[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PKIX Part 3 REQUIRES SUPPORT OF KEY RECOVERY?
--- begin forwarded text
X-Authentication-Warning: blacklodge.c2.net: majordom set sender to
[email protected] using -f
X-PGP-Key: <http://www1.shore.net/~sable/info/rltkey.htm>
X-Sender: [email protected]
Date: Fri, 15 Aug 1997 07:39:04 -0400
To: [email protected]
From: Rodney Thayer <[email protected]>
Subject: PKIX Part 3 REQUIRES SUPPORT OF KEY RECOVERY?
Mime-Version: 1.0
Sender: [email protected]
(This is a note I posted on the PKIX (Public Key Infrastructure) mailing
list. I would be interested in comments on this document -- the draft is
<ftp://ds.internic.net/internet-drafts/draft-ietf-pkix-ipki3cmp-02.txt>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>It seems to me that PKIX Part 3, section 2.2.2.1 "Centralised scheme"
>requires that a conformant implementation support the capability of
>generating the private key at the CA. This means that a conformant
>implementation essentially is required to implement key recovery.
>
>I do not think that this conforms to IETF practice and I certainly do
>not want to require CA implementations to support this capability.
>If for some reason someone wants to implement this I can see it being
>an optional feature but I do not think it is an acceptable mandatory
>requirement.
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP for Personal Privacy 5.0
>Charset: noconv
>
>iQCVAwUBM/Ph38KmlvJNktGxAQGM4AP6AxwWoXMuNo13f2tHxAb85eo4eCHSfE0D
>OVvEqv3LrYyctkKULPkDb3IQKwEVkrba5EEVvFytyblgROh12eftgIfndqQWQyca
>LLiUXZemSS59lD+gI0TFaqayOvAGJenN3SdxJDaQ6eiY04vjoxrLZ9/aX3/lnzYC
>efAB14L23Eg=
>=3M+q
>-----END PGP SIGNATURE-----
>
>
>
--- end forwarded text
-----------------
Robert Hettinga ([email protected]), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/