[x500standard] SV: SV: Re: New Work Items for PKI
- From: "Erik Andersen" <era@xxxxxxx>
- To: <x500standard@xxxxxxxxxxxxx>
- Date: Mon, 7 Jan 2013 12:47:25 +0100
Hi David,
Thanks for the paper. I have read it with interest. It looks like something
we should seriously consider.
The concept requires that the browser goes to that 'expert' instead of the
local trust anchor information storage (to which I always have had an
ambivalent relationship having to trust MS not making 'mistakes').
I have a few comments to the paper. I do not like the term 'expert'. It is
too general. I am not sure that Trusted Third Party is the best term either,
as TTP can be the label for different entities, e.g. CAs.
It looks like the 'expert' will hold trust anchor information and possibly
more. Terms like "Trust anchor information server" or just "certification
server" could be considered.
I think the article has some unnecessary consideration on the X.500 model in
the Introduction.
Regards,
Erik
-----Oprindelig meddelelse-----
Fra: David Chadwick [mailto:d.w.chadwick@xxxxxxxxxx]
Sendt: 3. januar 2013 20:28
Til: x500standard@xxxxxxxxxxxxx
Cc: Erik Andersen; 'SG17-Q10'; 'SG17-Q11'
Emne: Re: [x500standard] SV: Re: New Work Items for PKI
Hi Erik
here is a paper that has been published describing the problem and the
proposed solution. It makes eminent sense to me. I am currently working on
an updated paper with the authors
regards
David
On 03/01/2013 16:31, Erik Andersen wrote:
> Hi David,
>
> Sound interesting. Is there more information about this Trusted Third
> Party idea?
>
> It is not the intention directly to update the X.509 by the NWIs, but
> to produce some supplementary documentation.
>
> At the latest SC6 meeting, we had a project split on the IdM work item
> that allows us to further develop X.509 within ISO. In ITU-T it is
> just business as usual It is not dependent on the fate of the voting
> on the NWIPs. If the NWIP fails within ISO, we will just process that
> supplementary work as an ITU-T only project. The IdM group shown great
> interest in the project and it is a common Q.10/Q.11 project with Q.11 as
the leading Q.
>
> Erik
>
> -----Oprindelig meddelelse-----
> Fra: x500standard-bounce@xxxxxxxxxxxxx
> [mailto:x500standard-bounce@xxxxxxxxxxxxx] På vegne af David Chadwick
> Sendt: 3. januar 2013 17:10
> Til: x500standard@xxxxxxxxxxxxx
> Cc: Erik Andersen; SG17-Q10; SG17-Q11
> Emne: [x500standard] Re: New Work Items for PKI
>
> Hi Erik
>
> a colleague of mine has been doing some work on pki interoperability
> in open environments ie. where the RP does not have an explicit
> contractual relationship with the CA (there might be an implicit one
> via a URL to CP/CPS in a certificate extension field, but this is
> hardly likely to stand up in a court of law, so to all extents and
> purposes there is no contract between the RP and the CA).
>
> The result of the research is that, in order to aid open PKI
> interoperability, a new TTP is needed who acts on behalf of RPs, and
> who does have contractual relationships with the CAs. This new TTP is
> called the technical and legal expert.
>
> We would like to suggest an enhancement to X.509 that recognised this
> TTP and the role that it plays in ensuring trust in the CA by the RP.
> The current PKIX mechanism, of saying that each RP should read the
> CP/CPS of the CA is clearly a ludicrous non-starter for the average
computer user.
> Even experts are not able to fully understand them.
>
> Can we include this in the new work item?
>
> regards
>
> David
> p.s. this research is shortly to be submitted to IFIP Sec 2013 for
> review
>
>
>
> On 03/01/2013 16:02, Erik Andersen wrote:
>> I have produced some thoughts on the PKI deployment issue. See
>> http://www.x500standard.com/index.php?n=Ig.PKIGen.
>>
>> Erik
>>
> -----
> www.x500standard.com: The central source for information on the X.500
> Directory Standard.
>
> -----
> www.x500standard.com: The central source for information on the X.500
Directory Standard.
>
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
Other related posts:
