[x500standard] SV: [T17Q11] X.509 Summary for next (2016) edition
- From: "Erik Andersen" <era@xxxxxxx>
- To: "'Najarian, Paul B'" <NajarianPB@xxxxxxxxx>, <tony@xxxxxxxxxxxxx>, <x500standard@xxxxxxxxxxxxx>, <T13sg17q11@xxxxxxxxxxxxx>
- Date: Mon, 14 Oct 2013 14:48:40 +0200
Hi Paul,
Decisions are taken in Q.11 | SC6/Wg10 collaborative meetings. The decision was
documented in the Q.1 1 meeting reports at the SG17 April 2013 meeting (TD 0043
Rev3). There were no comment on that issue during the plenary meetings.
Kind regards,
Erik
Fra: Najarian, Paul B [mailto:NajarianPB@xxxxxxxxx]
Sendt: 14. oktober 2013 14:26
Til: 'tony@xxxxxxxxxxxxx'; 'era@xxxxxxx'; 'x500standard@xxxxxxxxxxxxx';
'T13sg17q11@xxxxxxxxxxxxx'
Emne: Re: [T17Q11] X.509 Summary for next (2016) edition
Mr. Andersen - I concur with Tony. Who is the "It" in your opening sentence "It
has been decided...."
Who does the "It" refer to; and also When and Where was that decision made.
Paul Najarian
From: Tony Rutkowski [mailto:tony@xxxxxxxxxxxxx]
Sent: Monday, October 14, 2013 08:05 AM
To: Erik Andersen <era@xxxxxxx>; Directory list <x500standard@xxxxxxxxxxxxx>;
SG17-Q11 <T13sg17q11@xxxxxxxxxxxxx>
Subject: Re: [T17Q11] X.509 Summary for next (2016) edition
This revised summary clearly reflects a profound
change in scope and concept by introducing and
defining a "trust broker," as well as moving away
from X.509's relatively narrow purpose by your
eliminating the sentence "these frameworks may
be used by other standards bodies to profile their
application to Public Key Infrastructures (PKI)
and Privilege Management Infrastructures (PMI)."
Who is seeking these changes? Who made the
decision?
--tony
On 10/14/2013 6:14 AM, Erik Andersen wrote:
Hi folks,
It has been decide to make X.509 a pure PKI/PMI specification moving pure
directory stuff to other parts (X.511 and X.520). That includes Password
Policy. This requires the Summary to be updated.
The old Summary is:
Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines a framework for public-key
certificates and attribute certificates. These frameworks may be used by other
standards bodies to profile their application to Public Key Infrastructures
(PKI) and Privilege Management Infrastructures (PMI). Also, this Recommendation
| International Standard defines a framework for the provision of
authentication services by Directory to its users. It describes two levels of
authentication: simple authentication, using a password as a verification of
claimed identity; and strong authentication, involving credentials formed using
cryptographic techniques. While simple authentication offers some limited
protection against unauthorized access, only strong authentication should be
used as the basis for providing secure services.
A first draft for a new summary is proposed here:
Recommendation ITU-T X.509 | ISO/IEC 9594-8 defines frameworks for public-key
infrastructure (PKI) and privilege management infrastructure (PMI). It
introduces the basic concept of asymmetric cryptographic techniques. It
specifies the following data types: public-key certificate, attribute
certificate, certificate revocation list (CRL) and attribute certificate
revocation list (ACRL). It also defines several certificate and CRL extensions,
and it defines directory schema information allowing PKI and PMI related data
to be stored in a directory. In addition, it defines PKI entity types, such as
certification authority (CA), attribute authority (AA), relying party, trust
broker and trust anchor. It specifies the principles for certificate
validation, validation path, certificate policy, etc.
Please comment. Any suggestion is welcome.
Regards,
Erik
Other related posts:
