[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nodes and Users



> 
> 	 
> "William Allen Simpson" writes:
>>> From: rivest@theory.lcs.mit.edu (Ron Rivest)
>>> IPSEC needs to provide EXPLICT answers to these questions.  The Photuris
>>> spec needs to be based on these answers.  This cannot be swept under the
>>> rug any longer.
>>>
>> No rug sweeping has been attempted, we have discussed this at length in
>> the Security Architecture.
> 
> 	 Bill has expressed to me in private mail that he thinks that the
> 	 question of certificates, certificate formats and naming can wait, but
> 	 frankly I don't think it can because we don't have a usable system
> 	 without it.
> 
> I agree very strongly with Perry about this.  I tried raising the
> issue a few months ago; it met with a resounding silence.  We need
> to settle this immediately, if not sooner.  It is, as far as I'm
> concerned, an absolute show-stopper -- without some resolution, I
> would vote against -- well, not precisely vote in the IETF, but you
> know what I mean -- Photuris, on those grounds alone.
> 
> 

I'm noticing that each proposed secure protocol is reinventing the wheel
regarding algorithms for public keys and formats for signatures.  While
I feel that certification is important, I'm uncertain as to how we wish
to approach it.  Certainly the PEM approach which specifies a standard
certification hierarchy, etc., has not been successful.  Meanwhile PGP
certification has been more successful, albeit it is still a small fraction
of the e-mail usage.  I suspect that we will need a certification solution 
which allows both PGP style certification and a more hierachical form.

Given all this what I'd like to see first is an RFC specifying a public key 
algorithm (PKCS#1 or PGP style internal formats using RSA or ElGamal, etc.) 
and signature formats (net order, ASN.1 and MIME formats).  This allows this 
technology to be uniformly applied among all the other proposals.  Future 
key distribution and certification RFC proposals will then have a good 
foundation to build on.  

- Alex

-- 

Alexander I. Alten
Alten@Na.Sjf.Novell.Com
(408) 577-8224

Novell, Inc.
Member of Technical Staff
Mail Stop F1-42-D2
2180 Fortune Drive
San Jose, CA  95131  
USA


References: