the idea of setting up a server that everyone in the world would trust was suggested in RFC 1422 (IPRA), in 1993.
It did not succeed terribly well then, and people have tended to look very skeptically upon ideas that require some sort of "single root" since then.
What's your reason to believe it could succeed this time?
--On 11. juni 2004 12:01 -0400 Sal Mangiapane <salm@xxxxxxxxxxxxxxxxxxxxx> wrote:
Hello Kevin and all,
I have been researching digital signatures in the hope of finding or starting a work to develop a scalable certificate authority server (CAS) system based on standards such as X.509v3 from the pkix working group and using domain names from DNS as the basis for tree rather than X.500 naming convention.
The PKI standards are stable and in current use today. This CAS system would provide services such as non-repudiation of servers for other applications to use. Initially, I see it used only for authentication. The CAS system could be extended for access control and encryption too.
For example (authentication), * DNS could use it to prevent name server IP spoofing. * e-Mail could use it to verify SMTP servers, sender and receiver email addresses (Similar to the Yahoo offering - privacy of valid email addresses must be supported). * VoIP in conjunction with ISP could use it to provide verifiable locations. * routers could support signing to provide a auditable traces for law enforcement, etc. (Lots of overhead - not recommended for general use). * IM could use it to prevent spoofing. * LDAP could be extended to become an organizations CAS authoritative server. For example ldap.example.com would provide public keys for example.com. I expect each working group would participate in their application's implementation.
The root of the trust could be a "Bridge" certification authority as defined in 1.4.4 within draft-ietf-pkix-certpathbuild-03.txt. Each TLD would be a "Principal" Certification Authority. The draft is found at www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-03.txt NOTE: the draft expires this month. Some RFCs refer to PKI implementations within their application such as: routers - RFC2154; IP - RFC1825; email - RFC1422, RFC1423, and RFC1424. This is why I thought a standardized platform would make sense. Consider DNS many applications rely upon DNS to provide their services. I see the same being true for CAS. Actually, I was hoping to find someone already working on this....
Is there a group working for goals like this? OR How do I make a presentation to IETF in order to begin a work?
Good day.
Does anyone know if there is any work going on within the IETF on E911 location services??? If there is, which working groups should we sign up to.
Regards
Kelvin
Something like this could fit into the E911 that you are researching.
Regards,
Sal
Salvatore Mangiapane
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf