[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what we're about

Wouldn't it make more sense first to ensure that we are aware of the nature
of the problem we are attempting to solve?  Before deciding on a certificate
format, including certificate contents and the encoding thereof, we should
perhaps define the expected usage of an "Internet Certificate". 

Will the ICert be used primarily to secure Internet mail (PEM, MOSS, S/MIME
(?))? Will the ICert be used to secure sessions (GSSAPI), the network layer
(secure IP), generalized store-and-forward data (IDUP-GSSAPI)?  Will the
ICert be used as part of a signature scheme (a la DSS), as part of an
encryption scheme, or both?  Is interoperability with PGP a concern?  If so,
how is it to be addressed? 

Will electronic commerce on the Internet be secured using the ICert? If so,
where are the representatives of industries, government organizations, and
consumer organizations, that will surely be interested in the definition and
dissemination of the ICert? 

Is SPKI at all concerned with ICert retrieval and storage?  Will ICerts be
distributed via the DNS?  the Web?  email?  something else?  (Can these
questions be answered without knowledge of how the ICert is to be used?)

Perhaps I simply do not understand what SPKI is to accomplish.  Nevertheless,
it seems to me that before one discusses what the format of a datum, one
should know what the datum is for and how it is to be used.


On Mon, 26 Feb 1996 smb%research.att.com@bcars735 wrote:
> Apart from administrivia, like a formal charter, our first step should be
> to compile a list of desires/needs/requirements.  We should also list issues.
> I respectfully suggest that we defer discussing issues for the moment; with
> one large exception, they're mostly orthogonal to each other.  The exception,
> of course, is whether or not we should suggest a profile of X.509 instead of
> something new.
> What I have so far, from the traffic on the list:
>         binary vs. ASCII
>       ASCII (for strings) vs. Unicode
>       asn.1 versus something (anything) else
>       CRLs vs. short-lived certificates
>       names, or the lack thereof
>       fields that belong in a certificate
> The first three are more or less pure syntax issues, and -- though not unimportant
> -- are of much less interest to me, and are probably less important overall.
> After all, any syntax will work, though some are better than others for various
> reasons or applications.  (To answer one of the major complaints about PEM's
> X.509 certificates, I once suggested that we register Country=Cyberspace and
> use email addresses as the distinguished name format for that country.)
> So -- let's first settle what it is we want; then, and only then, we can
> negotiate the price.

Peter Whittaker      [~~~~~~~~~~~~~~~~~~~~~~~~~~]   X.500 Specialist
pww@entrust.com      [  http://www.entrust.com  ]   Nortel Secure Networks
Ph: +1 613 765 2064  [                          ]   P.O. Box 3511, Station C
FAX:+1 613 765 3520  [__________________________]   Ottawa, Canada, K1Y 4H7

Follow-Ups: References: