RE: policy stuffing from Hallam-Baker, Phillip on 2002-12-03 (www-xkms@w3.org from December 2002)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Tue, 3 Dec 2002 08:32:54 -0800
To: stephen.farrell@baltimore.ie, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: Daniel Ash <dash@68summit.com>, Just.Mike@tbs-sct.gc.ca, reagle@w3.org, www-xkms@w3.org
Message-ID: <CE541259607DE94CA2A23816FB49F4A34D6143@vhqpostal6.verisign.com>

> Ok, we've eliminated issue#2 (degrees of freedom), but what's the 
> answer to issue#1 after we do this? I.e. 
> 
>         Alice: Locate keys for Fred
>         Responder: Here's Fred's key1 for UseKeyWith p1,p2,p3 and 
>         his other key2 for p4,p5
>         (Alice wants to encrypt to fred)
>         Alice: Validate Fred's key1 for <<UseKeyWith stuff>>
> 
> What does the naive client, who has no idea of what p1-5 represent,
> put in between the <<>> ?

The naive client has to operate off applications, not policies. So
look for the key that is labeled for use with S/MIME or whatever you
want to use.

The configuration you propose is not one I believe is suited to the
completely naive client where surely chaining with the Validate service
doing the locate would be the configuration of choice.

What is the point of having the client do a Locate if it does not have
any comprehension whatsoever of the data returned?


		Phill

Received on Tuesday, 3 December 2002 11:33:04 UTC