I think a start will be to create a web page reachable via
the ISOC www.isoc.org server which could exhibit each PCA's
policy. So an ASCII copy of policy should be sent to me for
that purpose.
This seems as a very good suggestion. I assume that "ASCII copy" means in
fact the HTML ready-made document. That's exactly what we have today,
so we may all start to establish and test the system with our policy.
However, in addition, in order to confirm to RFC14xx, it would be also nice
that every PCA sends a pure ASCII text to IPRA (E-mail address ?),
IPRA creates MIC-CLEAR letter, returns to PCA, and then each PCA
makes it available via "PCA Policy Request" letter.
With regard to DN collision, this is another area which will
need attention as Jeff says. Jeff, would some sort of WAIS-indexed
database be useful? I suppose we could do some sort of net-grep
as an alternative.
We have developed something what we call "PCA Certification Hierarchy
Registration Program", which accepts the RDN of a new CA and its location
in the hierarchy, creates the DN under the subordination rule, CHECKS
FOR NAME DUPLICATES in local database and creates configuration file
for the new CA. This program may be modified for two versions: PCA and
IPRA version, but this is just as an initial idea. The best would be if
the delegation (Jeff, Steve Kent, and someone else) could visit us
in July, during the IETF meeting in Stockholm, and discuss these
possibilities.
Regards,
Sead Muftic