"Deacon, Alex" <[EMAIL PROTECTED]> writes: > Do you have any suggestions as to how the setting of these OCSP time > values should be done? I guess its not clear to me why you feel the > CA's need to agree on this. Why wouldn't the client simply make its > decision based on its local time (which I agree may be far from > correct) and the values in the response? Clients make these > decisions every day with certs, so why would OCSP responses be any > different? Is it the "producedAt" time that confuses the issue? > > Regarding the various trust models, I agree there are too many > choices. The "delegated" trust model is the only one that really > makes sense in for large consumer facing PKI's in my opinion.
one of the issues in the CRL push model ... is that its the relying party which is judging the risk (sort of the inverse of trust) ... and they know the basis of their dynamic risk parameters ... one issue is that as the value of the transaction goes up ... the risk goes up. the other is that the longer the time interval ... the bigger the risk. the problem was that since it is the relying party that is taking the risk ... and understands their own situation ... it should be they that decide the parameters of their risk operation ... i.e. as the value of the transaction goes up ... they may want to reduce risk in other ways ... which might include things like trust time windows. in normal traditional business scenario ... the relying party is the one deciding how often they might contact 3rd party trust agencies (i.e. example like credit bureaus). PKI/certificate operations have frequently totally inverting standard business trust processes. instead of the relying party being able to make contractual agreements and make business decisions supporting their risk & trust decisions .... the key owner has the contractual agreement with any 3rd party trust operation (i.e. the key owner buys a certificate from the CA). The digital certificate model has been targeted at the offline business situation where the relying party had no other recourse to the real information (sort of the letters of credit scenario from the sailing ship days). This sort of continued to exist in market niches where the value of the operation didn't justify the relying party having direct and timely access to the real information. The problem was that as the internet as become more & more ubiquitous and as the cost of direct and timely access to the real information has dropped ... digital certificates are finding the low/no-value market segment shrinking (as the cost of direct access to the real information drops, relying parties can justify using real information in place of stale, static certificates for lower & lower valued operations). A problem facing a PKI/certificate model is that 1) business solution that was designed to solve a problem that is rapdily disappearing ... relying party unable and/or couldn't justify direct and timely access to the real information (in lieu of stale, static certificate information) 2) tends to have been deployed where the contractual business relationships didn't follow common accepted business practices. >From a different standpoint ... rather than having propogated trust pushed to the relying party ... the standard business model has the relying party making the decision about the required level of integrity and trust for the business at hand and then tends to pull the information whenever economically and practically feasable. The original PKI/certificate model was targeted at the market segment where the relying party didn't have recourse that was practically feasable (for timely and direct access to the real information). As the practical issues of direct and timely access to the real information have been deployed, PKI/certificate business operations have attempted to move into the market segment where it may still not be economically justified for the relying party to have direct and timely access to the real information (and where the relying party has direct business control over those operations). However, with not only ubiquitous, online environment coming about ... but the rapid decline in the cost of ubiquitous online environment ... it is easier and easier for relying parties to justify direct and timely access to the real information .... leaving the no-value market niche for the PKI/certificate business operation. One business downside is that when trying to address the no-value market niche ... it may be difficult to convince relying parties to pay very much for certificates in support of no-value operations. -- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
