OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [regrep] Vote on version 2.03 - ACTION ITEM


Message text written by "Munter, Joel D"
> 
My primary argument is, "financial and technological barriers to entry."
Certificate acquisition and management are not free and not trivial.  From
a
practical point, I may choose to make some things that I publish, purely
public and dsig just simply is not required.  I want to be able to choose
what I sign.  imho Signing entries should be optional.  It has been
suggested (by others) that the first two might be reconsidered in the V3
timeframe.
Joel <

>>>>>>>>>>

Joel,

I agree.   And from the implementation aspect - to just cover the issue
right now with V2+ - when a user signs up to the registry - their profile
could be given a default certificate - so if no external one is provided,
that internal one is used.   That moves the point of validation from the
remote system to the local registry firewall, login and session 
tracking mechanisms (as is currently the case).

I suspect in implementations most end users will have no idea
that any certificate processing is going on - unless they explicitly
want to override the default behaviour - and that brings us
back to your main issue - this HAS to be driven off the business
need for this.

If you treat the registry as a trusted source - where content can
only be modified by qualified staff - based on their verification
of content that has been placed in the "pending" queue - the 
need for certificates is more outbound in anycase - to protect
recipients of the information from the registry so they know it 
came from the trusted source.

A breech of security allowing corruption of registry content by
an external source is therefore not dependent on certificates,
but on the other mechanisms that control access to the registry
anyway... is you think I'm Suresh, sending you changes for
Suresh's account - you're going to accept 'em, eh?

Now who is it that's writing this email I wonder?

DW.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC