RE: URL-level trust (was: Re: XKMS) from Jeremy Epstein on 2001-11-30 (www-xkms-ws@w3.org from November 2001)

From: Jeremy Epstein <jepstein@webmethods.com>
Date: Fri, 30 Nov 2001 12:20:18 -0500
To: <www-xkms-ws@w3c.org>
Message-ID: <NDBBICMMIMLFAPJFOHEBCEPAEMAA.jepstein@webMethods.com>

I've been watching from the sidelines, and haven't felt the need to jump in
until now.  After all, you folks are arguing quite nicely without my help
:-)

Thinking as an application provider, my application (e.g., web server,
integration server) doesn't particularly want to specify it's trusted roots,
and would much rather delegate that to an XKMS server.  After all, the
application administrators are probably specialists in their area, and not
really in PKI-type technologies.  So if I can avoid having the application
administrator configure any PKI-type operations, the world will be a safer
place.

However, I think it's equally true that not all applications will be
appropriate for the same set of trusted roots.  For example, my
micro-payments server might accept a certificate signed by any root
including Joe's Bar & Certificates, while my B2C server that sells books and
other medium value items (e.g., $10-1000) should accept a far broader set of
trusted roots, and my business payments server that's processing payments
for high value things (e.g., airplanes, battleships) will only accept a very
small set of trusted roots.  The business payments server might only accept
requests if the trusted root is someone like Identrus.  [Not to endorse
Identrus, but only to give an example of a (perceived) "high quality" CA.]

So I think it's important that a given XKMS server needs a way of providing
different grades of service to its clients.  I don't know whether this
should done by the client saying "please validate this certificate as a
grade 73B certificate" or whether the XKMS server should recognize a request
as coming from the business payments server and hence enforce a different
certificate policy.  If the former, the protocol needs some way of
expressing a request for a policy ("grade 73B"), but *not* sending a list of
trusted root certificates.  If the latter, it's a feature of the XKMS
server, and probably doesn't need to be standardized (i.e., the XKMS server
could determine the trusted roots to use based on the signature on the
request).

We now return to your regularly scheduled debate.

--Jeremy

Received on Friday, 30 November 2001 12:17:19 UTC