokhani wrote: > > Russ: > > I agree with you, but for a different reason. I do not think this is > application specific issue. I think it is the path validation issue. I > do not think that the DPD server can know which paths are good without > doing a validation also, specially to see if there will be any name > constraints or certificate policy related failures. > > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Housley, Russ > Sent: Wednesday, April 03, 2002 2:12 PM > To: Ambarish Malpani; Stephen Kent > Cc: ietf-pkix@imc.org > Subject: Re: One last comment on DPD requirements > > Steve & Ambarish: > > >>Hi Group, > >> One last (slightly late) comment on the DPD requirements that has > > >>been troubling me: > >> > >>In the DPD requirements, there is a reasonable amount of text that > >>talks about how a server can return multiple paths back to the client > >>(to allow the client to decide which path is the best). > >> > >>The main goal of DPD is to try and simplify the client. In how many > >>cases do people really want multiple paths back from the server. While > > >>it is the right requirement in principal, do folks really think > >>clients will want multiple paths back from a DPD server? Are we adding > > >>the additional flexiblity/complexity just for technical purity? > >> > >>Comments will be appreciated. > >> > >>Regards, > >>Ambarish > > > >I too would favor simplifying the protocol requirement here. Some folks > >have suggested motivations for multiple paths, but this does seem to > >conflict with the fundamental goal of creating a protocol to satisfy > the > >needs of thin clients. > > > >Steve > > I agree with your goal. It is far better for the client to tell the > server > what it wants, then get back a single path that satisfies all of the > requirements. To do this, we need to be able to fully specify the > clients > criteria and send them to the server. I think that we know how to do > this > for many PKI-enabled applications, but I am not sure that we know how to > do > it for all applications, especially ones that are yet to be developed. > > This leaves us with two choices. Either the protocol returns multiple > certification paths (the approach in the current document) or the > protocol > requires the client to adequately specify its criteria. This could be > done > with the path discovery policy. If we adopt this alternative, we should > > include additional text so that implements expect application-specific > (perhaps several application-specific path discovery policy if there are > > multiple roles in the application). > > Russ -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com Received: by above.proper.com (8.11.6/8.11.3) id g349AAo22564 for ietf-pkix-bks; Thu, 4 Apr 2002 01:10:10 -0800 (PST) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g349A3m22530 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 01:10:04 -0800 (PST) Received: from sit.fraunhofer.de (pc-pisa [141.12.37.18]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id LAA19865; Thu, 4 Apr 2002 11:09:19 +0200 (MET DST) Message-ID: <3CAC1879.533482E1@sit.fraunhofer.de> Date: Thu, 04 Apr 2002 11:10:17 +0200 From: Brian Hunter <brian.hunter@sit.fraunhofer.de> X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: Denis.Pinkas@bull.net, ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> <5.1.0.14.2.20020403114844.031ba150@exna07.securitydynamics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, > >5. Section 5 Para 4 > Trust anchors can be established using self-signed certificates or by other > means, either way, the trust anchor is not included. Perhaps this point > is only adding confusion. Not including non-self-signed trust anchors is contrary to Denis' change sent to Ambarish. I agree with Denis' clarification because it aligns DPD with path validation in 2459bis section 6.1 para 7: "When the trust anchor is provided in the form of a self-signed certificate, this self-signed certificate is not included as part of the prospective certification path." > >9. Section 9 Last paragraph point (3) > > Is it intended that the validation time should be adjusted for only > >one of the four points, hence the use of "or" after point three? I would > >suggest the use of "and". > > I disagree. The time could be adjusted for one or more of these > reasons. It is an inclusive or. See Denis' response to me agreeing with the change to "and". All in all, I think this is a small point, in the scope of this document, but to clarify the meaning, perhaps the use of "and/or" would be appropriate. Brian Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g348JuL14901 for ietf-pkix-bks; Thu, 4 Apr 2002 00:19:56 -0800 (PST) Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g348Jrm14889 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 00:19:53 -0800 (PST) Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.2/8.12.2) with ESMTP id g348J7Xv028204; Thu, 4 Apr 2002 20:19:07 +1200 Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id UAA127153; Thu, 4 Apr 2002 20:19:03 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz) Date: Thu, 4 Apr 2002 20:19:03 +1200 (NZST) Message-ID: <200204040819.UAA127153@ruru.cs.auckland.ac.nz> From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: d.w.chadwick@salford.ac.uk, phil.griffin@asn-1.com Subject: Re: LDAP Certificate transfer syntax Cc: ietf-ldapbis@OpenLDAP.org, ietf-pkix@imc.org, rhousley@rsasecurity.com Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Phil Griffin <phil.griffin@asn-1.com> writes: >It is only when someone tries to reconstruct the certificate from its values >using the strict DER subset of BER that a mismatch with the signature due to >BER/DER differences in the encoding can arise. This would be a problem if anyone actually did this. Anyone mad enough to even try it quickly finds that 90% of signatures fail to verify after the re- coding, and falls back to doing what everyone else does, which is treat the signed object as a blob which you don't touch (the same with DNs in certs and many other things). Peter (who actually tried re-coding DNs into the correct form for awhile, but quickly gave up, and who never even tried with certs). Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g345ssj28825 for ietf-pkix-bks; Wed, 3 Apr 2002 21:54:54 -0800 (PST) Received: from nexus.adacel.com (shelob.adacel.com.au [203.36.26.146] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g345sqm28820 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 21:54:52 -0800 (PST) Received: (qmail 23712 invoked from network); 4 Apr 2002 05:51:48 -0000 Received: from unknown (HELO osmium) (10.32.24.165) by nexus.adacel.com with SMTP; 4 Apr 2002 05:51:47 -0000 Reply-To: <steven.legg@adacel.com.au> From: "Steven Legg" <steven.legg@adacel.com.au> To: "'Ramsay, Ron'" <Ron.Ramsay@ca.com> Cc: "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Thu, 4 Apr 2002 15:53:32 +1000 Message-ID: <001401c1db9d$0e50f6a0$a518200a@osmium.mtwav.adacel.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 In-Reply-To: <A7E3A4B51615D511BCB6009027D0D18C04597E55@aspams01.ca.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ron, Ramsay, Ron wrote: > Sent: Thursday, 4 April 2002 12:52 > To: steven.legg@adacel.com.au; 'David Chadwick' > Cc: 'LDAP BIS'; 'PKIX' > Subject: RE: LDAP Certificate transfer syntax > > > Steven, > > > I need a standard way to represent attribute values of the > > other two thirds in LDAP and LDIF. The ;binary option serves that > > purpose. > > I don't see this as logical. Do you simply mean the use of > ;binary means you > don't have to define another encoding? For, surely, defining > the behaviour > to be same for ;binary as without it achieves the same end? I was taking David's comment in the context of just the Certificate and related syntaxes, where the use of ;binary is currently mandated. If these syntaxes have their LDAP-specific encodings defined to be the same as the ;binary encoding that still leaves me with a large number of syntaxes where the LDAP-specific encoding is undefined. A blanket specification that the LDAP-specific encoding for *all* other syntaxes is the same as ;binary (or GSER, or whatever) is outside the scope of LDAPbis and the PKIX LDAP Schema, and runs into the immediate problem of quantifying which are the "other" syntaxes. Given some X.500-style attribute definition, there may or may not be a relevant LDAP syntax specification for its syntax, and I may not be aware of the specification if one does exist. If my server doesn't know the LDAP-specific encoding for some syntax but assumes it is the BER encoding there will be problems interoperating with implementations that do know the LDAP-specific encoding, if that encoding has been formally specified somewhere as some character string encoding. On the other hand, two implementations will agree on what the ;binary encoding is, even if one of them doesn't have complete information about the LDAP-specific encoding. Regards, Steven > > Ron. > > -----Original Message----- > From: Steven Legg [mailto:steven.legg@adacel.com.au] > Sent: Thursday, 4 April 2002 12:22 > To: 'David Chadwick' > Cc: 'LDAP BIS'; 'PKIX' > Subject: RE: LDAP Certificate transfer syntax > > > > David, > > David Chadwick wrote: > > Sent: Thursday, 4 April 2002 8:45 > > To: Kurt D. Zeilenga > > Cc: Sharon Boeyen; 'Mark Wahl'; Mark C Smith; LDAP BIS; PKIX > > Subject: Re: LDAP Certificate transfer syntax > > > > In David's table, he shows that existing LDAPv3 implementations > > > are "OK". That is, LDAPv3 is not broken in this regard. The > > > specification is clear and there multiple interoperable > > > LDAPv3 implementations. > > > > > > > But LDAP (v2 and v3) is deficient in that it has never specified a > > workable "native" transfer encoding for certificates. The > > LDAPv2 attempt > > was broken as we know, and v3 never replaced it - until my > > proposed text > > now. Are certificates the only commonly used attributes without a > > "native" encoding? I cant think of any others. > > I commonly use entryACI, prescriptiveACI and subentry ACI (ACI Item > syntax) and subtreeSpecification (Subtree Specification syntax). > Neither of the syntaxes for these attributes has a defined > LDAP-specific (i.e. native) encoding in RFC 2252 or RFC 2256. > > > So this is a deficiency > > that should be rectified in my opinion. > > Recent I-Ds have proposed human readable character string encodings > for both the ACI Item syntax and the Subtree Specification syntax, > by referencing the Generic String Encoding Rules, to correct the > deficiency in these syntaxes. This is in keeping with the statement > in RFC 2252 that "The encoding rules defined for a given attribute > syntax must produce octet strings. To the greatest extent possible, > encoded octet strings should be usable in their native encoded form > for display purposes". > > Thus a "right" way to fix the Certificate syntax is to define > the LDAP-specific/native encoding to be the GSER encoding :-). > > Had the ACI Item and Subtree Specification syntaxes previously been > defined such that their LDAP-specific encoding was the same as > their ;binary encoding it would not now be possible to define the > default format to be a human readable character string encoding. > > > > > That is, this suggest change will implementations to updated to > > > support it. This will include some clients (such as those which > > > as for "*" and expect userCertificate;binary) > > > > agreed, if a server is to be consistent it probably would not put > > ;binary on any returned attributes, although I believe that todays > > LDAPv3 servers will put ;binary on certificates because of the MUST > > requirement. If they continued to do this in the future it would not > > cause any problems with the clients, but would be inconsistent > > behaviour. > > > > >and most (if not > > > all) servers. That's bad! > > > > > > > I think the change would not have been necessary if all existing > > products had implemented the current spec. And thats bad!! > > The fault is in the incorrectly implemented products. The obligation > to change is on them, not the correctly implemented products. > > > > > Hence, for LDAPv3 interoperability sake, the specification needs > > > to continue to MUST the use of ;binary for these attributes except > > > where the client and server have a prior agreement that the > > > OPTIONAL native encoding is to be used. > > > > > > > As a general rule I think that continuing to mandate one particular > > tranfer encoding just for certificates is wrong and leaves us > > in hole in > > the future if new transfer encodings are developed, such as > XML (which > > incidentally has now been standardised for certificates). > So how would > > you propose to cater for XML encodings in the future? > > One way is to provide an update to the Certificate syntax to say that > values in the syntax MUST NOT be requested or returned without an > explicit transfer option. We could also say that now, in the current > draft. > > > > > Of course, one ought to wonder why any LDAPv3 implementation > > > would support this OPTIONAL native encoding when the REQUIRED > > > encoding is more broadly implemented and provides the same > > > functionality. It seems redundant to me. > > > > > > > Clearly there is redundancy once a native encoding is > > specified and this > > happens to be the same as the ;binary encoding, that is not > in doubt. > > But who is to say which one is the redundant one? It could be > > the use of > > ;binary. Maybe this transfer encoding is no longer needed by LDAPv3 > > (just being devil's advocate here :-) > > Only about a third of the syntaxes I support have defined > LDAP-specific > encodings. I need a standard way to represent attribute values of the > other two thirds in LDAP and LDIF. The ;binary option serves that > purpose. Now if someone were to mandate that all additional > LDAP syntaxes > must use GSER for the LDAP-specific encoding then I wouldn't > need ;binary. > > Regards, > Steven > > > > > David > > > > > > > Kurt > > > > -- > > ***************************************************************** > > > > David W. Chadwick, BSc PhD > > Professor of Information Systems Security > > IS Institute, University of Salford, Salford M5 4WT > > Tel: +44 161 295 5351 Fax +44 161 745 8169 > > Mobile: +44 77 96 44 7184 > > Email: D.W.Chadwick@salford.ac.uk > > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > > Research Projects: http://sec.isi.salford.ac.uk > > Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > > X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > > Entrust key validation string: MLJ9-DU5T-HV8J > > PGP Key ID is 0xBC238DE5 > > > > ***************************************************************** > Received: by above.proper.com (8.11.6/8.11.3) id g345fhh28581 for ietf-pkix-bks; Wed, 3 Apr 2002 21:41:43 -0800 (PST) Received: from pegase1.cie-signaux.fr (pegase1.cie-signaux.fr [194.2.40.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g345fgm28577 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 21:41:42 -0800 (PST) Received: from pegase0.si.c-s.fr by pegase1.cie-signaux.fr with ESMTP id HAA23974 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 07:43:05 +0200 (MET DST) Received: from pegase0.si.c-s.fr by pegase0.si.c-s.fr with ESMTP id HAA28161 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 07:40:31 +0200 (MET DST) Received: from hermes3.cstelecom.cie-signaux.fr by pegase0.si.c-s.fr with ESMTP id HAA28157 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 07:40:31 +0200 (MET DST) Received: from saturne ([172.17.92.235]) by hermes3.cstelecom.cie-signaux.fr (Netscape Messaging Server 3.62) with SMTP id 495 for <ietf-pkix@imc.org>; Thu, 4 Apr 2002 07:37:15 +0200 From: "hermes3.si.c-s.fr" <antoine.bourrouilh@trustycom.fr> To: ietf-pkix@imc.org Date: Thu, 04 Apr 2002 07:39:57 +0200 X-Priority: 3 (Normal) Message-Id: <EBZWTNRLKXVMH3WE9ZUOKEY3143.3cabe72d@saturne> Subject: Comment on RFC 3161 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" X-Mailer: Opera 6.0 build 1010 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi! I wonder something about the first security considerations of RFC 3161 (§4.1). It says that if the TSA private key shall not be used any more and is not compromised , the corresponding certificate shall be revoked with a reason code. Thus any token signed with the corresponding key before the revocation time will remain valid. However we could imagine that the key becomes compromised after the revocation, allowing the "hacker" to generate time-stamp tokens with a date previous to the revocation time. Thus false tokens will be consider as valid... The point is how to get the crucial "before" in " ... before the revocation time" . If someone can help ... Antoine Bourrouilh Received: by above.proper.com (8.11.6/8.11.3) id g343Ycm25741 for ietf-pkix-bks; Wed, 3 Apr 2002 19:34:38 -0800 (PST) Received: from servere.csc.cuhk.edu.hk (servere.itsc.cuhk.edu.hk [137.189.29.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g343Yam25737 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 19:34:36 -0800 (PST) Received: by servere.itsc.cuhk.edu.hk with Internet Mail Service (5.5.2653.19) id <2A3S1LMJ>; Thu, 4 Apr 2002 11:34:38 +0800 Message-ID: <F5612A0C4460D21182FC00A0C9D61A7603B63571@servere.itsc.cuhk.edu.hk> From: Jason Yeung <Jason@itsc.cuhk.edu.hk> To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: New testing TSA announcement Date: Thu, 4 Apr 2002 11:34:27 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="big5" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi all, Our testing TSA is available at ts2.itsc.cuhk.edu.hk, port 3318 The TSA is RFC3161-compliant. It is now based on the socket protocol and you can find the latest info at http://www.e-timestamping.com/status.html Please kindly provide comments and suggestions. Thanks. Jason Yeung --- ITF Project Information Technology Services Centre The Chinese University of Hong Kong Tel. No: (852) 2609 8874 Fax No: (852) 2603 5001 email: jasonyeung@cuhk.edu.hk web: http://www.e-timestamping.com Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g34310o24932 for ietf-pkix-bks; Wed, 3 Apr 2002 19:01:00 -0800 (PST) Received: from nexus.adacel.com (shelob.adacel.com.au [203.36.26.146] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g3430vm24928 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 19:00:57 -0800 (PST) Received: (qmail 5213 invoked from network); 4 Apr 2002 02:57:52 -0000 Received: from unknown (HELO osmium) (10.32.24.165) by nexus.adacel.com with SMTP; 4 Apr 2002 02:57:52 -0000 Reply-To: <steven.legg@adacel.com.au> From: "Steven Legg" <steven.legg@adacel.com.au> To: "'Phil Griffin'" <phil.griffin@asn-1.com> Cc: "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Thu, 4 Apr 2002 12:59:37 +1000 Message-ID: <001301c1db84$c1efaa80$a518200a@osmium.mtwav.adacel.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 In-Reply-To: <3CAB8883.FD9CDC35@asn-1.com> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Phil, Phil Griffin wrote: > Sent: Thursday, 4 April 2002 8:56 > To: David Chadwick > Cc: Housley, Russ; LDAP BIS; PKIX > Subject: Re: LDAP Certificate transfer syntax > > > > David, > > Understood and agree. My point though is that if > the format of the initial encoding is preserved > as an open type, it doesn't much matter what it > happened to be when it was signed. > > It is only when someone tries to reconstruct the > certificate from its values using the strict DER > subset of BER that a mismatch with the signature > due to BER/DER differences in the encoding can > arise. > > And as you've stated, technically when you say BER > you've included DER, as DER is a subset. But if > you are talking about a protocol requirement you > may need to be careful with the language and try > to be as explicit as possible. > > Surely if ;binary means BER it is not illegal to > return DER. But if ;binary means DER, then it would > seem that returning BER that is not from the DER > subset would be illegal. In LDAPv3, ;binary specifies BER with no requirement to preserve the exact octets of the encoding. A server is theoretically allowed to return any valid BER encoding of the abstract value. However typical client usage of userCertificate;binary depends on the exact octets being preserved by the server. In the PKIX LDAP schema we are making the Certificate and related syntaxes explicit exceptions in that the exact octets of the ;binary encoding will be preserved. If the client provides DER they will get back DER. If they provide non-DER BER they will get back the same non-DER octets. I've encountered certificates where the signature was calculated on the provided non-DER BER encoding, so specifying that the ;binary encoding of values of the Certificate syntax is a DER encoding would break some implementations. > > And if a ;binary object is a BER wrapper around a > DER encoding, then that's another case. Preserving the exact BER encoding makes this subtlety unimportant. Regards, Steven > > Phil > > > > David Chadwick wrote: > > > > Phil Griffin wrote: > > > > > If this is done, then the concerns Russ raises as to > > > requiring extra processing disappear, and the issue that > > > David raised as to whether the protocol can be extended > > > to other encodings (BER or CER or PER or XER) is also mute. > > > > > > The Directory just knows it has a blob. It stores the blob > > > as given and can return the blob on demand. > > > > Phil > > > > thanks for this. But there is one further point, and that concerns > > certificate matching which is the other topic of the schema > ID. For this > > to work, the server has to parse the blob and extract the > various fields > > to be used in subsequent searches. Therefore the server > needs to be told > > what transfer syntax the blob is being sent in. The current proposed > > text only allows the blob to be BER or DER and not PER or > XER encoded. > > To allow the latter we would need to introduce new LDAP transfer > > encoding keywords such as ;PER and ;XML. The current ;binary keyword > > specifically means BER encoding. (And because DER is a subset of BER > > then ;binary is taken to mean DER as well, which maybe it > should not if > > we were to be really strict?). > > > > David > > > > > > > > Phil > > > > > > "Housley, Russ" wrote: > > > > > > > > David: > > > > > > > > When DAP is used, certificates come back in BER. This > happens because the > > > > DAP PDU is defined in ASN.1, and the BER encoding of > the PDU encodes the > > > > data too. An OCTET STRING could have been used, but > this was all done > > > > before there were object that had signatures. Anyway, > I see this as an > > > > opportunity to do better. > > > > > > > > I do not know about your AC development experience, but > the specifications > > > > are quite clear about the need for DER. It would be > nice if the repository > > > > fetch did not force the client to restore the original > DER encoding. > > > > > > > > I agree that this is not a schema issue. However, a > comment that the DER > > > > encoding applied by the signer should be preserved is > all I really > > > > want. You have already fixed the problem where the > repository access > > > > protocol is changing the encoding. > > > > > > > > Russ > > > > > > > > At 06:39 PM 4/3/2002 +0100, David Chadwick wrote: > > > > >Russ > > > > > > > > > >I dont think the issue below is one for the schema ID. > The certificate > > > > >attributes in the directory should be perfectly happy > to receive BER or > > > > >DER (or PER for that matter I guess). So the schema ID > should allow > > > > >anything to be stored there. > > > > > > > > > >Your issue is more one for the LDAP profile ID which > was last updated in > > > > >January. In the profile we can suggest that clients > always use DER for > > > > >encoding certificates. But what is the common WG > concensus on this? FYI > > > > >in recent work we did with attribute certificates we > found we had to use > > > > >BER because the DER Java objects were too buggy. > > > > > > > > > >David > > > > > > > > > > > > > > >"Housley, Russ" wrote: > > > > > > > > > > > > David: > > > > > > > > > > > > I would like to encourage clients to provide > certificates in DER. We ought > > > > > > to tell them that there will be less work for > everyone if they provide > > > > > > DER-encoded certificates. Likewise for CRLs. > > > > > > > > > > > > Russ > > > > > > > > > > > > At 10:32 PM 4/1/2002 +0100, David Chadwick wrote: > > > > > > > > > > > > >"Housley, Russ" wrote: > > > > > > > > > > > > > > > > David: > > > > > > > > > > > > > > > > Is it possible to preserve the DER encoding. > If not, then the DER > > > > > encoding > > > > > > > > must be restored in order to validate the > signature? This just > > > > > seems like > > > > > > > > wasted processing to me. > > > > > > > > > > > > > > > > > > > > > >Russ > > > > > > > > > > > > > >I quite agree. The revised text is meant to ensure > that the DER or BER > > > > > > >encoding created by the client when the > certificate was first sent to > > > > > > >the directory for storage is preserved as is. This > is the purpose of the > > > > > > >sentence below in the revised text, viz: > > > > > > > > > > > > > > > >Servers must preserve values in this syntax > exactly as given when > > > > > > > > >storing and retrieving them. > > > > > > > > > > > > > > > > > > > > > > >Perhaps I should say "as given to them by the > client, when storing and > > > > > > >retrieving certificates" > > > > > > > > > > > > > >David > > > > > > > > > > > > > > > > >-- > > > > > >***************************************************************** > > > > > > > > > >David W. Chadwick, BSc PhD > > > > >Professor of Information Systems Security > > > > >IS Institute, University of Salford, Salford M5 4WT > > > > >Tel: +44 161 295 5351 Fax +44 161 745 8169 > > > > >Mobile: +44 77 96 44 7184 > > > > >Email: D.W.Chadwick@salford.ac.uk > > > > >Home Page: http://www.salford.ac.uk/its024/chadwick.htm > > > > >Research Projects: http://sec.isi.salford.ac.uk > > > > >Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > > > > >X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > > > >Entrust key validation string: MLJ9-DU5T-HV8J > > > >PGP Key ID is 0xBC238DE5 > > > > > > > >***************************************************************** > > > > > > -- > ***************************************************************** > > David W. Chadwick, BSc PhD > Professor of Information Systems Security > IS Institute, University of Salford, Salford M5 4WT > Tel: +44 161 295 5351 Fax +44 161 745 8169 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@salford.ac.uk > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > Research Projects: http://sec.isi.salford.ac.uk > Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g342qQu24719 for ietf-pkix-bks; Wed, 3 Apr 2002 18:52:26 -0800 (PST) Received: from aspams52.ca.com (aspams52.cai.com [155.35.248.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g342qPm24715 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 18:52:25 -0800 (PST) Received: by aspams52.ca.com with Internet Mail Service (5.5.2655.55) id <H5DC14A1>; Thu, 4 Apr 2002 12:50:48 +1000 Message-ID: <A7E3A4B51615D511BCB6009027D0D18C04597E55@aspams01.ca.com> From: "Ramsay, Ron" <Ron.Ramsay@ca.com> To: steven.legg@adacel.com.au, "'David Chadwick'" <d.w.chadwick@salford.ac.uk> Cc: "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Thu, 4 Apr 2002 12:51:59 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steven, > I need a standard way to represent attribute values of the > other two thirds in LDAP and LDIF. The ;binary option serves that > purpose. I don't see this as logical. Do you simply mean the use of ;binary means you don't have to define another encoding? For, surely, defining the behaviour to be same for ;binary as without it achieves the same end? Ron. -----Original Message----- From: Steven Legg [mailto:steven.legg@adacel.com.au] Sent: Thursday, 4 April 2002 12:22 To: 'David Chadwick' Cc: 'LDAP BIS'; 'PKIX' Subject: RE: LDAP Certificate transfer syntax David, David Chadwick wrote: > Sent: Thursday, 4 April 2002 8:45 > To: Kurt D. Zeilenga > Cc: Sharon Boeyen; 'Mark Wahl'; Mark C Smith; LDAP BIS; PKIX > Subject: Re: LDAP Certificate transfer syntax > > In David's table, he shows that existing LDAPv3 implementations > > are "OK". That is, LDAPv3 is not broken in this regard. The > > specification is clear and there multiple interoperable > > LDAPv3 implementations. > > > > But LDAP (v2 and v3) is deficient in that it has never specified a > workable "native" transfer encoding for certificates. The > LDAPv2 attempt > was broken as we know, and v3 never replaced it - until my > proposed text > now. Are certificates the only commonly used attributes without a > "native" encoding? I cant think of any others. I commonly use entryACI, prescriptiveACI and subentry ACI (ACI Item syntax) and subtreeSpecification (Subtree Specification syntax). Neither of the syntaxes for these attributes has a defined LDAP-specific (i.e. native) encoding in RFC 2252 or RFC 2256. > So this is a deficiency > that should be rectified in my opinion. Recent I-Ds have proposed human readable character string encodings for both the ACI Item syntax and the Subtree Specification syntax, by referencing the Generic String Encoding Rules, to correct the deficiency in these syntaxes. This is in keeping with the statement in RFC 2252 that "The encoding rules defined for a given attribute syntax must produce octet strings. To the greatest extent possible, encoded octet strings should be usable in their native encoded form for display purposes". Thus a "right" way to fix the Certificate syntax is to define the LDAP-specific/native encoding to be the GSER encoding :-). Had the ACI Item and Subtree Specification syntaxes previously been defined such that their LDAP-specific encoding was the same as their ;binary encoding it would not now be possible to define the default format to be a human readable character string encoding. > > That is, this suggest change will implementations to updated to > > support it. This will include some clients (such as those which > > as for "*" and expect userCertificate;binary) > > agreed, if a server is to be consistent it probably would not put > ;binary on any returned attributes, although I believe that todays > LDAPv3 servers will put ;binary on certificates because of the MUST > requirement. If they continued to do this in the future it would not > cause any problems with the clients, but would be inconsistent > behaviour. > > >and most (if not > > all) servers. That's bad! > > > > I think the change would not have been necessary if all existing > products had implemented the current spec. And thats bad!! The fault is in the incorrectly implemented products. The obligation to change is on them, not the correctly implemented products. > > Hence, for LDAPv3 interoperability sake, the specification needs > > to continue to MUST the use of ;binary for these attributes except > > where the client and server have a prior agreement that the > > OPTIONAL native encoding is to be used. > > > > As a general rule I think that continuing to mandate one particular > tranfer encoding just for certificates is wrong and leaves us > in hole in > the future if new transfer encodings are developed, such as XML (which > incidentally has now been standardised for certificates). So how would > you propose to cater for XML encodings in the future? One way is to provide an update to the Certificate syntax to say that values in the syntax MUST NOT be requested or returned without an explicit transfer option. We could also say that now, in the current draft. > > Of course, one ought to wonder why any LDAPv3 implementation > > would support this OPTIONAL native encoding when the REQUIRED > > encoding is more broadly implemented and provides the same > > functionality. It seems redundant to me. > > > > Clearly there is redundancy once a native encoding is > specified and this > happens to be the same as the ;binary encoding, that is not in doubt. > But who is to say which one is the redundant one? It could be > the use of > ;binary. Maybe this transfer encoding is no longer needed by LDAPv3 > (just being devil's advocate here :-) Only about a third of the syntaxes I support have defined LDAP-specific encodings. I need a standard way to represent attribute values of the other two thirds in LDAP and LDIF. The ;binary option serves that purpose. Now if someone were to mandate that all additional LDAP syntaxes must use GSER for the LDAP-specific encoding then I wouldn't need ;binary. Regards, Steven > > David > > > > Kurt > > -- > ***************************************************************** > > David W. Chadwick, BSc PhD > Professor of Information Systems Security > IS Institute, University of Salford, Salford M5 4WT > Tel: +44 161 295 5351 Fax +44 161 745 8169 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@salford.ac.uk > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > Research Projects: http://sec.isi.salford.ac.uk > Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g342NCF24076 for ietf-pkix-bks; Wed, 3 Apr 2002 18:23:12 -0800 (PST) Received: from nexus.adacel.com (shelob.adacel.com.au [203.36.26.146] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g342N6m24071 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 18:23:10 -0800 (PST) Received: (qmail 1491 invoked from network); 4 Apr 2002 02:19:56 -0000 Received: from unknown (HELO osmium) (10.32.24.165) by nexus.adacel.com with SMTP; 4 Apr 2002 02:19:56 -0000 Reply-To: <steven.legg@adacel.com.au> From: "Steven Legg" <steven.legg@adacel.com.au> To: "'David Chadwick'" <d.w.chadwick@salford.ac.uk> Cc: "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Thu, 4 Apr 2002 12:21:40 +1000 Message-ID: <001001c1db7f$751e3cd0$a518200a@osmium.mtwav.adacel.