headers
Masaki SHIMAOKA | 12 Jul 2005 03:41
Picon

Re: Asking to review multi-domain PKI interoperability I-D

Sorry, you can get our I-D from below:
http://www.ietf.org/internet-drafts/draft-shimaoka-multidomain-pki-05.txt

On Tue, 12 Jul 2005 10:38:33 +0900
Masaki SHIMAOKA <shimaoka <at> secom.ne.jp> wrote:

> Hi all,
> 
> Nelson and I are developing a memorandum, as an individual I-D, that
> tries to capture the necessary issues for the deployment of multi-domain
> PKIs. We would like to ask the SAAG ML to review the I-D as an initial
> step towards publishing the I-D as an informational RFC or BCP.
> 
> This I-D appears to be out of scope for the PKIX WG because most of the
> issues are not technical but operational. However to achieve
> interoperability across different PKIs, a consensus of the operational
> issues for multi-domain PKIs that should be considered is needed.
> 
> This I-D has been developed based on knowledge derived from various PKI
> interoperability experiences such as Japanese Government PKI and US
> Federal PKI. Therefore, we hope to publish as an informational RFC or
> BCP, and when multi-domain PKI interoperability issues crop up the
> document can provide some advice and guidance.
> 
> Thanks,
> -- shima

--

-- 
Masaki SHIMAOKA <shimaoka <at> secom.ne.jp>
SECOM IS Lab.
(Continue reading)

Permalink | Reply |
headers
Jeff Williams | 12 Jul 2005 09:43
Picon

Re: Re: Asking to review multi-domain PKI interoperability I-D

Masaki and all,

  A couple of questions for now.  I will likely have others later...

  What is the criterion for a definition of "Distinguished Names"
as referred to below?

  Is there any consideration for other interoperability for other
in use and trusted PKI certs that are not X.509 based?

Masaki SHIMAOKA wrote:

> Sorry, you can get our I-D from below:
> http://www.ietf.org/internet-drafts/draft-shimaoka-multidomain-pki-05.txt
>
> On Tue, 12 Jul 2005 10:38:33 +0900
> Masaki SHIMAOKA <shimaoka <at> secom.ne.jp> wrote:
>
> > Hi all,
> >
> > Nelson and I are developing a memorandum, as an individual I-D, that
> > tries to capture the necessary issues for the deployment of multi-domain
> > PKIs. We would like to ask the SAAG ML to review the I-D as an initial
> > step towards publishing the I-D as an informational RFC or BCP.
> >
> > This I-D appears to be out of scope for the PKIX WG because most of the
> > issues are not technical but operational. However to achieve
> > interoperability across different PKIs, a consensus of the operational
> > issues for multi-domain PKIs that should be considered is needed.
> >
(Continue reading)

Permalink | Reply |
headers
Masaki SHIMAOKA | 12 Jul 2005 17:43
Picon

Re[2]: Re: Asking to review multi-domain PKI interoperability I-D

Jeff,

Thanks for your interesting.

Basically we focus on only PKI certs based on X.509 and RFC 3280,
because our focused issues are caused by some certificate extensions on
X.509 certs.

That is, 
>   What is the criterion for a definition of "Distinguished Names"
> as referred to below?

We have been working under the assumption of X.509 certificate and DN as
defined in X.509.

And,
>   Is there any consideration for other interoperability for other
> in use and trusted PKI certs that are not X.509 based?
Currently there is no consideration for other PKI certs that are not
X.509 based.
But if we should have considerations for other interoperability issues
with other technology, please show us your concerns.
If necessary, we may have to consider other interoperability with other
PKI certs that are not X.509 based.

Anyway, we must clear way firstly for the interoperability between X.509
based PKIs.

Thanks,
-- shima
(Continue reading)

Permalink | Reply |
headers
Jeff Williams | 13 Jul 2005 04:29
Picon

Re: Re: Asking to review multi-domain PKI interoperability I-D

Masaki sama and all,

  The best way for me to respond would be for me to invite you to
view this webcast:
 http://itw.itworld.com/GoNow/a15565a131456a75352868a0
It should give you at least some insight as to bridging the PKI
gap.

Masaki SHIMAOKA wrote:

> Jeff,
>
> Thanks for your interesting.
>
> Basically we focus on only PKI certs based on X.509 and RFC 3280,
> because our focused issues are caused by some certificate extensions on
> X.509 certs.
>
> That is,
> >   What is the criterion for a definition of "Distinguished Names"
> > as referred to below?
>
> We have been working under the assumption of X.509 certificate and DN as
> defined in X.509.
>
> And,
> >   Is there any consideration for other interoperability for other
> > in use and trusted PKI certs that are not X.509 based?
> Currently there is no consideration for other PKI certs that are not
> X.509 based.
(Continue reading)

Permalink | Reply |
headers
Masaki SHIMAOKA | 14 Jul 2005 09:44
Picon

Re[2]: Re: Asking to review multi-domain PKI interoperability I-D

Jeff,

Thank you for valuable information from another point of view.

I guess that you probably want to suggest introducing several
technology other than PKI.  I can understand such suggestion.

Of course I know there are many technologies other than PKI in the world. 
And I do not contradict them, we should be able to choose several
technologies.

But, as the same as one of them, PKI also should be improved to enhance
our convenience.  So we propose to make a consensus for multi-domain PKI
interoperability, as PKI engineer.  It is just same as an improvement
for other technologies.

The focus of the I-D is to help PKI engineers trying to implement/deploy
multi-domain PKI.  The I-D should keep to focus on helping PKI engineers,
though I do not contradict other alternative technologies.

Thanks,
-- shima

On Tue, 12 Jul 2005 19:29:06 -0700
Jeff Williams <jwkckid1 <at> ix.netcom.com> wrote:

> Masaki sama and all,
> 
>   The best way for me to respond would be for me to invite you to
> view this webcast:
(Continue reading)

Permalink | Reply |

Gmane