At 12:13 AM -0700 3/12/08, Christopher LILJENSTOLPE wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Greetings, > > That may be the case, however, that is sort-of like saying >that the IETF is protecting yourself from yourself.
no, its not. The IETF (via PKIX) published the overall format for a CP or a CPS years ago, later updated it, and this format is widely adopted. What I said was that an organization operating a PKI can reduce its potential liability by publishing a CPS consistent with this format. > I would assume that anyone spinning up a PKI infrastructure >would have some internal legal review. Their lawyers will, I'm >sure, have something to say about that. yes, and a lawyer who is knowledgeable about PKI issues will generally recommend publishing a CPS based on RFC 3647. > Maybe publish a BCP that states that a CPS or it's equivalent >MAY be recommended, but if someone want's to fly by dead-reckoning, >more power to them... > It's not clear that the IETF should offer this sort of legal advice. Steve _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
