[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: comments on <draft-ietf-spki-cert-theory-02.txt>

To: 'Mark Wahl' <M.Wahl@INNOSOFT.COM>
Subject: RE: comments on <draft-ietf-spki-cert-theory-02.txt>
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Date: Wed, 15 Jul 1998 10:27:19 +1000
Cc: ietf-ldapext@netscape.com
Resent-date: Tue, 14 Jul 1998 17:28:28 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"GUOIm.0.0s1.fU_gr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Thanks for that mark - I will supply the comments to that list - But is
there any concern that in one list  "interface mechanisms" such as TLS,
SASL are being developed and in another list or lists the very
management system that supports such systems and permits or denies those
mechanisms to work and scale are at odds....

We now have TLS embedded as extensions to LDAP - will they also get
embedded as extensions in SMTP, HTTP, FTP, etc,  in the same way? Will
all these protocols have different algorithms in each interface - will
all these combinations have the same key management and certificate
regimes....What will a client software do to authenticate with these
services.. How will we replicate a clients public key and the users
directory entry - to support all these things. 

Where is the "architecture"...?

My comments apply - If LDAPext is promoting security mechanisms for the
internet which seem at odds with ANY of the key management proposals but
at the same time are dependent on them - then the mess should be
avoided.

regards alan


> -----Original Message-----
> From:	Mark Wahl [SMTP:M.Wahl@INNOSOFT.COM]
> Sent:	Wednesday, 15 July 1998 3:35
> To:	Alan Lloyd
> Cc:	ietf-ldapext@netscape.com
> Subject:	Re: comments on <draft-ietf-spki-cert-theory-02.txt>
> 
> 
> > In light of the work on security re authentication, access controls
> and
> > TLS and SASL, etc I thought I would comment on this doc on this list
> -
> > as it could affect the work - Badly
> 
> Alan, 
> 
> In the IETF each working group establishes a mailing list for the
> discussion
> of the specifications being developed in that working group.  For
> LDAPEXT 
> it is the list ietf-ldapext@netscape.com.  For the SPKI working group
> it is 
> the list spki@c2.net.  Information on subscribing to the SPKI mailing
> list
> can be found at their charter page,
> 
> http://www.ietf.org/html.charters/spki-charter.html
> 
> I would suggest that it might be better for these comments to be sent
> to the
> authors of the document or to a mailing list associated with the SPKI
> working 
> group, since probably few of the SPKI participants are reading the
> LDAPEXT 
> mailing list, and vice versa few of the LDAPEXT readers are working on
> SPKI.
> 
> Also you will find that there are two working groups in the security
> area
> who have been chartered to develop specifications relating to the
> public key
> infrastructure.  PKIX's charter is focused on developing solutions
> based 
> around X.509v3 certificates.  SPKI's charter does not specify X.509,
> and 
> therefore proposals in that working group have been developed with
> different
> goals, requirements and approaches than those which began with X.500.
> 
> Mark Wahl, Directory Product Architect
> Innosoft International Inc.
>

Follow-Ups:
- Re: comments on <draft-ietf-spki-cert-theory-02.txt>
  - From: Mark Wahl <M.Wahl@INNOSOFT.COM>

Prev by Date: Re: comments on <draft-ietf-spki-cert-theory-02.txt>
Next by Date: comments on TLS and text in Authmeth
Index(es):
- Chronological
- Thread