RE: PKI and S/MIME
"Hallam-Baker, Phillip" <pbaker@verisign.com> Wed, 27 August 2003 04:43 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA19857 for <smime-archive@lists.ietf.org>; Wed, 27 Aug 2003 00:43:34 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7R40bgc003560 for <ietf-smime-bks@above.proper.com>; Tue, 26 Aug 2003 21:00:37 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7R40b6n003559 for ietf-smime-bks; Tue, 26 Aug 2003 21:00:37 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from peacock.verisign.com (peacock.verisign.com [65.205.251.73]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7R40Zgc003554 for <ietf-smime@imc.org>; Tue, 26 Aug 2003 21:00:36 -0700 (PDT) (envelope-from pbaker@verisign.com)
Received: from MOU1WNEXC03.verisign.com (verisign.com [65.205.251.57]) by peacock.verisign.com (8.12.9/) with ESMTP id h7R40aYf017032; Tue, 26 Aug 2003 21:00:36 -0700 (PDT)
Received: by mou1wnexc03.verisign.com with Internet Mail Service (5.5.2653.19) id <R4Q1KN8R>; Tue, 26 Aug 2003 21:00:36 -0700
Message-ID: <2A1D4C86842EE14CA9BC80474919782E01113058@mou1wnexm02.verisign.com>
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: 'Denis Pinkas' <Denis.Pinkas@bull.net>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: ietf-smime@imc.org
Subject: RE: PKI and S/MIME
Date: Tue, 26 Aug 2003 21:00:35 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
> > In this second application the XKMS service may choose to > impose some form > > of validation constraint on the certs that it accepts. For > example only > > accepting certs from a limited number of CAs - or it may not. > > This specification does not provide this level of details. That is intentional. The specification defines the protocol. It does not state how to use the protocol any more than Kernighan and Richie tell users how to program in C still less the programs they should write. > This may be what some vendors are looking for: claiming > *compatibility* with > XKMS, while in reality each vendor will be non-interoperable > with any other > vendor and will have its own concept of trust (hidden and > different from any > other vendor). That is again intentional. XKMS is not simply an interface to a PKI, it is a key centric PKI in its own right. An XKMS vendor can choose to robotically reflect the status of X.509 certs with its service, or it can choose to reflect its view of the trustworthiness of the keys themselves. The specification only defines the interface between the TV and the cable, it does not require CNN and Fox News to broadcast exactly the same content at all times. Phill
- PKI and S/MIME Blake Ramsdell
- Re: PKI and S/MIME Simon Josefsson
- Re: PKI and S/MIME Anders Rundgren
- RE: PKI and S/MIME Blake Ramsdell
- Re: PKI and S/MIME Simon Josefsson
- Re: PKI and S/MIME Simon Josefsson
- DNS CERT vs. LDAP (was: RE: PKI and S/MIME) Blake Ramsdell
- RE: PKI and S/MIME Hallam-Baker, Phillip
- Re: PKI and S/MIME Steve Hole
- RE: PKI and S/MIME Steve Hole
- Re: PKI and S/MIME Steve Hole
- RE: PKI and S/MIME Steve Hole
- RE: PKI and S/MIME Hallam-Baker, Phillip
- RE: PKI and S/MIME Blake Ramsdell
- Re: PKI and S/MIME Simon Josefsson
- RE: PKI and S/MIME Blake Ramsdell
- Re: PKI and S/MIME Steve Hole
- Re: PKI and S/MIME Simon Josefsson
- Re: PKI and S/MIME Steve Hole
- RE: PKI and S/MIME Blake Ramsdell
- Re: PKI and S/MIME Denis Pinkas
- RE: PKI and S/MIME Hallam-Baker, Phillip
- Re: PKI and S/MIME Denis Pinkas