Re: Attribute Certificates -- love 'em or leave 'em?

ietf-smime

Re: Attribute Certificates -- love 'em or leave 'em?

1998-04-30 03:22:57


I think it'd be a mistake to leave in the 509 AttributeCertificate
syntax. The reason is that an AC itself is often not enough - there
may be a need for application/protocol specific additions, so that
the AC can be validated. This happens for example when an AC
is delegated. (Note - I'm not saying that some other AC syntax
should be used, just that you may need more than the AC to
prevent certain attacks.)

I'd suggest deleting the current option, and either replacing with
an octet hole, or with an understanding (and maybe text) that
AC's (and whatever else is needed) will be carried as unauth or
auth-attributes within CMS.

Regards,
Stephen.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Attribute Certificates -- love 'em or leave 'em?, Blake Ramsdell Re: Attribute Certificates -- love 'em or leave 'em?, Paul Hoffman / IMC RE: Attribute Certificates -- love 'em or leave 'em?, Jim Schaad (Exchange) Re: Attribute Certificates -- love 'em or leave 'em?, David P. Kemp Re: Attribute Certificates -- love 'em or leave 'em?, Stephen Farrell <= Re: Attribute Certificates -- love 'em or leave 'em?, John Pawling Re: Attribute Certificates -- love 'em or leave 'em?, Russ Housley Re: Attribute Certificates -- love 'em or leave 'em?, John Pawling

Previous by Date:	Re: Attribute Certificates -- love 'em or leave 'em?, John Pawling
Next by Date:	Using S/MIME to Improve The Acceptance Of Our Work, Robert Frank
Previous by Thread:	Re: Attribute Certificates -- love 'em or leave 'em?, David P. Kemp
Next by Thread:	Re: Attribute Certificates -- love 'em or leave 'em?, John Pawling
Indexes:	[Date] [Thread] [Top] [All Lists]