[1335] in cryptography@c2.net mail archive
PKIX Part 3 REQUIRES SUPPORT OF KEY RECOVERY?
daemon@ATHENA.MIT.EDU (Rodney Thayer)
Fri Aug 15 10:13:12 1997
Date: Fri, 15 Aug 1997 07:39:04 -0400
To: cryptography@c2.net
From: Rodney Thayer <rodney@sabletech.com>
(This is a note I posted on the PKIX (Public Key Infrastructure) mailing
list. I would be interested in comments on this document -- the draft is
<ftp://ds.internic.net/internet-drafts/draft-ietf-pkix-ipki3cmp-02.txt>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>It seems to me that PKIX Part 3, section 2.2.2.1 "Centralised scheme"
>requires that a conformant implementation support the capability of
>generating the private key at the CA. This means that a conformant
>implementation essentially is required to implement key recovery.
>
>I do not think that this conforms to IETF practice and I certainly do
>not want to require CA implementations to support this capability.
>If for some reason someone wants to implement this I can see it being
>an optional feature but I do not think it is an acceptable mandatory
>requirement.
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP for Personal Privacy 5.0
>Charset: noconv
>
>iQCVAwUBM/Ph38KmlvJNktGxAQGM4AP6AxwWoXMuNo13f2tHxAb85eo4eCHSfE0D
>OVvEqv3LrYyctkKULPkDb3IQKwEVkrba5EEVvFytyblgROh12eftgIfndqQWQyca
>LLiUXZemSS59lD+gI0TFaqayOvAGJenN3SdxJDaQ6eiY04vjoxrLZ9/aX3/lnzYC
>efAB14L23Eg=
>=3M+q
>-----END PGP SIGNATURE-----
>
>
>
