IETF Logo Mail Archive

Re: [pkix] Proposal to review and adopt CertID and KeyID proposal

Sean Leonard <dev+ietf@seantek.com> Tue, 02 March 2010 22:14 UTC

Return-Path: <dev+ietf@seantek.com>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DCFB628C27D for <pkix@core3.amsl.com>; Tue, 2 Mar 2010 14:14:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tnSEwqAjj-t1 for <pkix@core3.amsl.com>; Tue, 2 Mar 2010 14:14:29 -0800 (PST)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by core3.amsl.com (Postfix) with ESMTP id 0FC4A28C188 for <pkix@ietf.org>; Tue, 2 Mar 2010 14:14:29 -0800 (PST)
Received: from [192.168.123.150] (unknown [67.174.48.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 6BAAC22E255; Tue, 2 Mar 2010 17:14:23 -0500 (EST)
Message-ID: <4B8D8D83.5050909@seantek.com>
Date: Tue, 02 Mar 2010 14:13:23 -0800
From: Sean Leonard <dev+ietf@seantek.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2
MIME-Version: 1.0
To: Stefan Santesson <stefan@aaa-sec.com>
References: <C7B345CE.8C12%stefan@aaa-sec.com>
In-Reply-To: <C7B345CE.8C12%stefan@aaa-sec.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: pkix@ietf.org
Subject: Re: [pkix] Proposal to review and adopt CertID and KeyID proposal
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 22:14:30 -0000

On 3/2/2010 1:46 PM, Stefan Santesson wrote:
> Sean,
>
> On this particular issue:
>
>
> On 10-03-02 9:45 PM, "Sean Leonard"<dev+ietf@seantek.com>  wrote:
>
>    
>> * Refocus the proposal to standardizing on a single structure for
>> uniquely identifying certificates on a going-forward basis. Namely:
>>     PKIXCertID ::= ESSCertIDv2
>>      
>
> What is the point of defining PKIXCertID?
> Why not just refer to ESSCertIDv2?
>
> As we have done in RFC 3161 update. See:
> http://tools.ietf.org/html/draft-ietf-pkix-rfc3161-update-09
>    

For BER/CER/DER-encoded data, there is no practical difference. Which is 
the point, because I think it's undesirable to design a new structure.

For other encodings and for actual implementations, the name may make a 
difference (e.g., XER encoding, Java foo.pkix.types.PKIXCertID, C/C++ 
struct/class PKIXCertID, etc.).

The main advantage of naming it that way, as an alias, is the same as 
naming any structure by its intended purpose rather than some random 
word like F$mal. ESSCertIDv2 suggests that the structure is associated 
with S/MIME Enhanced Security Services. But by making it an alias rather 
than redefining PKIXCertID, the same code paths can be (mostly) reused. 
That's all.

Sean

v2.23.0 | Report a Bug | By Email