ebxml-tp message

OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

Subject: Re: Certifcate element..RE: comments on cppml,v0.1.dtd


I am not interested in cert management either, but 
there seems to me to be a need to enable negotiated
(possibly dynamic) CPP->CPA that the identification
(if nothing else) of the certificates to be used
is required in the CPP and that for a CPA, that 
the certificates will at the very least need to be
identified if not "in-band" in the CPA.

This *does* raise an interesting point with which
I have been struggling. Storage of the user/password
information in a (possibly) public document such as 
the CPA is probably a bad idea;-) tpaML1.0.6 had
a means of storing this information in the
TPA, but I'm thinking that it should be removed.

The same problem does not exist for certificates 
because they don't expose the private bits, just
the public key needed to either encrypt or verify
a signature.

So, we *could* follow Krishna's suggestion and omit
the actual certs from the CPP/CPA, but I'd like
to have others on the ta-security list comment on
removal of the cert identification info, which I actually
feel would be quite useful.




Krishna Sankar wrote:
> Chris/Dale,
> > > > > We are in effect inventing yet another means
> > > > > of certificate distribution by obtaining
> > > > > certs from a CPA to store in a cert/crl cache.
> > > > >
>         This is what I am worried about - reinventing another PKI ! Do we really
> need the certinfo in the CPP ? For the first version can we say
> "out-of-band" certificate management and then take up this issue during next
> phase ? Also how are SMEs going to manage this ?
> cheers
org:Sun Microsystems, Inc;XTC Advanced Development
title:Sr. Staff Engineer
fn:Christopher Ferris

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC