IETF Logo Mail Archive

Re: I-D ACTION:draft-ietf-pkix-pi-08.txt

"Anders Rundgren" <anders.rundgren@telia.com> Wed, 12 May 2004 22:11 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA14978 for <pkix-archive@lists.ietf.org>; Wed, 12 May 2004 18:11:48 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4CL6vA5057563; Wed, 12 May 2004 14:06:57 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i4CL6vdX057562; Wed, 12 May 2004 14:06:57 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from av9-2-sn1.fre.skanova.net (av9-2-sn1.fre.skanova.net [81.228.11.116]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4CL6uDI057548 for <ietf-pkix@imc.org>; Wed, 12 May 2004 14:06:56 -0700 (PDT) (envelope-from anders.rundgren@telia.com)
Received: by av9-2-sn1.fre.skanova.net (Postfix, from userid 502) id 0D31538015; Wed, 12 May 2004 23:06:53 +0200 (CEST)
Received: from smtp3-1-sn1.fre.skanova.net (smtp3-1-sn1.fre.skanova.net [81.228.11.163]) by av9-2-sn1.fre.skanova.net (Postfix) with ESMTP id EE3D037E71; Wed, 12 May 2004 23:06:52 +0200 (CEST)
Received: from arport (t12o913p16.telia.com [213.64.28.136]) by smtp3-1-sn1.fre.skanova.net (Postfix) with SMTP id 0BBC037E49; Wed, 12 May 2004 23:06:33 +0200 (CEST)
Message-ID: <001001c43864$e11bb130$0500a8c0@arport>
From: Anders Rundgren <anders.rundgren@telia.com>
To: "David P. Kemp" <dpkemp@missi.ncsc.mil>, ietf-pkix@imc.org
References: <005701c3e08e$9b392fe0$1400a8c0@augustcellars.local> <00c701c3e121$0ae3af90$0500a8c0@arport> <4017C963.8060600@bull.net> <200405121708.i4CH7dim022214@stingray.missi.ncsc.mil>
Subject: Re: I-D ACTION:draft-ietf-pkix-pi-08.txt
Date: Wed, 12 May 2004 23:01:23 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
x-mimeole: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

>It is my hope that PI will become an RFC in the near future, so
>that certificates (from an un-named large PKI :-) that currently
>handle PIs by munging them into Common Name (e.g.,
>CN="Kemp.David.P.0514101404") will have a saner alternative.

The de-facto standard, already engraved in *millions* of certs is
putting 0514101404 in serialNumber. 

This is almost as de-facto standard as putting e-mail addresses in DNs
which in turn is almost as de-facto standard as using URIs for naming
globally unique objects.

C:\Internet-Drafts>del draft-ietf-pkix-pi-*.txt

:-)

Pardon my complaints, let there be an RFC!  But don't expect
this scheme to become the trend.

There is a slight problem with the whole idea.  Either RPs require
and act upon the PI-data or they don't care about it.  This in my
opinion makes the extension redundant or is just another way
to screw up validation.

If you on top of this add policy extensions I believe a real disaster
is in the making.

Anders

v2.23.0 | Report a Bug | By Email