To:
Karl Auerbach <karl@CaveBear.com>
Cc:
<ietf-provreg@cafax.se>
From:
Dave Crocker <dcrocker@brandenburg.com>
Date:
Wed, 27 Dec 2000 00:02:35 -0800
In-Reply-To:
<Pine.LNX.4.30.0012261154050.25595-100000@p2.cavebear.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: Comments on overall direction
At 12:29 PM 12/26/00 -0800, Karl Auerbach wrote: >3. I am very wary of continuing the current notion of agent-to-agent >transfers. To my mind any transfer should be accomplished via the >customer, i.e. that some signed certificate must be handed by the >relinquishing agent to the customer for the customer to hand over to the >acquiring agent. It would help to have a description of an existing service that has similar scale and scope, that uses a similar mechanism. Absent that, we will need to be clear about the portions of the mechanism that you are proposing that will carry significant risk of not being deployed or adopted. >5. The issue of privacy and security seems to be being glossed over - we >are talking about databases that will be among the worlds larger bodies of >personally identifiable information - with both strong privacy >characteristics and high value to marketing/sales folks. > >This suggests to me that there ought to be adequate information in the >protocols to build unambiguous, timestamped, transaction journals. "in the protocols"? Sites can and do do high quality, timestamped journaling without special protocol issues. What specific mechanisms or information do you believe affect the protocols? >It also suggests to me that there be provision for solid identification >and authenticatation of all transactions. so, you want a public key signature on every protocol unit? d/ =-=-=-=-= Dave Crocker <dcrocker@brandenburg.com> Brandenburg Consulting <www.brandenburg.com> Tel: +1.408.246.8253, Fax: +1.408.273.6464