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 In-Reply-To: <3CAB85DD.A83A12A3@salford.ac.uk> Importance: Normal Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David, David Chadwick wrote: > Sent: Thursday, 4 April 2002 8:45 > To: Kurt D. Zeilenga > Cc: Sharon Boeyen; 'Mark Wahl'; Mark C Smith; LDAP BIS; PKIX > Subject: Re: LDAP Certificate transfer syntax > > In David's table, he shows that existing LDAPv3 implementations > > are "OK". That is, LDAPv3 is not broken in this regard. The > > specification is clear and there multiple interoperable > > LDAPv3 implementations. > > > > But LDAP (v2 and v3) is deficient in that it has never specified a > workable "native" transfer encoding for certificates. The > LDAPv2 attempt > was broken as we know, and v3 never replaced it - until my > proposed text > now. Are certificates the only commonly used attributes without a > "native" encoding? I cant think of any others. I commonly use entryACI, prescriptiveACI and subentry ACI (ACI Item syntax) and subtreeSpecification (Subtree Specification syntax). Neither of the syntaxes for these attributes has a defined LDAP-specific (i.e. native) encoding in RFC 2252 or RFC 2256. > So this is a deficiency > that should be rectified in my opinion. Recent I-Ds have proposed human readable character string encodings for both the ACI Item syntax and the Subtree Specification syntax, by referencing the Generic String Encoding Rules, to correct the deficiency in these syntaxes. This is in keeping with the statement in RFC 2252 that "The encoding rules defined for a given attribute syntax must produce octet strings. To the greatest extent possible, encoded octet strings should be usable in their native encoded form for display purposes". Thus a "right" way to fix the Certificate syntax is to define the LDAP-specific/native encoding to be the GSER encoding :-). Had the ACI Item and Subtree Specification syntaxes previously been defined such that their LDAP-specific encoding was the same as their ;binary encoding it would not now be possible to define the default format to be a human readable character string encoding. > > That is, this suggest change will implementations to updated to > > support it. This will include some clients (such as those which > > as for "*" and expect userCertificate;binary) > > agreed, if a server is to be consistent it probably would not put > ;binary on any returned attributes, although I believe that todays > LDAPv3 servers will put ;binary on certificates because of the MUST > requirement. If they continued to do this in the future it would not > cause any problems with the clients, but would be inconsistent > behaviour. > > >and most (if not > > all) servers. That's bad! > > > > I think the change would not have been necessary if all existing > products had implemented the current spec. And thats bad!! The fault is in the incorrectly implemented products. The obligation to change is on them, not the correctly implemented products. > > Hence, for LDAPv3 interoperability sake, the specification needs > > to continue to MUST the use of ;binary for these attributes except > > where the client and server have a prior agreement that the > > OPTIONAL native encoding is to be used. > > > > As a general rule I think that continuing to mandate one particular > tranfer encoding just for certificates is wrong and leaves us > in hole in > the future if new transfer encodings are developed, such as XML (which > incidentally has now been standardised for certificates). So how would > you propose to cater for XML encodings in the future? One way is to provide an update to the Certificate syntax to say that values in the syntax MUST NOT be requested or returned without an explicit transfer option. We could also say that now, in the current draft. > > Of course, one ought to wonder why any LDAPv3 implementation > > would support this OPTIONAL native encoding when the REQUIRED > > encoding is more broadly implemented and provides the same > > functionality. It seems redundant to me. > > > > Clearly there is redundancy once a native encoding is > specified and this > happens to be the same as the ;binary encoding, that is not in doubt. > But who is to say which one is the redundant one? It could be > the use of > ;binary. Maybe this transfer encoding is no longer needed by LDAPv3 > (just being devil's advocate here :-) Only about a third of the syntaxes I support have defined LDAP-specific encodings. I need a standard way to represent attribute values of the other two thirds in LDAP and LDIF. The ;binary option serves that purpose. Now if someone were to mandate that all additional LDAP syntaxes must use GSER for the LDAP-specific encoding then I wouldn't need ;binary. Regards, Steven > > David > > > > Kurt > > -- > ***************************************************************** > > David W. Chadwick, BSc PhD > Professor of Information Systems Security > IS Institute, University of Salford, Salford M5 4WT > Tel: +44 161 295 5351 Fax +44 161 745 8169 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@salford.ac.uk > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > Research Projects: http://sec.isi.salford.ac.uk > Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g341J0H22580 for ietf-pkix-bks; Wed, 3 Apr 2002 17:19:00 -0800 (PST) Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g341Ixm22576 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 17:18:59 -0800 (PST) Received: from Chokhani ([12.91.127.195]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020404011856.DQDG8815.mtiwmhc23.worldnet.att.net@Chokhani>; Thu, 4 Apr 2002 01:18:56 +0000 From: "Santosh Chokhani" <chokhani@orionsec.com> To: "'Housley, Russ'" <rhousley@rsasecurity.com>, "'Ambarish Malpani'" <ambarish@valicert.com>, "'Stephen Kent'" <kent@bbn.com> Cc: <ietf-pkix@imc.org> Subject: RE: One last comment on DPD requirements Date: Wed, 3 Apr 2002 20:20:38 -0500 Message-ID: <003b01c1db76$ee825fb0$a300a8c0@Chokhani> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal In-Reply-To: <5.1.0.14.2.20020403135748.02d1a950@exna07.securitydynamics.com> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ: I agree with you, but for a different reason. I do not think this is application specific issue. I think it is the path validation issue. I do not think that the DPD server can know which paths are good without doing a validation also, specially to see if there will be any name constraints or certificate policy related failures. -----Original Message----- From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] On Behalf Of Housley, Russ Sent: Wednesday, April 03, 2002 2:12 PM To: Ambarish Malpani; Stephen Kent Cc: ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements Steve & Ambarish: >>Hi Group, >> One last (slightly late) comment on the DPD requirements that has >>been troubling me: >> >>In the DPD requirements, there is a reasonable amount of text that >>talks about how a server can return multiple paths back to the client >>(to allow the client to decide which path is the best). >> >>The main goal of DPD is to try and simplify the client. In how many >>cases do people really want multiple paths back from the server. While >>it is the right requirement in principal, do folks really think >>clients will want multiple paths back from a DPD server? Are we adding >>the additional flexiblity/complexity just for technical purity? >> >>Comments will be appreciated. >> >>Regards, >>Ambarish > >I too would favor simplifying the protocol requirement here. Some folks >have suggested motivations for multiple paths, but this does seem to >conflict with the fundamental goal of creating a protocol to satisfy the >needs of thin clients. > >Steve I agree with your goal. It is far better for the client to tell the server what it wants, then get back a single path that satisfies all of the requirements. To do this, we need to be able to fully specify the clients criteria and send them to the server. I think that we know how to do this for many PKI-enabled applications, but I am not sure that we know how to do it for all applications, especially ones that are yet to be developed. This leaves us with two choices. Either the protocol returns multiple certification paths (the approach in the current document) or the protocol requires the client to adequately specify its criteria. This could be done with the path discovery policy. If we adopt this alternative, we should include additional text so that implements expect application-specific (perhaps several application-specific path discovery policy if there are multiple roles in the application). Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3415EF22195 for ietf-pkix-bks; Wed, 3 Apr 2002 17:05:14 -0800 (PST) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3415Dm22191 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 17:05:13 -0800 (PST) Received: from INET-PRV-MTA by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 03 Apr 2002 18:04:13 -0700 Message-Id: <scab441d.077@prv-mail20.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Wed, 03 Apr 2002 18:02:25 -0700 From: "Jim Sermersheim" <JIMSE@novell.com> To: <Kurt@OpenLDAP.org>, <d.w.chadwick@salford.ac.uk> Cc: <ietf-pkix@imc.org>, <ietf-ldapbis@OpenLDAP.org> Subject: Re: LDAP Certificate transfer syntax Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I note that 2252 and 2256 both have problems with the language used to specify this. 2252 says that values of the Certificate syntax MUST be transferred using the binary encoding. It then gives two attribute descriptions "userCertificate;binary" and caCertificate;binary". If I create an attribute called printerCertificate, what am I supposed to refer to it as? It can be argued that the MUST here refers to the encoding, and the attribute descriptions are merely examples of the day. 2256 says "This attribute is to be stored and requested in the binary form, as 'userCertificate;binary'". Am I to believe that I must somehow store the ;binary option in my database? Aside from that sillines, there is no MUST imperative here. Jim >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 04/03/02 11:36AM >>> This text does not clearly "MUST" the use of ;binary as RFC 2252 and RFC 2256 did. As previously noted, this "MUST" should not be dropped as doing so will cause interoperability problems between implementations of the current technical specification and the revised technical specification. Kurt At 05:29 AM 2002-04-01, David Chadwick wrote: >Colleagues > >Here is my proposed change to the section describing the LDAP syntax for >cerificates in the PKIX id ><draft-pkix-ldap-schema-03.txt> which should be published before the end >of April. As this is likely to be the most contentious part of the new >ID, I thought it would be useful to distribute this text at the earlier >possible moment. > >All constructive comments welcomed > >David > > >3.3 Certificate Syntax > >A value in this transfer syntax is the binary octet string that results >from BER or DER-encoding of an X.509 public key certificate. The >following string states the OID assigned to this syntax: > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > >Servers must preserve values in this syntax exactly as given when >storing and retrieving them. > >Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent >changes to the ASN.1 definition to support certificate extensions in >X.509(1997), no character string transfer syntax is defined for >certificates. The BNF notation in RFC 1778 [12] for "User Certificate" >MUST NOT be used. Values in this syntax MUST be transferred as BER or >DER encoded octets. The use of the ;binary encoding option, i.e. by >requesting or returning the attributes with descriptions >"userCertificate;binary" or "caCertificate;binary" has no effect on the >transfer syntax. Received: by above.proper.com (8.11.6/8.11.3) id g34135D22167 for ietf-pkix-bks; Wed, 3 Apr 2002 17:03:05 -0800 (PST) Received: from aspams52.ca.com (aspams52.cai.com [155.35.248.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g34134m22163 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 17:03:04 -0800 (PST) Received: by aspams52.ca.com with Internet Mail Service (5.5.2655.55) id <H5DC1S97>; Thu, 4 Apr 2002 11:01:25 +1000 Message-ID: <A7E3A4B51615D511BCB6009027D0D18C0457EA45@aspams01.ca.com> From: "Ramsay, Ron" <Ron.Ramsay@ca.com> To: Mark Wahl <Mark.Wahl@sun.com> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Thu, 4 Apr 2002 11:02:37 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I thought certificate syntax was being removed from the LDAP v3 specs and, therefore, certificate syntax was not an issue for DLAPbis? Ron. -----Original Message----- From: Mark Wahl [mailto:Mark.Wahl@sun.com] Sent: Thursday, 4 April 2002 5:51 To: David Chadwick Cc: Kurt D. Zeilenga; Mark C Smith; LDAP BIS; PKIX; mark.wahl@sun.com Subject: Re: LDAP Certificate transfer syntax David Chadwick wrote: > > > Now to the backwards compatibility issues. In the table below the only > problem will come with a new LDAPv3 client that does not use ;binary > with an existing v3 server that demands it. But we already have an > inconsistency in these current LDAPv3 servers in that they accept LDAPv2 > queries without ;binary but not LDAPv3 queries without ;binary. I do not think LDAPv2-LDAPv3 behavior is sufficient justification to cause incompatibility between two LDAPv3 implementations. Maybe an "LDAPv4" should have a different way for clients to send certificate, but LDAPv2 compatibility should not be a concern that causes this significant a change inside of the LDAPv3 specs. That is out of scope for LDAPBIS. Mark Wahl Sun Microsystems Inc. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g340TM821105 for ietf-pkix-bks; Wed, 3 Apr 2002 16:29:22 -0800 (PST) Received: from mail5.microsoft.com (mail5.microsoft.com [131.107.3.121]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g340TLm21101 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 16:29:21 -0800 (PST) Received: from inet-vrs-05.redmond.corp.microsoft.com ([157.54.6.148]) by mail5.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 3 Apr 2002 16:29:17 -0800 Received: from 157.54.6.150 by inet-vrs-05.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Wed, 03 Apr 2002 16:29:18 -0800 Received: from red-imc-02.redmond.corp.microsoft.com ([157.54.9.107]) by inet-hub-05.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 3 Apr 2002 16:29:17 -0800 Received: from win-imc-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by red-imc-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 3 Apr 2002 16:29:17 -0800 Received: from win-msg-01.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.52]) by win-imc-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3590.0); Wed, 3 Apr 2002 16:25:55 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.0.6157.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: RE: One last comment on DPD requirements Date: Wed, 3 Apr 2002 16:25:55 -0800 Message-ID: <4AEE3169443CDD4796CA8A00B02191CDEE5F0E@win-msg-01.wingroup.windeploy.ntdev.microsoft.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: One last comment on DPD requirements Thread-Index: AcHbQ+dA1WnXcxeoQW6r8T4tyC3OywAJf1Ug From: "Trevor Freeman" <trevorf@windows.microsoft.com> To: "Housley, Russ" <rhousley@rsasecurity.com>, "Ambarish Malpani" <ambarish@valicert.com>, "Stephen Kent" <kent@bbn.com> Cc: <ietf-pkix@imc.org> X-OriginalArrivalTime: 04 Apr 2002 00:25:55.0503 (UTC) FILETIME=[48F62BF0:01C1DB6F] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id g340TLm21102 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> To state that a client has to be exacting over its specification and only wants one chain returned is presupposing the application model. There are applications which are more comfortable with making a vague request, getting back multiple chains to which they apply their own policy. One of the specifications to the server can be find me all paths that meet these criteria. I think the simple case on only wanting a single chain is the most common so making that the default is fine. -----Original Message----- From: Housley, Russ [mailto:rhousley@rsasecurity.com] Sent: Wednesday, April 03, 2002 11:12 AM To: Ambarish Malpani; Stephen Kent Cc: ietf-pkix@imc.org Subject: Re: One last comment on DPD requirements Steve & Ambarish: >>Hi Group, >> One last (slightly late) comment on the DPD requirements that >>has been troubling me: >> >>In the DPD requirements, there is a reasonable amount of text that >>talks about how a server can return multiple paths back to the >>client (to allow the client to decide which path is the best). >> >>The main goal of DPD is to try and simplify the client. In how many >>cases do people really want multiple paths back from the server. >>While it is the right requirement in principal, do folks really >>think clients will want multiple paths back from a DPD server? Are >>we adding the additional flexiblity/complexity just for >>technical purity? >> >>Comments will be appreciated. >> >>Regards, >>Ambarish > >I too would favor simplifying the protocol requirement here. Some folks >have suggested motivations for multiple paths, but this does seem to >conflict with the fundamental goal of creating a protocol to satisfy the >needs of thin clients. > >Steve I agree with your goal. It is far better for the client to tell the server what it wants, then get back a single path that satisfies all of the requirements. To do this, we need to be able to fully specify the clients criteria and send them to the server. I think that we know how to do this for many PKI-enabled applications, but I am not sure that we know how to do it for all applications, especially ones that are yet to be developed. This leaves us with two choices. Either the protocol returns multiple certification paths (the approach in the current document) or the protocol requires the client to adequately specify its criteria. This could be done with the path discovery policy. If we adopt this alternative, we should include additional text so that implements expect application-specific (perhaps several application-specific path discovery policy if there are multiple roles in the application). Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33NJb519029 for ietf-pkix-bks; Wed, 3 Apr 2002 15:19:37 -0800 (PST) Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33NJZm19025 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 15:19:35 -0800 (PST) Received: from stsIBMT20.addtrust.com ([213.64.0.98]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.2966); Thu, 4 Apr 2002 01:19:16 +0200 Message-Id: <5.1.0.14.2.20020404011004.02e54ec8@mail.addtrust.com> X-Sender: sts@mail.addtrust.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 04 Apr 2002 01:19:13 +0200 To: Denis Pinkas <Denis.Pinkas@bull.net>, "Housley, Russ" <rhousley@rsasecurity.com> From: Stefan Santesson <stefan@addtrust.com> Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt Cc: ietf-pkix@imc.org In-Reply-To: <3CAB2606.EA5D914D@bull.net> References: <5.1.0.14.2.20020327131915.02f3f5d8@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-OriginalArrivalTime: 03 Apr 2002 23:19:17.0508 (UTC) FILETIME=[F9F88C40:01C1DB65] Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis, Generally I have some problems with your way of arguing. My observation is that you ask us to be precise where there is no point in being precise and you fail to be precise yourself where your arguments need to be backed by facts and examples. At least I think it would be fair of you to try to understand what the draft was written to solve and either argue that we try to find a solution to the wrong problem or that we try to solve the right problem the wrong way. Right now I feel that you claim that we solve the wrong problem the wrong way, which is a rather hopeless originating discussion point. /Stefan At 17:55 2002-04-03 +0200, Denis Pinkas wrote: >Russ, > >Thank you for this long reply ... that did not convinced me. >The argumentation you provided is not crystal clear to me. > >See my comments below. > > > Denis: > > > > I fear that you have missed the point of the logotypes draft > > altogether. The authors recognize that the introduction needs to be > > expanded, so we may be to blame for any misunderstanding. To try and clear > > up the misunderstanding, I offer some general observations before > > responding to your specific comments. > > > > The logotype extension will aid in two situations: > > 1. Certificate-based Identification > > 2. Selection of Certificates > > > > In the first case, the need for human recognition > >1) Recognition of what ? or of which characteristics ? > Please be precise. > >2) Recognized by which entity ? Please be precise. > I would guess a human being acting as a relying party. > > > depends on the manner in > > which certificates are used and whether certificates need to be visible to > > human users. If certificates are to be used in open environments and in > > applications that bring the user in conscious contact with the result of a > > certificate-based identification process, then human recognition is highly > > relevant, and it may be a necessity. > > > > Most applications provide the human user with an opportunity to view the > > results of a successful certificate-based identification process. When the > > user takes the steps necessary to view these results, the user is presented > > with a view of a certificate. This solution has two major problems. First, > > the function to view a certificate is often rather hard to find for a > > non-technical user. Second, the presentation of the certificate is rather > > technical; it is not user friendly. It contains no graphic symbols or > > logotypes to enhance human recognition. > > > In the second case, there are software applications that expose human users > > to certificates for the selection of a single certificate from a portfolio > > of certificates. In some circumstances, the software application can use > > information within the certificates to determine suitability; however, the > > user must be queried if more than one certificate is suitable. The human > > user must select one of them. > >I would guess that is that case it is a recognition by the subscriber. >Is it what you mean ? Are there other cases you are thinking of ? >Please be precise. > > > This situation is comparable to a person selecting a suitable plastic card > > from his wallet. In this situation, substantial assistance is provided by > > card color, location, and branding. > > > > In order provide similar support for certificate selection, the users need > > tools to easily recognize and distinguish certificates. Introduction of > > logotypes into certificates provides the necessary graphic. > > > Now, for your specific comments. > > > > COMMENT 1: Subject logotype. > > > > Currently a "subject organization logotype" is proposed. It definition is > > as follows: "a logotype representing the organization identified in the > > subject name in the certificate". > > > > From this definition only a single logotype would be allowed for a > > subject. It can make sense to attach more that one logotype to a subject, > > that does not reflect necessarily the organization a user belongs to (e.g. > > an individual is a Red Cross member) so the definition should be changed > > to: > > > > "subject logotype" "a logotype representing any characteristic of the > > entity identified in the subject name in the certificate". > > > > RESPONSE 1. > > > > We are allowing a graphical identity of the user to facilitate certificate > > selection or acceptance. We are not trying to graphically represent every > > attribute of the user. We certainly do not want to overwhelm the designers > > of graphic user interfaces. We need to keep it simple. > >I do not buy this argument. The current proposal limits to logo type to the >logo of the organization, whereas this limitation is not appropriate. A >subject may even have no O (Organization) component in the DN and there >could >be other logos attached to the subject field. > > > COMMENT 2: Issuer logotype. > > > > Currently an "issuer organization logotype" is proposed. It definition is > > as follows: "a logotype representing the organization identified as part of > > the issuer name in the certificate". > > > > From this definition a single logotype would be allowed for an issuer. It > > can make sense to attach more that one logotype to an issuer, that does not > > reflect necessarily the organization an issuer belongs to (e.g. an issuer > > may support a "Privacy Policy" and be a member from two different trade > > associations), so the definition should be changed to: > > > > "issuer logotype: a logotype representing any characteristic of the issuer > > identified as part of the issuer name in the certificate". > > > > RESPONSE 2. > > > > Again, we are allowing a graphical identity of the user to facilitate > > certificate selection or acceptance. We are not trying to graphically > > represent every attribute of the issuer. > >I do not buy this argument. The current proposal limits to logo type to the >logo of the issuer, whereas this limitation is not appropriate. See my >examples again. > > > COMMENT 3: The "concept logotype", also renamed "community logotype" during > > the last IETF meeting or " shared community logotype" in the minutes from > > the same meeting is more hazy. > > > > The current text states:" Many issuers may use the concept logotypes to > > co-brand with a global concept in order to gain global recognition of its > > local service provision. This type of concept branding is very common in > > credit card business where local independent card issuers issue cards > > within a globally branded concept (such as VISA and MasterCard)". > > > > The current text also states: " the relationship between the issuer and > > either the issuer organization logotype or the concept logotype". > > > > A logotype is adding "human processable" information to enhance the > > properties of an already existing field from a certificate. To this respect > > it is sensible to add one (or more) logotypes that characterizes the issuer > > and the subject. The real question is to which field the "concept > > logotype / community logotype / shared community logotype" relates. > > > > It may relate : > > - either to the issuer, to state that an issuer belongs to some > group, or > > - to the certificate policy to state that the policy under which the > > certificate is issued obeys to some rules imposed by the organization > > whose logo is referenced. > > > > This leads to two possible ways: > > 1) only consider two logotypes: issuer logotype and subject logotypes. > > 2) consider three logotypes: issuer logotypes, subject logotypes and > > policy logotypes. > > > > I would favor the former, but would have no major problem to go with the > > later. In that case the policy logotype would be defined as follows: > > > > "Policy logotype: a logotype representing any characteristic of the > > certificate policy under which the certificate is issued". > > > > RESPONSE 3. > > > > Policy implies the wrong connotation. We are not trying to graphically > > represent a certificate policy or anything about how the certificate was > > issued. The community (or concept) logotype simply allows CA to enter into > > collective branding relationships. > >A branding of what ? Please be precise. > > > I suppose that a large group that share a common security policy could > > register a logo for that policy and use it as a community logo. While this > > was not the model that we considered, it certainly is accommodated. > > > > COMMENT 4: Logotypes are not "claimed" by the issuer, but always *verified* > > to some extend by the issuer. The current text is misleading: > > > > "The relationship between the subject organization and the subject > > organization logotype and the relationship between the issuer and > > either the issuer organization logotype or the concept logotype, are > > relationships *claimed* by the issuer." > > > > RESPONSE 4. > > > > The issuer is responsible for the verification of anything that is included > > in the certificate. After all, the issuer signature covers it. Thus, the > > issuer is claiming that the logotypes are appropriate. > >Don't twist the wording. :-) > >We agree on the concept, but we should try to use another wording and avoid >to use the word "claim". > > > COMMENT 5: During the meeting, it has been proposed to add a small image of > > the logotype in the certificate itself. In this WG we always have had a > > concern about the size of the certificate, so that it can be lodged in some > > small devices. So I would not favor to allow such provision in a > > extension standardized by this WG. > > > > RESPONSE 5. > > > > There are environments where the client cannot access the Internet until > > after the certificate is used. Consider certificate-based authentication > > to an ISP. A small logotype in the certificate could be useful to aid > > certificate selection in this situation. The inclusion of a small logotype > > is, of course, optional. > >...and instead of certificates between 1 K and 2 K bytes, have certificates >with at least one more K ! > >Denis > > > > COMMENT 6: It should be made clear that this extension in non-critical. > > > > RESPONSE 6. > > > > Agree. The logotype extension was never intended to be critical. > > > > COMMENT 7: The document includes many typos to be corrected. > > > > RESPONSE 7. > > > > We will make every effort to correct them before the next draft is > published. > > > > Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33N4eb18802 for ietf-pkix-bks; Wed, 3 Apr 2002 15:04:40 -0800 (PST) Received: from tisch.mail.mindspring.net (tisch.mail.mindspring.net [207.69.200.157]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33N4cm18798 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 15:04:38 -0800 (PST) Received: from user-2ivf760.dialup.mindspring.com ([165.247.156.192] helo=asn-1.com) by tisch.mail.mindspring.net with esmtp (Exim 3.33 #1) id 16stnk-0001xj-00; Wed, 03 Apr 2002 18:04:25 -0500 Message-ID: <3CAB8883.FD9CDC35@asn-1.com> Date: Wed, 03 Apr 2002 17:56:03 -0500 From: Phil Griffin <phil.griffin@asn-1.com> Organization: Griffin Consulting - http://ASN-1.com X-Mailer: Mozilla 4.73 [en]C-{C-UDP; EBM-SONY1} (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: David Chadwick <d.w.chadwick@salford.ac.uk> CC: "Housley, Russ" <rhousley@rsasecurity.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> <5.1.0.14.2.20020403102012.031ad888@exna07.securitydynamics.com> <5.1.0.14.2.20020403125913.02ccfbd8@exna07.securitydynamics.com> <3CAB56AD.6BA85700@asn-1.com> <3CAB7B46.8A20A5AB@salford.ac.