[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Types of object for trust anchors

To: Paul Hoffman <paul.hoffman@xxxxxxxx>
Subject: Re: Types of object for trust anchors
From: Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Jun 2007 20:26:16 -0400
Cc: ietf-trust-anchor@xxxxxxxx
In-reply-to: Message from Paul Hoffman <paul.hoffman@xxxxxxxx> of "Mon, 11 Jun 2007 16:55:46 PDT." <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <886F5D4C78AFB14D87261206BFB9612E1D1D0952@xxxxxxxxxxxxxxxxxxxxx> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Paul" == Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
    Paul> Greetings again. One thing that I didn't see in section 3 of
    Paul> draft-wallace-ta-mgmt-problem-statement-00 was something
    Paul> acknowledging that trust anchors might come in multiple
    Paul> formats. At a minimum, some systems want them as bare public
    Paul> keys and others want them as certificates. In the latter
    Paul> category, some systems would want them as PKIX certificates

  I didn't see a lot of mention of bare public keys in the document.
  Nor as PGP certificates.

    Paul> and some would want them as PGP certificates. It makes sense
    Paul> to allow one set of trust anchors being delivered to contain
    Paul> multiple types and let the receiver sort out which types it
    Paul> can use.

  That seems more complicated (in code space) than just making everyone
use BER CMS to me...  I would say that it's either something like YAML +
DNS presentation format of bare keys, or CMS. Not both.

  I also think that some SPKI stuff needs to br brought up in the BOF.
  Specifically, relating to section 3, paragraph 3.

  While I appreciate section 4, I'd rather that it be removed and placed
into a seperate document prior to the BOF. Who are the BOF chairs?

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxx      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRm3oJoCLcPvd0N1lAQI+IAgAwT2WqtWmEjrTnfRxQskcdE2wgQ4zhrtu
HbVaUPx8vD4vR8nGm1ameenKUaNq1wP1x75VDjC18fOzA5uK6ynSS3NjlGSAuZHF
Oueinl89NjGSITBDsMhz/PO/iGOIDbv4Cc0aLomCZ1DcFV2pRPgNQaAL1Xz0d9PB
GNdg+iezcBpZMzyJ7aJRMVZRemawch+VLxiVI/SfxdkdAFcl/9kAzCrvRzLMJzkS
z0Z4y9WbIriDODU3qPDP8NdcIUNCVt9u4lH4OLAPExsCuevnWQzYE9fBHwJ8x3oP
WGkss0IS4YYeZqiLITJKq5gkNL0FslZNg4fnbccjqiXhkCS/FIodeA==
=o750
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Types of object for trust anchors
  - From: Stephen Kent
- Re: Types of object for trust anchors
  - From: Paul Hoffman

References:
- trust anchor management problem statement
  - From: Carl Wallace
- Types of object for trust anchors
  - From: Paul Hoffman

Prev by Date: Types of object for trust anchors
Next by Date: Re: Types of object for trust anchors
Previous by thread: Types of object for trust anchors
Next by thread: Re: Types of object for trust anchors
Index(es):
- Date
- Thread