Re: Trust chaining & finer-grained CA trust

Is Pat Richard enquiring re: what I interpret to be a grab for exclusive
power?  Is that "monopoly?"  Does that retain the inner-sanctum idea of
"open platform?"

Is winning a monopoly relevant?  Is this group not seeking the most
competent long-term resolution, irrespective of toolkit or patent control?

Should there be an additional period of time...2 weeks or a month, during
which to reflect on what is being driven home at this moment?

If this group were to express a desire for an extension of time and/or a
reconsideration of the proposal, who has the ultimate decision power?  The
individual at the outfit that will win the monopoly or someone else?

Is this the appropriate place to suggest a call for such a vote?  Do I have
the right to ask?

Ray Sarna

At 04:29 PM 2/7/97 -0800, you wrote:
>On Fri, 7 Feb 1997, Tom Weinstein wrote:
>> Mark Shuttleworth wrote:
>> > 
>> > Hiya
>> > 
>> > Perhaps I missed this bit,  but surely the UI on the browser should
>> > put big flashing warnings up before letting the user accept a
>> > chainable CA cert?
>> Nope.  If the CA issues a cert with the correct extension for the
>> navigator to trust it as a CA, we assume that they are delegating
>> issuing authority.  VeriSign uses this so that they can have multiple
>> CAs that actually issue certs descended from a single root CA that
>> just issues CA certs.
>> This makes a lot of sense from a security perspective.  The keys that
>> issue certs get used a lot, so they are most vulnerable to attack.  If
>> you expire them frequently and keep the only copy of the root key locked
>> up in a vault, for example, you reduce your exposure.
>Actually, it doesn't, with the respect to the question of this entire 
>thread, which is "Fine Grained Trust".
>By delegating authority with chains you end up with a PKI (all CA's
>participating in a chain with a single root) that either:
>1) forces all CAs to accept the "LCD" (lowest common denominator)
>with respect to trust (i.e. if a CA with low assurance is in the chain,
>then all CA's in that chain now have low assurance)
>2) force all CAs in that chain to be 100% compliant with the root
>CA's vetting policy, which is un-manageable and does not reflect
>real-world trust models.
>Alternatively, use a model where the CA's policies and signed and
>you have policy chains rather than CA cert chains.
>This way trust is not absolute and can actually exhibit "fine grained"
>features, like a PKI that can determine the assurance level of the
>2 parties involved.
>> -- 
>> You should only break rules of style if you can    | Tom Weinstein
>> coherently explain what you gain by so doing.      |
>Pat Richard

Received on Friday, 7 February 1997 21:04:37 UTC