IETF Logo Mail Archive

Re: [keyassure] [dane] protocol #20 (new): Change the format of the two fields to have fewer certificate types

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 23 February 2011 07:28 UTC

Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 453833A6989 for <keyassure@core3.amsl.com>; Tue, 22 Feb 2011 23:28:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUUv2UjR1g87 for <keyassure@core3.amsl.com>; Tue, 22 Feb 2011 23:28:06 -0800 (PST)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 959F23A657C for <keyassure@ietf.org>; Tue, 22 Feb 2011 23:28:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1298446133; x=1329982133; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20carl@redhoundsoftware.com,=20paul@xelerance.com |Subject:=20Re:=20[keyassure]=20[dane]=20protocol=20#20 =20(new):=20Change=20the=20format=20of=20the=20two=20fiel ds=20to=20have=20fewer=20certificate=20types|Cc:=20hallam @gmail.com,=20keyassure@ietf.org,=20trac@tools.ietf.org |In-Reply-To:=20<alpine.LFD.1.10.1102221951550.23539@newt la.xelerance.com>|Message-Id:=20<E1Ps99Q-0003Rh-W4@login0 1.fos.auckland.ac.nz>|Date:=20Wed,=2023=20Feb=202011=2020 :28:44=20+1300; bh=p1V4FBpPHja2Ky2Q5rJ86v10oEWyzp9rvmXE0oriniE=; b=JnA6B8g/ow696eTTeG9osyrQiyOsi5t80fK4027Kl7douvgzvnkEK2zO dVTPgc/qzNPilzLygHNh5qy5wS4+OdeWKoWpdDIK2ZlHbLSmlLKSNSwqS 2/vuZ/DPOmZtXqS/iP7oHLrZcSuCvSjZLYxsQ3lGSzysQi822xo5cAG6h 4=;
X-IronPort-AV: E=Sophos;i="4.62,210,1296990000"; d="scan'208";a="47452005"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 23 Feb 2011 20:28:45 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Ps99R-00035O-GE; Wed, 23 Feb 2011 20:28:45 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1Ps99Q-0003Rh-W4; Wed, 23 Feb 2011 20:28:44 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: carl@redhoundsoftware.com, paul@xelerance.com
In-Reply-To: <alpine.LFD.1.10.1102221951550.23539@newtla.xelerance.com>
Message-Id: <E1Ps99Q-0003Rh-W4@login01.fos.auckland.ac.nz>
Date: Wed, 23 Feb 2011 20:28:44 +1300
Cc: keyassure@ietf.org, hallam@gmail.com, trac@tools.ietf.org
Subject: Re: [keyassure] [dane] protocol #20 (new): Change the format of the two fields to have fewer certificate types
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2011 07:28:11 -0000

Paul Wouters <paul@xelerance.com> writes:

>There is also the OpenPGP container I believe? That might be called
>"certificate" as well?

Yeah, Phil named his key format after the one used by the mechanism that PGP
was diamtrically opposed to (PEM).  How about doing some checking instead of
just inventing things to support your argument?

>Why are not calling it "PKIX certificate" to avoid confusion?

Because it isn't?  At most it's an "X.509 certificate", but "certificate"
pretty much implies that anyway.

Peter.

v2.23.0 | Report a Bug | By Email