[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The future will be easy to use


>From: Rich Salz <[email protected]>
>Date: Wed, 29 Nov 1995 08:54:33 -0500

>Bingo!  This is one of the hard parts of certificate authorities; just
>what are you attesting to?  The American Bar Association has a big document
>for public review that addresses what this might mean; there are a couple
>of RFC's that specify CA policies (one from COST in Sweden, I think), and
>RSA and/or Verisign will give you their policy in hardcopy.
>In x.509v3 certificates, there is an extensible field where the key-signer
>can put arbitrary data.  The intent is apparently that you put the ISO
>object-ID (you know, those funny numbers) of the policy

Ah, yes.  Here's another example of the problem with ASN.1.  That field
could equivalently be just a URL for the policy document (or, if short
enough, the policy itself).  However, ASN.1 seduced folks into indirecting
this through some object ID -- bringing all these documents into the one
master hierarchy of things in the world.

Some people just like hierarchies, I guess. :)

>There is, of course, no way to interpret the semantics of this electronically.

Of course not.  In the end, a human needs to make the decision based on
ASCII text.

>It will be interesting to see how various companies address this issue,
>for example as they start to support arbitrary CA's in browsers or servers
>while doing commerce over the web.


 - Carl

|Carl M. Ellison      [email protected]    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |

Version: 2.6.2