1995-11-30 - Re: The future will be easy to use

Header Data

From: Carl Ellison <cme@TIS.COM>
To: rsalz@osf.org
Message Hash: 75fbbcc7fc554001955432a67b1cda3815b50b574d9b84b848d84a9f98ef254c
Message ID: <9511301511.AA27694@tis.com>
Reply To: <199511292049.MAA01411@comsec.com>
UTC Datetime: 1995-11-30 15:55:30 UTC
Raw Date: Thu, 30 Nov 1995 23:55:30 +0800

Raw message

From: Carl Ellison <cme@TIS.COM>
Date: Thu, 30 Nov 1995 23:55:30 +0800
To: rsalz@osf.org
Subject: Re: The future will be easy to use
In-Reply-To: <199511292049.MAA01411@comsec.com>
Message-ID: <9511301511.AA27694@tis.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>From: Rich Salz <rsalz@osf.org>
>Date: Wed, 29 Nov 1995 08:54:33 -0500



>Bingo!  This is one of the hard parts of certificate authorities; just
>what are you attesting to?  The American Bar Association has a big document
>for public review that addresses what this might mean; there are a couple
>of RFC's that specify CA policies (one from COST in Sweden, I think), and
>RSA and/or Verisign will give you their policy in hardcopy.
>
>In x.509v3 certificates, there is an extensible field where the key-signer
>can put arbitrary data.  The intent is apparently that you put the ISO
>object-ID (you know, those funny 1.3.2.11.... numbers) of the policy
>document.

Ah, yes.  Here's another example of the problem with ASN.1.  That field
could equivalently be just a URL for the policy document (or, if short
enough, the policy itself).  However, ASN.1 seduced folks into indirecting
this through some object ID -- bringing all these documents into the one
master hierarchy of things in the world.

Some people just like hierarchies, I guess. :)

>There is, of course, no way to interpret the semantics of this electronically.

Of course not.  In the end, a human needs to make the decision based on
ASCII text.

>It will be interesting to see how various companies address this issue,
>for example as they start to support arbitrary CA's in browsers or servers
>while doing commerce over the web.

Yup.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      cme@tis.com    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBML3JY1QXJENzYr45AQHWIwP/VzoZuonIoMbIYHaA+noZpwnmNnxXc+jx
elJNQkHglyE7U1pBfC90s8IewujeG5T97v5g5e9bAXi/gysIPoguAXYSdIufvjz+
+WpCDrxn4UlfRzfOrTOgpZ1KQwPUllywOo1Yehd2h35ctJ8P7sa27mS/AEyET85E
rUvKlVpN/04=
=EhTO
-----END PGP SIGNATURE-----





Thread