[cabfpub] X.509 draft changes document
Erwann Abalea
erwann.abalea at keynectis.com
Wed Sep 11 19:05:30 UTC 2013
Isn't that the same paper that was presented in a previous work session?
Some mails have been exchanged here in april.
A central authority could be a trust broker, but certainly not the
CABForum (CABForum is composed of CAs and relying parties, the trust
broker is designed to be a different actor).
The role of a trust broker is to send back to the caller more data than
what is given by an SCVP server: validation status (not a boolean, but
some kind of assurance level), revocation status (CRLs, OCSP responses,
...), list of CA-constrained policies, liability limits (for example:
this certificate can't be used to sign contracts for more than 5kEUR),
certificate purposes, ...
The specific list isn't defined, the protocol isn't either.
I tried to find an extended version of the proposition, it seems it's a
thesis the author is working on since 2008.
--
Erwann ABALEA
Le 11/09/2013 10:35, Tony Rutkowski a écrit :
> Hi Ben,
>
> CA/B Forum participants might be interested
> in the attached document proposing changes
> to the ITU-T core X.509 document. These
> changes are being pursued by basically the
> two academics who are the only current
> participants in the group - one of whom also
> chairs the group and approves his own work.
> This material was just published after their
> meeting.
>
> Although few entities today actually use the
> ITU-T version of X.509, it is cited extensively
> by almost everyone for reference. What is
> occurring here, therefore, deserves some scrutiny.
> In particular, one of the academics is inserting his
> notion of an independent "trust broker" into the
> model. The definition is rather fuzzy. For example,
> would the Forum constitute a "trust broker"?
>
> --tony
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130911/bdf054c1/attachment-0003.html>
More information about the Public
mailing list