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David, Understood and agree. My point though is that if the format of the initial encoding is preserved as an open type, it doesn't much matter what it happened to be when it was signed. It is only when someone tries to reconstruct the certificate from its values using the strict DER subset of BER that a mismatch with the signature due to BER/DER differences in the encoding can arise. And as you've stated, technically when you say BER you've included DER, as DER is a subset. But if you are talking about a protocol requirement you may need to be careful with the language and try to be as explicit as possible. Surely if ;binary means BER it is not illegal to return DER. But if ;binary means DER, then it would seem that returning BER that is not from the DER subset would be illegal. And if a ;binary object is a BER wrapper around a DER encoding, then that's another case. Phil David Chadwick wrote: > > Phil Griffin wrote: > > > If this is done, then the concerns Russ raises as to > > requiring extra processing disappear, and the issue that > > David raised as to whether the protocol can be extended > > to other encodings (BER or CER or PER or XER) is also mute. > > > > The Directory just knows it has a blob. It stores the blob > > as given and can return the blob on demand. > > Phil > > thanks for this. But there is one further point, and that concerns > certificate matching which is the other topic of the schema ID. For this > to work, the server has to parse the blob and extract the various fields > to be used in subsequent searches. Therefore the server needs to be told > what transfer syntax the blob is being sent in. The current proposed > text only allows the blob to be BER or DER and not PER or XER encoded. > To allow the latter we would need to introduce new LDAP transfer > encoding keywords such as ;PER and ;XML. The current ;binary keyword > specifically means BER encoding. (And because DER is a subset of BER > then ;binary is taken to mean DER as well, which maybe it should not if > we were to be really strict?). > > David > > > > > Phil > > > > "Housley, Russ" wrote: > > > > > > David: > > > > > > When DAP is used, certificates come back in BER. This happens because the > > > DAP PDU is defined in ASN.1, and the BER encoding of the PDU encodes the > > > data too. An OCTET STRING could have been used, but this was all done > > > before there were object that had signatures. Anyway, I see this as an > > > opportunity to do better. > > > > > > I do not know about your AC development experience, but the specifications > > > are quite clear about the need for DER. It would be nice if the repository > > > fetch did not force the client to restore the original DER encoding. > > > > > > I agree that this is not a schema issue. However, a comment that the DER > > > encoding applied by the signer should be preserved is all I really > > > want. You have already fixed the problem where the repository access > > > protocol is changing the encoding. > > > > > > Russ > > > > > > At 06:39 PM 4/3/2002 +0100, David Chadwick wrote: > > > >Russ > > > > > > > >I dont think the issue below is one for the schema ID. The certificate > > > >attributes in the directory should be perfectly happy to receive BER or > > > >DER (or PER for that matter I guess). So the schema ID should allow > > > >anything to be stored there. > > > > > > > >Your issue is more one for the LDAP profile ID which was last updated in > > > >January. In the profile we can suggest that clients always use DER for > > > >encoding certificates. But what is the common WG concensus on this? FYI > > > >in recent work we did with attribute certificates we found we had to use > > > >BER because the DER Java objects were too buggy. > > > > > > > >David > > > > > > > > > > > >"Housley, Russ" wrote: > > > > > > > > > > David: > > > > > > > > > > I would like to encourage clients to provide certificates in DER. We ought > > > > > to tell them that there will be less work for everyone if they provide > > > > > DER-encoded certificates. Likewise for CRLs. > > > > > > > > > > Russ > > > > > > > > > > At 10:32 PM 4/1/2002 +0100, David Chadwick wrote: > > > > > > > > > > >"Housley, Russ" wrote: > > > > > > > > > > > > > > David: > > > > > > > > > > > > > > Is it possible to preserve the DER encoding. If not, then the DER > > > > encoding > > > > > > > must be restored in order to validate the signature? This just > > > > seems like > > > > > > > wasted processing to me. > > > > > > > > > > > > > > > > > > >Russ > > > > > > > > > > > >I quite agree. The revised text is meant to ensure that the DER or BER > > > > > >encoding created by the client when the certificate was first sent to > > > > > >the directory for storage is preserved as is. This is the purpose of the > > > > > >sentence below in the revised text, viz: > > > > > > > > > > > > > >Servers must preserve values in this syntax exactly as given when > > > > > > > >storing and retrieving them. > > > > > > > > > > > > > > > > > > > >Perhaps I should say "as given to them by the client, when storing and > > > > > >retrieving certificates" > > > > > > > > > > > >David > > > > > > > > > > > > > >-- > > > >***************************************************************** > > > > > > > >David W. Chadwick, BSc PhD > > > >Professor of Information Systems Security > > > >IS Institute, University of Salford, Salford M5 4WT > > > >Tel: +44 161 295 5351 Fax +44 161 745 8169 > > > >Mobile: +44 77 96 44 7184 > > > >Email: D.W.Chadwick@salford.ac.uk > > > >Home Page: http://www.salford.ac.uk/its024/chadwick.htm > > > >Research Projects: http://sec.isi.salford.ac.uk > > > >Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > > > >X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > > > >Entrust key validation string: MLJ9-DU5T-HV8J > > > >PGP Key ID is 0xBC238DE5 > > > > > > > >***************************************************************** > > > > > > -- > ***************************************************************** > > David W. Chadwick, BSc PhD > Professor of Information Systems Security > IS Institute, University of Salford, Salford M5 4WT > Tel: +44 161 295 5351 Fax +44 161 745 8169 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@salford.ac.uk > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > Research Projects: http://sec.isi.salford.ac.uk > Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Mets18095 for ietf-pkix-bks; Wed, 3 Apr 2002 14:40:55 -0800 (PST) Received: from mta01-svc.ntlworld.com (mta01-svc.ntlworld.com [62.253.162.41]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33Mesm18091 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 14:40:54 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta01-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020403224046.VBZF278.mta01-svc.ntlworld.com@salford.ac.uk>; Wed, 3 Apr 2002 23:40:46 +0100 Message-ID: <3CAB85DD.A83A12A3@salford.ac.uk> Date: Wed, 03 Apr 2002 23:44:45 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> CC: Sharon Boeyen <sharon.boeyen@entrust.com>, "'Mark Wahl'" <Mark.Wahl@sun.com>, Mark C Smith <mcs@netscape.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <5.1.0.14.0.20020403133750.0252a4f0@127.0.0.1> Content-Type: multipart/mixed; boundary="------------2760BDF270BAB33094D4E39F" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------2760BDF270BAB33094D4E39F Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Kurt D. Zeilenga" wrote: > These changes have ZERO impact on LDAPv2 implementations. > Agreed > In David's table, he shows that existing LDAPv3 implementations > are "OK". That is, LDAPv3 is not broken in this regard. The > specification is clear and there multiple interoperable > LDAPv3 implementations. > But LDAP (v2 and v3) is deficient in that it has never specified a workable "native" transfer encoding for certificates. The LDAPv2 attempt was broken as we know, and v3 never replaced it - until my proposed text now. Are certificates the only commonly used attributes without a "native" encoding? I cant think of any others. So this is a deficiency that should be rectified in my opinion. > Removing the "MUST" request This is a natural consequence of defining a native encoding. Clients now have a choice of transfer encoding to ask for. It just so happens that in the case of certificates both native and ;binary encodings happen to be the same (fortunately for signature checking :-) >and use certificate attributes using > ;binary will cause interoperability problems and will force > unnecessary changes to BOTH LDAPv3 clients and LDAPv3 servers. No, it wont necessitate any changes to clients. Once the LDAPv3 servers make the change, this is backwards compatible and will work with any v3 client. The servers can accept any request, with or without ;binary, and if they want can always return ;binary in their responses to cater for both types of client. > This is because LDAPv3 does not provide any mechanism for > an LDAP peer (client or server) to discover which options its peer > (server or client) to discover which attribute descriptions > it supports. > This is not a certificate problem per se, this is a generic LDAP problem isnt it? > That is, this suggest change will implementations to updated to > support it. This will include some clients (such as those which > as for "*" and expect userCertificate;binary) agreed, if a server is to be consistent it probably would not put ;binary on any returned attributes, although I believe that todays LDAPv3 servers will put ;binary on certificates because of the MUST requirement. If they continued to do this in the future it would not cause any problems with the clients, but would be inconsistent behaviour. >and most (if not > all) servers. That's bad! > I think the change would not have been necessary if all existing products had implemented the current spec. And thats bad!! > Hence, for LDAPv3 interoperability sake, the specification needs > to continue to MUST the use of ;binary for these attributes except > where the client and server have a prior agreement that the > OPTIONAL native encoding is to be used. > As a general rule I think that continuing to mandate one particular tranfer encoding just for certificates is wrong and leaves us in hole in the future if new transfer encodings are developed, such as XML (which incidentally has now been standardised for certificates). So how would you propose to cater for XML encodings in the future? > Of course, one ought to wonder why any LDAPv3 implementation > would support this OPTIONAL native encoding when the REQUIRED > encoding is more broadly implemented and provides the same > functionality. It seems redundant to me. > Clearly there is redundancy once a native encoding is specified and this happens to be the same as the ;binary encoding, that is not in doubt. But who is to say which one is the redundant one? It could be the use of ;binary. Maybe this transfer encoding is no longer needed by LDAPv3 (just being devil's advocate here :-) David > Kurt -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------2760BDF270BAB33094D4E39F Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------2760BDF270BAB33094D4E39F-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Ltaj15726 for ietf-pkix-bks; Wed, 3 Apr 2002 13:55:36 -0800 (PST) Received: from mta01-svc.ntlworld.com (mta01-svc.ntlworld.com [62.253.162.41]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33LtYm15722 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 13:55:34 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta01-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020403215536.TKLX278.mta01-svc.ntlworld.com@salford.ac.uk>; Wed, 3 Apr 2002 22:55:36 +0100 Message-ID: <3CAB7B46.8A20A5AB@salford.ac.uk> Date: Wed, 03 Apr 2002 22:59:35 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Phil Griffin <phil.griffin@asn-1.com> CC: "Housley, Russ" <rhousley@rsasecurity.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> <5.1.0.14.2.20020403102012.031ad888@exna07.securitydynamics.com> <5.1.0.14.2.20020403125913.02ccfbd8@exna07.securitydynamics.com> <3CAB56AD.6BA85700@asn-1.com> Content-Type: multipart/mixed; boundary="------------6D0B5EBF29B744646766569C" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------6D0B5EBF29B744646766569C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Phil Griffin wrote: > If this is done, then the concerns Russ raises as to > requiring extra processing disappear, and the issue that > David raised as to whether the protocol can be extended > to other encodings (BER or CER or PER or XER) is also mute. > > The Directory just knows it has a blob. It stores the blob > as given and can return the blob on demand. Phil thanks for this. But there is one further point, and that concerns certificate matching which is the other topic of the schema ID. For this to work, the server has to parse the blob and extract the various fields to be used in subsequent searches. Therefore the server needs to be told what transfer syntax the blob is being sent in. The current proposed text only allows the blob to be BER or DER and not PER or XER encoded. To allow the latter we would need to introduce new LDAP transfer encoding keywords such as ;PER and ;XML. The current ;binary keyword specifically means BER encoding. (And because DER is a subset of BER then ;binary is taken to mean DER as well, which maybe it should not if we were to be really strict?). David > > Phil > > "Housley, Russ" wrote: > > > > David: > > > > When DAP is used, certificates come back in BER. This happens because the > > DAP PDU is defined in ASN.1, and the BER encoding of the PDU encodes the > > data too. An OCTET STRING could have been used, but this was all done > > before there were object that had signatures. Anyway, I see this as an > > opportunity to do better. > > > > I do not know about your AC development experience, but the specifications > > are quite clear about the need for DER. It would be nice if the repository > > fetch did not force the client to restore the original DER encoding. > > > > I agree that this is not a schema issue. However, a comment that the DER > > encoding applied by the signer should be preserved is all I really > > want. You have already fixed the problem where the repository access > > protocol is changing the encoding. > > > > Russ > > > > At 06:39 PM 4/3/2002 +0100, David Chadwick wrote: > > >Russ > > > > > >I dont think the issue below is one for the schema ID. The certificate > > >attributes in the directory should be perfectly happy to receive BER or > > >DER (or PER for that matter I guess). So the schema ID should allow > > >anything to be stored there. > > > > > >Your issue is more one for the LDAP profile ID which was last updated in > > >January. In the profile we can suggest that clients always use DER for > > >encoding certificates. But what is the common WG concensus on this? FYI > > >in recent work we did with attribute certificates we found we had to use > > >BER because the DER Java objects were too buggy. > > > > > >David > > > > > > > > >"Housley, Russ" wrote: > > > > > > > > David: > > > > > > > > I would like to encourage clients to provide certificates in DER. We ought > > > > to tell them that there will be less work for everyone if they provide > > > > DER-encoded certificates. Likewise for CRLs. > > > > > > > > Russ > > > > > > > > At 10:32 PM 4/1/2002 +0100, David Chadwick wrote: > > > > > > > > >"Housley, Russ" wrote: > > > > > > > > > > > > David: > > > > > > > > > > > > Is it possible to preserve the DER encoding. If not, then the DER > > > encoding > > > > > > must be restored in order to validate the signature? This just > > > seems like > > > > > > wasted processing to me. > > > > > > > > > > > > > > > >Russ > > > > > > > > > >I quite agree. The revised text is meant to ensure that the DER or BER > > > > >encoding created by the client when the certificate was first sent to > > > > >the directory for storage is preserved as is. This is the purpose of the > > > > >sentence below in the revised text, viz: > > > > > > > > > > > >Servers must preserve values in this syntax exactly as given when > > > > > > >storing and retrieving them. > > > > > > > > > > > > > > > > >Perhaps I should say "as given to them by the client, when storing and > > > > >retrieving certificates" > > > > > > > > > >David > > > > > > > > > > >-- > > >***************************************************************** > > > > > >David W. Chadwick, BSc PhD > > >Professor of Information Systems Security > > >IS Institute, University of Salford, Salford M5 4WT > > >Tel: +44 161 295 5351 Fax +44 161 745 8169 > > >Mobile: +44 77 96 44 7184 > > >Email: D.W.Chadwick@salford.ac.uk > > >Home Page: http://www.salford.ac.uk/its024/chadwick.htm > > >Research Projects: http://sec.isi.salford.ac.uk > > >Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > > >X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > > >Entrust key validation string: MLJ9-DU5T-HV8J > > >PGP Key ID is 0xBC238DE5 > > > > > >***************************************************************** > > > -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------6D0B5EBF29B744646766569C Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------6D0B5EBF29B744646766569C-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Lebs15105 for ietf-pkix-bks; Wed, 3 Apr 2002 13:40:37 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33LeZm15096 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 13:40:35 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g33LeFC12416; Wed, 3 Apr 2002 21:40:15 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020403133750.0252a4f0@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 13:40:27 -0800 To: Sharon Boeyen <sharon.boeyen@entrust.com> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: RE: LDAP Certificate transfer syntax Cc: "'Mark Wahl'" <Mark.Wahl@sun.com>, David Chadwick <d.w.chadwick@salford.ac.uk>, Mark C Smith <mcs@netscape.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> In-Reply-To: <9A4F653B0A375841AC75A8D17712B9C9031C3A11@sottmxs04.entrust .com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 12:32 PM 2002-04-03, Sharon Boeyen wrote: >>From the PKIX perspective, I firmly believe that backward compatibility >with the PKIX LDAP specs is a very important issue. I think there is some confusion here as to regards to "compatibility". This is an update/revision of an LDAPv3 technical specification. We are implicitly talking about compatibility of (conformant) implementations of the existing LDAPv3 technical specification and future (conformant) implementations of a future LDAPv3 technical specification. LDAPv2 and LDAPv3 are distinct on-the-wire protocols. Directory add, delete, modify, rename, or search operations either has LDAPv2 syntax and semantics or has LDAPv3 syntax and semantics. Here we are talking about changes to LDAPv3 technical specification and how they would or wouldn't affect LDAPv3 implementations. These changes have ZERO impact on LDAPv2 implementations. >I believe that what >David is proposing satisfies that important criteria and support the >proposal. In David's table, he shows that existing LDAPv3 implementations are "OK". That is, LDAPv3 is not broken in this regard. The specification is clear and there multiple interoperable LDAPv3 implementations. Removing the "MUST" request and use certificate attributes using ;binary will cause interoperability problems and will force unnecessary changes to BOTH LDAPv3 clients and LDAPv3 servers. This is because LDAPv3 does not provide any mechanism for an LDAP peer (client or server) to discover which options its peer (server or client) to discover which attribute descriptions it supports. That is, this suggest change will implementations to updated to support it. This will include some clients (such as those which as for "*" and expect userCertificate;binary) and most (if not all) servers. That's bad! Hence, for LDAPv3 interoperability sake, the specification needs to continue to MUST the use of ;binary for these attributes except where the client and server have a prior agreement that the OPTIONAL native encoding is to be used. Of course, one ought to wonder why any LDAPv3 implementation would support this OPTIONAL native encoding when the REQUIRED encoding is more broadly implemented and provides the same functionality. It seems redundant to me. Kurt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33KWHE12689 for ietf-pkix-bks; Wed, 3 Apr 2002 12:32:17 -0800 (PST) Received: from SOTTMXS01.entrust.com (mail.entrust.com [216.191.251.35]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33KWEm12679 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 12:32:14 -0800 (PST) Received: by SOTTMXS01.entrust.com with Internet Mail Service (5.5.2653.19) id <2GYX4KF4>; Wed, 3 Apr 2002 15:32:12 -0500 Message-ID: <9A4F653B0A375841AC75A8D17712B9C9031C3A11@sottmxs04.entrust.com> From: Sharon Boeyen <sharon.boeyen@entrust.com> To: "'Mark Wahl'" <Mark.Wahl@sun.com>, David Chadwick <d.w.chadwick@salford.ac.uk> Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, Mark C Smith <mcs@netscape.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax Date: Wed, 3 Apr 2002 15:32:11 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1DB4E.A1DBE780" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1DB4E.A1DBE780 Content-Type: text/plain >From the PKIX perspective, I firmly believe that backward compatibility with the PKIX LDAP specs is a very important issue. I believe that what David is proposing satisfies that important criteria and support the proposal. Sharon -----Original Message----- From: Mark Wahl [mailto:Mark.Wahl@sun.com] Sent: Wednesday, April 03, 2002 2:51 PM To: David Chadwick Cc: Kurt D. Zeilenga; Mark C Smith; LDAP BIS; PKIX; mark.wahl@sun.com Subject: Re: LDAP Certificate transfer syntax David Chadwick wrote: > > > Now to the backwards compatibility issues. In the table below the only > problem will come with a new LDAPv3 client that does not use ;binary > with an existing v3 server that demands it. But we already have an > inconsistency in these current LDAPv3 servers in that they accept LDAPv2 > queries without ;binary but not LDAPv3 queries without ;binary. I do not think LDAPv2-LDAPv3 behavior is sufficient justification to cause incompatibility between two LDAPv3 implementations. Maybe an "LDAPv4" should have a different way for clients to send certificate, but LDAPv2 compatibility should not be a concern that causes this significant a change inside of the LDAPv3 specs. That is out of scope for LDAPBIS. Mark Wahl Sun Microsystems Inc. ------_=_NextPart_001_01C1DB4E.A1DBE780 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"> <TITLE>RE: LDAP Certificate transfer syntax</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>From the PKIX perspective, I firmly believe that backward compatibility </FONT> <BR><FONT SIZE=2>with the PKIX LDAP specs is a very important issue. I believe that what </FONT> <BR><FONT SIZE=2>David is proposing satisfies that important criteria and support the </FONT> <BR><FONT SIZE=2>proposal.</FONT> </P> <P><FONT SIZE=2>Sharon </FONT> </P> <BR> <P><FONT SIZE=2>-----Original Message-----</FONT> <BR><FONT SIZE=2>From: Mark Wahl [<A HREF="mailto:Mark.Wahl@sun.com">mailto:Mark.Wahl@sun.com</A>]</FONT> <BR><FONT SIZE=2>Sent: Wednesday, April 03, 2002 2:51 PM</FONT> <BR><FONT SIZE=2>To: David Chadwick</FONT> <BR><FONT SIZE=2>Cc: Kurt D. Zeilenga; Mark C Smith; LDAP BIS; PKIX; mark.wahl@sun.com</FONT> <BR><FONT SIZE=2>Subject: Re: LDAP Certificate transfer syntax</FONT> </P> <BR> <BR> <P><FONT SIZE=2>David Chadwick wrote:</FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> </FONT> <BR><FONT SIZE=2>> Now to the backwards compatibility issues. In the table below the only</FONT> <BR><FONT SIZE=2>> problem will come with a new LDAPv3 client that does not use ;binary</FONT> <BR><FONT SIZE=2>> with an existing v3 server that demands it. But we already have an</FONT> <BR><FONT SIZE=2>> inconsistency in these current LDAPv3 servers in that they accept LDAPv2</FONT> <BR><FONT SIZE=2>> queries without ;binary but not LDAPv3 queries without ;binary. </FONT> </P> <P><FONT SIZE=2>I do not think LDAPv2-LDAPv3 behavior is sufficient justification to cause </FONT> <BR><FONT SIZE=2>incompatibility between two LDAPv3 implementations.</FONT> </P> <P><FONT SIZE=2>Maybe an "LDAPv4" should have a different way for clients to send </FONT> <BR><FONT SIZE=2>certificate, but LDAPv2 compatibility should not be a concern that causes</FONT> <BR><FONT SIZE=2>this significant a change inside of the LDAPv3 specs. That is out of scope </FONT> <BR><FONT SIZE=2>for LDAPBIS.</FONT> </P> <P><FONT SIZE=2>Mark Wahl</FONT> <BR><FONT SIZE=2>Sun Microsystems Inc.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1DB4E.A1DBE780-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Jog810542 for ietf-pkix-bks; Wed, 3 Apr 2002 11:50:42 -0800 (PST) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33Jofm10532 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 11:50:41 -0800 (PST) Received: from rowlf.Central.Sun.COM ([129.153.131.70]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id LAA15108; Wed, 3 Apr 2002 11:50:08 -0800 (PST) Received: from sun.com (dhcp-aus09-222 [129.153.130.222]) by rowlf.Central.Sun.COM (8.11.6+Sun/8.11.6/ENSMAIL,v2.2) with ESMTP id g33Jo5e15260; Wed, 3 Apr 2002 13:50:06 -0600 (CST) Message-ID: <3CAB5D21.40189BF9@sun.com> Date: Wed, 03 Apr 2002 13:50:57 -0600 From: Mark Wahl <Mark.Wahl@sun.com> X-Mailer: Mozilla 4.77 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: David Chadwick <d.w.chadwick@salford.ac.uk> CC: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, Mark C Smith <mcs@netscape.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org>, mark.wahl@sun.com Subject: Re: LDAP Certificate transfer syntax References: <3CA860A2.20AB0F9C@salford.ac.uk> <5.1.0.14.0.20020403094751.01744a18@127.0.0.1> <3CAB5047.35DA6D1F@salford.ac.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David Chadwick wrote: > > > Now to the backwards compatibility issues. In the table below the only > problem will come with a new LDAPv3 client that does not use ;binary > with an existing v3 server that demands it. But we already have an > inconsistency in these current LDAPv3 servers in that they accept LDAPv2 > queries without ;binary but not LDAPv3 queries without ;binary. I do not think LDAPv2-LDAPv3 behavior is sufficient justification to cause incompatibility between two LDAPv3 implementations. Maybe an "LDAPv4" should have a different way for clients to send certificate, but LDAPv2 compatibility should not be a concern that causes this significant a change inside of the LDAPv3 specs. That is out of scope for LDAPBIS. Mark Wahl Sun Microsystems Inc. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33JW7109686 for ietf-pkix-bks; Wed, 3 Apr 2002 11:32:07 -0800 (PST) Received: from mclean.mail.mindspring.net (mclean.mail.mindspring.net [207.69.200.57]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33JW5m09682 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 11:32:05 -0800 (PST) Received: from user-2ivf7qu.dialup.mindspring.com ([165.247.159.94] helo=asn-1.com) by mclean.mail.mindspring.net with esmtp (Exim 3.33 #1) id 16sqTF-0003Hb-00; Wed, 03 Apr 2002 14:31:02 -0500 Message-ID: <3CAB56AD.6BA85700@asn-1.com> Date: Wed, 03 Apr 2002 14:23:25 -0500 From: Phil Griffin <phil.griffin@asn-1.com> Organization: Griffin Consulting - http://ASN-1.com X-Mailer: Mozilla 4.73 [en]C-{C-UDP; EBM-SONY1} (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: David Chadwick <d.w.chadwick@salford.ac.uk>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> <5.1.0.14.2.20020403102012.031ad888@exna07.securitydynamics.com> <5.1.0.14.2.20020403125913.02ccfbd8@exna07.securitydynamics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Forgive me if I'm wrong here, but I had the understanding that the outermost sequence wrapper of a certificate was a BER encoding, and the the inner content "ToBeSigned" is required to be encoded using DER. I think the point here should be, regardless of how the certificate was initially encoded, it should be treated as an open type, a value of type Certificate in its encoded form, and that the encoding received by the Directory should be preserved, and that preserved form of the data should be returned to a requester. If this is done, then the concerns Russ raises as to requiring extra processing disappear, and the issue that David raised as to whether the protocol can be extended to other encodings (BER or CER or PER or XER) is also mute. The Directory just knows it has a blob. It stores the blob as given and can return the blob on demand. Phil "Housley, Russ" wrote: > > David: > > When DAP is used, certificates come back in BER. This happens because the > DAP PDU is defined in ASN.1, and the BER encoding of the PDU encodes the > data too. An OCTET STRING could have been used, but this was all done > before there were object that had signatures. Anyway, I see this as an > opportunity to do better. > > I do not know about your AC development experience, but the specifications > are quite clear about the need for DER. It would be nice if the repository > fetch did not force the client to restore the original DER encoding. > > I agree that this is not a schema issue. However, a comment that the DER > encoding applied by the signer should be preserved is all I really > want. You have already fixed the problem where the repository access > protocol is changing the encoding. > > Russ > > At 06:39 PM 4/3/2002 +0100, David Chadwick wrote: > >Russ > > > >I dont think the issue below is one for the schema ID. The certificate > >attributes in the directory should be perfectly happy to receive BER or > >DER (or PER for that matter I guess). So the schema ID should allow > >anything to be stored there. > > > >Your issue is more one for the LDAP profile ID which was last updated in > >January. In the profile we can suggest that clients always use DER for > >encoding certificates. But what is the common WG concensus on this? FYI > >in recent work we did with attribute certificates we found we had to use > >BER because the DER Java objects were too buggy. > > > >David > > > > > >"Housley, Russ" wrote: > > > > > > David: > > > > > > I would like to encourage clients to provide certificates in DER. We ought > > > to tell them that there will be less work for everyone if they provide > > > DER-encoded certificates. Likewise for CRLs. > > > > > > Russ > > > > > > At 10:32 PM 4/1/2002 +0100, David Chadwick wrote: > > > > > > >"Housley, Russ" wrote: > > > > > > > > > > David: > > > > > > > > > > Is it possible to preserve the DER encoding. If not, then the DER > > encoding > > > > > must be restored in order to validate the signature? This just > > seems like > > > > > wasted processing to me. > > > > > > > > > > > > >Russ > > > > > > > >I quite agree. The revised text is meant to ensure that the DER or BER > > > >encoding created by the client when the certificate was first sent to > > > >the directory for storage is preserved as is. This is the purpose of the > > > >sentence below in the revised text, viz: > > > > > > > > > >Servers must preserve values in this syntax exactly as given when > > > > > >storing and retrieving them. > > > > > > > > > > > > > >Perhaps I should say "as given to them by the client, when storing and > > > >retrieving certificates" > > > > > > > >David > > > > > > > >-- > >***************************************************************** > > > >David W. Chadwick, BSc PhD > >Professor of Information Systems Security > >IS Institute, University of Salford, Salford M5 4WT > >Tel: +44 161 295 5351 Fax +44 161 745 8169 > >Mobile: +44 77 96 44 7184 > >Email: D.W.Chadwick@salford.ac.uk > >Home Page: http://www.salford.ac.uk/its024/chadwick.htm > >Research Projects: http://sec.isi.salford.ac.uk > >Understanding X.500: http://www.salford.ac.uk/its024/X500.htm > >X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm > >Entrust key validation string: MLJ9-DU5T-HV8J > >PGP Key ID is 0xBC238DE5 > > > >***************************************************************** > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33JBmD07208 for ietf-pkix-bks; Wed, 3 Apr 2002 11:11:48 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g33JBfm07192 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 11:11:41 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 Apr 2002 19:10:47 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id OAA10668; Wed, 3 Apr 2002 14:10:42 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g33JBiu11159; Wed, 3 Apr 2002 14:11:44 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13CV2>; Wed, 3 Apr 2002 14:09:20 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.152]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13CVH; Wed, 3 Apr 2002 14:09:18 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Ambarish Malpani <ambarish@valicert.com>, Stephen Kent <kent@bbn.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020403135748.02d1a950@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 14:11:37 -0500 Subject: Re: One last comment on DPD requirements In-Reply-To: <p05100309b8d0e4264f87@[128.89.88.34]> References: < <613B3C619C9AD4118C4E00B0D03E7C3E028E5348@polaris.valicert.com> <613B3C619C9AD4118C4E00B0D03E7C3E028E5348@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Steve & Ambarish: >>Hi Group, >> One last (slightly late) comment on the DPD requirements that >>has been troubling me: >> >>In the DPD requirements, there is a reasonable amount of text that >>talks about how a server can return multiple paths back to the >>client (to allow the client to decide which path is the best). >> >>The main goal of DPD is to try and simplify the client. In how many >>cases do people really want multiple paths back from the server. >>While it is the right requirement in principal, do folks really >>think clients will want multiple paths back from a DPD server? Are >>we adding the additional flexiblity/complexity just for >>technical purity? >> >>Comments will be appreciated. >> >>Regards, >>Ambarish > >I too would favor simplifying the protocol requirement here. Some folks >have suggested motivations for multiple paths, but this does seem to >conflict with the fundamental goal of creating a protocol to satisfy the >needs of thin clients. > >Steve I agree with your goal. It is far better for the client to tell the server what it wants, then get back a single path that satisfies all of the requirements. To do this, we need to be able to fully specify the clients criteria and send them to the server. I think that we know how to do this for many PKI-enabled applications, but I am not sure that we know how to do it for all applications, especially ones that are yet to be developed. This leaves us with two choices. Either the protocol returns multiple certification paths (the approach in the current document) or the protocol requires the client to adequately specify its criteria. This could be done with the path discovery policy. If we adopt this alternative, we should include additional text so that implements expect application-specific (perhaps several application-specific path discovery policy if there are multiple roles in the application). Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Iq9v05500 for ietf-pkix-bks; Wed, 3 Apr 2002 10:52:09 -0800 (PST) Received: from rhea.salford.ac.uk (rhea.salford.ac.uk [146.87.255.99]) by above.proper.com (8.11.6/8.11.3) with SMTP id g33Iq8m05496 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 10:52:08 -0800 (PST) Received: (qmail 60789 invoked by alias); 3 Apr 2002 18:52:10 -0000 Received: (qmail 60765 invoked from network); 3 Apr 2002 18:52:09 -0000 Received: from unknown (HELO salford.ac.uk) (146.87.80.124) by rhea.salford.ac.uk with SMTP; 3 Apr 2002 18:52:09 -0000 Message-ID: <3CAB5047.35DA6D1F@salford.ac.uk> Date: Wed, 03 Apr 2002 19:56:07 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> CC: Mark C Smith <mcs@netscape.