-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-ID-Asymmetric: MFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDE
kMCIGA1UEChMbVHJ1c3RlZCBJbmZvcm1hdGlvbiBTeXN0ZW1zMREwDwYDVQQLEwh
HbGVud29vZA==,03
MIC-Info: RSA-MD5,RSA,gV4OHd0rdXRmNg62u05evPLrXS+MNhTGpMvOQFKoRSw
roNa5JiJjU/4nQro3TURY6LGOgTgoiezPC4LRVoWGKSVIJhp00cjwTKQReOev6Eb
2LnTjr5Llw7KPI6qplu9D
Steve,
You wrote:
Gee, talk about embarassed! I reviewed 1422 and it fails to
stipulate the requirement for display of the PCA ID. I recall
reworking the internet draft back in 1992 to transform it from TLCA
references to IPRA, and add in PCAs. I remember making the specific
section that addresses display of certificat validation data to make
it more liberal in terms of not requiring the originator or recipient
DN to be displayed, but rather to allow the display of local aliases.
Somehow, in the switch from a single TLCA to multiple PCAs I omitted
the requirement! This was not the result of a design change but
purely an oversight. I can find slide presentations and papers
published about PEM stating that requirement for PCA display since mid
1992 (looking at the slide copies I have!). This is clearly an
oversight for which I an solely responsible (as the RFC author) and
I'll work to get it fixed when the RFC comes up for advancement. It
just requires editing a couple of sentences and it has been an
"obvious" requirement ever since we introduced PCAs, since otherwise
the user is not being notified of the authentication context in which
the certification took place. I apologize for this omission having
gone unnoticed by me for so long and promise to get it fixed as soon
as practical.
My recollection is different, although I'm not as certain about the
sequence of events. I thought there was some resistance to putting
user interface requirements into the specification.
When the novelty of PEM wears off, I believe many users will want
automated de-enhancement of PEM messages with as little interruption
as possible. In many environments, the system will be configured by a
system adminsitrator. I expect some PEM implementations will make it
possible for the system administrator to configure the system with a
choice of policies governing checking of PCA policies and the like.
Steve
+-------------------------------------+-------------------------------+
| Steve Crocker | Voice: 301-854-6889 |
| Trusted Information Systems | FAX: 301-854-5363 |
| 3060 Washington Road (Route 97) |-------------------------------|
| Glenwood, MD 21738 | Internet: crocker(_at_)tis(_dot_)com
|
+-------------------------------------+-------------------------------+
-----END PRIVACY-ENHANCED MESSAGE-----