1 / 8

Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01

Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01. 55 th IETF Meeting November 2002. Purpose and use. Warranty certificate extension is non-critical Warranty extension explicitly offers immediate evidence of CA warranty, thereby

harry
Download Presentation

Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Warranty Certificate Extensiondraft-ietf-pkix-warranty-extn-01 55th IETF Meeting November 2002

  2. Purpose and use • Warranty certificate extension is non-critical • Warranty extension explicitly offers immediate evidence of CA warranty, thereby • Enhances confidence to encourage use of certificates • Automates this aspect of risk management for RP • Provides information on the warranty provided: • Offers either: • Base warranty, or • Explicit statement that there is no warranty (NULL), • Optionally offers extended warranty

  3. Format & Syntax • ASN.1 id-pe-warrantyData with OID • Choice: NULL or information on base warranty • Non-null warranty MUST include base warranty information • Non-null warranty may include extended warranty • Warranty period – before/after parameters • Warranty value – using ISO 4217 currency identifiers • amount / (10 ** amtExp10)

  4. Warranty Type • Aggregated (0): claims are fulfilled until a ceiling value is reached; after that, no further claims are fulfilled. • Per-transaction (1): a ceiling value is imposed on each claim, but each transaction is considered independently.

  5. Optional qualifiers • WarrantyData • Extended WarrantyInfo OPTIONAL: • Extended warranty information, with period, value and type • WarrantyData • tcURL TermsAndConditionsURL OPTIONAL • Terms and conditions pointer – to CP or specific T&C about warranty • The pointer is always a URL • URL MUST be a non-relative URL • MUST follow the URL syntax and encoding rules specified in RFC 1738

  6. Benefits • Relying Party: • Evidence of a warranty will give the relying party confidence that compensation is possible • Risk may be reduced by the presence of a warranty extension with an explicit warranty stated • Risk may be reduced by the presence of a warranty extension with NULL • Supports automated risk decisions • Explicit warranty if harmed by incorrect certificate: • Specified maximum • Specified validity period • Subscriber: • Potential for greater acceptance of certificate • CA: • Potential to increase certificate acceptance in ecommerce-related applications

  7. Issues • Should the extension be called a “disclaimer of liability” instead of a “warranty”, since the CA is providing warranty only up to a certain point, above which it does not offer a warranty – Is this a disclaimer of liability? (half-full vs. half-empty) • Should tcURL be mandatory? If absent in the extension, then this could imply trust in the CA: The RP trusts the CA - and then, may not need a warranty. If the RP does not trust the CA, then the RP needs to know the T&C - therefore tcURL must be present. OTOH if tcURL is optional, then trust in the extension itself is implied – This may be sufficient for the RP, or the RP may go to the T&C.

  8. Path forward • Revise –01 and issue –02, addressing comments received • E.g., clarify text re warranty vs. liability • Issues arising to be resolved via pkix list

More Related