Presentation is loading. Please wait.

Presentation is loading. Please wait.

Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01 55 th IETF Meeting November 2002.

Similar presentations


Presentation on theme: "Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01 55 th IETF Meeting November 2002."— Presentation transcript:

1 Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01 55 th IETF Meeting November 2002

2 2 Purpose and use Warranty certificate extension is non-critical Warranty extension explicitly offers immediate evidence of CA warranty, thereby –Enhances confidence to encourage use of certificates –Automates this aspect of risk management for RP Provides information on the warranty provided: –Offers either: Base warranty, or Explicit statement that there is no warranty (NULL), –Optionally offers extended warranty

3 3 Format & Syntax ASN.1 id-pe-warrantyData with OID Choice: NULL or information on base warranty Non-null warranty MUST include base warranty information Non-null warranty may include extended warranty Warranty period – before/after parameters Warranty value – using ISO 4217 currency identifiers –amount / (10 ** amtExp10)

4 4 Warranty Type Aggregated (0): claims are fulfilled until a ceiling value is reached; after that, no further claims are fulfilled. Per-transaction (1): a ceiling value is imposed on each claim, but each transaction is considered independently.

5 5 Optional qualifiers WarrantyData –Extended WarrantyInfo OPTIONAL: –Extended warranty information, with period, value and type WarrantyData –tcURL TermsAndConditionsURL OPTIONAL –Terms and conditions pointer – to CP or specific T&C about warranty The pointer is always a URL URL MUST be a non-relative URL MUST follow the URL syntax and encoding rules specified in RFC 1738

6 6 Benefits Relying Party: –Evidence of a warranty will give the relying party confidence that compensation is possible –Risk may be reduced by the presence of a warranty extension with an explicit warranty stated –Risk may be reduced by the presence of a warranty extension with NULL –Supports automated risk decisions –Explicit warranty if harmed by incorrect certificate: Specified maximum Specified validity period Subscriber: –Potential for greater acceptance of certificate CA: –Potential to increase certificate acceptance in ecommerce-related applications

7 7 Issues Should the extension be called a “disclaimer of liability” instead of a “warranty”, since the CA is providing warranty only up to a certain point, above which it does not offer a warranty – Is this a disclaimer of liability? (half-full vs. half-empty) Should tcURL be mandatory? If absent in the extension, then this could imply trust in the CA: The RP trusts the CA - and then, may not need a warranty. If the RP does not trust the CA, then the RP needs to know the T&C - therefore tcURL must be present. OTOH if tcURL is optional, then trust in the extension itself is implied – This may be sufficient for the RP, or the RP may go to the T&C.

8 8 Path forward Revise –01 and issue –02, addressing comments received –E.g., clarify text re warranty vs. liability Issues arising to be resolved via pkix list


Download ppt "Warranty Certificate Extension draft-ietf-pkix-warranty-extn-01 55 th IETF Meeting November 2002."

Similar presentations


Ads by Google