RE: policy stuffing from Blair Dillaway on 2002-12-03 (www-xkms@w3.org from December 2002)

From: Blair Dillaway <blaird@exchange.microsoft.com>
Date: Tue, 3 Dec 2002 10:04:04 -0800
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, <stephen.farrell@baltimore.ie>
Cc: "Daniel Ash" <dash@68summit.com>, <Just.Mike@tbs-sct.gc.ca>, <reagle@w3.org>, <www-xkms@w3.org>
Message-ID: <0A0B36F65A314D4AB8D2CF1D1FD835F1A2382D@df-muttley.dogfood>

I like the idea that policies are expressed as UseKeyWith elements for
those folks who feel obliged to provide them.

Also in basic agreement with Phill position on what a client is supposed
to do with them.  The typical client won't have any idea what these
mean, at least not any more than clients actually make use of X509 CA
CPSes in making decisions today.  So, in the typical case I expect these
policy qualifiers are just advisory info the XKMS service felt obligated
to insert in its responses.  The client wouldn't include them in a
subsequent validate request.

The only time the policy qualifiers are useful is if a client
application is specifically written with knowledge of some
key-certification policy.  For example, some banking app might be
designed to only use keys meeting the 'P$$' policy.  In this case, it
would look for keys which have a UseKeyWith P$$ qualifier and would
likley include this in a validate request.  In this case the P$$ policy
is an application specific usage indicator just like a UseKeyWith S/MIME
might be for an email program.

Back to Steve's question, I believe the spec should indicate clients
aren't required to use policy qualifiers they don't understand.  They
may use those they do understand.

Blair
 
-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com] 
Sent: Tuesday, December 03, 2002 8:33 AM
To: stephen.farrell@baltimore.ie; Hallam-Baker, Phillip
Cc: Daniel Ash; Just.Mike@tbs-sct.gc.ca; reagle@w3.org; www-xkms@w3.org

> Ok, we've eliminated issue#2 (degrees of freedom), but what's the 
> answer to issue#1 after we do this? I.e.
> 
>         Alice: Locate keys for Fred
>         Responder: Here's Fred's key1 for UseKeyWith p1,p2,p3 and 
>         his other key2 for p4,p5
>         (Alice wants to encrypt to fred)
>         Alice: Validate Fred's key1 for <<UseKeyWith stuff>>
> 
> What does the naive client, who has no idea of what p1-5 represent, 
> put in between the <<>> ?

The naive client has to operate off applications, not policies. So look
for the key that is labeled for use with S/MIME or whatever you want to
use.

The configuration you propose is not one I believe is suited to the
completely naive client where surely chaining with the Validate service
doing the locate would be the configuration of choice.

What is the point of having the client do a Locate if it does not have
any comprehension whatsoever of the data returned?


		Phill

Received on Tuesday, 3 December 2002 13:05:02 UTC