Re: [TLS] OpenPGP and TLS cert_type code point reuse
Paul Hoffman <paul.hoffman@vpnc.org> Thu, 30 September 2010 15:18 UTC
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o8UFIaJM040580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Sep 2010 08:18:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id o8UFIarJ040579; Thu, 30 Sep 2010 08:18:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o8UFIV6k040564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Sep 2010 08:18:33 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240803c8ca5a5b9904@[10.20.30.158]>
In-Reply-To: <4CA48C67.9050304@ieca.com>
References: <4CA48C67.9050304@ieca.com>
Date: Thu, 30 Sep 2010 08:18:30 -0700
To: Sean Turner <turners@ieca.com>, ietf-openpgp@imc.org, tls@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [TLS] OpenPGP and TLS cert_type code point reuse
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
At 9:11 AM -0400 9/30/10, Sean Turner wrote: >draft-mavrogiannopoulos-rfc5081bis reuses the Certificate Type value assigned in RFC 5081 (it's 1). The extension defined in draft-mavrogiannopoulos-rfc5081bis is not backwards compatible with RFC 5081. If there were many implementations, then I'd be concerned about reusing the value. The authors (and I) don't think there are any implementations other than GnuTLS, but I'd like to know if anybody knows of TLS implementations that support RFC 5081. Given that there is a known implementation of 5081, and given that GnuTLS is reasonably well-deployed, why doesn't draft-mavrogiannopoulos-rfc5081bis simply use a new certificate type number? So far, only 2 out of >200 have been allocated, so there is no shortage. --Paul Hoffman, Director --VPN Consortium
- Re: [TLS] OpenPGP and TLS cert_type code point re… Paul Hoffman