Minutes of CPPA Negotiation Conference Call May 1, 2002

Attendees:  Neelakantan Kartha, Dale Moberg, Himagiri Mukkamala, Marty Sachs,

Jean Zheng

 

Dale is working on a spreadsheet describing things that are negotiable, ranges etc. He will send out a preliminary document to the list shortly. Kartha observed that some the work in the spreadsheet will overlap the work he has been doing in describing the contents of the NDD. He said that he will wait for Dale’s document for inspiration/ideas on how to proceed with the NDD work.

 

It was agreed that as a default, anything not mentioned in the NDD is not negotiable. However, we might change this default  in the future, if the entries in the spreadsheet force us to change our stance.

 

Dale did some preliminary discussion  of the note he had sent out on April 19 titled Security Details and Certificate Alignment. The example that we spent some time discussing was the following: Suppose Party A has a self-signed certificate and wants to do business with party B. Party B might do any of the following.

 

1. Accept the self-signed certificate from A, by adding suitably to B’s trust anchor list
2. Reject the self-signed certificate and reject the security function (say encryption) resting on the certificate.
3. Insist that A get a certificate from an existing CA (such as Verisign)
4. Propose issuing another certificate signed by an acceptable authority.

 

 

It was observed (by Marty) that in case 1, B’s trust anchor list (which is part of B’s CPP) gets modified, and hence we might need some mechanism to flag that something has changed (even though this element was not negotiated).

 

Dale encouraged everyone to read the April 19 document that he sent out and post questions on the list. The meeting adjourned after spending a few minutes in discussing  the time of the next face to face meeting.

 

 

Respectfully Submitted

 

Neelakantan Kartha