IETF Logo Mail Archive

Re: [keyassure] I-D Action:draft-ietf-dane-protocol-05.txt

Stephen Kent <kent@bbn.com> Thu, 24 February 2011 03:51 UTC

Return-Path: <kent@bbn.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CFFA3A6984 for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 19:51:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.552
X-Spam-Level:
X-Spam-Status: No, score=-102.552 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IAvtyfadADdX for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 19:51:28 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 8426D3A67F8 for <keyassure@ietf.org>; Wed, 23 Feb 2011 19:51:28 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:40350 helo=[169.223.148.236]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1PsSFT-0007F1-6D; Wed, 23 Feb 2011 22:52:15 -0500
Mime-Version: 1.0
Message-Id: <p06240804c98b640041c2@[210.245.149.101]>
In-Reply-To: <201102231405.p1NE56H3015575@fs4113.wdf.sap.corp>
References: <201102231405.p1NE56H3015575@fs4113.wdf.sap.corp>
Date: Wed, 23 Feb 2011 21:08:50 -0500
To: mrex@sap.com
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: keyassure@ietf.org
Subject: Re: [keyassure] I-D Action:draft-ietf-dane-protocol-05.txt
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2011 03:51:29 -0000

At 3:05 PM +0100 2/23/11, Martin Rex wrote:
>Jakob Schlyter wrote:
>>
>>  On 23 feb 2011, at 12.04, Ben Laurie wrote:
>>
>>  >         1 -- A PKIX end-entity certificate in DER encoding
>>  >
>>  >         2 -- A PKIX certification authority's certificate in DER encoding
>>
>>  I agree this is a reasonable clarification.
>
>If anything, I would really prefer something like
>
>    1 -- An end-entity X.509 certificate in ASN.1 DER encoding
>
>    2 -- A certification authority's X.509 certificate in ASN.1 DER encoding
>

In the IETF, PKIX profiles X.509 for use with IETF security protocols,
so it probably makes sense to stick with the PKIX label here. This is 
certainly true for EE certs. For a self-signed cert used to convey 
trust anchor material, we may need some additional/different text.

Steve

v2.23.0 | Report a Bug | By Email