[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] trust profiles for XRD
No, I am not worried about the Certs. A Subject is usually not reused. I am just saying that we cannot rely on Domain alone. =nat ________________________________________ 差出人: Brian Eaton [beaton@google.com] 送信日時: 2008年12月19日 5:04 宛先: Sakimura Nat CC: Ben Laurie; George Fletcher; XRI TC 件名: Re: [xri] trust profiles for XRD The problem with the proposal is that it assumes that a transfer of ownership means that all previous data on the domain will be lost. - alice.name is owned by Small Company LLC, using one of these special new certificates that is promised to be non-reassignable. - Small Company LLC gets bought by another company. Can the new company get the Small Company LLC cert renewed? - Small Company LLC reincorporates in another country for tax reasons. Can they get the cert renewed? - What if Small Company LLC sells just the domain? - What if Small Company LLC goes bankrupt and the domain is bought at auction? - What if Small Company LLC accidentally lets the domain lapse and then renews it the next day? What if they renew it next year? - What if Small Company LLC has a data center catch fire and loses the private key? There is no magical way to address these policy issues. We can't build software (or a spec) that assumes magic will happen to address them. If you've got serious security concerns about reassigning certificates, my advice is not to use a PKI, and to give up on automatic rotation of keys. Use self-signed certs that you exchange with people you trust, using channels you trust. Or use a CA with policies around reassignment that you like. Cheers, Brian On Thu, Dec 18, 2008 at 8:50 AM, Sakimura Nat <n-sakimura@nri.co.jp> wrote: > For b), please refer to the post that I did a couple of minutes ago. > Simply put, it does not... well, it just means that we cannot use the raw DNS based uri as CanonicalID. > > Could you kindly elaborate a)? > > =nat > > ________________________________________ > 差出人: Brian Eaton [beaton@google.com] > 送信日時: 2008年12月19日 1:26 > 宛先: Sakimura Nat > CC: Ben Laurie; George Fletcher; XRI TC > 件名: Re: [xri] trust profiles for XRD > > Doing this would break > > a) key rotation. > b) legitimate reassignment of domains. > > On Thu, Dec 18, 2008 at 8:18 AM, Sakimura Nat <n-sakimura@nri.co.jp> wrote: >> One of the easiest way is to rely on a registry that makes sure that the identifier is not going to be recycled. >> Properly run CA's higher assurance cert's Subject is one such example. >> XRI registry's persistent XRI (i-numbers) is another example. >> >> Rest is as described in the previous mail. >> >> =nat >> >> ________________________________________ >> 差出人: Ben Laurie [benl@google.com] >> 送信日時: 2008年12月18日 16:53 >> 宛先: Sakimura Nat >> CC: George Fletcher; Brian Eaton; XRI TC >> 件名: Re: [xri] trust profiles for XRD >> >> On Thu, Dec 18, 2008 at 7:11 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote: >>> >>> >>> Ben Laurie wrote: >>>> >>>> On Wed, Dec 17, 2008 at 11:20 AM, Nat Sakimura <n-sakimura@nri.co.jp> >>>> wrote: >>>> >>>>> >>>>> Thanks Brian for the write up. >>>>> >>>>> I have added comments to the wiki. >>>>> >>>>> Basically, it is kind of unfortunate, in addition to what George has >>>>> pointed >>>>> out, if we consider the case of domain owner change into the scope, it >>>>> breaks. >>>>> >>>> >>>> Surely any signing scheme breaks if the owner of the signing authority >>>> can change? >>>> >>> >>> In a long run, a signing authority of the XRD and the owner of the domain >>> does not have to match. >>> Sining authority for my XRD that has my CanonicalID is me even if I lose the >>> authority over the domain. >> >> So how does this work? >> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]