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <3CA860A2.20AB0F9C@salford.ac.uk> <5.1.0.14.0.20020403094751.01744a18@127.0.0.1> Content-Type: multipart/mixed; boundary="------------2E38E2F8CB70E2AA402FD5FD" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------2E38E2F8CB70E2AA402FD5FD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Kurt D. Zeilenga" wrote: > > I fully concur. The PKI schema specification needs to be > revised in a manner which doesn't introduce significant > backwards compatibility problems with implementations of > the current LDAPv3 technical specification. > > Kurt Kurt I dont believe we are introducing significant backwards compatibility problems (though there are some, see below) and we are removing forwards compatibility problems which is a big plus. Given that there are many fewer server implementations than clients, it will be easier to migrate these to be ;binary lenient than to migrate lots of clients. What the PKIX spec is in fact doing, which has never been done before but should have been, is to specify a "native" encoding for certificates that says they are BER or DER encoded byte strings. Thus the ;binary option can be used, but it is a null function. It is also saying, which again should have been said a long time ago but never was, is that servers MUST NOT change the encoding of certificates when they recieve them, but MUST leave them exactly as received and return them exactly as received. Now to the backwards compatibility issues. In the table below the only problem will come with a new LDAPv3 client that does not use ;binary with an existing v3 server that demands it. But we already have an inconsistency in these current LDAPv3 servers in that they accept LDAPv2 queries without ;binary but not LDAPv3 queries without ;binary. But they sometimes screw things up because a certificate stored by an LDAPv2 client cannot always be retrieved by an LDAPv3 client (which you have to admit is pretty crazy). The new schema spec will remove all of these problems once the servers become less religious about the presence of ;binary, and are configured to know that a certificate's native encoding is already BER/DER. Current LDAPv3 Server NewLDAPv3Server mandates ;binary does not care LDAPv2 client does not use seems to work OK ;binary Current LDAPv3 client OK OK does use ;binary New LDAPv3 client probably does not use wont work OK ;binary I honestly believe that what is being proposed is the best solution to what at present is a very messy LDAP world, as far as PKI is concerned David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------2E38E2F8CB70E2AA402FD5FD Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------2E38E2F8CB70E2AA402FD5FD-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33IaFB04969 for ietf-pkix-bks; Wed, 3 Apr 2002 10:36:15 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33IaDm04965 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 10:36:13 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g33IaCC11398; Wed, 3 Apr 2002 18:36:12 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020403103001.01744250@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 10:36:25 -0800 To: David Chadwick <d.w.chadwick@salford.ac.uk> From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: Re: LDAP Certificate transfer syntax Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> In-Reply-To: <3CA860A2.20AB0F9C@salford.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This text does not clearly "MUST" the use of ;binary as RFC 2252 and RFC 2256 did. As previously noted, this "MUST" should not be dropped as doing so will cause interoperability problems between implementations of the current technical specification and the revised technical specification. Kurt At 05:29 AM 2002-04-01, David Chadwick wrote: >Colleagues > >Here is my proposed change to the section describing the LDAP syntax for >cerificates in the PKIX id ><draft-pkix-ldap-schema-03.txt> which should be published before the end >of April. As this is likely to be the most contentious part of the new >ID, I thought it would be useful to distribute this text at the earlier >possible moment. > >All constructive comments welcomed > >David > > >3.3 Certificate Syntax > >A value in this transfer syntax is the binary octet string that results >from BER or DER-encoding of an X.509 public key certificate. The >following string states the OID assigned to this syntax: > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > >Servers must preserve values in this syntax exactly as given when >storing and retrieving them. > >Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent >changes to the ASN.1 definition to support certificate extensions in >X.509(1997), no character string transfer syntax is defined for >certificates. The BNF notation in RFC 1778 [12] for "User Certificate" >MUST NOT be used. Values in this syntax MUST be transferred as BER or >DER encoded octets. The use of the ;binary encoding option, i.e. by >requesting or returning the attributes with descriptions >"userCertificate;binary" or "caCertificate;binary" has no effect on the >transfer syntax. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33I7TK03102 for ietf-pkix-bks; Wed, 3 Apr 2002 10:07:29 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g33I7Rm03095 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 10:07:27 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 Apr 2002 18:06:34 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA04639; Wed, 3 Apr 2002 13:06:28 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g33I7Sb03900; Wed, 3 Apr 2002 13:07:28 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13BQ1>; Wed, 3 Apr 2002 13:05:02 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.152]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13BP0; Wed, 3 Apr 2002 13:04:54 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: David Chadwick <d.w.chadwick@salford.ac.uk> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020403125913.02ccfbd8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 13:05:59 -0500 Subject: Re: LDAP Certificate transfer syntax In-Reply-To: <3CAB3E4E.3B6298A3@salford.ac.uk> References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> <5.1.0.14.2.20020403102012.031ad888@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David: When DAP is used, certificates come back in BER. This happens because the DAP PDU is defined in ASN.1, and the BER encoding of the PDU encodes the data too. An OCTET STRING could have been used, but this was all done before there were object that had signatures. Anyway, I see this as an opportunity to do better. I do not know about your AC development experience, but the specifications are quite clear about the need for DER. It would be nice if the repository fetch did not force the client to restore the original DER encoding. I agree that this is not a schema issue. However, a comment that the DER encoding applied by the signer should be preserved is all I really want. You have already fixed the problem where the repository access protocol is changing the encoding. Russ At 06:39 PM 4/3/2002 +0100, David Chadwick wrote: >Russ > >I dont think the issue below is one for the schema ID. The certificate >attributes in the directory should be perfectly happy to receive BER or >DER (or PER for that matter I guess). So the schema ID should allow >anything to be stored there. > >Your issue is more one for the LDAP profile ID which was last updated in >January. In the profile we can suggest that clients always use DER for >encoding certificates. But what is the common WG concensus on this? FYI >in recent work we did with attribute certificates we found we had to use >BER because the DER Java objects were too buggy. > >David > > >"Housley, Russ" wrote: > > > > David: > > > > I would like to encourage clients to provide certificates in DER. We ought > > to tell them that there will be less work for everyone if they provide > > DER-encoded certificates. Likewise for CRLs. > > > > Russ > > > > At 10:32 PM 4/1/2002 +0100, David Chadwick wrote: > > > > >"Housley, Russ" wrote: > > > > > > > > David: > > > > > > > > Is it possible to preserve the DER encoding. If not, then the DER > encoding > > > > must be restored in order to validate the signature? This just > seems like > > > > wasted processing to me. > > > > > > > > > >Russ > > > > > >I quite agree. The revised text is meant to ensure that the DER or BER > > >encoding created by the client when the certificate was first sent to > > >the directory for storage is preserved as is. This is the purpose of the > > >sentence below in the revised text, viz: > > > > > > > >Servers must preserve values in this syntax exactly as given when > > > > >storing and retrieving them. > > > > > > > > > > >Perhaps I should say "as given to them by the client, when storing and > > >retrieving certificates" > > > > > >David > > > > >-- >***************************************************************** > >David W. Chadwick, BSc PhD >Professor of Information Systems Security >IS Institute, University of Salford, Salford M5 4WT >Tel: +44 161 295 5351 Fax +44 161 745 8169 >Mobile: +44 77 96 44 7184 >Email: D.W.Chadwick@salford.ac.uk >Home Page: http://www.salford.ac.uk/its024/chadwick.htm >Research Projects: http://sec.isi.salford.ac.uk >Understanding X.500: http://www.salford.ac.uk/its024/X500.htm >X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm >Entrust key validation string: MLJ9-DU5T-HV8J >PGP Key ID is 0xBC238DE5 > >***************************************************************** > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33I2Qr02741 for ietf-pkix-bks; Wed, 3 Apr 2002 10:02:26 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33I2Om02736 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 10:02:24 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id UAA04282; Wed, 3 Apr 2002 20:02:25 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 3 Apr 2002 20:02:25 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id UAA10615; Wed, 3 Apr 2002 20:02:24 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id UAA04158; Wed, 3 Apr 2002 20:02:24 +0200 (MET DST) Date: Wed, 3 Apr 2002 20:02:24 +0200 (MET DST) Message-Id: <200204031802.UAA04158@emeriau.edelweb.fr> To: ietf-pkix@imc.org, ambarish@valicert.com Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > If the protocol does choose to return the requestHash in the response, do > you see any benefit to adding a requestNonce in the response? If not, the > requirement should go. I think it would be better for the requirements doc > to say what is desired: "Prevent replay attacks on responses" and let the > protocol decide how to do it. > I seem to agree with Ambarish that the current texts is an overspecification. Thus, a simple text like: "The protocol MUST provide a means to protect itself against replay attacks." seems sufficient for this document. Peter Received: by above.proper.com (8.11.6/8.11.3) id g33I0KK02653 for ietf-pkix-bks; Wed, 3 Apr 2002 10:00:20 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33I0Km02649 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 10:00:20 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU000K017941U@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 3 Apr 2002 09:58:16 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU000JBB794L8@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 03 Apr 2002 09:58:16 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PHRA>; Wed, 03 Apr 2002 09:59:52 -0800 Content-return: allowed Date: Wed, 03 Apr 2002 09:59:50 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt To: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E534D@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Agreed! Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Housley, Russ [mailto:rhousley@rsasecurity.com] > Sent: Wednesday, April 03, 2002 9:19 AM > To: Denis Pinkas; Ambarish Malpani > Cc: ietf-pkix@imc.org > Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt > > > Denis and Ambarish: > > > > 3. Section 4 Para 12 > > > In order to prevent replay attacks, you require the > nonce to be > > > present in the response. As mentioned by Petra, if the response > > > contained the request hash, it doesn't need to contain > the nonce. It > > > is still bound to the request. Present of the request nonce in the > > > reply shouldn't be a requirement in this case. > > > >Verification of equality of the nonce is simple and > straigthforward to > >discard replay attacks. Since we do not require to use the > hash of the > >request in the response, we have purposely maintained this > requirement. > > Perhaps we have boxed ourselves into a corner. Maybe there > is a simple way > forward. > > Two requirements are getting muddled here. One requirement > is to bind the > request to the response. The second requirement is to > include a replay > detection mechanism. > > Nonces and hashes are mechanisms that are used to implement > one of these > requirements. Perhaps this document should simply state the > requirement, > and not impose a mechanism. > > Russ > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33HwIq02596 for ietf-pkix-bks; Wed, 3 Apr 2002 09:58:18 -0800 (PST) Received: from pretender.boolean.net (root@router.boolean.net [198.144.206.49]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33HwGm02592 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 09:58:16 -0800 (PST) Received: from nomad.OpenLDAP.org (root@localhost [127.0.0.1]) by pretender.boolean.net (8.11.3/8.11.1/Boolean/Hub) with ESMTP id g33HwAC11133; Wed, 3 Apr 2002 17:58:10 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.1.0.14.0.20020403094751.01744a18@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 09:58:22 -0800 To: mcs@netscape.com (Mark C Smith) From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: Re: LDAP Certificate transfer syntax Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> In-Reply-To: <3CAB2AF1.3080408@netscape.com> References: <3CA860A2.20AB0F9C@salford.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 08:16 AM 2002-04-03, Mark C Smith wrote: >I am still concerned about how dropping the ;binary transfer option that was mandated by RFC 2252 will affect the large installed base of LDAPv3 and PKI implementations (of course some PKI clients are already trying to use userCertificate without ;binary with LDAPv3 implementations, and not surprisingly there are having a difficult time). I fully concur. The PKI schema specification needs to be revised in a manner which doesn't introduce significant backwards compatibility problems with implementations of the current LDAPv3 technical specification. Kurt Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33HfCx01038 for ietf-pkix-bks; Wed, 3 Apr 2002 09:41:12 -0800 (PST) Received: from rhea.salford.ac.uk (rhea.salford.ac.uk [146.87.255.99]) by above.proper.com (8.11.6/8.11.3) with SMTP id g33HfBm01034 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 09:41:11 -0800 (PST) Received: (qmail 48646 invoked by alias); 3 Apr 2002 17:41:12 -0000 Received: (qmail 48628 invoked from network); 3 Apr 2002 17:41:12 -0000 Received: from unknown (HELO salford.ac.uk) (146.87.80.124) by rhea.salford.ac.uk with SMTP; 3 Apr 2002 17:41:12 -0000 Message-ID: <3CAB3FA6.F7D03FD6@salford.ac.uk> Date: Wed, 03 Apr 2002 18:45:10 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Mark C Smith <mcs@netscape.com> CC: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <3CA860A2.20AB0F9C@salford.ac.uk> <3CAB2AF1.3080408@netscape.com> Content-Type: multipart/mixed; boundary="------------FD959FE37FB6DF8FBBDCD039" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------FD959FE37FB6DF8FBBDCD039 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mark We are not dropping the ;binary option, you can still use it, but its functionality is redundant as the "native" LDAP encoding is BER. To put the other view, I have heard that some other LDAPv3 directories are unable to accept the ;binary option anyway. So what I am now arguing for is leniency on the part of servers, that they neither demand nor reject the use of ;binary, but just ignore it if it is there. David Mark C Smith wrote: > > I am still concerned about how dropping the ;binary transfer option that > was mandated by RFC 2252 will affect the large installed base of LDAPv3 > and PKI implementations (of course some PKI clients are already trying > to use userCertificate without ;binary with LDAPv3 implementations, and > not surprisingly there are having a difficult time). > > But if consensus is to proceed with this proposal, then I think the > conflict with RFC 2252 should be noted in the PKIX document (there is a > lot of history behind all of this, and implementors and users who do not > know all of it will undoubtedly be confused). > > -Mark Smith > Netscape > > David Chadwick wrote: > > Colleagues > > > > Here is my proposed change to the section describing the LDAP syntax for > > cerificates in the PKIX id > > <draft-pkix-ldap-schema-03.txt> which should be published before the end > > of April. As this is likely to be the most contentious part of the new > > ID, I thought it would be useful to distribute this text at the earlier > > possible moment. > > > > All constructive comments welcomed > > > > David > > > > > > 3.3 Certificate Syntax > > > > A value in this transfer syntax is the binary octet string that results > > from BER or DER-encoding of an X.509 public key certificate. The > > following string states the OID assigned to this syntax: > > > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > > > > Servers must preserve values in this syntax exactly as given when > > storing and retrieving them. > > > > Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent > > changes to the ASN.1 definition to support certificate extensions in > > X.509(1997), no character string transfer syntax is defined for > > certificates. The BNF notation in RFC 1778 [12] for "User Certificate" > > MUST NOT be used. Values in this syntax MUST be transferred as BER or > > DER encoded octets. The use of the ;binary encoding option, i.e. by > > requesting or returning the attributes with descriptions > > "userCertificate;binary" or "caCertificate;binary" has no effect on the > > transfer syntax. -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------FD959FE37FB6DF8FBBDCD039 Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------FD959FE37FB6DF8FBBDCD039-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33HZS500453 for ietf-pkix-bks; Wed, 3 Apr 2002 09:35:28 -0800 (PST) Received: from rhea.salford.ac.uk (rhea.salford.ac.uk [146.87.255.99]) by above.proper.com (8.11.6/8.11.3) with SMTP id g33HZRm00449 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 09:35:27 -0800 (PST) Received: (qmail 47790 invoked by alias); 3 Apr 2002 17:35:28 -0000 Received: (qmail 47772 invoked from network); 3 Apr 2002 17:35:28 -0000 Received: from unknown (HELO salford.ac.uk) (146.87.80.124) by rhea.salford.ac.uk with SMTP; 3 Apr 2002 17:35:28 -0000 Message-ID: <3CAB3E4E.3B6298A3@salford.ac.uk> Date: Wed, 03 Apr 2002 18:39:26 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> <5.1.0.14.2.20020403102012.031ad888@exna07.securitydynamics.com> Content-Type: multipart/mixed; boundary="------------727D949320E69CF4C0772B49" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------727D949320E69CF4C0772B49 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Russ I dont think the issue below is one for the schema ID. The certificate attributes in the directory should be perfectly happy to receive BER or DER (or PER for that matter I guess). So the schema ID should allow anything to be stored there. Your issue is more one for the LDAP profile ID which was last updated in January. In the profile we can suggest that clients always use DER for encoding certificates. But what is the common WG concensus on this? FYI in recent work we did with attribute certificates we found we had to use BER because the DER Java objects were too buggy. David "Housley, Russ" wrote: > > David: > > I would like to encourage clients to provide certificates in DER. We ought > to tell them that there will be less work for everyone if they provide > DER-encoded certificates. Likewise for CRLs. > > Russ > > At 10:32 PM 4/1/2002 +0100, David Chadwick wrote: > > >"Housley, Russ" wrote: > > > > > > David: > > > > > > Is it possible to preserve the DER encoding. If not, then the DER encoding > > > must be restored in order to validate the signature? This just seems like > > > wasted processing to me. > > > > > > >Russ > > > >I quite agree. The revised text is meant to ensure that the DER or BER > >encoding created by the client when the certificate was first sent to > >the directory for storage is preserved as is. This is the purpose of the > >sentence below in the revised text, viz: > > > > > >Servers must preserve values in this syntax exactly as given when > > > >storing and retrieving them. > > > > > > > >Perhaps I should say "as given to them by the client, when storing and > >retrieving certificates" > > > >David > > -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------727D949320E69CF4C0772B49 Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------727D949320E69CF4C0772B49-- Received: by above.proper.com (8.11.6/8.11.3) id g33HJR429791 for ietf-pkix-bks; Wed, 3 Apr 2002 09:19:27 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g33HJPm29787 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 09:19:25 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 Apr 2002 17:18:31 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id MAA00616; Wed, 3 Apr 2002 12:18:26 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g33HJSS28983; Wed, 3 Apr 2002 12:19:28 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13AW9>; Wed, 3 Apr 2002 12:17:04 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.152]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13AW6; Wed, 3 Apr 2002 12:16:58 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Denis Pinkas <Denis.Pinkas@bull.net>, Ambarish Malpani <ambarish@valicert.com> Cc: ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020403121440.02076cc8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 12:18:44 -0500 Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt In-Reply-To: <3CAB1909.E1E3346E@bull.net> References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Denis and Ambarish: > > 3. Section 4 Para 12 > > In order to prevent replay attacks, you require the nonce to be > > present in the response. As mentioned by Petra, if the response > > contained the request hash, it doesn't need to contain the nonce. It > > is still bound to the request. Present of the request nonce in the > > reply shouldn't be a requirement in this case. > >Verification of equality of the nonce is simple and straigthforward to >discard replay attacks. Since we do not require to use the hash of the >request in the response, we have purposely maintained this requirement. Perhaps we have boxed ourselves into a corner. Maybe there is a simple way forward. Two requirements are getting muddled here. One requirement is to bind the request to the response. The second requirement is to include a replay detection mechanism. Nonces and hashes are mechanisms that are used to implement one of these requirements. Perhaps this document should simply state the requirement, and not impose a mechanism. Russ Received: by above.proper.com (8.11.6/8.11.3) id g33HIx829782 for ietf-pkix-bks; Wed, 3 Apr 2002 09:18:59 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33HIvm29778 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 09:18:57 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA04043; Wed, 3 Apr 2002 19:18:57 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 3 Apr 2002 19:18:57 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA10422; Wed, 3 Apr 2002 19:18:56 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA04146; Wed, 3 Apr 2002 19:18:56 +0200 (MET DST) Date: Wed, 3 Apr 2002 19:18:56 +0200 (MET DST) Message-Id: <200204031718.TAA04146@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > It is proposed to add after the current last paragraph from section 4: > > "When the request is authenticated, the requestor shall have the possibility > to have its identifier included or not in the response." Identification and Authentication are different things. I have proposed in a different mail to Russ: The protocol MUST provide a means to allow a client and a server to indicate the participating entities. I correct '... to indicate the identities of the entities participating in the transction'. and one may add "(depending on policy or application context)". > Since relaying is not supported (see the response to your other e-mail), > there is no difference between "for whom the response has been made" and > "who has made the response". 'For whom' indicated the requester(s). I agree that there may be a language problem. I did not mention 'for whom' as a synomym of 'on behalf of'. Peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33HEoP29707 for ietf-pkix-bks; Wed, 3 Apr 2002 09:14:50 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33HEmm29703 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 09:14:48 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id TAA04007; Wed, 3 Apr 2002 19:14:47 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 3 Apr 2002 19:14:47 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id TAA10398; Wed, 3 Apr 2002 19:14:46 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id TAA04143; Wed, 3 Apr 2002 19:14:46 +0200 (MET DST) Date: Wed, 3 Apr 2002 19:14:46 +0200 (MET DST) Message-Id: <200204031714.TAA04143@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> About 'invisible realying': > > Why do you think that a DPV response from a server MUST NOT > > contain a DPV response from another server, while on the other > > hand it is provided that the server returns all information > > concerning the certification path, an revocation information. > > What does make DPV responses so different from OCSP reponses > > that they would create either additional complexity or harm. > > > > An end user only communicates with his local company > > service. The company knows which external CAs can be > > trusted, and which service can be contacted. > > You already allow to contact OCSP services in this > > way. Where is the difference between DPV and OCSP? > > > > It may be desirable that an end user may not > > directly interface with a remote DPV and needs an > > intermediate 'anonymizer' or 'authorized relay'. > > > > In all such cases there is a danger (like in OCSP) > > for endless loops. > > There is no such a danger: the request is sent to one server and must come > back from that same server. If the server uses relaying in the back ground > to fulfill the service, then this is not visible from the requester. The > final response from a DPV server is signed by the server that received the > original request. Relaying is not supported by the protocol. - You accept now that there is relaying of dpv requests is possible. Assume that two companies operate a DPV service, and in order to validate a certificat of the other company, a request is relayed (as you suggest) in a back ground way. A simple configuration error in one of the servers and the request gets relayed back etc. - Russ answered my request for an optional inclusion of the identities participating in the transaction. having this I think this is sufficient to address the loop problem. But: You have not answered my question why you believe that a inclusion of another dpv response in a response is a harmful thing. I believe that there are scenarios where it is useful that relaying be made visible. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33H1Ct29349 for ietf-pkix-bks; Wed, 3 Apr 2002 09:01:12 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33H1Am29345 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 09:01:10 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id TAA17744; Wed, 3 Apr 2002 19:03:36 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040319003695:387 ; Wed, 3 Apr 2002 19:00:36 +0200 Message-ID: <3CAB351A.D41F27E@bull.net> Date: Wed, 03 Apr 2002 19:00:10 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Ambarish Malpani <ambarish@valicert.com>, Russ Housley <rhousley@rsasecurity.com> CC: ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5349@polaris.valicert.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 19:00:37, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 19:01:08, Serialize complete at 03/04/2002 19:01:08 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ambarish, > Hi Denis, > Thank you, the resolution to all these questions is > excellent (other than #3). > > In case of the 3rd comment: > > > > 3. Section 4 Para 12 > > > In order to prevent replay attacks, you require the nonce to be > > > present in the response. As mentioned by Petra, if the response > > > contained the request hash, it doesn't need to contain the nonce. It > > > is still bound to the request. Present of the request nonce in the > > > reply shouldn't be a requirement in this case. > > > > Verification of equality of the nonce is simple and straigthforward to > > discard replay attacks. Since we do not require to use the hash of the > > request in the response, we have purposely maintained this > > requirement. > > If the protocol does choose to return the requestHash in the response, do > you see any benefit to adding a requestNonce in the response? The benefit is that replay attacks can be detected very easily, in particular when using a traffic analyzer. Otherwise this is not straightforward. A copy of this field in the response is worth the money. :-) > If not, the > requirement should go. I think it would be better for the requirements doc > to say what is desired: "Prevent replay attacks on responses" and let the > protocol decide how to do it. This resolution has been taken at the Minneapolis meeting after a discussion with Russ. Denis > Regards, > Ambarish > > --------------------------------------------------------------------- > Ambarish Malpani > Chief Architect 650.567.5457 > ValiCert, Inc. ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043 > > > -----Original Message----- > > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > > Sent: Wednesday, April 03, 2002 7:00 AM > > To: Ambarish Malpani; brian.hunter@sit.fraunhofer.de > > Cc: ietf-pkix@imc.org > > Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > > Hi Denis, Russ, > > > Great work on the new draft! > > > > Thank you. It was quite harder than expected. > > > > > A few comments: > > > > > > 1. In 2 places you equate the "root" with a self-signed cert. I > > > hope you intend to allow the trust anchor to be a non-self-signed > > > cert. The 2 places are Para 4 of Section 4 and Para 4 of Section 5. > > > > In Para 4 of Section 4, the text says "e.g. root self-signed > > certificates". > > So there is nothing wrong, since this is only an example. No > > change needed. > > > > In Para 4 of Section 5, the text says: "The trust anchor self-signed > > certificate, if issued, is not included." Since Brian had > > problems with > > that sentence too, it is proposed to change it into: > > > > "Each path consists of a sequence of certificates, starting with > > the certificate to be validated and ending with a trust anchor. > > If the trust anchor is a self-signed certificate, that self-signed > > certificate is not included." > > > > > 2. Section 4 Para 9 > > > You require the DPV server to "obtain" the certificate from the > > > reference provided by the client. This is *not* a requirement. If > > > the server obtains the certificate by some other means, > > that is okay, > > > as long as it verifies that the certificate is indeed the one > > > being referred to by the client. > > > > The current sentence is: > > > > "If not provided in the request, the server MUST use the unambiguous > > reference provided in the request to obtain it." > > > > It is proposed to change the sentence into: > > > > "If not provided in the request, the server MUST verify that > > the certificate > > is indeed the one being unambiguous referenced by the client". > > > > > 3. Section 4 Para 12 > > > In order to prevent replay attacks, you require the nonce to be > > > present in the response. As mentioned by Petra, if the response > > > contained the request hash, it doesn't need to contain the nonce. It > > > is still bound to the request. Present of the request nonce in the > > > reply shouldn't be a requirement in this case. > > > > Verification of equality of the nonce is simple and straigthforward to > > discard replay attacks. Since we do not require to use the hash of the > > request in the response, we have purposely maintained this > > requirement. > > > > > 4. Section 4 Para 16 > > > You require a DPV response to be signed - error response > > > might not be signed (e.g. badly formatted request, etc.) Please > > > allow for that case. > > > > Certainly. The current text is: > > > > "For the client to be confident that the certificate validation was > > handled by the expected DPV server, the DPV response MUST be > > authenticated. > > > > For the client to be able prove to a third party that trusts the > > same DPV server that the certificate validation was handled > > correctly, > > the DPV response MUST be digitally signed." > > > > It is proposed to add at the end of each paragraph: > > > > "unless an error is reported (e.g. badly formatted request, etc.)." > > > > > That's it! > > > > Thank you ! > > > > Denis > > > > > > > Regards, > > > Ambarish > > > > > > > > --------------------------------------------------------------------- > > > Ambarish Malpani > > > Chief Architect > > 650.567.5457 > > > ValiCert, Inc. > > ambarish@valicert.com > > > 1215 Terra Bella Ave. > > http://www.valicert.com > > > Mountain View, CA 94043 > > > > > > > -----Original Message----- > > > > From: Tim Polk [mailto:tim.polk@nist.gov] > > > > Sent: Friday, March 29, 2002 2:55 PM > > > > To: ietf-pkix@imc.org > > > > Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > > > > > > > > > Folks, > > > > > > > > The editors have informed me that they believe the -03 draft > > > > satisfies all > > > > WG Last Call comments and meets the criteria of rough > > > > consesnsus. My review > > > > agrees with their position, and I would like to ship the > > > > document to the > > > > ADs as soon as possible. > > > > > > > > If you have a dog in this fight, *please review the > > specification by > > > > Tuesday COB.