Re: Key & Signature responsibility

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-ID-Asymmetric: MFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDE
 kMCIGA1UEChMbVHJ1c3RlZCBJbmZvcm1hdGlvbiBTeXN0ZW1zMREwDwYDVQQLEwh
 HbGVud29vZA==,03
MIC-Info: RSA-MD5,RSA,WQKlcpJqE7t2ePS9O//25qf/mlpL95Gf7hnjznDyWXJ
 SLoc86TGm3B3R+fG4N1Vz8BoghSTMYL+G6GNPX2XBL/p1S1qLRHuuAo2tIDY3AUU
 ls6uXz37p6bHB+XLZz2F4

Bob,

Jeff Kimmelman cites the following (I don't seem to have received my
copy yet)

From:  jueneman%wotan(_at_)gte(_dot_)com
Date:  Sun, 08 Aug 93 18:49:00 EDT
Subject:   Key & Signature responsibility

I am therefore urging that a PCA state in its Policy, that AS A CONDITION OF
ISSUING A CERTIFICATE TO A CA:

      (1) the CA shall require its users to agree to comply with the PCA's 
           Policy, 

      (2) that the PCA, the CA, and/or its users shall publish a readily 
           accessible statement saying what they are or are not willing to
           be bound to by with respect to their digital signature, and that 

      (3) in the absense of such a published statement their digital
           signature is for all intents and purposes essentially
           undefined, and is therefore null and void.

Do you feel that such a requirement by a PCA violates either the
spirit or the letter of the intent of the PEM standards? I certainly
don't.


 ----- End of quoted message -----


Let me add to Jeff's response.  You've listed three terms that you
believe each PCA policy should adhere to.  Of these, (1) is required
within the current system, (2) is at the option of each PCA, and (3)
is contrary to the current system.  In fact, the community argued
quite vigorously about constraints such as (3) and there was strong
opposition to such requirements.

Speaking for TIS-PCA, the intent of signatures created within our
hierarchy is to identify who created the message in question.  Any
further interpretation of the signature is inextricably bound to a
myriad of other issues, none of which can be resolved with a
pronouncement or enforcement from the PCA.  For example, my signature
on this message is intended only to tell you that it came from me.
The fact that this contains my opinion or that I'm speaking in an
official capacity on behalf of our PCA is contained only in the
context of this message.


Steve

-----END PRIVACY-ENHANCED MESSAGE-----

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Key & Signature responsibility, (continued) Re: Key & Signature responsibility, jueneman%wotan Re: Key & Signature responsibility, Stephen D Crocker Re: Re: Key & Signature responsibility, jueneman%wotan Re: Key & Signature responsibility, Doug Porter Re: Re: Key & Signature responsibility, jueneman%wotan Re: Key & Signature responsibility, Jeff Kimmelman Re: Key & Signature responsibility, Doug Porter Key & Signature responsibility, jueneman%wotan RE: Key & Signature responsibility, Doug Porter Re: Key & Signature responsibility, Jeff Kimmelman Re: Key & Signature responsibility, Stephen D Crocker <= Re: Re: Key & Signature responsibility, jueneman%wotan Re: Key & Signature responsibility, Stephen D Crocker Re: Key & Signature responsibility, Vinton G. Cerf Re: Key & Signature responsibility, Stephen D Crocker Re: Key & Signature responsibility, Steve Kent

Previous by Date:	Let's get real!, Robert W. Shirey
Next by Date:	Re: everything, p . churchyard
Previous by Thread:	Re: Key & Signature responsibility, Jeff Kimmelman
Next by Thread:	Re: Re: Key & Signature responsibility, jueneman%wotan
Indexes:	[Date] [Thread] [Top] [All Lists]