Re: PEM Test Service

Wolfgang and Peter,

Thanks for your notes.  I congratulate you both on your efforts and
look forward to interoperability tests.

Wolfgang, In answer to your question, yes, we do have a limited amount
of time to help test your implementation.  We'll be happy to send you
various encrypted, mic-clear and mic-only messages.  I suspect the
test will be mutual :-)

With respect to validating each other's certificates, I see three
possibilities, all of which are reasonable.

1. We can sign you up under our PCA.  For a short period of time, we
   are operating our PCA free of charge and will be happy to issue a
   certificate to you with whatever distinguished name is appropriate.
   Once your organization has a certificate signed by our PCA, you
   issue certificates under it and automatically be part of the
   hierarchy.  (We are not yet part of the official Internet hierarchy
   because the Internet Society has not yet set up operation of the
   hierarchy yet.  When it does, we will immediately ask for a
   certificate signed by it and then put our entire hierarchy into the
   Internet hierarchy.)

   One downside of this approach is we will have to sign up each site
   separately.  We'll be happy to do this, but it will mean an extra
   step for each site in Germany that you want to get signed up.

2. We can cross-certify with you.  This is outside the published
   protocol, but easily accomplished nonetheless.  We have structured
   our software to support a certain style of cross-certification.  If
   you do the same, we can exchange certificates and add them to the
   list of authoritative "treetops".

3. You can become a full scale PCA and sign up with the ISOC.


Peter and Wolfgang,

There is a fledgling PCA Council which currently includes RSADSI,
TIS, the ISOC and MIT.  (MIT is providing name resolution service
and CRL software for the PCA operation.)  The PCA Council focuses on
operational issues involved in coordinating name clashes, clarifying
rules for policies, coordination with the ISOC, etc.  So far, we've
had just one conference call and the emphasis during that call was on
the steps necessary to get the ISOC hierarchy up and running.

Whenever you're ready, designate a representative and we'll add you to
the list.

Steve

<Prev in Thread]	Current Thread	[Next in Thread>
PEM Test Service, Wolfgang Schneider Re: PEM Test Service, Vinton G. Cerf Re: PEM Test Service, Stephen D Crocker <= Re: PEM Test Service, P . Kirstein Re: PEM Test Service, Vinton G. Cerf Re: PEM Test Service, Peter Yee Re: PEM Test Service, Vinton G. Cerf Re: PEM Test Service, Peter Yee Re: PEM Test Service, Stephen D Crocker Re: PEM Test Service, Peter Yee Re: PEM Test Service, e-mail is the ethernet of the 90s 21-Feb-1993 1700 Re: PEM Test Service, Peter Williams Re: PEM Test Service, Einar Stefferud

Previous by Date:	Re: PEM Test Service, Vinton G. Cerf
Next by Date:	Re: PEM Test Service, Peter Yee
Previous by Thread:	Re: PEM Test Service, Vinton G. Cerf
Next by Thread:	Re: PEM Test Service, P . Kirstein
Indexes:	[Date] [Thread] [Top] [All Lists]