[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Types of object for trust anchors

To: Paul Hoffman <paul.hoffman@xxxxxxxx>, ietf-trust-anchor@xxxxxxxx
Subject: Re: Types of object for trust anchors
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Tue, 12 Jun 2007 14:57:13 -0400
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <886F5D4C78AFB14D87261206BFB9612E1D1D0952@xxxxxxxxxxxxxxxxxxxxx> <> <11394.1181607976@xxxxxxxxxxxxxxxxxxxxx> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx


Paul:

At 8:26 PM -0400 6/11/07, Michael Richardson wrote:

    Paul> and some would want them as PGP certificates. It makes sense
    Paul> to allow one set of trust anchors being delivered to contain
    Paul> multiple types and let the receiver sort out which types it
    Paul> can use.

  That seems more complicated (in code space) than just making everyone
use BER CMS to me...

BER CMS of *what*? A bare public key? A cert of a particular format?What I'm thinking is a requirement for flexibility is not thehousing, but the contents.

I suspect this is a reference to a PKCS#7 that contains only assingle certificate. This is the format that is used by many CAs inresponse to a PKCS#10 certificate request.


Russ

References:
- trust anchor management problem statement
  - From: Carl Wallace
- Types of object for trust anchors
  - From: Paul Hoffman
- Re: Types of object for trust anchors
  - From: Michael Richardson
- Re: Types of object for trust anchors
  - From: Paul Hoffman

Prev by Date: Re: Types of object for trust anchors
Next by Date: Re: Types of object for trust anchors
Previous by thread: Re: Types of object for trust anchors
Next by thread: Re: Types of object for trust anchors
Index(es):
- Date
- Thread