[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Types of object for trust anchors

Hash: SHA1

>>>>> "Paul" == Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
    Paul> Greetings again. One thing that I didn't see in section 3 of
    Paul> draft-wallace-ta-mgmt-problem-statement-00 was something
    Paul> acknowledging that trust anchors might come in multiple
    Paul> formats. At a minimum, some systems want them as bare public
    Paul> keys and others want them as certificates. In the latter
    Paul> category, some systems would want them as PKIX certificates

  I didn't see a lot of mention of bare public keys in the document.
  Nor as PGP certificates.

    Paul> and some would want them as PGP certificates. It makes sense
    Paul> to allow one set of trust anchors being delivered to contain
    Paul> multiple types and let the receiver sort out which types it
    Paul> can use.

  That seems more complicated (in code space) than just making everyone
use BER CMS to me...  I would say that it's either something like YAML +
DNS presentation format of bare keys, or CMS. Not both.

  I also think that some SPKI stuff needs to br brought up in the BOF.
  Specifically, relating to section 3, paragraph 3.

  While I appreciate section 4, I'd rather that it be removed and placed
into a seperate document prior to the BOF. Who are the BOF chairs?

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxx      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys