<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Isn't that the same paper that was
presented in a previous work session? Some mails have been
exchanged here in april.<br>
<br>
A central authority could be a trust broker, but certainly not the
CABForum (CABForum is composed of CAs and relying parties, the
trust broker is designed to be a different actor).<br>
<br>
The role of a trust broker is to send back to the caller more data
than what is given by an SCVP server: validation status (not a
boolean, but some kind of assurance level), revocation status
(CRLs, OCSP responses, ...), list of CA-constrained policies,
liability limits (for example: this certificate can't be used to
sign contracts for more than 5k€), certificate purposes, ...<br>
The specific list isn't defined, the protocol isn't either.<br>
<br>
I tried to find an extended version of the proposition, it seems
it's a thesis the author is working on since 2008.<br>
<br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
Le 11/09/2013 10:35, Tony Rutkowski a écrit :<br>
</div>
<blockquote cite="mid:52302B49.5060407@yaanatech.com" type="cite">Hi
Ben,
<br>
<br>
CA/B Forum participants might be interested
<br>
in the attached document proposing changes
<br>
to the ITU-T core X.509 document. These
<br>
changes are being pursued by basically the
<br>
two academics who are the only current
<br>
participants in the group - one of whom also
<br>
chairs the group and approves his own work.
<br>
This material was just published after their
<br>
meeting.
<br>
<br>
Although few entities today actually use the
<br>
ITU-T version of X.509, it is cited extensively
<br>
by almost everyone for reference. What is
<br>
occurring here, therefore, deserves some scrutiny.
<br>
In particular, one of the academics is inserting his
<br>
notion of an independent "trust broker" into the
<br>
model. The definition is rather fuzzy. For example,
<br>
would the Forum constitute a "trust broker"?
<br>
<br>
--tony<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a></pre>
</blockquote>
<br>
</body>
</html>