Warranty%20Certificate%20Extension%20draft-ietf-pkix-warranty-extn-01 - PowerPoint PPT Presentation

About This Presentation
Title:

Warranty%20Certificate%20Extension%20draft-ietf-pkix-warranty-extn-01

Description:

... a 'disclaimer of liability' instead of a 'warranty', since the CA is providing ... If the RP does not trust the CA, then the RP needs to know the T&C - therefore ... – PowerPoint PPT presentation

Number of Views:108
Avg rating:3.0/5.0
Slides: 9
Provided by: alic100
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Warranty%20Certificate%20Extension%20draft-ietf-pkix-warranty-extn-01


1
Warranty Certificate Extensiondraft-ietf-pkix-wa
rranty-extn-01
  • 55th IETF Meeting
  • November 2002

2
Purpose and use
  • Warranty certificate extension is non-critical
  • Warranty extension explicitly offers immediate
    evidence of CA warranty, thereby
  • Enhances confidence to encourage use of
    certificates
  • Automates this aspect of risk management for RP
  • Provides information on the warranty provided
  • Offers either
  • Base warranty, or
  • Explicit statement that there is no warranty
    (NULL),
  • Optionally offers extended warranty

3
Format Syntax
  • ASN.1 id-pe-warrantyData with OID
  • Choice NULL or information on base warranty
  • Non-null warranty MUST include base warranty
    information
  • Non-null warranty may include extended warranty
  • Warranty period before/after parameters
  • Warranty value using ISO 4217 currency
    identifiers
  • amount / (10 amtExp10)

4
Warranty Type
  • Aggregated (0) claims are fulfilled until a
    ceiling value is reached after that, no further
    claims are fulfilled.
  • Per-transaction (1) a ceiling value is imposed
    on each claim, but each transaction is considered
    independently.

5
Optional qualifiers
  • WarrantyData
  • Extended WarrantyInfo OPTIONAL
  • Extended warranty information, with period, value
    and type
  • WarrantyData
  • tcURL TermsAndConditionsURL OPTIONAL
  • Terms and conditions pointer to CP or specific
    TC about warranty
  • The pointer is always a URL
  • URL MUST be a non-relative URL
  • MUST follow the URL syntax and encoding rules
    specified in RFC 1738

6
Benefits
  • Relying Party
  • Evidence of a warranty will give the relying
    party confidence that compensation is possible
  • Risk may be reduced by the presence of a warranty
    extension with an explicit warranty stated
  • Risk may be reduced by the presence of a warranty
    extension with NULL
  • Supports automated risk decisions
  • Explicit warranty if harmed by incorrect
    certificate
  • Specified maximum
  • Specified validity period
  • Subscriber
  • Potential for greater acceptance of certificate
  • CA
  • Potential to increase certificate acceptance in
    ecommerce-related applications

7
Issues
  • Should the extension be called a disclaimer of
    liability instead of a warranty, since the CA
    is providing warranty only up to a certain point,
    above which it does not offer a warranty Is
    this a disclaimer of liability? (half-full vs.
    half-empty)
  • Should tcURL be mandatory? If absent in the
    extension, then this could imply trust in the CA
    The RP trusts the CA - and then, may not need a
    warranty. If the RP does not trust the CA, then
    the RP needs to know the TC - therefore tcURL
    must be present. OTOH if tcURL is optional, then
    trust in the extension itself is implied This
    may be sufficient for the RP, or the RP may go to
    the TC.

8
Path forward
  • Revise 01 and issue 02, addressing comments
    received
  • E.g., clarify text re warranty vs. liability
  • Issues arising to be resolved via pkix list
Write a Comment
User Comments (0)
About PowerShow.com