Sal,
the idea of setting up a server that everyone in the world would trust was
suggested in RFC 1422 (IPRA), in 1993.
It did not succeed terribly well then, and people have tended to look very
skeptically upon ideas that require some sort of "single root" since then.
What's your reason to believe it could succeed this time?
--On 11. juni 2004 12:01 -0400 Sal Mangiapane <salm(_at_)servanttechnology(_dot_)com>
wrote:
Hello Kevin and all,
I have been researching digital signatures in the hope of finding or
starting a work to develop a scalable certificate authority server (CAS)
system based on standards such as X.509v3 from the pkix working group and
using domain names from DNS as the basis for tree rather than X.500
naming convention.
The PKI standards are stable and in current use today. This CAS system
would provide services such as non-repudiation of servers for other
applications to use. Initially, I see it used only for authentication.
The CAS system could be extended for access control and encryption too.
For example (authentication),
* DNS could use it to prevent name server IP spoofing.
* e-Mail could use it to verify SMTP servers, sender and receiver
email addresses (Similar to the Yahoo offering - privacy of valid email
addresses must be supported).
* VoIP in conjunction with ISP could use it to provide verifiable
locations. * routers could support signing to provide a auditable
traces for law enforcement, etc. (Lots of overhead - not recommended for
general use).
* IM could use it to prevent spoofing.
* LDAP could be extended to become an organizations CAS authoritative
server. For example ldap.example.com would provide public keys for
example.com.
I expect each working group would participate in their application's
implementation.
The root of the trust could be a "Bridge" certification authority as
defined in 1.4.4 within draft-ietf-pkix-certpathbuild-03.txt. Each TLD
would be a "Principal" Certification Authority.
The draft is found at
www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-03.txt NOTE:
the draft expires this month. Some RFCs refer to PKI implementations
within their application such as: routers - RFC2154; IP - RFC1825; email
- RFC1422, RFC1423, and RFC1424. This is why I thought a standardized
platform would make sense. Consider DNS many applications rely upon DNS
to provide their services. I see the same being true for CAS. Actually,
I was hoping to find someone already working on this....
Is there a group working for goals like this?
OR
How do I make a presentation to IETF in order to begin a work?
Good day.
Does anyone know if there is any work going on within the IETF on E911
location services??? If there is, which working groups should we sign
up to.
Regards
Kelvin
Something like this could fit into the E911 that you are researching.
Regards,
Sal
Salvatore Mangiapane
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf