On 09/21/2013 06:46 PM, David Chadwick wrote: > Hi Stephen > > you are an AD for the IETF so this is your constituency. Clearly one > would expect you to know what folks who attend IETF meetings want. > > But Erik is the editor for X.509 so his constituency is somewhat > different to yours, so he is best placed to answer the motivation question.
I'd really like to know that answer. > I can tell you that ACs are not ubiquitously ignored. We still have over > a thousand downloads per year of our PERMIS opensource infrastructure, > with new people enrolling each month. (I have recently compiled a list > of the top 20 IP addresses of those requesting the software, and you > might be surprised at the answer). > > FYI I have already offered to help Tim (yesterday) Great! Thanks, S. > > regards > > David > > On 21/09/2013 17:07, Stephen Farrell wrote: >> >> Hiya David, >> >> On 09/21/2013 04:32 PM, David Chadwick wrote: >>> >>> >>> On 21/09/2013 13:48, Stephen Farrell wrote: >>>> >>>> Not sure what the question is really, but I absolutely >>>> do wonder why anyone would consider it a good plan to >>>> change specs like x.509 apparently without there being >>>> any implementers who want those changes. >>>> >>>> Luckily, rfc 5280 has all you need anyway so its not >>>> that important any more if x.509 changes. >>> >>> Yes for PKCs, but it does not address Erik's point which is about ACs >> >> He asked about ACs, I asked about motivation. Mine is >> a real question btw, I really don't get why its useful >> to keep messing with x.509, nor why folks want to do >> that when no implementers afaik want them to. If you >> know the answer, I'd love to hear it. >> >> Also, Tim just sent a mail looking for editors in this >> wg. Doing that would seem to me to be far more beneficial >> to all interested in PKI. >> >> As for ACs, rfc 5755 does the job there, but is afaik >> almost ubiquitously ignored. In the 20 or so years >> since I started working with attribute certs (*) every >> single proposed use-case turned out to have a better >> non-AC approach. But maybe I've just been (un)lucky;-) >> >> Cheers, >> S. >> >> (*) They were called PACs back then, based on ETSI TR/46. >> The x.509 flavour ACs were added some time later. >> >>> >>> David >>>> >>>> S >>>> >>>> On 09/21/2013 01:42 PM, Tony Rutkowski wrote: >>>>> does anyone have any druthers here for >>>>> Erik who is trying to update the old >>>>> X.509 spec? >>>>> >>>>> --tony >>>>> >>>>> >>>>> -------- Original Message -------- >>>>> Subject: [T17Q11] Attribute certificate path >>>>> Date: Sat, 21 Sep 2013 14:10:20 +0200 >>>>> From: Erik Andersen <[email protected]> >>>>> To: <[email protected]> >>>>> >>>>> >>>>> >>>>> Hi Folks, >>>>> >>>>> I noticed that 12.2 of X.509 talks about attribute certificate path. >>>>> However, the associated ASN.1 is a data type is called >>>>> AttributeCertificationPath. As we for public-key certificates talk >>>>> about >>>>> certification path, it seems reasonable to use the term "attribute >>>>> certification path" rather that "attribute certificate path". >>>>> >>>>> I also noticed that the ASN.1 indicates that the path is bottom up >>>>> rather top down: >>>>> >>>>> AttributeCertificationPath ::= SEQUENCE { >>>>> >>>>> attributeCertificate AttributeCertificate, >>>>> >>>>> acPath SEQUENCE OF ACPathData OPTIONAL, >>>>> >>>>> ... } >>>>> >>>>> Please come back with comments. >>>>> >>>>> Erik >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> wpkops mailing list >>>>> [email protected] >>>>> https://www.ietf.org/mailman/listinfo/wpkops >>>>> >>>> _______________________________________________ >>>> wpkops mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/wpkops >>>> >>> _______________________________________________ >>> wpkops mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/wpkops >>> >>> > _______________________________________________ > wpkops mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/wpkops > > _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
