[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Types of object for trust anchors



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Paul" == Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
    >> That seems more complicated (in code space) than just making
    >> everyone use BER CMS to me...

    Paul> BER CMS of *what*? A bare public key? A cert of a particular
    Paul> format? What I'm thinking is a requirement for flexibility is
    Paul> not the housing, but the contents.

    >> I would say that it's either something like YAML + DNS
    >> presentation format of bare keys, or CMS. Not both.

    Paul> If you are saying "no certs allowed", then it makes the
    Paul> solution unusable for IE, for Mac OSX, and for Firefox. That
    Paul> feels kinda limiting to me.

  I don't see your point.
  Either new code is necessary, or it's not.
  If it's not new code, then it has to be an existing format, which is
implemented already.  If it it's new code, then it's new code.

    >> I also think that some SPKI stuff needs to br brought up in the
    >> BOF.  Specifically, relating to section 3, paragraph 3.

    Paul> I don't see why that is SPKI specific... It seems quite
    Paul> relevant to PGP certs, and should be relevant to PKIX certs.

  SPKI made some very clear statements about what it means to have trust
anchors, and how you can trust them. If you want to have trust anchors
for specific things, but not trust them for other thiings, then SPKI has
ways to express that, or at least, has some (english) language for
explaining that. 

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxx      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRm4D0ICLcPvd0N1lAQLgRAf+LHe+MN7JV2i077OMmv6cUB5mDyr691I0
xMltr9Xa5f1wCNcAlWs+Ap8QWwInt64s688L4qXKZbaKUFFhx7IXgVtMz+jo4rTN
8lsSBVL5fEkBP++t6DDzCAVMZX4Yp0cU2vJ27kW7NaxbXICcu1lm8kFwIiucyLK/
iIB2aQz+052Zv58spVzU3GAqpTABtN4xxwd9sNx6FC+6xynUGp1/BbS2a9ieBCar
ifTUnkC7E+YJ0v2o472IrZRbX0geo+LdhYfwR4w3zFQcLCaifkFnKo0s8a58i9XT
c3kcKvGpI7nHehhEilCaAvWfCAym0d1lemo+n63IhNVFp+uudL6VPQ==
=n6oH
-----END PGP SIGNATURE-----