Hello Kevin and all,
I have been researching digital signatures in the hope of finding or starting a
work to develop a scalable certificate authority
server (CAS) system based on standards such as X.509v3 from the pkix working
group and using domain names from DNS as the basis for
tree rather than X.500 naming convention.
The PKI standards are stable and in current use today. This CAS system would
provide services such as non-repudiation of servers
for other applications to use. Initially, I see it used only for
authentication. The CAS system could be extended for access
control and encryption too.
For example (authentication),
* DNS could use it to prevent name server IP spoofing.
* e-Mail could use it to verify SMTP servers, sender and receiver email
addresses (Similar to the Yahoo offering - privacy of
valid email addresses must be supported).
* VoIP in conjunction with ISP could use it to provide verifiable locations.
* routers could support signing to provide a auditable traces for law
enforcement, etc. (Lots of overhead - not recommended for
general use).
* IM could use it to prevent spoofing.
* LDAP could be extended to become an organizations CAS authoritative
server. For example ldap.example.com would provide public
keys for example.com.
I expect each working group would participate in their application's
implementation.
The root of the trust could be a "Bridge" certification authority as defined in
1.4.4 within draft-ietf-pkix-certpathbuild-03.txt.
Each TLD would be a "Principal" Certification Authority.
The draft is found at
www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-03.txt NOTE: the
draft expires this month. Some
RFCs refer to PKI implementations within their application such as: routers -
RFC2154; IP - RFC1825; email - RFC1422, RFC1423, and
RFC1424. This is why I thought a standardized platform would make sense.
Consider DNS many applications rely upon DNS to provide
their services. I see the same being true for CAS. Actually, I was hoping to
find someone already working on this....
Is there a group working for goals like this?
OR
How do I make a presentation to IETF in order to begin a work?
Good day.
Does anyone know if there is any work going on within the IETF on E911
location services??? If there is, which working groups should we sign
up to.
Regards
Kelvin
Something like this could fit into the E911 that you are researching.
Regards,
Sal
Salvatore Mangiapane
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf