--- begin forwarded text X-Authentication-Warning: blacklodge.c2.net: majordom set sender to owner-cryptography@c2.org using -f X-PGP-Key: <http://www1.shore.net/~sable/info/rltkey.htm> X-Sender: rodney@pop3.pn.com Date: Fri, 15 Aug 1997 07:39:04 -0400 To: cryptography@c2.net From: Rodney Thayer <rodney@sabletech.com> Subject: PKIX Part 3 REQUIRES SUPPORT OF KEY RECOVERY? Mime-Version: 1.0 Sender: owner-cryptography@c2.net (This is a note I posted on the PKIX (Public Key Infrastructure) mailing list. I would be interested in comments on this document -- the draft is <ftp://ds.internic.net/internet-drafts/draft-ietf-pkix-ipki3cmp-02.txt>

-----BEGIN PGP SIGNED MESSAGE-----

It seems to me that PKIX Part 3, section 2.2.2.1 "Centralised scheme" requires that a conformant implementation support the capability of generating the private key at the CA. This means that a conformant implementation essentially is required to implement key recovery.

I do not think that this conforms to IETF practice and I certainly do not want to require CA implementations to support this capability. If for some reason someone wants to implement this I can see it being an optional feature but I do not think it is an acceptable mandatory requirement.

-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv

iQCVAwUBM/Ph38KmlvJNktGxAQGM4AP6AxwWoXMuNo13f2tHxAb85eo4eCHSfE0D OVvEqv3LrYyctkKULPkDb3IQKwEVkrba5EEVvFytyblgROh12eftgIfndqQWQyca LLiUXZemSS59lD+gI0TFaqayOvAGJenN3SdxJDaQ6eiY04vjoxrLZ9/aX3/lnzYC efAB14L23Eg= =3M+q -----END PGP SIGNATURE-----

--- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/