pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

User control of error messages

1993-12-14 11:55:00
from [Steve Dusse] [Permanent Link] 

Hi Bob,


 ... I think it is quite clear from the unfortunate problem we
 currently have with the Apple AOCE software that hard coding the root key, 
 ANY root key, into the software would be a mistake. (To the best of my 
 knowledge the IPRA is not yet operational, so the public key for the 
 IPRA is not yet available even if someone wanted to hard code it.) 


Forgive my ignorance, what problem is it that you are referring to ?


 I was also suggesting that there may eventually be PCAs that do not 
 operate under the aegis of the IPRA ut may even consider themselves toi
 be above the IPRA (heretical thought!), and likewise there may be 
 individual CAs that  may be considered trustworthy by the user, but which 
 are not (yet) connected to a PCA...
 .. I believe that users should
 have the ability to indicate that such uncertified CAs are allowable. In 
 some cases they may be the ONLY acceptable ones.

 Finally, I believe that there may be individual users who may find 
 themselves in a similar position, yet may wish to exchange encrypted
 or signed messages without any CA certification.


I think what you are indicating is that the message and cryptographic
constructs of PEM may have value outside of the strict interpretation
of the certification hierarchy defined by RFC1422.  I too believe this
to be the case.


 ..I would suggest that although
 there are many valid reasons why we imposed the name subordination
 requirements for PEM, there may be certain instances where it may not be 
 achievable or even desirable...
 ...Exceptions may therefore have to be made, and if we have to 
 make them at all it might be nice to have a general-purpose mechanism.


Allow me to force the issue...  Should the name subordination
requirement in RFC1422 become a policy issue to be determined by each
PCA ?


 ...I would therefore encourage the continued use 
 of the PEM-DEV mailing list as an appropriate forum for the discussion of 
 these larger issues, rather than forcing these discussions to a different 
 venue. I think we would all lose a lot if this list were fragmented or
 abandoned.


I also believe that the PEM-DEV mailing list is the best forum for
this sort of discussion.  However, it is time to make a decision.  If
the list maintainers and/or WG chair feel otherwise then I would
suggest the immediate formation of an alternative forum.

Cheers,
Steve Dusse
RSA
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New Version of TechMail-PEM available, Steve Kent
Next by Date:  name subordination, again..., P. Rajaram
Previous by Thread:  Re: User control of error messages, jueneman%wotan
Next by Thread:  Re: User control of error messages, jueneman%wotan
Indexes:  [Date] [Thread] [Top] [All Lists]