[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Types of object for trust anchors
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
Paul> Greetings again. One thing that I didn't see in section 3 of
Paul> draft-wallace-ta-mgmt-problem-statement-00 was something
Paul> acknowledging that trust anchors might come in multiple
Paul> formats. At a minimum, some systems want them as bare public
Paul> keys and others want them as certificates. In the latter
Paul> category, some systems would want them as PKIX certificates
I didn't see a lot of mention of bare public keys in the document.
Nor as PGP certificates.
Paul> and some would want them as PGP certificates. It makes sense
Paul> to allow one set of trust anchors being delivered to contain
Paul> multiple types and let the receiver sort out which types it
Paul> can use.
That seems more complicated (in code space) than just making everyone
use BER CMS to me... I would say that it's either something like YAML +
DNS presentation format of bare keys, or CMS. Not both.
I also think that some SPKI stuff needs to br brought up in the BOF.
Specifically, relating to section 3, paragraph 3.
While I appreciate section 4, I'd rather that it be removed and placed
into a seperate document prior to the BOF. Who are the BOF chairs?
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----