* If I do not see any traffic on the list > > stating that > > > > unresolved comments remain, I will forward the document to the ADs > > > > Wednesday morning. > > > > > > > > Thanks, > > > > > > > > Tim Polk > > > > > > > > At 07:03 AM 3/29/02 -0500, you wrote: > > > > >A New Internet-Draft is available from the on-line > > Internet-Drafts > > > > >directories. > > > > >This draft is a work item of the Public-Key Infrastructure > > > > (X.509) Working > > > > >Group of the IETF. > > > > > > > > > > Title : Delegated Path Validation and > > > > Delegated Path > > > > > Discovery > > > > > Protocol Requirements (DPV&DPD-REQ) > > > > > Author(s) : D. Pinkas, R. Housley > > > > > Filename : draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > Pages : 11 > > > > > Date : 28-Mar-02 > > > > > > > > > >This document specifies the requirements for Delegated Path > > > > Validation > > > > >(DPV) and Delegated Path Discovery (DPD) for Public Key > > Certificates. > > > > >It also specifies the requirements for DPV and DPD > > policy management. > > > > > > > > > >A URL for this Internet-Draft is: > > > > >http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > > > eq-03.txt > > > > > > > > > >To remove yourself from the IETF Announcement list, send > > a message to > > > > >ietf-announce-request with the word unsubscribe in the body > > > > of the message. > > > > > > > > > >Internet-Drafts are also available by anonymous FTP. Login > > > > with the username > > > > >"anonymous" and a password of your e-mail address. After > > logging in, > > > > >type "cd internet-drafts" and then > > > > > "get draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > > > > > >A list of Internet-Drafts directories can be found in > > > > >http://www.ietf.org/shadow.html > > > > >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > > > > > > > >Internet-Drafts can also be obtained by e-mail. > > > > > > > > > >Send a message to: > > > > > mailserv@ietf.org. > > > > >In the body type: > > > > > "FILE > > /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > > > > > >NOTE: The mail server at ietf.org can return the document in > > > > > MIME-encoded form by using the "mpack" utility. > > To use this > > > > > feature, insert the command "ENCODING mime" before > > > > the "FILE" > > > > > command. To decode the response(s), you will need > > > > "munpack" or > > > > > a MIME-compliant mail reader. Different > > > > MIME-compliant mail readers > > > > > exhibit different behavior, especially when dealing with > > > > > "multipart" MIME messages (i.e. documents which > > > > have been split > > > > > up into multiple messages), so check your local > > > > documentation on > > > > > how to manipulate these messages. > > > > > > > > > > > > > > >Below is the data which will enable a MIME compliant mail reader > > > > >implementation to automatically retrieve the ASCII version of the > > > > >Internet-Draft. > > > > >Content-Type: text/plain > > > > >Content-ID: <20020328141430.I-D@ietf.org> > > > > > > > > > >ENCODING mime > > > > >FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > > > eq-03.txt> > > > > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33GxJf29271 for ietf-pkix-bks; Wed, 3 Apr 2002 08:59:19 -0800 (PST) Received: from po1.bbn.com (PO1.BBN.com [192.1.50.38]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33GxIm29267 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:59:18 -0800 (PST) Received: from [128.89.88.34] (comsec.bbn.com [128.89.88.34]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id LAA29810; Wed, 3 Apr 2002 11:59:09 -0500 (EST) Mime-Version: 1.0 X-Sender: kent@po1.bbn.com Message-Id: <p05100309b8d0e4264f87@[128.89.88.34]> In-Reply-To: <613B3C619C9AD4118C4E00B0D03E7C3E028E5348@polaris.valicert.com> References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5348@polaris.valicert.com> Date: Wed, 3 Apr 2002 11:55:32 -0500 To: Ambarish Malpani <ambarish@valicert.com> From: Stephen Kent <kent@bbn.com> Subject: Re: One last comment on DPD requirements Cc: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> At 8:36 AM -0800 4/3/02, Ambarish Malpani wrote: >Hi Group, > One last (slightly late) comment on the DPD requirements that >has been troubling me: > >In the DPD requirements, there is a reasonable amount of text that >talks about how a server can return multiple paths back to the >client (to allow the client to decide which path is the best). > >The main goal of DPD is to try and simplify the client. In how many >cases do people really want multiple paths back from the server. >While it is the right requirement in principal, do folks really >think clients will want multiple paths back from a DPD server? Are >we adding the additional flexiblity/complexity just for >technical purity? > >Comments will be appreciated. > >Regards, >Ambarish I too would favor simplifying the protocol requirement here. Some folks have suggested motivations for multiple paths, but this does seem to conflict with the fundamental goal of creating a protocol to satisfy the needs of thin clients. Steve Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33GvJ029226 for ietf-pkix-bks; Wed, 3 Apr 2002 08:57:19 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g33GvIm29222 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:57:18 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 Apr 2002 16:56:24 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA28253; Wed, 3 Apr 2002 11:56:18 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g33GvL826166; Wed, 3 Apr 2002 11:57:21 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX13AH8>; Wed, 3 Apr 2002 11:54:57 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.129]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX13AH5; Wed, 3 Apr 2002 11:54:52 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Brian Hunter <brian.hunter@sit.fraunhofer.de> Cc: Denis.Pinkas@bull.net, ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020403114844.031ba150@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 11:53:06 -0500 Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt In-Reply-To: <3CA9B0F1.EC39C9AC@sit.fraunhofer.de> References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Brian: >5. Section 5 Para 4 > This comment goes along with Ambarish's comment 1. I do not >understand what is meant by "if issued" in the following sentence: > "The trust anchor self-signed certificate, if issued, is not >included." > >Without understanding the "issued" point and assuming that all trust >anchor certificates, self-signed or not, are issued, then I would have >the sentence read: > "The trust anchor is not included." >Note that I am agreeing with Ambarish that the self-signed requirement >for a root should be dropped. Trust anchors can be established using self-signed certificates or by other means, either way, the trust anchor is not included. Perhaps this point is only adding confusion. >9. Section 9 Last paragraph point (3) > Is it intended that the validation time should be adjusted for only >one of the four points, hence the use of "or" after point three? I would >suggest the use of "and". I disagree. The time could be adjusted for one or more of these reasons. It is an inclusive or. Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33GsHM29173 for ietf-pkix-bks; Wed, 3 Apr 2002 08:54:17 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33GsGm29168 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:54:16 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA20748; Wed, 3 Apr 2002 18:56:44 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040318534514:385 ; Wed, 3 Apr 2002 18:53:45 +0200 Message-ID: <3CAB337F.2F375CFC@bull.net> Date: Wed, 03 Apr 2002 18:53:19 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Ambarish Malpani <ambarish@valicert.com> CC: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Subject: Re: One last comment on DPD requirements References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5348@polaris.valicert.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 18:53:45, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 18:54:16, Serialize complete at 03/04/2002 18:54:16 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ambarish, This is indeed a very late comment. > Hi Group, > One last (slightly late) comment on the DPD requirements that > has been troubling me: > > In the DPD requirements, there is a reasonable amount of text that > talks about how a server can return multiple paths back to the > client (to allow the client to decide which path is the best). > > The main goal of DPD is to try and simplify the client. In how many > cases do people really want multiple paths back from the server. > While it is the right requirement in principal, do folks really > think clients will want multiple paths back from a DPD server? Are > we adding the additional flexiblity/complexity just for > technical purity? If there exists more than one path, and if the server only returns one path and that path does not comply with the conditions set by the client, no other path would never be sent back and there might well be another one that would satisfy the conditions set by the client. DPD clients are not clients as simple as DPV clients, they are able to perform path validation themselves. It would not make sense to only return one path. Denis > Comments will be appreciated. > > Regards, > Ambarish > > --------------------------------------------------------------------- > Ambarish Malpani > Chief Architect 650.567.5457 > ValiCert, Inc. ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043 Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Gehc28772 for ietf-pkix-bks; Wed, 3 Apr 2002 08:40:43 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33Gebm28768 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:40:37 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU000J013K9EJ@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 3 Apr 2002 08:38:34 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU000J7Q3K90D@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 03 Apr 2002 08:38:33 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PHC6>; Wed, 03 Apr 2002 08:40:09 -0800 Content-return: allowed Date: Wed, 03 Apr 2002 08:40:00 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: RE: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt To: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5349@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Denis, Thank you, the resolution to all these questions is excellent (other than #3). In case of the 3rd comment: > > 3. Section 4 Para 12 > > In order to prevent replay attacks, you require the nonce to be > > present in the response. As mentioned by Petra, if the response > > contained the request hash, it doesn't need to contain the nonce. It > > is still bound to the request. Present of the request nonce in the > > reply shouldn't be a requirement in this case. > > Verification of equality of the nonce is simple and straigthforward to > discard replay attacks. Since we do not require to use the hash of the > request in the response, we have purposely maintained this > requirement. If the protocol does choose to return the requestHash in the response, do you see any benefit to adding a requestNonce in the response? If not, the requirement should go. I think it would be better for the requirements doc to say what is desired: "Prevent replay attacks on responses" and let the protocol decide how to do it. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] > Sent: Wednesday, April 03, 2002 7:00 AM > To: Ambarish Malpani; brian.hunter@sit.fraunhofer.de > Cc: ietf-pkix@imc.org > Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > Hi Denis, Russ, > > Great work on the new draft! > > Thank you. It was quite harder than expected. > > > A few comments: > > > > 1. In 2 places you equate the "root" with a self-signed cert. I > > hope you intend to allow the trust anchor to be a non-self-signed > > cert. The 2 places are Para 4 of Section 4 and Para 4 of Section 5. > > In Para 4 of Section 4, the text says "e.g. root self-signed > certificates". > So there is nothing wrong, since this is only an example. No > change needed. > > In Para 4 of Section 5, the text says: "The trust anchor self-signed > certificate, if issued, is not included." Since Brian had > problems with > that sentence too, it is proposed to change it into: > > "Each path consists of a sequence of certificates, starting with > the certificate to be validated and ending with a trust anchor. > If the trust anchor is a self-signed certificate, that self-signed > certificate is not included." > > > 2. Section 4 Para 9 > > You require the DPV server to "obtain" the certificate from the > > reference provided by the client. This is *not* a requirement. If > > the server obtains the certificate by some other means, > that is okay, > > as long as it verifies that the certificate is indeed the one > > being referred to by the client. > > The current sentence is: > > "If not provided in the request, the server MUST use the unambiguous > reference provided in the request to obtain it." > > It is proposed to change the sentence into: > > "If not provided in the request, the server MUST verify that > the certificate > is indeed the one being unambiguous referenced by the client". > > > 3. Section 4 Para 12 > > In order to prevent replay attacks, you require the nonce to be > > present in the response. As mentioned by Petra, if the response > > contained the request hash, it doesn't need to contain the nonce. It > > is still bound to the request. Present of the request nonce in the > > reply shouldn't be a requirement in this case. > > Verification of equality of the nonce is simple and straigthforward to > discard replay attacks. Since we do not require to use the hash of the > request in the response, we have purposely maintained this > requirement. > > > 4. Section 4 Para 16 > > You require a DPV response to be signed - error response > > might not be signed (e.g. badly formatted request, etc.) Please > > allow for that case. > > Certainly. The current text is: > > "For the client to be confident that the certificate validation was > handled by the expected DPV server, the DPV response MUST be > authenticated. > > For the client to be able prove to a third party that trusts the > same DPV server that the certificate validation was handled > correctly, > the DPV response MUST be digitally signed." > > It is proposed to add at the end of each paragraph: > > "unless an error is reported (e.g. badly formatted request, etc.)." > > > That's it! > > Thank you ! > > Denis > > > > Regards, > > Ambarish > > > > > --------------------------------------------------------------------- > > Ambarish Malpani > > Chief Architect > 650.567.5457 > > ValiCert, Inc. > ambarish@valicert.com > > 1215 Terra Bella Ave. > http://www.valicert.com > > Mountain View, CA 94043 > > > > > -----Original Message----- > > > From: Tim Polk [mailto:tim.polk@nist.gov] > > > Sent: Friday, March 29, 2002 2:55 PM > > > To: ietf-pkix@imc.org > > > Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > > > > > Folks, > > > > > > The editors have informed me that they believe the -03 draft > > > satisfies all > > > WG Last Call comments and meets the criteria of rough > > > consesnsus. My review > > > agrees with their position, and I would like to ship the > > > document to the > > > ADs as soon as possible. > > > > > > If you have a dog in this fight, *please review the > specification by > > > Tuesday COB.* If I do not see any traffic on the list > stating that > > > unresolved comments remain, I will forward the document to the ADs > > > Wednesday morning. > > > > > > Thanks, > > > > > > Tim Polk > > > > > > At 07:03 AM 3/29/02 -0500, you wrote: > > > >A New Internet-Draft is available from the on-line > Internet-Drafts > > > >directories. > > > >This draft is a work item of the Public-Key Infrastructure > > > (X.509) Working > > > >Group of the IETF. > > > > > > > > Title : Delegated Path Validation and > > > Delegated Path > > > > Discovery > > > > Protocol Requirements (DPV&DPD-REQ) > > > > Author(s) : D. Pinkas, R. Housley > > > > Filename : draft-ietf-pkix-dpv-dpd-req-03.txt > > > > Pages : 11 > > > > Date : 28-Mar-02 > > > > > > > >This document specifies the requirements for Delegated Path > > > Validation > > > >(DPV) and Delegated Path Discovery (DPD) for Public Key > Certificates. > > > >It also specifies the requirements for DPV and DPD > policy management. > > > > > > > >A URL for this Internet-Draft is: > > > >http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > > eq-03.txt > > > > > > > >To remove yourself from the IETF Announcement list, send > a message to > > > >ietf-announce-request with the word unsubscribe in the body > > > of the message. > > > > > > > >Internet-Drafts are also available by anonymous FTP. Login > > > with the username > > > >"anonymous" and a password of your e-mail address. After > logging in, > > > >type "cd internet-drafts" and then > > > > "get draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > > > >A list of Internet-Drafts directories can be found in > > > >http://www.ietf.org/shadow.html > > > >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > > > > >Internet-Drafts can also be obtained by e-mail. > > > > > > > >Send a message to: > > > > mailserv@ietf.org. > > > >In the body type: > > > > "FILE > /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > > > >NOTE: The mail server at ietf.org can return the document in > > > > MIME-encoded form by using the "mpack" utility. > To use this > > > > feature, insert the command "ENCODING mime" before > > > the "FILE" > > > > command. To decode the response(s), you will need > > > "munpack" or > > > > a MIME-compliant mail reader. Different > > > MIME-compliant mail readers > > > > exhibit different behavior, especially when dealing with > > > > "multipart" MIME messages (i.e. documents which > > > have been split > > > > up into multiple messages), so check your local > > > documentation on > > > > how to manipulate these messages. > > > > > > > > > > > >Below is the data which will enable a MIME compliant mail reader > > > >implementation to automatically retrieve the ASCII version of the > > > >Internet-Draft. > > > >Content-Type: text/plain > > > >Content-ID: <20020328141430.I-D@ietf.org> > > > > > > > >ENCODING mime > > > >FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > > eq-03.txt> > > > > Received: by above.proper.com (8.11.6/8.11.3) id g33GbKo28675 for ietf-pkix-bks; Wed, 3 Apr 2002 08:37:20 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33GbJm28671 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:37:19 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GU000J013EQDT@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 3 Apr 2002 08:35:14 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GU000J763EP0D@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 03 Apr 2002 08:35:13 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H570PHCN>; Wed, 03 Apr 2002 08:36:49 -0800 Content-return: allowed Date: Wed, 03 Apr 2002 08:36:47 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: One last comment on DPD requirements To: "'ietf-pkix@imc.org'" <ietf-pkix@imc.org> Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5348@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Group, One last (slightly late) comment on the DPD requirements that has been troubling me: In the DPD requirements, there is a reasonable amount of text that talks about how a server can return multiple paths back to the client (to allow the client to decide which path is the best). The main goal of DPD is to try and simplify the client. In how many cases do people really want multiple paths back from the server. While it is the right requirement in principal, do folks really think clients will want multiple paths back from a DPD server? Are we adding the additional flexiblity/complexity just for technical purity? Comments will be appreciated. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 Received: by above.proper.com (8.11.6/8.11.3) id g33GH0s28134 for ietf-pkix-bks; Wed, 3 Apr 2002 08:17:00 -0800 (PST) Received: from netscape.com (r2d2.netscape.com [205.217.237.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33GGxm28130 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:16:59 -0800 (PST) Received: from judge.mcom.com (judge.mcom.com [205.217.237.53]) by netscape.com (8.10.0/8.10.0) with ESMTP id g33GGs706906 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:16:55 -0800 (PST) Received: from netscape.com ([10.169.184.32]) by judge.mcom.com (Netscape Messaging Server 4.15) with ESMTP id GU02K600.CNJ; Wed, 3 Apr 2002 08:16:54 -0800 Message-ID: <3CAB2AF1.3080408@netscape.com> Date: Wed, 03 Apr 2002 11:16:49 -0500 From: mcs@netscape.com (Mark C Smith) Organization: Netscape Communications Corp. User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.9) Gecko/20020311 X-Accept-Language: English/United States [en-US],En MIME-Version: 1.0 To: David Chadwick <d.w.chadwick@salford.ac.uk> CC: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <3CA860A2.20AB0F9C@salford.ac.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> I am still concerned about how dropping the ;binary transfer option that was mandated by RFC 2252 will affect the large installed base of LDAPv3 and PKI implementations (of course some PKI clients are already trying to use userCertificate without ;binary with LDAPv3 implementations, and not surprisingly there are having a difficult time). But if consensus is to proceed with this proposal, then I think the conflict with RFC 2252 should be noted in the PKIX document (there is a lot of history behind all of this, and implementors and users who do not know all of it will undoubtedly be confused). -Mark Smith Netscape David Chadwick wrote: > Colleagues > > Here is my proposed change to the section describing the LDAP syntax for > cerificates in the PKIX id > <draft-pkix-ldap-schema-03.txt> which should be published before the end > of April. As this is likely to be the most contentious part of the new > ID, I thought it would be useful to distribute this text at the earlier > possible moment. > > All constructive comments welcomed > > David > > > 3.3 Certificate Syntax > > A value in this transfer syntax is the binary octet string that results > from BER or DER-encoding of an X.509 public key certificate. The > following string states the OID assigned to this syntax: > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > > Servers must preserve values in this syntax exactly as given when > storing and retrieving them. > > Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent > changes to the ASN.1 definition to support certificate extensions in > X.509(1997), no character string transfer syntax is defined for > certificates. The BNF notation in RFC 1778 [12] for "User Certificate" > MUST NOT be used. Values in this syntax MUST be transferred as BER or > DER encoded octets. The use of the ;binary encoding option, i.e. by > requesting or returning the attributes with descriptions > "userCertificate;binary" or "caCertificate;binary" has no effect on the > transfer syntax. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33GGli28125 for ietf-pkix-bks; Wed, 3 Apr 2002 08:16:47 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33GGjm28121 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 08:16:45 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id SAA10830; Wed, 3 Apr 2002 18:19:14 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040318161624:380 ; Wed, 3 Apr 2002 18:16:16 +0200 Message-ID: <3CAB2ABA.646EDA1A@bull.net> Date: Wed, 03 Apr 2002 18:15:54 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tom Gindin <tgindin@us.ibm.com> CC: ietf-pkix@imc.org Subject: Re: WG Last Call: Roadmap References: <OFE222ECDC.37138E03-ON85256B8B.0046F852@pok.ibm.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 18:16:16, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 18:16:46, Serialize complete at 03/04/2002 18:16:46 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Tom, > I have a few issues with this, and some corrections as well. > In comment 12, I have two issues. The first one, which is minor, is > that "one or more Top CA's may be trusted" should refer to root CA's > instead - the two terms mean the same thing more often than not, but when > they differ the trust point is the root rather than the top. PKIX-1 states: " - Top CA - A CA that is at the top of a PKI hierarchy. Note: This is often also called a "Root CA," since in data structures terms and in graph theory, the node at the top of a tree is the "root." However, to minimize confusion in this document, we elect to call this node a "Top CA," and reserve "Root CA" for the CA directly trusted by the EE." The problem lies with the last sentence, i.e. "*the* CA directly trusted by the EE.". The singular is being used which means that there is a single one, multiple roots are not permitted, while multiple Top-CAs are permitted. > The second is less minor. Is it truly intended that a signing EE > be permitted to specify the set of trusted CA's for an RP to use in > verifying a signature? At a minimum, an RP in this model is responsible > for validating the the set of rules is identical to one it has already > decided to trust, but there is no reference in the model description to > any active role for the RP. A verifier (not a signing EE as you mentioned) does not know what an anchor is, but may know what a policy is. So by selecting the policy that applies to the application, indirectly trust anchors (and much more) are selected. Remember that the same verifier may verify digital signatures in various contexts, e.g. for a Bank transaction or for a green reservation in a Golf Club. The trust conditions are not necessarilly identical. Note also that a verifier does not need to be a signer and may not have any certificate of its own. The case of a single (root) CA trusted for any kind of application is a very specific case and cannot be considered as the general case. > In your comment 5 (on page 15), replace "date of issue" by "date and > time of issue". This is fine. > At a slightly more substantive level, shouldn't the clarification of > the definition of Top CA on page 4 end "and reserve 'root CA' for a CA > directly trusted by the EE."? This wording permits multiple trusted roots. I do not think that PKIX-1 allows for this. See the quote above. > In your comment 4, shouldn't "CA certificate" be "hierarchical CA > certificate"? Surely a Top CA's self-signed certificate is also a "CA > certificate", and your definition excludes it. Then the sentence "Some > people in the WG believe that a cross certificate is a special kind of CA > certificate." is reversed to "... believe that a hierarchical CA > certificate is a special kind of cross certificate". You say that the definition excludes the fact that a Top CA's self-signed certificate is also a CA-certificate. This is correct, ... but was not intended. So what about this full correction ? [2459bis] defines a cross-certificate as "a certificate issued by one CA to another CA". [2459bis] does not provide a formal definition of a CA certificate but implictly means a certificate where the subject of the certificate is a CA. This means that self-signed certificates are CA certificats but are not cross-certificates. Some people in the WG believe that a cross certificate is a special kind of CA certificate issued by a CA under one Top CA for another CA under a different Top CA. CAs in the same hierarchy usually have part of their names imposed by the Top CA or by the CAs under that Top CAs. When a cross certificate is issued, there is no relationship between the names of the CAs. > In comment 11, the i.e. should remain "what are the root CA's" rather > than "what are the Top CA's", for the same reason as in comment 12. I do not think so. See my first comment. Regards, Denis > Tom Gindin > > Denis Pinkas <Denis.Pinkas@bull.net>@mail.imc.org on 03/26/2002 12:11:50 PM > > Sent by: owner-ietf-pkix@mail.imc.org > > To: ietf-pkix@imc.org > cc: Carlisle Adams <cadams@entrust.com> > Subject: Re: WG Last Call: Roadmap > > Comments on the roadmap document draft-ietf-pkix-roadmap-07.txt > > (snip) > COMMENT 3. A sentence states: "However, to minimize confusion in this > document, we elect to call this node a "Top CA," and reserve "Root CA" for > the CA directly trusted by the EE". Since an EE may trust more than one Top > CA, shouldn't we say: > > "However, to minimize confusion in this document, we elect to call this > node > a "Top CA," and reserve "Root CA" when there is a single CA directly > trusted > by the EE." > > COMMENT 4. On page 14. A clarification needs to be done between > cross-certificates and CA certificates. The text currently states: > > A cross-certificate is a PKC issued by one CA to another CA which > contains a public CA key associated with the private CA signature key > used for issuing PKCs. Typically, a cross-certificate is used to > allow client systems or end entities in one administrative domain to > communicate securely with client systems or end users in another > administrative domain. Use of a cross-certificate issued from CA_1 to > CA_2 allows user Alice, who trusts CA_1, to accept a PKC used by Bob, > which was issued by CA_2. Cross-certificates can also be issued from > one CA to another CA in the same administrative domain, if required. > > I would propose instead the following: > > " A CA certificate is a certificate in a hierarchy that is neither a > self-signed certificate, nor an end-entity certificate. [2459bis] does not > make a difference between a CA certificate and a cross certificate since it > defines a cross-certificate as "a certificate issued by one CA to another > CA". Some people in the WG believe that a cross certificate is a special > kind of CA certificate. A cross certificate is issued by a CA under one > Top CA for another CA under a different Top CA. CAs in the same hierarchy > have part of their names imposed by the Top CA or by the CAs under that > Top CAS. When a cross certificate is issued, there is no relationship > between the names of the CAS. > > Typically, a cross-certificate is used to allow client systems or end > entities in one administrative domain to communicate securely with client > systems or end users in another administrative domain. Use of a > cross-certificate issued from CA_1 to CA_2 allows user Alice, who trusts > CA_1, to accept a PKC used by Bob, which was issued by CA_2. > Cross-certificates can also be issued from one CA to another CA in the same > administrative domain, if required." > > COMMENT 5. On page 15, the text states: "A CRL is a time stamped list > identifying revoked PKCs that is signed by a CA and made freely available > in a public repository." > > I would prefer to avoid to use "time-stamped" in that context and thus I > would propose the following wording: > > "A CRL is a list that identifies the references of revoked PKCs. This list > contains a date of issue and is signed by a CA and made freely available in > a public repository." > > (snip) > > COMMENT 11. On page 47. Section 5.5 talks about trust model, but only > consider a single trust point: > > " An important design decision is where a particular EE's trust point > is located (i.e., where is the EE's Root CA). There are a number of > models that have been developed and depending on the environment some > models may be more suited than others. The following provides some > background on the models." > > I would rather propose to change it into: > > " An important design decision is, for a given application, where the > particular EE's trust points are located (i.e. what are the Top CAs). > There are a number of models that have been developed and depending on > the environment some models may be more suited than others. The following > provides some background on the models." > > COMMENT 12. On page 49. Section 5.5 I would propose to add another model. > > 5.5.5 Validation policies > > Another model considers a set of rules that apply to an application > context. > Every application context may have a different set of rules. When choosing > to use certificates in the context of that application, the EE selects the > set of rules for that context. In a set of rules, one or more Top CAs may > be > trusted, each one may be associated with different constraints, like the > certificate policies that are trusted or the naming constraints that apply. > These constrains may be specified either in self-signed certificates or in > addition to self-signed certificates when they do not incorporate these > constraints. This set of rules is called a validation policy (when > validating a certificate) or a signature policy (when validating a digital > signature). > > Regards, > > Denis Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Fui325773 for ietf-pkix-bks; Wed, 3 Apr 2002 07:56:44 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33Fugm25760 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:56:42 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA12526; Wed, 3 Apr 2002 17:59:09 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040317561116:377 ; Wed, 3 Apr 2002 17:56:11 +0200 Message-ID: <3CAB2606.EA5D914D@bull.net> Date: Wed, 03 Apr 2002 17:55:50 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-logotypes-01.txt References: <5.1.0.14.2.20020327131915.02f3f5d8@exna07.securitydynamics.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:56:11, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:56:41, Serialize complete at 03/04/2002 17:56:41 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Russ, Thank you for this long reply ... that did not convinced me. The argumentation you provided is not crystal clear to me. See my comments below. > Denis: > > I fear that you have missed the point of the logotypes draft > altogether. The authors recognize that the introduction needs to be > expanded, so we may be to blame for any misunderstanding. To try and clear > up the misunderstanding, I offer some general observations before > responding to your specific comments. > > The logotype extension will aid in two situations: > 1. Certificate-based Identification > 2. Selection of Certificates > > In the first case, the need for human recognition 1) Recognition of what ? or of which characteristics ? Please be precise. 