pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: X.509 certificates

1995-07-03 08:40:00
from [jueneman] [Permanent Link] 
Bob;
In Feburary, as part of a response to a question
on authorization certificates and X.509, you commented


As Michael Roe indicated in the slides he presented on behalf of Mendes and
Huitema, X.509 version 3 provides the capability of extending the certificate
infrastructure in the direction you indicated, and by the way I agree almost
completely with that excellent paper. Warwick Ford has previously posted the
preliminary version of a set of proposed extension attributes, but the
technical community outside of X.509 is just now beginning to come up to

speed

on them.

I am hoping that the chair will soon appoint a working group to address these
issues, and you may want to participate.



Has the committee been set up? (And yes, I am interested in participating.)

My interests are summed up in

http://www-itg.lbl.gov/~johnston/Security.Arch.Gl

obal.2.fm.html
a paper I submitted to 
"America in the Age of Information"
A Forum on Federal Information and Communications R&D



Bill, if there is anything going on in this area it is a deep, dark secret. As
you may have noticed, other than the reaction to the SPAMing recently, the PEM
list has been totally quiet.

Frankly, I expect most of the progress in this area to come from the banking
community, as they begin to come to grips with using credit cards over the
Internet. IBM Research has develped a family of protocols called iKP which is
compatible with existing credit card operations but can be extended to make use
of non-repudiation. Unfortunately, they's left the development of an
appropriate CA infrastructure as exercise for the reader.

There is a lot of activity (i.e., flaming)  going on on the e-payments list in
this regard.. Lots of dicussion of iKP and other possible protocols for 
payments, but so far no serious discussion of who the Certification Authorities
will be, or how to issue certificates to residential users.

There's also a lot of discussion about the sanctity of the IETF culture, and
blah, blah, blah. None of that is going to matter very much once MasterCard and
Visa make up their minds, I suspect. The primary issues are going to be who
pays for what, and who takes on what kind of liability. Those are legal and
business issues, not technical.

I'm starting to work on a white paper that will address some of these issues
from both a technical and legal/business perspective. If and when I get it
finished, I'll try to post it.

Bob


Robert R. Jueneman
GTE Laboratories
1-617-466-2820
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DN of IPRA?, Stefan Kelm
Next by Date:  Re: X.509 certificates, Amanda Walker
Previous by Thread:  Re: DN of IPRA?, Stefan Kelm
Next by Thread:  Re: X.509 certificates, Amanda Walker
Indexes:  [Date] [Thread] [Top] [All Lists]