IETF Logo Mail Archive

Re: [keyassure] Interpreting certificates (and summary)

Phillip Hallam-Baker <hallam@gmail.com> Wed, 23 February 2011 22:23 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C84043A6902 for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 14:23:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.562
X-Spam-Level:
X-Spam-Status: No, score=-3.562 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BnyNkGBB75YB for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 14:23:12 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 16F023A68FD for <keyassure@ietf.org>; Wed, 23 Feb 2011 14:23:11 -0800 (PST)
Received: by bwz13 with SMTP id 13so689184bwz.31 for <keyassure@ietf.org>; Wed, 23 Feb 2011 14:23:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=bOHm4RhIY6I/H2iaFuu5fmywcotkx6vC5LIn5c0wlhQ=; b=OzysErsc4PDvhNgSg5uPKyhHaYUMOn2E19gRm+1QffVpGhMcG/mlO/ycI43xyPGV8J KM4joalJWqqLashPvoo57tfSglo5tCMLHGWtkHsmbQigGJLQ3rZLWY0ck5AXieSRnmLD 903P9ZA5mareGwPHWB251ma84Eqboc6wDJPyc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=HG9Dsekj4AXtoA6kkT0iv6RdIGbVKIit8ezjXtXZz3pce681xl76GA3X7Y9a40dhlt exxNcPhgDwW2tKist40rLrIE0PKWXw19y4uVuAhzw2NHM1W5hS0wlRwoUF8wWGJPXoYe zwCSvx75p/tuUjRmX17gdUqGNSulY5CQf4nNg=
MIME-Version: 1.0
Received: by 10.204.129.83 with SMTP id n19mr33865bks.207.1298499838284; Wed, 23 Feb 2011 14:23:58 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Wed, 23 Feb 2011 14:23:58 -0800 (PST)
In-Reply-To: <4D6583AD.80801@vpnc.org>
References: <AANLkTi=-bGc1ws0VvrsudV55GRk6KasSsydtiWMTNyua@mail.gmail.com> <201102232039.p1NKdXR2008868@fs4113.wdf.sap.corp> <AANLkTikXbsQuLRaaj54ZcH6=Be8JYZjEnXs5GkwHPKAa@mail.gmail.com> <4D6583AD.80801@vpnc.org>
Date: Wed, 23 Feb 2011 17:23:58 -0500
Message-ID: <AANLkTi=9N=BqiHMmLih0g=y_nX=1fmk5iW+w_2ERGTsh@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="00151747c0709a142c049cfa8d98"
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Interpreting certificates (and summary)
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2011 22:23:14 -0000

Which is a profile of X.509 V3:

This memo profiles the X.509 v3 certificate and X.509 v2 certificate
   revocation list (CRL) for use in the Internet.  An overview of this
   approach and model is provided as an introduction.  The X.509 v3
   certificate format is described in detail, with additional
   information regarding the format and semantics of Internet name
   forms.  Standard certificate extensions are described and two
   Internet-specific extensions are defined.


It is pretty important to specify the version number since we are going to
need to revisit the format in the next 40 years as the date field was
botched.


On Wed, Feb 23, 2011 at 5:01 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> On 2/23/11 1:03 PM, Zack Weinberg wrote:
>
>> Could we short-circuit this entire argument by deferring to the
>> protocol being secured for the certificate format?  Concretely,
>> wording like
>>
>>       [...] The types defined in this document are:
>>
>>          1 -- An end-entity certificate, in the wire format used by
>> the protocol being secured
>>          2 -- A certification authority's certificate, ditto
>>
>
> The WG already agreed that "the protocol being secured" is TLS, as the
> current draft states. TLS has exactly one certificate type: PKIX
> certificates in the format given in RFC 5280. (There is a
> non-standards-track extension to allow OpenPGP certificates.)
>
> _______________________________________________
> keyassure mailing list
> keyassure@ietf.org
> https://www.ietf.org/mailman/listinfo/keyassure
>



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email