Re: [wpkops] [pkix] X.509 whitelist proposal

"Erik Andersen" <era@x500.eu> Fri, 18 July 2014 09:31 UTC

Return-Path: <era@x500.eu>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1194F1B295E for <wpkops@ietfa.amsl.com>; Fri, 18 Jul 2014 02:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.89
X-Spam-Level:
X-Spam-Status: No, score=-0.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HbXkOuej27gs for <wpkops@ietfa.amsl.com>; Fri, 18 Jul 2014 02:31:19 -0700 (PDT)
Received: from mail04.dandomain.dk (mail04.dandomain.dk [194.150.112.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD5951B2961 for <wpkops@ietf.org>; Fri, 18 Jul 2014 02:31:14 -0700 (PDT)
Received: from Morten ([62.44.135.162]) by mail04.dandomain.dk (DanDomain Mailserver) with ASMTP id 4201407181131128644; Fri, 18 Jul 2014 11:31:12 +0200
From: "Erik Andersen" <era@x500.eu>
To: <tony@yaanatech.com>, <stephen.farrell@cs.tcd.ie>
References: <000b01cfa1bc$b6872ef0$23958cd0$@x500.eu> <53C85314.3040102@yaanatech.com>
In-Reply-To: <53C85314.3040102@yaanatech.com>
Date: Fri, 18 Jul 2014 11:31:11 +0200
Message-ID: <003301cfa26b$039c77a0$0ad566e0$@x500.eu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0034_01CFA27B.C727DFB0"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQFen6BH0OQwBY9AWxzuVVIZFItMGQHZLJJdnHi7R9A=
Content-Language: da
Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/IbJhY5OpcwFBfP2NzFPy0WyP-2Q
Cc: pkix@ietf.org, wpkops@ietf.org, SG17-Q11 <T13sg17q11@lists.itu.int>
Subject: Re: [wpkops] [pkix] X.509 whitelist proposal
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 09:31:24 -0000

Hi Tony,

 

I can see you saved me the trouble to submit the proposal to the PKIX list.

 

I am not operating in a vacuum. I am currently involved in a smart grid
project within Denmark (http://www.chpcom.dk – in Danish unfortunately),
where use of PKI has been included.

 

There is some pressure by the major electricity company
(http://energinet.dk/EN/Sider/default.aspx)  to make me the Danish Member
representative in ITU-T SG17. It takes a lot of red tape. I am also active
in IEC TC57 WG15. As I mentioned, the proposal has been submitted to that
group for comments.

 

I will make an effort to get onto the wpkops mailing list.

 

I am interested in any constructive comment.

 

Kind regards,

 

Erik

 

Fra: pkix [mailto:pkix-bounces@ietf.org] På vegne af Tony Rutkowski
Sendt: 18. juli 2014 00:50
Til: stephen.farrell@cs.tcd.ie
Cc: pkix@ietf.org; wpkops@ietf.org
Emne: [pkix] X.509 whitelist proposal

 

Hi Steve,

The note below was distributed earlier on the ITU-T SG17
sub-group Q11/17 list by the group's rapporteur.  It might
be useful to gauge industry reaction in IETF and CA/B
Forum venues.

Note that although the document appears on an ITU-T
template, it has not been submitted.   In addition, although
the source is indicated as "Denmark," it is not apparent
that the source is any other than than the rapporteur 
himself, who is identified as the contact.  Lastly, although
the note asserts that "IEC TC57 WG15 (smart grid 
security) has requested the inclusion of whitelist 
support in X.509," there is no apparent liaison to
this effect.

--tony



-------- Original Message -------- 


Subject: 

[T17Q11] X.509 whitelist support


Date: 

Thu, 17 Jul 2014 14:43:30 +0200


From: 

Erik Andersen  <mailto:era@x500.eu> <era@x500.eu>


To: 

Directory list  <mailto:x500standard@freelists.org>
<x500standard@freelists.org>rg>, SG17-Q11  <mailto:T13sg17q11@lists.itu.int>
<T13sg17q11@lists.itu.int>


CC: 

SG17-Q10  <mailto:t13sg17q10@lists.itu.int> <t13sg17q10@lists.itu.int>






IEC TC57 WG15 (smart grid security) has requested the inclusion of whitelist
support in X.509. A preliminary proposal for such a feature may be found as
http://www.x500standard.com/uploads/extensions/whitelistInX509.pdf 

 

The feature may in some way be combined with the trust broker concept, which
probably will involve a number of changes.

 

As it is quite important that we have workable solution, any comment is
welcome. I hope you will find the time to review the proposal before it is
submitted to ITU-T.

 

Kind regards,

 

Erik