Some very general questions


Hi Bob,

Good eulogy, I mean update on the status of PEM...

I must, however, take exception with a couple of things you wrote (which tend 
to wrap around on my inferior 80 column display...)

A possible exception would be the Apple Open Collaboration Environment
(AOCE) capability which is distributed in System 7 Pro. But it doesn't
directly support PEM or any other protocol, although it does allow a
wide variety of objects to be digitally signed and validated.


The AOCE technology in the System 7 Pro implements the protocol
defined in PKCS #7 for detached signatures.  PEM messages can be
translated into PKCS #7 messages without any cryptographic operations,
however, the reverse is only sometimes true due to the many optional
extensions that PKCS #7 has made over PEM.  The PKCS standards were
created by a consotium consisting of RSA and a number of commercial
and academic organizations.  They have been implemented by many
commercial vendors and are available via anonymous ftp from rsa.com.

Most PEM implementations allow the user to generate his own
public/private key pair, and then physically take that combination to
the Certification Authority to be certified. Hopefully the CA will
require that the user demonstrate that he knows the corresponding
private key by actually signing something, but since that act might
compromise his private key he would be well advised to do this on a
laptop or other machine under his own control.


It should not be necessary to take a private key to the CA.  The
certification request format in the RFC1424 includes a bit of
innocuous text that has been signed by the newly-generated private
key as well as a self-signed certificate for the newly-generated
public key, essentially proving ownership of a corresponding private
key.

In the center of the chart, like a hole in
a doughnut, there was a circle labelled something like "Public/Private
Policy Direction". Unfortunately, there isn't any coherent public
policy as yet, nor much guidance from the private sector either.


I like to believe that there is a tremendous bit of guidance from the
private sector (but I'm pretty biased in this area :-).

Otherwise, your assessment is accurate and I too encourage such
pointed questions as those you addressed.

Cheers,
Steve Dusse
RSA

<Prev in Thread]	Current Thread	[Next in Thread>
Some very general questions, kevini(_at_)aoc Re: Some very general questions, Robert W. Shirey RE: Some very general questions, I(_dot_)SaywardK(_at_)Vitro Corp. Mail Server RE: Some very general questions, Amanda Walker RE: Some very general questions, I(_dot_)SaywardK(_at_)Vitro Corp. Mail Server Re: Some very general questions, Keith R. Ker Re: Some very general questions, Ali Bahreman RE: Some very general questions, Amanda Walker Re: Some very general questions, jueneman%wotan Some very general questions, Steve Dusse <= Re: Some very general questions, Wolfgang Schneider Re: Some very general questions, jueneman%wotan Some very general questions, Steve Dusse

Previous by Date:	Re: Re pathologicalLiarNOT, jueneman%wotan
Next by Date:	Re: CA Names, Christian Huitema
Previous by Thread:	Re: Some very general questions, jueneman%wotan
Next by Thread:	Re: Some very general questions, Wolfgang Schneider
Indexes:	[Date] [Thread] [Top] [All Lists]