2) Recognized by which entity ? Please be precise. I would guess a human being acting as a relying party. > depends on the manner in > which certificates are used and whether certificates need to be visible to > human users. If certificates are to be used in open environments and in > applications that bring the user in conscious contact with the result of a > certificate-based identification process, then human recognition is highly > relevant, and it may be a necessity. > > Most applications provide the human user with an opportunity to view the > results of a successful certificate-based identification process. When the > user takes the steps necessary to view these results, the user is presented > with a view of a certificate. This solution has two major problems. First, > the function to view a certificate is often rather hard to find for a > non-technical user. Second, the presentation of the certificate is rather > technical; it is not user friendly. It contains no graphic symbols or > logotypes to enhance human recognition. > In the second case, there are software applications that expose human users > to certificates for the selection of a single certificate from a portfolio > of certificates. In some circumstances, the software application can use > information within the certificates to determine suitability; however, the > user must be queried if more than one certificate is suitable. The human > user must select one of them. I would guess that is that case it is a recognition by the subscriber. Is it what you mean ? Are there other cases you are thinking of ? Please be precise. > This situation is comparable to a person selecting a suitable plastic card > from his wallet. In this situation, substantial assistance is provided by > card color, location, and branding. > > In order provide similar support for certificate selection, the users need > tools to easily recognize and distinguish certificates. Introduction of > logotypes into certificates provides the necessary graphic. > Now, for your specific comments. > > COMMENT 1: Subject logotype. > > Currently a "subject organization logotype" is proposed. It definition is > as follows: "a logotype representing the organization identified in the > subject name in the certificate". > > From this definition only a single logotype would be allowed for a > subject. It can make sense to attach more that one logotype to a subject, > that does not reflect necessarily the organization a user belongs to (e.g. > an individual is a Red Cross member) so the definition should be changed > to: > > "subject logotype" "a logotype representing any characteristic of the > entity identified in the subject name in the certificate". > > RESPONSE 1. > > We are allowing a graphical identity of the user to facilitate certificate > selection or acceptance. We are not trying to graphically represent every > attribute of the user. We certainly do not want to overwhelm the designers > of graphic user interfaces. We need to keep it simple. I do not buy this argument. The current proposal limits to logo type to the logo of the organization, whereas this limitation is not appropriate. A subject may even have no O (Organization) component in the DN and there could be other logos attached to the subject field. > COMMENT 2: Issuer logotype. > > Currently an "issuer organization logotype" is proposed. It definition is > as follows: "a logotype representing the organization identified as part of > the issuer name in the certificate". > > From this definition a single logotype would be allowed for an issuer. It > can make sense to attach more that one logotype to an issuer, that does not > reflect necessarily the organization an issuer belongs to (e.g. an issuer > may support a "Privacy Policy" and be a member from two different trade > associations), so the definition should be changed to: > > "issuer logotype: a logotype representing any characteristic of the issuer > identified as part of the issuer name in the certificate". > > RESPONSE 2. > > Again, we are allowing a graphical identity of the user to facilitate > certificate selection or acceptance. We are not trying to graphically > represent every attribute of the issuer. I do not buy this argument. The current proposal limits to logo type to the logo of the issuer, whereas this limitation is not appropriate. See my examples again. > COMMENT 3: The "concept logotype", also renamed "community logotype" during > the last IETF meeting or " shared community logotype" in the minutes from > the same meeting is more hazy. > > The current text states:" Many issuers may use the concept logotypes to > co-brand with a global concept in order to gain global recognition of its > local service provision. This type of concept branding is very common in > credit card business where local independent card issuers issue cards > within a globally branded concept (such as VISA and MasterCard)". > > The current text also states: " the relationship between the issuer and > either the issuer organization logotype or the concept logotype". > > A logotype is adding "human processable" information to enhance the > properties of an already existing field from a certificate. To this respect > it is sensible to add one (or more) logotypes that characterizes the issuer > and the subject. The real question is to which field the "concept > logotype / community logotype / shared community logotype" relates. > > It may relate : > - either to the issuer, to state that an issuer belongs to some group, or > - to the certificate policy to state that the policy under which the > certificate is issued obeys to some rules imposed by the organization > whose logo is referenced. > > This leads to two possible ways: > 1) only consider two logotypes: issuer logotype and subject logotypes. > 2) consider three logotypes: issuer logotypes, subject logotypes and > policy logotypes. > > I would favor the former, but would have no major problem to go with the > later. In that case the policy logotype would be defined as follows: > > "Policy logotype: a logotype representing any characteristic of the > certificate policy under which the certificate is issued". > > RESPONSE 3. > > Policy implies the wrong connotation. We are not trying to graphically > represent a certificate policy or anything about how the certificate was > issued. The community (or concept) logotype simply allows CA to enter into > collective branding relationships. A branding of what ? Please be precise. > I suppose that a large group that share a common security policy could > register a logo for that policy and use it as a community logo. While this > was not the model that we considered, it certainly is accommodated. > > COMMENT 4: Logotypes are not "claimed" by the issuer, but always *verified* > to some extend by the issuer. The current text is misleading: > > "The relationship between the subject organization and the subject > organization logotype and the relationship between the issuer and > either the issuer organization logotype or the concept logotype, are > relationships *claimed* by the issuer." > > RESPONSE 4. > > The issuer is responsible for the verification of anything that is included > in the certificate. After all, the issuer signature covers it. Thus, the > issuer is claiming that the logotypes are appropriate. Don't twist the wording. :-) We agree on the concept, but we should try to use another wording and avoid to use the word "claim". > COMMENT 5: During the meeting, it has been proposed to add a small image of > the logotype in the certificate itself. In this WG we always have had a > concern about the size of the certificate, so that it can be lodged in some > small devices. So I would not favor to allow such provision in a > extension standardized by this WG. > > RESPONSE 5. > > There are environments where the client cannot access the Internet until > after the certificate is used. Consider certificate-based authentication > to an ISP. A small logotype in the certificate could be useful to aid > certificate selection in this situation. The inclusion of a small logotype > is, of course, optional. ...and instead of certificates between 1 K and 2 K bytes, have certificates with at least one more K ! Denis > COMMENT 6: It should be made clear that this extension in non-critical. > > RESPONSE 6. > > Agree. The logotype extension was never intended to be critical. > > COMMENT 7: The document includes many typos to be corrected. > > RESPONSE 7. > > We will make every effort to correct them before the next draft is published. > > Russ Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33Fbwv23262 for ietf-pkix-bks; Wed, 3 Apr 2002 07:37:58 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33Fbum23258 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:37:56 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA03534; Wed, 3 Apr 2002 17:37:55 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 3 Apr 2002 17:37:55 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA09673; Wed, 3 Apr 2002 17:37:54 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA04100; Wed, 3 Apr 2002 17:37:53 +0200 (MET DST) Date: Wed, 3 Apr 2002 17:37:53 +0200 (MET DST) Message-Id: <200204031537.RAA04100@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, Denis.Pinkas@bull.net Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Thnaks for adding the following: I suggest some small wording change: > > "There are no specific requirements for confidentiality at the protocol > level. Confidentiality may be achieved at the transport level." I suggest: "There are no specific requirements for support of confidentiality at the protocol level. Confidentiality may be achieved at the transport level." Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33FUZX23031 for ietf-pkix-bks; Wed, 3 Apr 2002 07:30:35 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g33FUXm23025 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:30:33 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 Apr 2002 15:29:39 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA19357; Wed, 3 Apr 2002 10:29:34 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g33FUaO15504; Wed, 3 Apr 2002 10:30:36 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1N9S9>; Wed, 3 Apr 2002 10:28:13 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.113]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1N9S5; Wed, 3 Apr 2002 10:28:06 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: David Chadwick <d.w.chadwick@salford.ac.uk> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020403102012.031ad888@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 10:21:39 -0500 Subject: Re: LDAP Certificate transfer syntax In-Reply-To: <3CA8D20B.EDB26372@salford.ac.uk> References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David: I would like to encourage clients to provide certificates in DER. We ought to tell them that there will be less work for everyone if they provide DER-encoded certificates. Likewise for CRLs. Russ At 10:32 PM 4/1/2002 +0100, David Chadwick wrote: >"Housley, Russ" wrote: > > > > David: > > > > Is it possible to preserve the DER encoding. If not, then the DER encoding > > must be restored in order to validate the signature? This just seems like > > wasted processing to me. > > > >Russ > >I quite agree. The revised text is meant to ensure that the DER or BER >encoding created by the client when the certificate was first sent to >the directory for storage is preserved as is. This is the purpose of the >sentence below in the revised text, viz: > > > >Servers must preserve values in this syntax exactly as given when > > >storing and retrieving them. > > > > >Perhaps I should say "as given to them by the client, when storing and >retrieving certificates" > >David > Received: by above.proper.com (8.11.6/8.11.3) id g33FMf122330 for ietf-pkix-bks; Wed, 3 Apr 2002 07:22:41 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33FMdm22326 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:22:39 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id RAA03471; Wed, 3 Apr 2002 17:22:34 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Wed, 3 Apr 2002 17:22:34 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id RAA09603; Wed, 3 Apr 2002 17:22:33 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id RAA04090; Wed, 3 Apr 2002 17:22:33 +0200 (MET DST) Date: Wed, 3 Apr 2002 17:22:33 +0200 (MET DST) Message-Id: <200204031522.RAA04090@emeriau.edelweb.fr> To: Peter.Sylvester@edelweb.fr, rhousley@rsasecurity.com Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt Cc: Denis.Pinkas@bull.net, ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > Peter: > > Would you be happy if the client and server identities were optional? I never had anything else in mind: What about: The protocol MUST provide a means to allow a client and a server to indicate the participating entities (depending on policy or application context). Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33FEpV21961 for ietf-pkix-bks; Wed, 3 Apr 2002 07:14:51 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33FEom21957 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:14:50 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA17590; Wed, 3 Apr 2002 17:17:18 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040317143140:368 ; Wed, 3 Apr 2002 17:14:31 +0200 Message-ID: <3CAB1C48.F463FCB2@bull.net> Date: Wed, 03 Apr 2002 17:14:16 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt References: <200204021800.UAA03750@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:14:31, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:14:50, Serialize complete at 03/04/2002 17:14:50 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > COMMENT 7: Requests shall be able to be authenticated. > > At the end of the following exchange you mention that it > is unclear what requirement is being addressed and > what ind of treatment would be done with such an identity > field. The comment is not necessarily related to > authentication. > > - The requirement is to include the identities of > participating parties in the request and in the > response, in order to indicate who has participated. It is proposed to add after the current last paragraph from section 4: "When the request is authenticated, the requestor shall have the possibility to have its identifier included or not in the response." > This is independant of whether this matches with > some authentication. > > - The treatment is essentially for display purposes > to be able to describe show the transaction result > together with the identities with the need to > understand a particular way how these information > can be found in some authnetication envelope. > > - Anyway, the response should provide for a means > to indicate for whom the response has been made, > not only who has made the response. Since relaying is not supported (see the response to your other e-mail), there is no difference between "for whom the response has been made" and "who has made the response". Denis > Peter > > ---------------------- > > [About COMMENT 7] > > > - a method that client and server provide their identity > > in the requests and responses: 'You, the client X, has > > asked me, the server Y, the following question, and > > I, the server Y, with the help of server Z respond.' > > > This allows to be able to determine the participating entities > > without having access to whatever particular authentication > > method information. > > > [Answer 7] Actually, we already include the identity of the server in the > > response. The request could also be optionally signed. This allows > > the server to authenticate the client, and this authentication allows the > > server to only support a selective community if desired. An option to be > > able to sign the request may be added. > > > The following requirements may be used for example in case of > > validation of an encryption certificate before usage. > > There is a difference between authentication and identification. > The request is that the identification is independant from the > authentication methods and the transports. > > A signing entity (the one identified in a signer info or a certificate) > may or may not be the same as the one declared in the request/response. > you may have separation of roles or other situations. > > "The President of the United States declares, ... signed by JWB". > > Another example is in relaying as follows: > > Your company service declares that I can use Your encryption cert, > and the response is signed by my local service. > > [Additional Answer 7] > > It is unclear what requirement is being addressed and what kind of treatment > would be done with such an identity field. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33FE8e21943 for ietf-pkix-bks; Wed, 3 Apr 2002 07:14:08 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130] (may be forged)) by above.proper.com (8.11.6/8.11.3) with SMTP id g33FE6m21939 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:14:06 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 Apr 2002 15:13:12 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id KAA17658; Wed, 3 Apr 2002 10:13:06 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g33FE8113442; Wed, 3 Apr 2002 10:14:08 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1N92K>; Wed, 3 Apr 2002 10:11:44 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (10.3.16.113 [10.3.16.113]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1N92B; Wed, 3 Apr 2002 10:11:40 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: Peter Sylvester <Peter.Sylvester@edelweb.fr> Cc: Denis.Pinkas@bull.net, ietf-pkix@imc.org Message-Id: <5.1.0.14.2.20020403093134.03181bb8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 03 Apr 2002 09:32:19 -0500 Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt In-Reply-To: <200204021800.UAA03750@emeriau.edelweb.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter: Would you be happy if the client and server identities were optional? Russ At 08:00 PM 4/2/2002 +0200, Peter Sylvester wrote: > > > > COMMENT 7: Requests shall be able to be authenticated. > >At the end of the following exchange you mention that it >is unclear what requirement is being addressed and >what ind of treatment would be done with such an identity >field. The comment is not necessarily related to >authentication. > >- The requirement is to include the identities of > participating parties in the request and in the > response, in order to indicate who has participated. > > This is independant of whether this matches with > some authentication. > >- The treatment is essentially for display purposes > to be able to describe show the transaction result > together with the identities with the need to > understand a particular way how these information > can be found in some authnetication envelope. > >- Anyway, the response should provide for a means > to indicate for whom the response has been made, > not only who has made the response. > >Peter > >---------------------- > > >[About COMMENT 7] > > > - a method that client and server provide their identity > > in the requests and responses: 'You, the client X, has > > asked me, the server Y, the following question, and > > I, the server Y, with the help of server Z respond.' > > > This allows to be able to determine the participating entities > > without having access to whatever particular authentication > > method information. > > > [Answer 7] Actually, we already include the identity of the server in the > > response. The request could also be optionally signed. This allows > > the server to authenticate the client, and this authentication allows the > > server to only support a selective community if desired. An option to be > > able to sign the request may be added. > > > The following requirements may be used for example in case of > > validation of an encryption certificate before usage. > >There is a difference between authentication and identification. >The request is that the identification is independant from the >authentication methods and the transports. > >A signing entity (the one identified in a signer info or a certificate) >may or may not be the same as the one declared in the request/response. >you may have separation of roles or other situations. > >"The President of the United States declares, ... signed by JWB". > >Another example is in relaying as follows: > >Your company service declares that I can use Your encryption cert, >and the response is signed by my local service. > >[Additional Answer 7] > >It is unclear what requirement is being addressed and what kind of treatment >would be done with such an identity field. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33F8Eg21173 for ietf-pkix-bks; Wed, 3 Apr 2002 07:08:14 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33F8Cm21165 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:08:12 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA27850; Wed, 3 Apr 2002 17:10:39 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040317074055:364 ; Wed, 3 Apr 2002 17:07:40 +0200 Message-ID: <3CAB1AAD.F4EF36B2@bull.net> Date: Wed, 03 Apr 2002 17:07:25 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Peter Sylvester <Peter.Sylvester@edelweb.fr> CC: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt References: <200204021325.PAA03676@emeriau.edelweb.fr> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:07:40, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:08:11, Serialize complete at 03/04/2002 17:08:11 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Peter, > > COMMENT 5: No authentication of the server prior to the sending of the > > request (not done with similar protocols). > Denis, I think that I may have badly stated the requirement. I > assume an online connection *and* confidentiality via TLS > done at the transport layer. In this case, confidentiality > would be somewhat meaningless if you don't authenticate the > server. Your remark is correct if you think about encryption > with email, but then you assume that only the server can decrypt, > thus you still have server authentication. If a server can decrypt, this does not authenticate the server to the requester. > What similar protocol do you have in mind? (OCSP)? For example. > > COMMENT 6: Confidentiality done at transport level. > Ok, but it is not mentioned in the text. If > properly stated, it resolves COMMENT 5. Confidentiality is not a requirement for this protocol. Since this document lists requirements, non-requirements are not listed. Nevertheless, in order to be very explicit on that point (and because a new draft will need to be edited for some other comments anyway), it is proposed to add the following sentence at the end of sections 4 and 5: "There are no specific requirements for confidentiality at the protocol level. Confidentiality may be achieved at the transport level." > > COMMENT 8: Relaying not supported by the protocol. > > > This is a pity: This was omitted in OCSP, and the risk > of endless loops of two OCSP servers talking to each other > are definitely there. > Relaying a request to another service is a requirement, > at least in the same way as it is for OCSP. These two sentences are self-contradictory: - "omitted in OCSP" and - "in the same way as it is for OCSP". There is no relaying in OCSP. > But there are two issues: > > Why do you think that a DPV response from a server MUST NOT > contain a DPV response from another server, while on the other > hand it is provided that the server returns all information > concerning the certification path, an revocation information. > What does make DPV responses so different from OCSP reponses > that they would create either additional complexity or harm. > > An end user only communicates with his local company > service. The company knows which external CAs can be > trusted, and which service can be contacted. > You already allow to contact OCSP services in this > way. Where is the difference between DPV and OCSP? > > It may be desirable that an end user may not > directly interface with a remote DPV and needs an > intermediate 'anonymizer' or 'authorized relay'. > > In all such cases there is a danger (like in OCSP) > for endless loops. There is no such a danger: the request is sent to one server and must come back from that same server. If the server uses relaying in the back ground to fulfill the service, then this is not visible from the requester. The final response from a DPV server is signed by the server that received the original request. Relaying is not supported by the protocol. Denis > peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33F5vj20789 for ietf-pkix-bks; Wed, 3 Apr 2002 07:05:57 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33F5tm20770 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:05:55 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA25334; Wed, 3 Apr 2002 17:08:18 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040317052000:362 ; Wed, 3 Apr 2002 17:05:20 +0200 Message-ID: <3CAB1A21.D0BEEA4C@bull.net> Date: Wed, 03 Apr 2002 17:05:05 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Brian Hunter <brian.hunter@sit.fraunhofer.de> CC: rhousley@rsasecurity.com, ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> <3CA9B0F1.EC39C9AC@sit.fraunhofer.de> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:05:20, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:05:50, Serialize complete at 03/04/2002 17:05:50 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Brian, > Hello Denis and Russ, > > > Great work on the new draft! > I concur. > I have one question and a couple of small typographical comments to add. > > 5. Section 5 Para 4 > This comment goes along with Ambarish's comment 1. I do not > understand what is meant by "if issued" in the following sentence: > "The trust anchor self-signed certificate, if issued, is not > included." > > Without understanding the "issued" point and assuming that all trust > anchor certificates, self-signed or not, are issued, then I would have > the sentence read: > "The trust anchor is not included." > Note that I am agreeing with Ambarish that the self-signed requirement > for a root should be dropped. For this point, see the response to Ambarish. It is proposed to have the following text: "Each path consists of a sequence of certificates, starting with the certificate to be validated and ending with a trust anchor. If the trust anchor is a self-signed certificate, that self-signed certificate is not included." All the following change requests have been granted. Denis > 6. Section 4 Para 11 c) > "If another request could made later..." > Suggest to change to: "...could be made..." > > 7. Section 7 Para 3 > "constrains" -> "constraints" > > 8. Section 7.1 Para 1 > "build" -> "built" > > 9. Section 9 Last paragraph point (3) > Is it intended that the validation time should be adjusted for only > one of the four points, hence the use of "or" after point three? I would > suggest the use of "and". > > Regards, > Brian > > > > > A few comments: > > > > 1. In 2 places you equate the "root" with a self-signed cert. I > > hope you intend to allow the trust anchor to be a non-self-signed > > cert. The 2 places are Para 4 of Section 4 and Para 4 of Section 5. > > > > 2. Section 4 Para 9 > > You require the DPV server to "obtain" the certificate from the > > reference provided by the client. This is *not* a requirement. If > > the server obtains the certificate by some other means, that is okay, > > as long as it verifies that the certificate is indeed the one > > being referred to by the client. > > > > 3. Section 4 Para 12 > > In order to prevent replay attacks, you require the nonce to be > > present in the response. As mentioned by Petra, if the response > > contained the request hash, it doesn't need to contain the nonce. It > > is still bound to the request. Present of the request nonce in the > > reply shouldn't be a requirement in this case. > > > > 4. Section 4 Para 16 > > You require a DPV response to be signed - error response > > might not be signed (e.g. badly formatted request, etc.) Please > > allow for that case. > > > > That's it! > > > > Regards, > > Ambarish > > > > --------------------------------------------------------------------- > > Ambarish Malpani > > Chief Architect 650.567.5457 > > ValiCert, Inc. ambarish@valicert.com > > 1215 Terra Bella Ave. http://www.valicert.com > > Mountain View, CA 94043 > > > > > -----Original Message----- > > > From: Tim Polk [mailto:tim.polk@nist.gov] > > > Sent: Friday, March 29, 2002 2:55 PM > > > To: ietf-pkix@imc.org > > > Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > > > > > Folks, > > > > > > The editors have informed me that they believe the -03 draft > > > satisfies all > > > WG Last Call comments and meets the criteria of rough > > > consesnsus. My review > > > agrees with their position, and I would like to ship the > > > document to the > > > ADs as soon as possible. > > > > > > If you have a dog in this fight, *please review the specification by > > > Tuesday COB.* If I do not see any traffic on the list stating that > > > unresolved comments remain, I will forward the document to the ADs > > > Wednesday morning. > > > > > > Thanks, > > > > > > Tim Polk > > > > > > At 07:03 AM 3/29/02 -0500, you wrote: > > > >A New Internet-Draft is available from the on-line Internet-Drafts > > > >directories. > > > >This draft is a work item of the Public-Key Infrastructure > > > (X.509) Working > > > >Group of the IETF. > > > > > > > > Title : Delegated Path Validation and > > > Delegated Path > > > > Discovery > > > > Protocol Requirements (DPV&DPD-REQ) > > > > Author(s) : D. Pinkas, R. Housley > > > > Filename : draft-ietf-pkix-dpv-dpd-req-03.txt > > > > Pages : 11 > > > > Date : 28-Mar-02 > > > > > > > >This document specifies the requirements for Delegated Path > > > Validation > > > >(DPV) and Delegated Path Discovery (DPD) for Public Key Certificates. > > > >It also specifies the requirements for DPV and DPD policy management. > > > > > > > >A URL for this Internet-Draft is: > > > >http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > > eq-03.txt > > > > > > > >To remove yourself from the IETF Announcement list, send a message to > > > >ietf-announce-request with the word unsubscribe in the body > > > of the message. > > > > > > > >Internet-Drafts are also available by anonymous FTP. Login > > > with the username > > > >"anonymous" and a password of your e-mail address. After logging in, > > > >type "cd internet-drafts" and then > > > > "get draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > > > >A list of Internet-Drafts directories can be found in > > > >http://www.ietf.org/shadow.html > > > >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > > > > >Internet-Drafts can also be obtained by e-mail. > > > > > > > >Send a message to: > > > > mailserv@ietf.org. > > > >In the body type: > > > > "FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > > > >NOTE: The mail server at ietf.org can return the document in > > > > MIME-encoded form by using the "mpack" utility. To use this > > > > feature, insert the command "ENCODING mime" before > > > the "FILE" > > > > command. To decode the response(s), you will need > > > "munpack" or > > > > a MIME-compliant mail reader. Different > > > MIME-compliant mail readers > > > > exhibit different behavior, especially when dealing with > > > > "multipart" MIME messages (i.e. documents which > > > have been split > > > > up into multiple messages), so check your local > > > documentation on > > > > how to manipulate these messages. > > > > > > > > > > > >Below is the data which will enable a MIME compliant mail reader > > > >implementation to automatically retrieve the ASCII version of the > > > >Internet-Draft. > > > >Content-Type: text/plain > > > >Content-ID: <20020328141430.I-D@ietf.org> > > > > > > > >ENCODING mime > > > >FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > > eq-03.txt> > > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g33F16220276 for ietf-pkix-bks; Wed, 3 Apr 2002 07:01:06 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33F15m20272 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 07:01:05 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id RAA28180; Wed, 3 Apr 2002 17:03:15 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040317003987:361 ; Wed, 3 Apr 2002 17:00:39 +0200 Message-ID: <3CAB1909.E1E3346E@bull.net> Date: Wed, 03 Apr 2002 17:00:25 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Ambarish Malpani <ambarish@valicert.com>, brian.hunter@sit.fraunhofer.de CC: ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:00:39, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 03/04/2002 17:00:52, Serialize complete at 03/04/2002 17:00:52 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > Hi Denis, Russ, > Great work on the new draft! Thank you. It was quite harder than expected. > A few comments: > > 1. In 2 places you equate the "root" with a self-signed cert. I > hope you intend to allow the trust anchor to be a non-self-signed > cert. The 2 places are Para 4 of Section 4 and Para 4 of Section 5. In Para 4 of Section 4, the text says "e.g. root self-signed certificates". So there is nothing wrong, since this is only an example. No change needed. In Para 4 of Section 5, the text says: "The trust anchor self-signed certificate, if issued, is not included." Since Brian had problems with that sentence too, it is proposed to change it into: "Each path consists of a sequence of certificates, starting with the certificate to be validated and ending with a trust anchor. If the trust anchor is a self-signed certificate, that self-signed certificate is not included." > 2. Section 4 Para 9 > You require the DPV server to "obtain" the certificate from the > reference provided by the client. This is *not* a requirement. If > the server obtains the certificate by some other means, that is okay, > as long as it verifies that the certificate is indeed the one > being referred to by the client. The current sentence is: "If not provided in the request, the server MUST use the unambiguous reference provided in the request to obtain it." It is proposed to change the sentence into: "If not provided in the request, the server MUST verify that the certificate is indeed the one being unambiguous referenced by the client". > 3. Section 4 Para 12 > In order to prevent replay attacks, you require the nonce to be > present in the response. As mentioned by Petra, if the response > contained the request hash, it doesn't need to contain the nonce. It > is still bound to the request. Present of the request nonce in the > reply shouldn't be a requirement in this case. Verification of equality of the nonce is simple and straigthforward to discard replay attacks. Since we do not require to use the hash of the request in the response, we have purposely maintained this requirement. > 4. Section 4 Para 16 > You require a DPV response to be signed - error response > might not be signed (e.g. badly formatted request, etc.) Please > allow for that case. Certainly. The current text is: "For the client to be confident that the certificate validation was handled by the expected DPV server, the DPV response MUST be authenticated. For the client to be able prove to a third party that trusts the same DPV server that the certificate validation was handled correctly, the DPV response MUST be digitally signed." It is proposed to add at the end of each paragraph: "unless an error is reported (e.g. badly formatted request, etc.)