[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue with the requirements document: PKIX-centric terminology

To: Stephen Kent <kent@xxxxxxx>
Subject: Re: Issue with the requirements document: PKIX-centric terminology
From: "David A. Cooper" <david.cooper@xxxxxxxx>
Date: Wed, 15 Aug 2007 09:23:12 -0400
Cc: ietf-trust-anchor@xxxxxxxx
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <> <> <886F5D4C78AFB14D87261206BFB9612E1D31D34D@xxxxxxxxxxxxxxxxxxxxx> <> <> <46BCC0CC.2040805@xxxxxxxxx> <C1EDAC0E-3925-4B94-B054-D7804571801C@xxxxxxxxxx> <> <DBBD7A7F-08B5-4005-A68F-6A9690DC05C0@xxxxxxxxxx> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.4 (X11/20070620)


Stephen Kent wrote:

I keep saying that the format of what is being moved about is notnearly so hard a problem as the semantics of what is being moved, buteither nobody believes me or nobody is listening. I can;t tell whichbased on he responses :-).

Steve,

You can count me as one person who has heard and agrees with me, but whojust hasn't posted a message to the list until now.

I believe that I have heard a general consensus that the TAM protocol(or message syntax) needs to be able to specify more than just a list oftrust anchors, but also constraints on the use of each trust anchor.Some of these constraints may apply equally to all TA types, such as theset of applications with with the TA may be used. However, as you havesaid, we need to allow for constraints that are format specific. ForX.509, the most obvious constraints are the inputs to the pathvalidation algorithm (name constraints, policy constraints, etc.).While, I am not very familiar with OpenPGP or SPKI, I would be verysurprised if one could use the same syntax and semantics to describeconstraints on the use of TAs that are intended for use with X.509 todescribe constraints on the use of TAs that are intended for use withOpenPGP or SPKI.

So, while it may be appropriate to have a syntax that allows for asingle message to specify several different TA formats, I believe thatthere will need to be a separate effort to describe the syntax andsemantics for specifying constraint information for each distinct TA format.


Dave

Follow-Ups:
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Russ Housley
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Leif Johansson

References:
- Issue with the requirements document: PKIX-centric terminology
  - From: Paul Hoffman
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- RE: Issue with the requirements document: PKIX-centric terminolog y
  - From: Carl Wallace
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Paul Hoffman
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Farrell
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Jon Callas
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Jon Callas
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent

Prev by Date: Re: Issue with the requirements document: PKIX-centric terminology
Next by Date: Re: Issue with the requirements document: PKIX-centric terminology
Previous by thread: Re: Issue with the requirements document: PKIX-centric terminology
Next by thread: Re: Issue with the requirements document: PKIX-centric terminology
Index(es):
- Date
- Thread