[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: [TLS] Re: Public-key distribution via HTTP
From: Jon Callas <jon () callas ! org>
Date: 2008-01-18 22:48:21
Message-ID: 8798292F-A7B6-4ACB-8142-4407A3EA6F31 () callas ! org
[Download RAW message or body]
On Jan 12, 2008, at 12:17 AM, Peter Gutmann wrote:
>
> Don't be mislead by the title (http://www.ietf.org/rfc/rfc4387.txt),
> it was
> published under the auspices of PKIX but it's really "a simple, fairly
> universal means of publishing your public key via HTTP". The CACert
> folks
> have set up a Wiki page to cover implementation info, feedback, and
> comments:
> http://wiki.cacert.org/wiki/RFC4387.
>
I like it.
The only complaint that I have is that the OpenPGP attributes are a
bit behind the times. I would like to see it updated for 4880 and
generalized. I think there are some similar issues for X.509, too.
(Actual technical details -- a key fingerprint there is defined to be
a binary 160 bits. It ought to be a string because we very well may
come up with a generic way to compute a fingerprint with an arbitrary
hash. Given that a fingerprint in this context is really just a
database retrieval handle (note the way I skillfully avoid the word
"key"), having it be just text is a good thing. Also, in 4880, we
deprecate the old-style keys. In the new-style keys, a key ID is just
a truncation of a fingerprint.)
Jon
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic