IETF Logo Mail Archive

Re: [keyassure] I-D Action:draft-ietf-dane-protocol-05.txt

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 23 February 2011 16:04 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A28A33A68F7 for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 08:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.412
X-Spam-Level:
X-Spam-Status: No, score=-101.412 tagged_above=-999 required=5 tests=[AWL=0.634, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4U+K4UP++Tgz for <keyassure@core3.amsl.com>; Wed, 23 Feb 2011 08:04:29 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id CC9753A6906 for <keyassure@ietf.org>; Wed, 23 Feb 2011 08:04:29 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p1NG5G5i011761 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <keyassure@ietf.org>; Wed, 23 Feb 2011 09:05:16 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D65303D.5040704@vpnc.org>
Date: Wed, 23 Feb 2011 08:05:17 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: keyassure@ietf.org
References: <201102231405.p1NE56H3015575@fs4113.wdf.sap.corp>
In-Reply-To: <201102231405.p1NE56H3015575@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [keyassure] I-D Action:draft-ietf-dane-protocol-05.txt
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2011 16:04:30 -0000

On 2/23/11 6:05 AM, Martin Rex wrote:
> Jakob Schlyter wrote:
>>
>> On 23 feb 2011, at 12.04, Ben Laurie wrote:
>>
>>>          1 -- A PKIX end-entity certificate in DER encoding
>>>
>>>          2 -- A PKIX certification authority's certificate in DER encoding
>>
>> I agree this is a reasonable clarification.
>
> If anything, I would really prefer something like
>
>     1 -- An end-entity X.509 certificate in ASN.1 DER encoding
>
>     2 -- A certification authority's X.509 certificate in ASN.1 DER encoding

X.509 is a standard that does not contain all of the extensions created 
by the PKIX Working Group in the IETF. Using "PKIX" makes it clear that 
we are talking about certificates with the IETF extensions, not 
certificates missing them.

v2.23.0 | Report a Bug | By Email