." > That's it! Thank you ! Denis > Regards, > Ambarish > > --------------------------------------------------------------------- > Ambarish Malpani > Chief Architect 650.567.5457 > ValiCert, Inc. ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043 > > > -----Original Message----- > > From: Tim Polk [mailto:tim.polk@nist.gov] > > Sent: Friday, March 29, 2002 2:55 PM > > To: ietf-pkix@imc.org > > Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > Folks, > > > > The editors have informed me that they believe the -03 draft > > satisfies all > > WG Last Call comments and meets the criteria of rough > > consesnsus. My review > > agrees with their position, and I would like to ship the > > document to the > > ADs as soon as possible. > > > > If you have a dog in this fight, *please review the specification by > > Tuesday COB.* If I do not see any traffic on the list stating that > > unresolved comments remain, I will forward the document to the ADs > > Wednesday morning. > > > > Thanks, > > > > Tim Polk > > > > At 07:03 AM 3/29/02 -0500, you wrote: > > >A New Internet-Draft is available from the on-line Internet-Drafts > > >directories. > > >This draft is a work item of the Public-Key Infrastructure > > (X.509) Working > > >Group of the IETF. > > > > > > Title : Delegated Path Validation and > > Delegated Path > > > Discovery > > > Protocol Requirements (DPV&DPD-REQ) > > > Author(s) : D. Pinkas, R. Housley > > > Filename : draft-ietf-pkix-dpv-dpd-req-03.txt > > > Pages : 11 > > > Date : 28-Mar-02 > > > > > >This document specifies the requirements for Delegated Path > > Validation > > >(DPV) and Delegated Path Discovery (DPD) for Public Key Certificates. > > >It also specifies the requirements for DPV and DPD policy management. > > > > > >A URL for this Internet-Draft is: > > >http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > eq-03.txt > > > > > >To remove yourself from the IETF Announcement list, send a message to > > >ietf-announce-request with the word unsubscribe in the body > > of the message. > > > > > >Internet-Drafts are also available by anonymous FTP. Login > > with the username > > >"anonymous" and a password of your e-mail address. After logging in, > > >type "cd internet-drafts" and then > > > "get draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > >A list of Internet-Drafts directories can be found in > > >http://www.ietf.org/shadow.html > > >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > >Internet-Drafts can also be obtained by e-mail. > > > > > >Send a message to: > > > mailserv@ietf.org. > > >In the body type: > > > "FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > >NOTE: The mail server at ietf.org can return the document in > > > MIME-encoded form by using the "mpack" utility. To use this > > > feature, insert the command "ENCODING mime" before > > the "FILE" > > > command. To decode the response(s), you will need > > "munpack" or > > > a MIME-compliant mail reader. Different > > MIME-compliant mail readers > > > exhibit different behavior, especially when dealing with > > > "multipart" MIME messages (i.e. documents which > > have been split > > > up into multiple messages), so check your local > > documentation on > > > how to manipulate these messages. > > > > > > > > >Below is the data which will enable a MIME compliant mail reader > > >implementation to automatically retrieve the ASCII version of the > > >Internet-Draft. > > >Content-Type: text/plain > > >Content-ID: <20020328141430.I-D@ietf.org> > > > > > >ENCODING mime > > >FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > eq-03.txt> > > Received: by above.proper.com (8.11.6/8.11.3) id g33Ex4C20198 for ietf-pkix-bks; Wed, 3 Apr 2002 06:59:04 -0800 (PST) Received: from mtk-mail1.mitretek.org (mtk-mail1.mitretek.org [141.156.156.58]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33Ex2m20194 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 06:59:02 -0800 (PST) Received: from tsf-gw.tsf.mitretek.org (root@tsf-gw.mitretek.org [172.16.17.253]) by mtk-mail1.mitretek.org (8.12.1/8.12.1) with ESMTP id g33EvpGk022547; Wed, 3 Apr 2002 09:57:52 -0500 (EST) Received: from localhost (stillson@localhost [127.0.0.1]) by tsf-gw.tsf.mitretek.org (8.12.1/8.12.1/Debian -5) with ESMTP id g33F0k9w013618; Wed, 3 Apr 2002 10:00:47 -0500 Date: Wed, 3 Apr 2002 10:00:46 -0500 (EST) From: Ken Stillson <stillson@mitretek.org> To: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) In-Reply-To: <3CAAB04A.9080707@stroeder.com> Message-ID: <Pine.LNX.4.40.0204030943390.13533-100000@tsf-gw.mitretek.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by above.proper.com id g33Ex3m20195 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On Wed, 3 Apr 2002, Michael Ströder wrote: > Ken, for various reasons this old style 1:1 DIT mapping and obtaining the > certificate chain from a directory never really worked in practice. Maybe in > some small environments or very specific environments. As I understand it, this is the approach being taken in the rather large effort of the Federal Bridge CA (FBCA). Perhaps it's not an ideal solution, but at the moment, it appears to be the only available solution. The problem is that when finding the next certificate in a hierarchical or cross-cert chain, validation software might (when AIA and similar extensions are not populated) only have the issuer field of the current cert in order to find the next certificate. (David W. informs me that an outcome of the LDAP PKIX ID will be the ability to search for an entry based on its internal cert DN rather than ldap-read it from a directory location. I hadn't caught that; perhaps that's the permanent solution. I'm coming from the point of view of the FBCA project which is already well underway and didn't have that capability available to rely upon.) > BTW: Which implementation do exist outside the X.500 world which try to > obtain the whole certificate chain from a LDAP directory? I do not know a > single one. FBCA is using a combination of chained X.500 directories (with LDAP front-ends), and LDAP "meta-directories," essentially a mesh of referral systems. > Also think of dc-style naming vs. traditional X521 naming. If you'd like to > use dc-style naming in your LDAP directory and have that DIT 1:1 in your > certificate's subject name you will run into many serious interoperability > problems with PKI enabled software. Well, I guess I would say that if one "would like" dc-style naming, then that directory is designed for human interaction (humans "like" things). A PKI repository being stood-up for automated certificate retrieval should be structured for the ease of retrieval; if one really needs both, and they conflict, it wouldn't be too surprising to need two structures; at least two indexing structures (I believe most directory software would allow referrals or aliases to provide two DN views to the same objects). - Ken -- | Ken Stillson | stillson@mitretek.org | | Sr. Principal Engineer | voice: (703) 610-2965 | | Mitretek Systems | fax: (703) 610-2984 | Received: by above.proper.com (8.11.6/8.11.3) id g33Es5m19790 for ietf-pkix-bks; Wed, 3 Apr 2002 06:54:05 -0800 (PST) Received: from e1.esmtp.ibm.com (e1.ny.us.ibm.com [32.97.182.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33Es3m19786 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 06:54:03 -0800 (PST) Received: from northrelay02.pok.ibm.com (northrelay02.pok.us.ibm.com [9.117.200.22]) by e1.esmtp.ibm.com (8.12.2/8.12.2) with ESMTP id g33EoVMr363910; Wed, 3 Apr 2002 09:50:31 -0500 Received: from d01ml062.pok.ibm.com (d01ml062.pok.ibm.com [9.117.250.163]) by northrelay02.pok.ibm.com (8.11.1m3/NCO/VER6.00) with ESMTP id g33Erto15380; Wed, 3 Apr 2002 09:53:55 -0500 Importance: Normal Sensitivity: Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) To: Harald Koch <chk@pobox.com> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 Message-ID: <OFE4C93AAA.E5DA66C1-ON85256B90.0050C515@pok.ibm.com> From: "Tom Gindin" <tgindin@us.ibm.com> Date: Wed, 3 Apr 2002 09:49:06 -0500 X-MIMETrack: Serialize by Router on D01ML062/01/M/IBM(Release 5.0.9a |January 28, 2002) at 04/03/2002 09:53:56 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Harald: While there is obviously nothing wrong with putting certificates in a directory entry other than that of the subject (cross-certificates are recommended to go into the issuer's directory entry as well as the subject's for example), should certificates be stored in the userCertificate attribute of any entry other than the subject's? That's a much more dubious thing to do. Shouldn't a different attribute be defined for such a purpose? Tom Gindin Harald Koch <chk@pobox.com>@mail.imc.org on 04/03/2002 12:08:14 AM Sent by: owner-ietf-pkix@mail.imc.org To: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> cc: Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) Of all the gin joints in all the towns in all the world, Ken Stillson had to walk into mine and say: > > "A PKI object should be placed into a LDAP directory such that the LDAP > object DN matches the subject DN of the object." It's supposed to be the other way around, isn't it? One should issue certificates with a subject DN that matches the LDAP object DN. Anyway, there are many environments where a certificate issued by one organisation must be stored in a directory belonging to another. I don't believe that an arbitrary restriction like this won't fly. -- Harald Koch <chk@pobox.com> Received: by above.proper.com (8.11.6/8.11.3) id g33AIJx02531 for ietf-pkix-bks; Wed, 3 Apr 2002 02:18:19 -0800 (PST) Received: from ntsiaexch.office ([193.203.230.22]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g33AHsm02493 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 02:17:55 -0800 (PST) Received: by ntsiaexch.office with Internet Mail Service (5.5.2653.19) id <2F65LS19>; Wed, 3 Apr 2002 12:17:45 +0200 Message-ID: <8160937F4F4CD111A93E00805FC1752906FEAE98@ntsiaexch.office> From: Santoni Adriano <adriano.santoni@actalis.it> To: PKIX <ietf-pkix@imc.org> Subject: ISO 9796-2 and PKCS#7 Date: Wed, 3 Apr 2002 12:17:44 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> A little bizarre question to all volunteers: does somebody think that ISO 9796-2 could be used within PKCS#7 SignedData envelopes? Adriano ___________________________________________________________________ SIA S.p.A. SI TRASFERISCE NUOVA SEDE ---> http://www.sia.it/taramelli <--- NUOVA SEDE ___________________________________________________________________ *******************Internet Email Confidentiality Footer******************* Qualsiasi utilizzo non autorizzato del presente messaggio nonche' dei suoi allegati e' vietato e potrebbe costituire reato. Se lei ha ricevuto erroneamente il presente messaggio, Le saremmo grati se, via e-mail, ce ne comunicasse la ricezione e provvedesse alla distruzione del messaggio stesso e dei suoi eventuali allegati. Le dichiarazioni contenute nel presente messaggio nonche' nei suoi eventuali allegati devono essere attribuite esclusivamente al mittente e non possono essere considerate come trasmesse o autorizzate da SIA S.p.A.; le medesime dichiarazioni non impegnano SIA S.p.A. nei confronti del destinatario o di terzi. SIA S.p.A. non si assume alcuna responsabilita' per eventuali intercettazioni, modifiche o danneggiamenti del presente messaggio e-mail. Any unauthorized use of this e-mail or any of its attachments is prohibited and could constitute an offence. If you are not the intended addressee please advise immediately the sender by using the reply facility in your e-mail software and destroy the message and its attachments. The statements and opinions expressed in this e-mail message are those of the author of the message and do not necessarily represent those of SIA. Besides, The contents of this message shall be understood as neither given nor endorsed by SIA S.p.A.. SIA S.p.A. does not accept liability for corruption, interception or amendment, if any, or the consequences thereof. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g338MEt16229 for ietf-pkix-bks; Wed, 3 Apr 2002 00:22:14 -0800 (PST) Received: from brot.celocom.de (brot.celocom.de [212.78.104.200]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g338MCm16223 for <ietf-pkix@imc.org>; Wed, 3 Apr 2002 00:22:12 -0800 (PST) Message-ID: <3CAABB98.62276E88@gemplus.com> Date: Wed, 03 Apr 2002 10:21:44 +0200 From: Bernd Matthes <bernd.matthes@gemplus.com> X-Mailer: Mozilla 4.79 [en] (WinNT; U) X-Accept-Language: de,en MIME-Version: 1.0 To: ietf pkix <ietf-pkix@imc.org> Subject: Q: TSA policy Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msECB7DC067B9673DB81FBEC11" X-Virus-Scanned: by AMaViS perl-11 Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a cryptographically signed message in MIME format. --------------msECB7DC067B9673DB81FBEC11 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi! I need some clarification about TSA policy ID. RFC3161 says: "The policy field MUST indicate the TSA's policy under which the response was produced. If a similar field was present in the TimeStampReq, then it MUST have the same value, otherwise an error (unacceptedPolicy) MUST be returned." The first question is whether a TSA can be have a "list" of policy ID's to check the requested policy against this list and generate a timestamp if one is matching or use the "first" entry if no policy is requested. I think that's not allowed, but for each policy MUST run a separate TSA server, i'm right? RFC3161 says (chapter 2.1.): " 5. to include within each time-stamp token an identifier to uniquely indicate the security policy under which the token was created." The policy belongs to the TSA, i.e. it says about secure environment, time source availability/precision, hardware/software key, private key storage and so on, i'm right? So a client cannot say in in the requested policy what the source of the messageImprint is. For example a request for a word document comes with "1.2.3.4" and a request for a excel table comes with "1.2.3.5"? Or is the extension the better place to specify what was the origin for the messageImprint? The third question is about the possibility to "forward" a time-stamp request to another TSA if the requested policy did not match? So proxy likely? Thanks in advance. with kind regards -- Bernd Matthes Gemplus mids GmbH -- Senior Software Engineer formerly Celo Communications GmbH Dipl.-Ing.(FH) R&D Center Germany -------------------------------------------------------------------- "Complexity breeds bugs. Bugs prevent adoption, lack of" \ "adoption results in death. Death not good." "Life sucks." --------------msECB7DC067B9673DB81FBEC11 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIH6gYJKoZIhvcNAQcCoIIH2zCCB9cCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC Bb0wggKMMIIB9aADAgECAgMHA+kwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMjAzMTgxNzIxMzRaFw0wMzAzMTgxNzIxMzRa MEsxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxKDAmBgkqhkiG9w0BCQEWGWJl cm5kLm1hdHRoZXNAZ2VtcGx1cy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANLH Ug0UXihUAGRuILAJAZhyok9Oj2UG5HcQXVgAK8Q1MJOTs3XKzdimgxdKdl1C6GBj+XUDhyin 6EM0/nrgpIg+abWtjmz1U4XXOhmqDz7qLRP/wu/FZefkM/QRbgrBXZh/NTOr1m0sMThKGTgs ZCiwc6HebSh43HNgwE74QTHhAgMBAAGjNjA0MCQGA1UdEQQdMBuBGWJlcm5kLm1hdHRoZXNA Z2VtcGx1cy5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQDK4ZRCCCV5wytZ NmCxQfoGRljKsUxU4L5gztN0ni6ibvlDeDfg6A2+Hsv5JqhNq1EoujkRAKAry4jcSDY/pI+7 D4zhyMxx4eH+vEIGq3z1Jvukx9Tm/wKGyW504SKWCBo5LI0jMnfydBY7gQd1wyGlRuYDm77f mzOXD2VfcMy87jCCAykwggKSoAMCAQICAQwwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNVBAYT AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMg RGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqG SIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAwMDBa Fw0wMjA4MjkyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBl MRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlm aWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAwLjgu MzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZgpcO 40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqdknWo J67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFpAgMB AAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzASBgNV HRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQBzG28mZYv/ FTRLWWKK7US+ScfoDbuPuQ1qJipihB+4h2N0HG23zxpTkUvhzeY42e1Q9DpsNJKs5pKcbsEj AcIJp+9LrnLdBmf1UG8uWLi2C8FQV7XsHNfvF7bViJu3ooga7TlbOX00/LaWGCVNavSdxcOR L6mWuAU8Uvzd6WIDSDGCAfUwggHxAgEBMIGaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsG A1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWls IFJTQSAyMDAwLjguMzACAwcD6TAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG 9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAyMDQwMzA4MjE0OFowIwYJKoZIhvcNAQkEMRYEFPLR MKHqXvRRZNShFqTvhnfmUA+/MFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI hvcNAwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqG SIb3DQEBAQUABIGAtgvHQZE1p4e1VziVSnSky9GAjAPboepE+A0QzTWJDWecd1j1Jx6i1bfK G1l4LXuRdneKeXpIyb7MEbSQAtvLY8q3A56l32wcGma0whOVjelGIB+VmVtBle/6nDb9vnsy 2cPSyXWNpzUatJe2oj+NGaqvLc2BvgCCApJEZEZGsNw= --------------msECB7DC067B9673DB81FBEC11-- Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g337Y3Y09116 for ietf-pkix-bks; Tue, 2 Apr 2002 23:34:03 -0800 (PST) Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g337Y2m09111 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 23:34:02 -0800 (PST) Received: from fwd08.sul.t-online.de by mailout09.sul.t-online.com with smtp id 16sfHC-0000uB-05; Wed, 03 Apr 2002 09:33:50 +0200 Received: from junker.stroeder.com (520010731148-0001@[62.224.169.33]) by fmrl08.sul.t-online.com with esmtp id 16sfH2-0xdPbkC; Wed, 3 Apr 2002 09:33:40 +0200 Received: from stroeder.com (junker [127.0.0.1]) by junker.stroeder.com (Postfix) with ESMTP id 65377157287; Wed, 3 Apr 2002 09:33:30 +0200 (CEST) Message-ID: <3CAAB04A.9080707@stroeder.com> Date: Wed, 03 Apr 2002 09:33:30 +0200 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> Reply-To: michael@stroeder.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020310 X-Accept-Language: de-DE, de, en MIME-Version: 1.0 To: Ken Stillson <stillson@mitretek.org> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) References: <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Sender: 520010731148-0001@t-dialin.net Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ken Stillson wrote: > On Mon, 1 Apr 2002, David Chadwick wrote: > >>All constructive comments welcomed > > > Although implied by section 3, perhaps it should be stated expectedly: > > "A PKI object should be placed into a LDAP directory such that the LDAP > object DN matches the subject DN of the object." > > Although this seems obvious to some, I've run into a surprising number of > clients setting up directories using some alternate structure, who are > then surprised when validation software can't find certificates given > subject DN's. Ken, for various reasons this old style 1:1 DIT mapping and obtaining the certificate chain from a directory never really worked in practice. Maybe in some small environments or very specific environments. It also assumes that the CA and the LDAP directory are structured and maintained by the same authority which is most times not true in e.g. bigger companies. BTW: Which implementation do exist outside the X.500 world which try to obtain the whole certificate chain from a LDAP directory? I do not know a single one. Also think of dc-style naming vs. traditional X521 naming. If you'd like to use dc-style naming in your LDAP directory and have that DIT 1:1 in your certificate's subject name you will run into many serious interoperability problems with PKI enabled software. Ciao, Michael. (somewhat sick of DIT discussions) Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g3358XH28856 for ietf-pkix-bks; Tue, 2 Apr 2002 21:08:33 -0800 (PST) Received: from persephone.cfrq.net (persephone.cfrq.net [207.245.2.4]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3358Wm28852 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 21:08:32 -0800 (PST) Received: from elisabeth.cfrq.net (CPE0020afa1901b.cpe.net.cable.rogers.com [24.43.24.209]) by persephone.cfrq.net (8.11.6/8.11.6) with ESMTP id g3358Jh06633 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK); Wed, 3 Apr 2002 00:08:24 -0500 Received: from elisabeth.cfrq.net (chk@localhost) by elisabeth.cfrq.net (8.11.6/8.11.6) with ESMTP id g3358F113512; Wed, 3 Apr 2002 00:08:16 -0500 To: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) References: <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org> In-reply-to: stillson's message of "Tue, 02 Apr 2002 15:52:48 -0500". <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org> From: Harald Koch <chk@pobox.com> Date: Wed, 03 Apr 2002 00:08:14 -0500 Message-ID: <13511.1017810494@elisabeth.cfrq.net> Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Of all the gin joints in all the towns in all the world, Ken Stillson had to walk into mine and say: > > "A PKI object should be placed into a LDAP directory such that the LDAP > object DN matches the subject DN of the object." It's supposed to be the other way around, isn't it? One should issue certificates with a subject DN that matches the LDAP object DN. Anyway, there are many environments where a certificate issued by one organisation must be stored in a directory belonging to another. I don't believe that an arbitrary restriction like this won't fly. -- Harald Koch <chk@pobox.com> Received: by above.proper.com (8.11.6/8.11.3) id g330DYu23541 for ietf-pkix-bks; Tue, 2 Apr 2002 16:13:34 -0800 (PST) Received: from aspams52.ca.com (aspams52.cai.com [155.35.248.76]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g330DXm23536 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 16:13:33 -0800 (PST) Received: by aspams52.ca.com with Internet Mail Service (5.5.2655.55) id <H5DC1LXH>; Wed, 3 Apr 2002 10:11:58 +1000 Message-ID: <A7E3A4B51615D511BCB6009027D0D18C04541ECB@aspams01.ca.com> From: "Ramsay, Ron" <Ron.Ramsay@ca.com> To: Ken Stillson <stillson@mitretek.org>, David Chadwick <d.w.chadwick@salford.ac.uk> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: RE: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05. txt) Date: Wed, 3 Apr 2002 10:13:03 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Ken, I don't find this at all obvious. Apparently, some company creates certificates with an email address in the subject DN. This would be horrible to have to implement in a DIT. (I think the approved method of finding the principal in this case is to search for an entry where the mail attribute has this address as a value.) There is also the case where the same identity has multiple cdrtificates. Ron. -----Original Message----- From: Ken Stillson [mailto:stillson@mitretek.org] Sent: Wednesday, 3 April 2002 6:53 To: David Chadwick Cc: LDAP BIS; PKIX Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) On Mon, 1 Apr 2002, David Chadwick wrote: > All constructive comments welcomed Hi David- A thought for the you... Although implied by section 3, perhaps it should be stated expectedly: "A PKI object should be placed into a LDAP directory such that the LDAP object DN matches the subject DN of the object." Although this seems obvious to some, I've run into a surprising number of clients setting up directories using some alternate structure, who are then surprised when validation software can't find certificates given subject DN's. - Ken Stillson -- | Ken Stillson | stillson@mitretek.org | | Sr. Principal Engineer | voice: (703) 610-2965 | | Mitretek Systems | fax: (703) 610-2984 | Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g32MZ8w20808 for ietf-pkix-bks; Tue, 2 Apr 2002 14:35:08 -0800 (PST) Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g32MZ7m20801 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 14:35:07 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta03-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020402223509.CDXQ303.mta03-svc.ntlworld.com@salford.ac.uk>; Tue, 2 Apr 2002 23:35:09 +0100 Message-ID: <3CAA3309.B4DA99C6@salford.ac.uk> Date: Tue, 02 Apr 2002 23:39:05 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Ken Stillson <stillson@mitretek.org> CC: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) References: <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org> Content-Type: multipart/mixed; boundary="------------F320DF69068B4CA55CA30269" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------F320DF69068B4CA55CA30269 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Ken Stillson wrote: > > On Mon, 1 Apr 2002, David Chadwick wrote: > > All constructive comments welcomed > > Hi David- > A thought for the you... > > Although implied by section 3, perhaps it should be stated expectedly: > > "A PKI object should be placed into a LDAP directory such that the LDAP > object DN matches the subject DN of the object." > Ken whilst I agree with you that this is an obvious thing to do, I dont believe the ID should say how people should structure their DITs. As this is a general standard, people are free to structure their DITs in any way they wish to, and should still be able to use the subschema in this ID. I think it should rather be a BCP that tells people the best way to build their directories so that they have the minimum of hassles operationally. (But I bet it will be difficult to get people to agree on the contents of the BCP) David > Although this seems obvious to some, I've run into a surprising number of > clients setting up directories using some alternate structure, who are > then surprised when validation software can't find certificates given > subject DN's. > > - Ken Stillson > > -- > | Ken Stillson | stillson@mitretek.org | > | Sr. Principal Engineer | voice: (703) 610-2965 | > | Mitretek Systems | fax: (703) 610-2984 | -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 161 745 8169 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Projects: http://sec.isi.salford.ac.uk Understanding X.500: http://www.salford.ac.uk/its024/X500.htm X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** --------------F320DF69068B4CA55CA30269 Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------F320DF69068B4CA55CA30269-- Received: by above.proper.com (8.11.6/8.11.3) id g32KpAC16818 for ietf-pkix-bks; Tue, 2 Apr 2002 12:51:10 -0800 (PST) Received: from mtk-mail1.mitretek.org (mtk-mail1.mitretek.org [141.156.156.58]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g32Kp8m16814 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 12:51:08 -0800 (PST) Received: from tsf-gw.tsf.mitretek.org (root@tsf-gw.mitretek.org [172.16.17.253]) by mtk-mail1.mitretek.org (8.12.1/8.12.1) with ESMTP id g32KnsGk008678; Tue, 2 Apr 2002 15:49:55 -0500 (EST) Received: from localhost (stillson@localhost [127.0.0.1]) by tsf-gw.tsf.mitretek.org (8.12.1/8.12.1/Debian -5) with ESMTP id g32Kqm9w011874; Tue, 2 Apr 2002 15:52:51 -0500 Date: Tue, 2 Apr 2002 15:52:48 -0500 (EST) From: Ken Stillson <stillson@mitretek.org> To: David Chadwick <d.w.chadwick@salford.ac.uk> cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt) In-Reply-To: <3CA860A2.20AB0F9C@salford.ac.uk> Message-ID: <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> On Mon, 1 Apr 2002, David Chadwick wrote: > All constructive comments welcomed Hi David- A thought for the you... Although implied by section 3, perhaps it should be stated expectedly: "A PKI object should be placed into a LDAP directory such that the LDAP object DN matches the subject DN of the object." Although this seems obvious to some, I've run into a surprising number of clients setting up directories using some alternate structure, who are then surprised when validation software can't find certificates given subject DN's. - Ken Stillson -- | Ken Stillson | stillson@mitretek.org | | Sr. Principal Engineer | voice: (703) 610-2965 | | Mitretek Systems | fax: (703) 610-2984 | Received: by above.proper.com (8.11.6/8.11.3) id g32Kc0D16415 for ietf-pkix-bks; Tue, 2 Apr 2002 12:38:00 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g32KbXm16410 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 12:37:38 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id UAA28879; Tue, 2 Apr 2002 20:00:04 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 2 Apr 2002 20:00:04 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id UAA05471; Tue, 2 Apr 2002 20:00:03 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id UAA03750; Tue, 2 Apr 2002 20:00:03 +0200 (MET DST) Date: Tue, 2 Apr 2002 20:00:03 +0200 (MET DST) Message-Id: <200204021800.UAA03750@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > COMMENT 7: Requests shall be able to be authenticated. At the end of the following exchange you mention that it is unclear what requirement is being addressed and what ind of treatment would be done with such an identity field. The comment is not necessarily related to authentication. - The requirement is to include the identities of participating parties in the request and in the response, in order to indicate who has participated. This is independant of whether this matches with some authentication. - The treatment is essentially for display purposes to be able to describe show the transaction result together with the identities with the need to understand a particular way how these information can be found in some authnetication envelope. - Anyway, the response should provide for a means to indicate for whom the response has been made, not only who has made the response. Peter ---------------------- [About COMMENT 7] > - a method that client and server provide their identity > in the requests and responses: 'You, the client X, has > asked me, the server Y, the following question, and > I, the server Y, with the help of server Z respond.' > This allows to be able to determine the participating entities > without having access to whatever particular authentication > method information. > [Answer 7] Actually, we already include the identity of the server in the > response. The request could also be optionally signed. This allows > the server to authenticate the client, and this authentication allows the > server to only support a selective community if desired. An option to be > able to sign the request may be added. > The following requirements may be used for example in case of > validation of an encryption certificate before usage. There is a difference between authentication and identification. The request is that the identification is independant from the authentication methods and the transports. A signing entity (the one identified in a signer info or a certificate) may or may not be the same as the one declared in the request/response. you may have separation of roles or other situations. "The President of the United States declares, ... signed by JWB". Another example is in relaying as follows: Your company service declares that I can use Your encryption cert, and the response is signed by my local service. [Additional Answer 7] It is unclear what requirement is being addressed and what kind of treatment would be done with such an identity field. Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g32DPjn17837 for ietf-pkix-bks; Tue, 2 Apr 2002 05:25:45 -0800 (PST) Received: from edelweb.fr (edelweb.fr [212.234.46.16]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g32DPgm17830 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 05:25:43 -0800 (PST) Received: from champagne.edelweb.fr (localhost.edelweb.fr [127.0.0.1]) by edelweb.fr with ESMTP id PAA27365; Tue, 2 Apr 2002 15:25:40 +0200 (MET DST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (nospam/1.3); Tue, 2 Apr 2002 15:25:40 +0200 (MET DST) Received: from emeriau.edelweb.fr (emeriau.edelweb.fr [193.51.14.5]) by champagne.edelweb.fr (8.7.6/8.6.6) with ESMTP id PAA04170; Tue, 2 Apr 2002 15:25:39 +0200 (MET DST) From: Peter Sylvester <Peter.Sylvester@edelweb.fr> Received: (sylvest@localhost) by emeriau.edelweb.fr (8.7.6/8.6.6) id PAA03676; Tue, 2 Apr 2002 15:25:39 +0200 (MET DST) Date: Tue, 2 Apr 2002 15:25:39 +0200 (MET DST) Message-Id: <200204021325.PAA03676@emeriau.edelweb.fr> To: Denis.Pinkas@bull.net Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt Cc: ietf-pkix@imc.org Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> > > COMMENT 5: No authentication of the server prior to the sending of the > request (not done with similar protocols). > Denis, I think that I may have badly stated the requirement. I assume an online connection *and* confidentiality via TLS done at the transport layer. In this case, confidentiality would be somewhat meaningless if you don't authenticate the server. Your remark is correct if you think about encryption with email, but then you assume that only the server can decrypt, thus you still have server authentication. What similar protocol do you have in mind? (OCSP)? > COMMENT 6: Confidentiality done at transport level. Ok, but it is not mentioned in the text. If properly stated, it resolves COMMENT 5. > > COMMENT 8: Relaying not supported by the protocol. > This is a pity: This was omitted in OCSP, and the risk of endless loops of two OCSP servers talking to each other are definitely there. Relaying a request to another service is a requirement, at least in the same way as it is for OCSP. But there are two issues: Why do you think that a DPV response from a server MUST NOT contain a DPV response from another server, while on the other hand it is provided that the server returns all information concerning the certification path, an revocation information. What does make DPV responses so different from OCSP reponses that they would create either additional complexity or harm. An end user only communicates with his local company service. The company knows which external CAs can be trusted, and which service can be contacted. You already allow to contact OCSP services in this way. Where is the difference between DPV and OCSP? It may be desirable that an end user may not directly interface with a remote DPV and needs an intermediate 'anonymizer' or 'authorized relay'. In all such cases there is a danger (like in OCSP) for endless loops. peter Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g32DNku17586 for ietf-pkix-bks; Tue, 2 Apr 2002 05:23:46 -0800 (PST) Received: from sonne.darmstadt.gmd.de (sonne.darmstadt.gmd.de [141.12.62.20]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g32DNjm17580 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 05:23:45 -0800 (PST) Received: from sit.fraunhofer.de (pc-pisa [141.12.37.18]) by sonne.darmstadt.gmd.de (8.8.8/8.8.5) with ESMTP id PAA24830; Tue, 2 Apr 2002 15:23:04 +0200 (MET DST) Message-ID: <3CA9B0F1.EC39C9AC@sit.fraunhofer.de> Date: Tue, 02 Apr 2002 15:24:01 +0200 From: Brian Hunter <brian.hunter@sit.fraunhofer.de> X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: rhousley@rsasecurity.com, Denis.Pinkas@bull.net CC: ietf-pkix@imc.org Subject: Re: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt References: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hello Denis and Russ, > Great work on the new draft! I concur. I have one question and a couple of small typographical comments to add. 5. Section 5 Para 4 This comment goes along with Ambarish's comment 1. I do not understand what is meant by "if issued" in the following sentence: "The trust anchor self-signed certificate, if issued, is not included." Without understanding the "issued" point and assuming that all trust anchor certificates, self-signed or not, are issued, then I would have the sentence read: "The trust anchor is not included." Note that I am agreeing with Ambarish that the self-signed requirement for a root should be dropped. 6. Section 4 Para 11 c) "If another request could made later..." Suggest to change to: "...could be made..." 7. Section 7 Para 3 "constrains" -> "constraints" 8. Section 7.1 Para 1 "build" -> "built" 9. Section 9 Last paragraph point (3) Is it intended that the validation time should be adjusted for only one of the four points, hence the use of "or" after point three? I would suggest the use of "and". Regards, Brian > > A few comments: > > 1. In 2 places you equate the "root" with a self-signed cert. I > hope you intend to allow the trust anchor to be a non-self-signed > cert. The 2 places are Para 4 of Section 4 and Para 4 of Section 5. > > 2. Section 4 Para 9 > You require the DPV server to "obtain" the certificate from the > reference provided by the client. This is *not* a requirement. If > the server obtains the certificate by some other means, that is okay, > as long as it verifies that the certificate is indeed the one > being referred to by the client. > > 3. Section 4 Para 12 > In order to prevent replay attacks, you require the nonce to be > present in the response. As mentioned by Petra, if the response > contained the request hash, it doesn't need to contain the nonce. It > is still bound to the request. Present of the request nonce in the > reply shouldn't be a requirement in this case. > > 4. Section 4 Para 16 > You require a DPV response to be signed - error response > might not be signed (e.g. badly formatted request, etc.) Please > allow for that case. > > That's it! > > Regards, > Ambarish > > --------------------------------------------------------------------- > Ambarish Malpani > Chief Architect 650.567.5457 > ValiCert, Inc. ambarish@valicert.com > 1215 Terra Bella Ave. http://www.valicert.com > Mountain View, CA 94043 > > > -----Original Message----- > > From: Tim Polk [mailto:tim.polk@nist.gov] > > Sent: Friday, March 29, 2002 2:55 PM > > To: ietf-pkix@imc.org > > Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > Folks, > > > > The editors have informed me that they believe the -03 draft > > satisfies all > > WG Last Call comments and meets the criteria of rough > > consesnsus. My review > > agrees with their position, and I would like to ship the > > document to the > > ADs as soon as possible. > > > > If you have a dog in this fight, *please review the specification by > > Tuesday COB.* If I do not see any traffic on the list stating that > > unresolved comments remain, I will forward the document to the ADs > > Wednesday morning. > > > > Thanks, > > > > Tim Polk > > > > At 07:03 AM 3/29/02 -0500, you wrote: > > >A New Internet-Draft is available from the on-line Internet-Drafts > > >directories. > > >This draft is a work item of the Public-Key Infrastructure > > (X.509) Working > > >Group of the IETF. > > > > > > Title : Delegated Path Validation and > > Delegated Path > > > Discovery > > > Protocol Requirements (DPV&DPD-REQ) > > > Author(s) : D. Pinkas, R. Housley > > > Filename : draft-ietf-pkix-dpv-dpd-req-03.txt > > > Pages : 11 > > > Date : 28-Mar-02 > > > > > >This document specifies the requirements for Delegated Path > > Validation > > >(DPV) and Delegated Path Discovery (DPD) for Public Key Certificates. > > >It also specifies the requirements for DPV and DPD policy management. > > > > > >A URL for this Internet-Draft is: > > >http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > eq-03.txt > > > > > >To remove yourself from the IETF Announcement list, send a message to > > >ietf-announce-request with the word unsubscribe in the body > > of the message. > > > > > >Internet-Drafts are also available by anonymous FTP. Login > > with the username > > >"anonymous" and a password of your e-mail address. After logging in, > > >type "cd internet-drafts" and then > > > "get draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > >A list of Internet-Drafts directories can be found in > > >http://www.ietf.org/shadow.html > > >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > >Internet-Drafts can also be obtained by e-mail. > > > > > >Send a message to: > > > mailserv@ietf.org. > > >In the body type: > > > "FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > >NOTE: The mail server at ietf.org can return the document in > > > MIME-encoded form by using the "mpack" utility. To use this > > > feature, insert the command "ENCODING mime" before > > the "FILE" > > > command. To decode the response(s), you will need > > "munpack" or > > > a MIME-compliant mail reader. Different > > MIME-compliant mail readers > > > exhibit different behavior, especially when dealing with > > > "multipart" MIME messages (i.e. documents which > > have been split > > > up into multiple messages), so check your local > > documentation on > > > how to manipulate these messages. > > > > > > > > >Below is the data which will enable a MIME compliant mail reader > > >implementation to automatically retrieve the ASCII version of the > > >Internet-Draft. > > >Content-Type: text/plain > > >Content-ID: <20020328141430.I-D@ietf.org> > > > > > >ENCODING mime > > >FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > > eq-03.txt> > > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g329OYn27632 for ietf-pkix-bks; Tue, 2 Apr 2002 01:24:34 -0800 (PST) Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g329OPm27588 for <ietf-pkix@imc.org>; Tue, 2 Apr 2002 01:24:25 -0800 (PST) Received: from lvn-m002.frlv.bull.fr (lvn-m002.frlv.bull.fr [129.184.62.72]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id LAA18628; Tue, 2 Apr 2002 11:26:44 +0200 Received: from bull.net ([129.184.37.97]) by lvn-m002.frlv.bull.fr (Lotus Domino Release 5.0.8) with ESMTP id 2002040211234561:220 ; Tue, 2 Apr 2002 11:23:45 +0200 Message-ID: <3CA978A9.5DDC5B33@bull.net> Date: Tue, 02 Apr 2002 11:23:53 +0200 From: Denis Pinkas <Denis.Pinkas@bull.net> Organization: Bull SA. X-Mailer: Mozilla 4.7 [fr] (Win98; I) X-Accept-Language: fr MIME-Version: 1.0 To: Michael Myers <myers@coastside.net> CC: ietf-pkix@imc.org Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt References: <EOEGJNFMMIBDKGFONJJDIECECJAA.myers@coastside.net> X-MIMETrack: Itemize by SMTP Server on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 02/04/2002 11:23:45, Serialize by Router on LVN-M002/FR/BULL(Release 5.0.8 |June 18, 2001) at 02/04/2002 11:24:17, Serialize complete at 02/04/2002 11:24:17 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Mike, > Tim, > > Two working days seems a bit tight given the breadth of > comments. Given that constraint, silence may not necessarily > concurrence. It could very well be the effects of our day jobs. > But that said, I'll see what I can do regarding those comments I > made. Since you did not attended the Minneapolis meeting, in order to help you, here is the disposition of comments that has been presented, with comments 19, 23 and 25 updated. Denis Disposition of comments COMMENT 1: Hash of the request in signed response or important elements of the request: responses need to include binding to the certificate from the request. COMMENT 2: random number repeated in the response. COMMENT 3: no algorithm requirements. COMMENT 4: PDP (Policy Definition Requ.) will be in a different document. COMMENT 5: No authentication of the server prior to the sending of the request (not done with similar protocols). COMMENT 6: Confidentiality done at transport level. COMMENT 7: Requests shall be able to be authenticated. COMMENT 8: Relaying not supported by the protocol. COMMENT 9: Responses are definitive. No later update. COMMENT 10: Meaning of time T. It is the time for which the revocation status is requested by the client. COMMENT 11: For DPV, a reference to a validation policy is mandatory. Somevalidation policies may allow for a few user-defined parameters. COMMENT 12: the server must have the full certificate. In the response either the full certificate or an unambiguous reference of the certificate is needed (in case of a CA key compromise). COMMENT 13: The client should must verify that the policy used by the server is appropriate (moved in the security consideration section) COMMENT 14: Number of states to be returned: two (Yes/No). A reason for the No has to be returned. COMMENT 15: See comment 1. COMMENT 16: Relates to comment 10. Cautionary period moved in security consideration section. COMMENT 17: Idem 16. COMMENT 18: DSV mention deleted. A DSV Requ. draft will be progressed a soon as this document is sent to the IESG. COMMENT 19: Accepted. The paragraph has been deleted. COMMENTS 20, 21, 22: Editorial. OK. COMMENT 23 : Accepted. I have added an example for the policy specific parameters: "e.g. root self-signed certificates". COMMENT 24 : Editorial. OK. COMMENT 25 : Since the text will move in a new document about PDP, the comment is no more relevant to this document. COMMENT 26 : "The protocol SHALL allow clients to obtain the references for the default or for all of the policies supported by the server by using an additional request/response pair". COMMENT 27 : Addition of Policy Retrieval Protocol (PRP) requirements in the PDP document (no more relevant for this document). Note: The requirements only address Public Key Certificates (PKCs). Attribute Certificates are outside the scope. > Mike > > > -----Original Message----- > > From: owner-ietf-pkix@mail.imc.org > > [mailto:owner-ietf-pkix@mail.imc.org]On Behalf Of Tim Polk > > Sent: Friday, March 29, 2002 2:55 PM > > To: ietf-pkix@imc.org > > Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > > > > Folks, > > > > The editors have informed me that they believe the > > -03 draft satisfies all > > WG Last Call comments and meets the criteria of rough > > consesnsus. My review > > agrees with their position, and I would like to ship > > the document to the > > ADs as soon as possible. > > > > If you have a dog in this fight, *please review the > > specification by > > Tuesday COB.* If I do not see any traffic on the > > list stating that > > unresolved comments remain, I will forward the > > document to the ADs > > Wednesday morning. > > > > Thanks, > > > > Tim Polk > > > > At 07:03 AM 3/29/02 -0500, you wrote: > > >A New Internet-Draft is available from the on-line > > Internet-Drafts > > >directories. > > >This draft is a work item of the Public-Key > > Infrastructure (X.509) Working > > >Group of the IETF. > > > > > > Title : Delegated Path Validation > > and Delegated Path > > > Discovery > > > Protocol Requirements > > (DPV&DPD-REQ) > > > Author(s) : D. Pinkas, R. Housley > > > Filename : draft-ietf-pkix-dpv-dpd-req-03.txt > > > Pages : 11 > > > Date : 28-Mar-02 > > > > > >This document specifies the requirements for > > Delegated Path Validation > > >(DPV) and Delegated Path Discovery (DPD) for Public > > Key Certificates. > > >It also specifies the requirements for DPV and DPD > > policy management. > > > > > >A URL for this Internet-Draft is: > > >http://www.ietf.org/internet-drafts/draft-ietf-pkix-d > > pv-dpd-req-03.txt > > > > > >To remove yourself from the IETF Announcement list, > > send a message to > > >ietf-announce-request with the word unsubscribe in > > the body of the message. > > > > > >Internet-Drafts are also available by anonymous FTP. > > Login with the username > > >"anonymous" and a password of your e-mail address. > > After logging in, > > >type "cd internet-drafts" and then > > > "get draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > >A list of Internet-Drafts directories can be found in > > >http://www.ietf.org/shadow.html > > >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > >Internet-Drafts can also be obtained by e-mail. > > > > > >Send a message to: > > > mailserv@ietf.org. > > >In the body type: > > > "FILE > > /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt". > > > > > >NOTE: The mail server at ietf.org can return the > > document in > > > MIME-encoded form by using the "mpack" > > utility. To use this > > > feature, insert the command "ENCODING mime" > > before the "FILE" > > > command. To decode the response(s), you > > will need "munpack" or > > > a MIME-compliant mail reader. Different > > MIME-compliant mail readers > > > exhibit different behavior, especially when > > dealing with > > > "multipart" MIME messages (i.e. documents > > which have been split > > > up into multiple messages), so check your > > local documentation on > > > how to manipulate these messages. > > > > > > > > >Below is the data which will enable a MIME compliant > > mail reader > > >implementation to automatically retrieve the ASCII > > version of the > > >Internet-Draft. > > >Content-Type: text/plain > > >Content-ID: <20020328141430.I-D@ietf.org> > > > > > >ENCODING mime > > >FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt > > > > > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-d > pv-dpd-req-03.txt> Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g31M0KY26537 for ietf-pkix-bks; Mon, 1 Apr 2002 14:00:20 -0800 (PST) Received: from ext-mail.valicert.com ([66.206.205.11]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g31M0Km26533 for <ietf-pkix@imc.org>; Mon, 1 Apr 2002 14:00:20 -0800 (PST) Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GTW00601T1BFD@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 1 Apr 2002 13:58:23 -0800 (PST) Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GTW0064FT1ABS@ext-mail.valicert.com> for ietf-pkix@imc.org; Mon, 01 Apr 2002 13:58:22 -0800 (PST) Received: by polaris.valicert.com with Internet Mail Service (5.5.2653.19) id <H57039L9>; Mon, 01 Apr 2002 13:59:58 -0800 Content-return: allowed Date: Mon, 01 Apr 2002 13:59:58 -0800 From: Ambarish Malpani <ambarish@valicert.com> Subject: Comments on draft-ietf-pkix-dpv-dpd-req-03.txt To: ietf-pkix@imc.org Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E028E5333@polaris.valicert.com> MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-type: text/plain Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> Hi Denis, Russ, Great work on the new draft! A few comments: 1. In 2 places you equate the "root" with a self-signed cert. I hope you intend to allow the trust anchor to be a non-self-signed cert. The 2 places are Para 4 of Section 4 and Para 4 of Section 5. 2. Section 4 Para 9 You require the DPV server to "obtain" the certificate from the reference provided by the client. This is *not* a requirement. If the server obtains the certificate by some other means, that is okay, as long as it verifies that the certificate is indeed the one being referred to by the client. 3. Section 4 Para 12 In order to prevent replay attacks, you require the nonce to be present in the response. As mentioned by Petra, if the response contained the request hash, it doesn't need to contain the nonce. It is still bound to the request. Present of the request nonce in the reply shouldn't be a requirement in this case. 4. Section 4 Para 16 You require a DPV response to be signed - error response might not be signed (e.g. badly formatted request, etc.) Please allow for that case. That's it! Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Chief Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 1215 Terra Bella Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Tim Polk [mailto:tim.polk@nist.gov] > Sent: Friday, March 29, 2002 2:55 PM > To: ietf-pkix@imc.org > Subject: Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-03.txt > > > > Folks, > > The editors have informed me that they believe the -03 draft > satisfies all > WG Last Call comments and meets the criteria of rough > consesnsus. My review > agrees with their position, and I would like to ship the > document to the > ADs as soon as possible. > > If you have a dog in this fight, *please review the specification by > Tuesday COB.* If I do not see any traffic on the list stating that > unresolved comments remain, I will forward the document to the ADs > Wednesday morning. > > Thanks, > > Tim Polk > > At 07:03 AM 3/29/02 -0500, you wrote: > >A New Internet-Draft is available from the on-line Internet-Drafts > >directories. > >This draft is a work item of the Public-Key Infrastructure > (X.509) Working > >Group of the IETF. > > > > Title : Delegated Path Validation and > Delegated Path > > Discovery > > Protocol Requirements (DPV&DPD-REQ) > > Author(s) : D. Pinkas, R. Housley > > Filename : draft-ietf-pkix-dpv-dpd-req-03.txt > > Pages : 11 > > Date : 28-Mar-02 > > > >This document specifies the requirements for Delegated Path > Validation > >(DPV) and Delegated Path Discovery (DPD) for Public Key Certificates. > >It also specifies the requirements for DPV and DPD policy management. > > > >A URL for this Internet-Draft is: > >http://www.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > eq-03.txt > > > >To remove yourself from the IETF Announcement list, send a message to > >ietf-announce-request with the word unsubscribe in the body > of the message. > > > >Internet-Drafts are also available by anonymous FTP. Login > with the username > >"anonymous" and a password of your e-mail address. After logging in, > >type "cd internet-drafts" and then > > "get draft-ietf-pkix-dpv-dpd-req-03.txt". > > > >A list of Internet-Drafts directories can be found in > >http://www.ietf.org/shadow.html > >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > >Internet-Drafts can also be obtained by e-mail. > > > >Send a message to: > > mailserv@ietf.org. > >In the body type: > > "FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt". > > > >NOTE: The mail server at ietf.org can return the document in > > MIME-encoded form by using the "mpack" utility. To use this > > feature, insert the command "ENCODING mime" before > the "FILE" > > command. To decode the response(s), you will need > "munpack" or > > a MIME-compliant mail reader. Different > MIME-compliant mail readers > > exhibit different behavior, especially when dealing with > > "multipart" MIME messages (i.e. documents which > have been split > > up into multiple messages), so check your local > documentation on > > how to manipulate these messages. > > > > > >Below is the data which will enable a MIME compliant mail reader > >implementation to automatically retrieve the ASCII version of the > >Internet-Draft. > >Content-Type: text/plain > >Content-ID: <20020328141430.I-D@ietf.org> > > > >ENCODING mime > >FILE /internet-drafts/draft-ietf-pkix-dpv-dpd-req-03.txt > > > ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-dpv-dpd-r > eq-03.txt> > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g31LT3q24641 for ietf-pkix-bks; Mon, 1 Apr 2002 13:29:03 -0800 (PST) Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g31LT1m24635 for <ietf-pkix@imc.org>; Mon, 1 Apr 2002 13:29:02 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta03-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020401212903.OIJD303.mta03-svc.ntlworld.com@salford.ac.uk>; Mon, 1 Apr 2002 22:29:03 +0100 Message-ID: <3CA8D20B.EDB26372@salford.ac.uk> Date: Mon, 01 Apr 2002 22:32:59 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Housley, Russ" <rhousley@rsasecurity.com> CC: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Subject: Re: LDAP Certificate transfer syntax References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> Content-Type: multipart/mixed; boundary="------------52E1B1843D27887A5872A09B" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------52E1B1843D27887A5872A09B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Housley, Russ" wrote: > > David: > > Is it possible to preserve the DER encoding. If not, then the DER encoding > must be restored in order to validate the signature? This just seems like > wasted processing to me. > Russ I quite agree. The revised text is meant to ensure that the DER or BER encoding created by the client when the certificate was first sent to the directory for storage is preserved as is. This is the purpose of the sentence below in the revised text, viz: > >Servers must preserve values in this syntax exactly as given when > >storing and retrieving them. > > Perhaps I should say "as given to them by the client, when storing and retrieving certificates" David --------------52E1B1843D27887A5872A09B Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------52E1B1843D27887A5872A09B-- Received: by above.proper.com (8.11.6/8.11.3) id g31GK1N10985 for ietf-pkix-bks; Mon, 1 Apr 2002 08:20:01 -0800 (PST) Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by above.proper.com (8.11.6/8.11.3) with SMTP id g31GJxm10974 for <ietf-pkix@imc.org>; Mon, 1 Apr 2002 08:19:59 -0800 (PST) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 1 Apr 2002 16:19:07 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA29378; Mon, 1 Apr 2002 11:19:02 -0500 (EST) Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id g31GK0A06818; Mon, 1 Apr 2002 11:20:00 -0500 (EST) Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <HKX1NBGJ>; Mon, 1 Apr 2002 11:17:37 -0500 Received: from HOUSLEY-LAP.rsasecurity.com (HOUSLEY-LAP [10.3.16.94]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HKX1NBGG; Mon, 1 Apr 2002 11:17:30 -0500 From: "Housley, Russ" <rhousley@rsasecurity.com> To: David Chadwick <d.w.chadwick@salford.ac.uk> Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org> Message-Id: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com> X-Sender: rhousley@exna07.securitydynamics.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 01 Apr 2002 11:10:05 -0500 Subject: Re: LDAP Certificate transfer syntax In-Reply-To: <3CA860A2.20AB0F9C@salford.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> David: Is it possible to preserve the DER encoding. If not, then the DER encoding must be restored in order to validate the signature? This just seems like wasted processing to me. Russ At 02:29 PM 4/1/2002 +0100, David Chadwick wrote: >Colleagues > >Here is my proposed change to the section describing the LDAP syntax for >cerificates in the PKIX id ><draft-pkix-ldap-schema-03.txt> which should be published before the end >of April. As this is likely to be the most contentious part of the new >ID, I thought it would be useful to distribute this text at the earlier >possible moment. > >All constructive comments welcomed > >David > > >3.3 Certificate Syntax > >A value in this transfer syntax is the binary octet string that results >from BER or DER-encoding of an X.509 public key certificate. The >following string states the OID assigned to this syntax: > > ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) > >Servers must preserve values in this syntax exactly as given when >storing and retrieving them. > >Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent >changes to the ASN.1 definition to support certificate extensions in >X.509(1997), no character string transfer syntax is defined for >certificates. The BNF notation in RFC 1778 [12] for "User Certificate" >MUST NOT be used. Values in this syntax MUST be transferred as BER or >DER encoded octets. The use of the ;binary encoding option, i.e. by >requesting or returning the attributes with descriptions >"userCertificate;binary" or "caCertificate;binary" has no effect on the >transfer syntax. > Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g31DPZf26076 for ietf-pkix-bks; Mon, 1 Apr 2002 05:25:35 -0800 (PST) Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g31DPMm26046 for <ietf-pkix@imc.org>; Mon, 1 Apr 2002 05:25:34 -0800 (PST) Received: from salford.ac.uk ([213.107.136.218]) by mta07-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020401132512.QWXB7757.mta07-svc.ntlworld.com@salford.ac.uk>; Mon, 1 Apr 2002 14:25:12 +0100 Message-ID: <3CA860A2.20AB0F9C@salford.ac.uk> Date: Mon, 01 Apr 2002 14:29:06 +0100 From: David Chadwick <d.w.chadwick@salford.ac.uk> Organization: University of Salford X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: LDAP BIS <ietf-ldapbis@OpenLDAP.org> CC: PKIX <ietf-pkix@imc.org> Subject: LDAP Certificate transfer syntax Content-Type: multipart/mixed; boundary="------------250B008BBD8EA315AC032912" Sender: owner-ietf-pkix@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/> List-ID: <ietf-pkix.imc.org> List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe> This is a multi-part message in MIME format. --------------250B008BBD8EA315AC032912 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Colleagues Here is my proposed change to the section describing the LDAP syntax for cerificates in the PKIX id <draft-pkix-ldap-schema-03.txt> which should be published before the end of April. As this is likely to be the most contentious part of the new ID, I thought it would be useful to distribute this text at the earlier possible moment. All constructive comments welcomed David 3.3 Certificate Syntax A value in this transfer syntax is the binary octet string that results from BER or DER-encoding of an X.509 public key certificate. The following string states the OID assigned to this syntax: ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' ) Servers must preserve values in this syntax exactly as given when storing and retrieving them. Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent changes to the ASN.1 definition to support certificate extensions in X.509(1997), no character string transfer syntax is defined for certificates. The BNF notation in RFC 1778 [12] for "User Certificate" MUST NOT be used. Values in this syntax MUST be transferred as BER or DER encoded octets. The use of the ;binary encoding option, i.e. by requesting or returning the attributes with descriptions "userCertificate;binary" or "caCertificate;binary" has no effect on the transfer syntax. --------------250B008BBD8EA315AC032912 Content-Type: text/x-vcard; charset=us-ascii; name="d.w.chadwick.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for David Chadwick Content-Disposition: attachment; filename="d.w.chadwick.vcf" begin:vcard n:Chadwick;David tel;cell:+44 77 96 44 7184 tel;fax:+44 1484 532930 tel;home:+44 1484 352238 tel;work:+44 161 295 5351 x-mozilla-html:FALSE url:http://www.salford.ac.uk/its024/chadwick.htm org:University of Salford;IS Institute version:2.1 email;internet:d.w.chadwick@salford.ac.uk title:Professor of Information Security adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5 x-mozilla-cpt:;-4856 fn:David Chadwick end:vcard --------------250B008BBD8EA315AC032912--
- Meaning of Non-repudiation Dave Oshman
- RE: Meaning of Non-repudiation Dr. JohnDavid Hascup
- RE: Meaning of Non-repudiation Aisenberg, Michael
- RE: Meaning of Non-repudiation Dr. JohnDavid Hascup
- RE: Meaning of Non-repudiation Christopher S. Francis
- RE: Meaning of Non-repudiation Philip Hallam-Baker
- RE: Meaning of Non-repudiation Carlin Covey
- RE: Meaning of Non-repudiation Philip Hallam-Baker
- RE: Meaning of Non-repudiation Dr. JohnDavid Hascup
- RE: Meaning of Non-repudiation Peter Williams
- Re: Meaning of Non-repudiation Bob Jueneman
- Re: Meaning of Non-repudiation Tony Bartoletti
- Re: Meaning of Non-repudiation Bob Jueneman
- Re: Meaning of Non-repudiation Aram Perez
- Re: Meaning of Non-repudiation David P. Kemp
- Re: Meaning of Non-repudiation Tony Bartoletti
- Re: Meaning of Non-repudiation Polar Humenn
- Re: Meaning of Non-repudiation Tony Bartoletti
- Re: Meaning of Non-repudiation Ed Gerck
- Re: Meaning of Non-repudiation Tony Bartoletti
- Re: Meaning of Non-repudiation Stephen Kent
- Re: Meaning of Non-repudiation David P. Kemp
- Re: Meaning of Non-repudiation Peter Sylvester
- Re: Meaning of Non-repudiation David P. Kemp
- Re: Meaning of Non-repudiation bjueneman
- Re: Meaning of Non-repudiation David P. Kemp
- Re: Meaning of Non-repudiation todd.glassey
- Re: Meaning of Non-repudiation Stephen Kent
- Re: Meaning of Non-repudiation Bob Jueneman
- Re: Meaning of Non-repudiation Tom Gindin
- Re: Meaning of Non-repudiation Stephen Kent
- RE: Meaning of Non-repudiation Peter Williams
- RE: Meaning of Non-repudiation Peter Williams
- Re: Meaning of Non-repudiation todd glassey
- RE: Meaning of Non-repudiation Aisenberg, Michael
- RE: Meaning of Non-repudiation Tony Bartoletti
- RE: Meaning of Non-repudiation Hal Lockhart
- Re: Meaning of Non-repudiation Aram Perez
- RE: Meaning of Non-repudiation Stephen Kent
- RE: Meaning of Non-repudiation Tom Gindin
- Re: Meaning of Non-repudiation Hoyt L. Kesterson II
- Re: Meaning of Non-repudiation todd glassey
- Re: Meaning of Non-repudiation todd glassey
- RE: Meaning of Non-repudiation Housley, Russ
- Re: Meaning of Non-repudiation David P. Kemp
- Re: Meaning of Non-repudiation Housley, Russ
- Re: Meaning of Non-repudiation David P. Kemp
- Re: Meaning of Non-repudiation Tony Bartoletti
- RE: Meaning of Non-repudiation Peter Williams
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Tony Bartoletti
- RE: Meaning of Non-repudiation Omer Hasret
- Re: Meaning of Non-repudiation Denis Pinkas
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Trevor Freeman
- RE: Meaning of Non-repudiation lynn.wheeler
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Trevor Freeman
- Re: Meaning of Non-repudiation Aram Perez
- RE: Meaning of Non-repudiation Tony Bartoletti
- RE: Meaning of Non-repudiation Tony Bartoletti
- RE: Meaning of Non-repudiation Stefan Santesson
- RE: Meaning of Non-repudiation Omer Hasret
- RE: Meaning of Non-repudiation Olaf.Schlueter
- Re: Meaning of Non-repudiation Denis Pinkas
- RE: Meaning of Non-repudiation Omer Hasret
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Santosh Chokhani
- Re: Meaning of Non-repudiation Aram Perez
- RE: Meaning of Non-repudiation Olaf.Schlueter
- Re: Meaning of Non-repudiation David P. Kemp
- Re: Meaning of Non-repudiation David P. Kemp
- RE: Meaning of Non-repudiation Sabett, Randy
- Re: Meaning of Non-repudiation Olaf.Schlueter
- RE: Meaning of Non-repudiation lynn.wheeler
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Sharon Boeyen
- RE: Meaning of Non-repudiation Trevor Freeman
- RE: Meaning of Non-repudiation Michael Myers
- RE: Meaning of Non-repudiation Trevor Freeman
- RE: Meaning of Non-repudiation Trevor Freeman
- RE: Meaning of Non-repudiation Trevor Freeman
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Trevor Freeman
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation lynn.wheeler
- RE: Meaning of Non-repudiation lynn.wheeler
- Re: Meaning of Non-repudiation Denis Pinkas
- Re: Meaning of Non-repudiation lynn.wheeler
- Re: Meaning of Non-repudiation David P. Kemp
- RE: Meaning of Non-repudiation Trevor Freeman
- Meaning of Non-repudiation Sharon Boeyen
- Re: Meaning of Non-repudiation Anders Rundgren
- Re: Meaning of Non-repudiation Tom Gindin
- Re: Meaning of Non-repudiation lynn.wheeler
- RE: Meaning of Non-repudiation Sharon Boeyen
- Re: Meaning of Non-repudiation lynn.wheeler
- RE: Meaning of Non-repudiation Stefan Santesson
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Dean Adams
- Re: Meaning of Non-repudiation David P. Kemp
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Santosh Chokhani
- RE: Meaning of Non-repudiation Peter Williams
- RE: Meaning of Non-repudiation Santosh Chokhani
- Re: Meaning of Non-repudiation Peter Gutmann
- Re: Meaning of Non-repudiation lynn.wheeler
- Re: Meaning of Non-repudiation lynn.wheeler
- Re: Meaning of Non-repudiation Denis Pinkas
- Re: Meaning of Non-repudiation Olaf.Schlueter