Re: Unique DNs



   >From: cme(_at_)com(_dot_)stratus(_dot_)sw(_dot_)ellisun (Carl Ellison)
   >Subject: Re: Unique DNs
   >Date: Thu, 25 Feb 93 10:48:33 EST

   >>Message-Id: 
<9302242332(_dot_)AA21162(_at_)transfer(_dot_)stratus(_dot_)com>
   >>Subject: Re: Unique DNs (was Re: PEM Test Service)
   >>Date: Wed, 24 Feb 1993 15:32:02 -0800
   >>

If you want distributed proof services, you need uniqueness of naming
proven to a high degree of confidence.

If you want to scale to 750 million users, then you need to manage
the name space, and the address space, and (lately) a small certification
space.

If you want people to interwork by intercommunicating, then you provide
tools like the X.500 listing to map
key=identity/name=legality/adress=connectivity relation. Any database
will do provided it is distributed and self-managing.

If PEM certification semantics work in practice and manageably, then
key=name also.  This will be a big bonus for both security, and
management.

The issue is not about PEM, or even now, about the PEM certification semantics.
Concensus has been reached on those.

Now. how do we do it?

In one local security policy, if your DN is not verifable by a cursory
lookup through the untrusted public directory service, then you are low
assurance category. If your entry exists in a locally managed trusted
DSA, then you may have medium assurance properties, depending upon
local beliefs regarding the certification source. If you have a strict
PEM chain, then the assurance level is calculable based upon the PCA
name, and quality.

You may have gleaned from Wolfgangs last message, that we are not
concerned only with PEM/SDNS/ODA, nor will we be constrained by such
syntaxes or any associated certification profiles. However we will
exploit its desirable assurnace properties of PEM where possible.
Otherwise secondary strategies are required. these are based upon
sensible, well-understood well-practiced solutions for managing the
scaling issues of distribution.

Pure PEM deployment will be eased in its first 2 years if it adopts
those strategies from the outset.

it doesnt really need much/any change to RFCs. Just the will to profile
PEM suitably amongst implementors such that it works not only on paper,
but in practice, and on a massive scale.

How many users do we expect in 3 months time? It ought to be greater that
the 10.000 mark - I would hope. Perhaps someone else would estimate a 
growth rate?

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Unique DNs, Carl Ellison Re: Unique DNs, Peter Williams <= Re: Unique DNs, Marshall Rose Re: Unique DNs, Vinton G. Cerf Re: Unique DNs, Marshall Rose Re: Unique DNs, Peter Williams Re: Unique DNs, Steve Kent Unique DNs, Steve Dusse Re: Unique DNs, Steve Kent Re: Unique DNs, Robert W. Shirey Re: Unique DNs, Carl Ellison

Previous by Date:	Re: Unique DNs, Carl Ellison
Next by Date:	Re: Unique DNs, Marshall Rose
Previous by Thread:	Re: Unique DNs, Carl Ellison
Next by Thread:	Re: Unique DNs, Marshall Rose
Indexes:	[Date] [Thread] [Top] [All Lists]