[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Multiple TAAs

To: <kent@xxxxxxx>
Subject: RE: Multiple TAAs
From: Black_David@xxxxxxx
Date: Mon, 10 Sep 2007 16:30:23 -0400
Cc: <ietf-trust-anchor@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <> <> <> <> <> <> <> <D88EC703D3C5954F9E564B206372C10C19E54E@xxxxxxxxxxxxxxxxxxxxxxxx> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx
Thread-index: Acfz3qZbQ5amf2aJR+25wT5BpaB1WQACjG3g
Thread-topic: Multiple TAAs

Steve,

> >In the specific area of application proxy software verification,
> >I'm pushing the complexity of determining whether a TA can
> >verify a software package into the PKIX certificate infrastructure
> >that can already handle it - I'd like to keep that area of
> >functionality out of the TA management protocol beyond the
> >ability of a TA to include a certificate.
>
> If you're saying that the per-vendor granularity is best managed by a 
> cert extension of the sort I suggested, I guess I agree. But, that is 
> an example of using a cert-specific capability to achieve the needed 
> granularity of authorization management.  Is your point that this is 
> now a TA feature, but not TAA feature?

Yes, specifically:

> > I might
> > be about to concede part of Steve's point by arguing that for the
> > proxy trust store, the TA has to include a certificate signed by
> > the device vendor and the prefix OID of the packages that TA can
> > verify has to be in the certificate.

and the code that handles proxy software download knows to check that
OID against the code package.

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@xxxxxxx        Mobile: +1 (978) 394-7754
----------------------------------------------------

Follow-Ups:
- RE: Multiple TAAs
  - From: Stephen Kent

References:
- Revised draft charter
  - From: Turner, Sean P.
- Re: Revised draft charter
  - From: Stephen Kent
- RE: Revised draft charter
  - From: Turner, Sean P.
- TAA definition
  - From: Paul Hoffman
- Re: TAA definition
  - From: Stephen Kent
- Re: TAA definition
  - From: Paul Hoffman
- Re: TAA definition
  - From: Stephen Kent
- RE: Multiple TAAs
  - From: Black_David
- RE: Multiple TAAs
  - From: Stephen Kent

Prev by Date: RE: Multiple TAAs
Next by Date: RE: Multiple TAAs
Previous by thread: RE: Multiple TAAs
Next by thread: RE: Multiple TAAs
Index(es):
- Date
- Thread