Re: [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt

Sean Leonard <> Tue, 29 September 2015 16:39 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5D2FE1A6F3C; Tue, 29 Sep 2015 09:39:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kh_CbAqSLzK3; Tue, 29 Sep 2015 09:39:09 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5AC7D1B47B6; Tue, 29 Sep 2015 09:39:08 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 04C04509C4; Tue, 29 Sep 2015 12:39:06 -0400 (EDT)
References: <> <>
From: Sean Leonard <>
Message-ID: <>
Date: Tue, 29 Sep 2015 09:38:33 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000907060207060409040404"
Archived-At: <>
Subject: Re: [pkix] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 29 Sep 2015 16:39:10 -0000

By the way:

I wanted to point out that this certfrag draft is sliced out of a much 
larger proposal, which is ways to uniquely and securely identify 
certificates in text strings (i.e., URIs / URNs) for storage and 
interchange. This was not just a proposal out of thin air or whatever. 
To the extent that a certificate is uniquely identified, it is just as 
useful to identify a specific part of the certificate of interest.

The certfrag portion came out of draft-seantek-certspec-03. 
draft-seantek-certspec-04 refers to this draft (draft-seantek-certfrag).

Since draft-seantek-certspec-04, the URN proposal has hit some snags, 
mainly due to the glacially slow (and occasionally retrograde) progress 
of the URNBIS WG. Therefore I am pursuing a different line of attack 
with that one. I am hoping that we can at least see progress on some of 
these parts. My main fear is becoming that the apps people don't see the 
security angles, and vice-versa.


On 11/12/2014 9:23 PM, Sean Leonard wrote:
> draft-seantek-certfrag-02 has been posted.
> Among other nits, I think that this draft needs to be Standards Track with IETF Consensus because it updates RFC 2585, which is Standards Track, and application/pkix-cert and application/pkix-crl are in the standards tree [RFC 6838].
> (Thanks Sean T.)
> Sean
> Begin forwarded message:
>> From:
>> Subject: New Version Notification for draft-seantek-certfrag-02.txt
>> Date: November 12, 2014 at 7:15:00 PM HST
> A new version of I-D, draft-seantek-certfrag-02.txt
> has been successfully submitted by Sean Leonard and posted to the
> IETF repository.
> Name:		draft-seantek-certfrag
> Revision:	02
> Title:		URI Fragment Identifiers for the application/pkix-cert Media Type
> Document date:	2014-11-12
> Group:		Individual Submission
> Pages:		4
> URL:  
> Status:
> Htmlized:
> Diff: 
> Abstract:
>    This memo describes Uniform Resource Identifier (URI) fragment
>    identifiers for PKIX certificates, which are identified with the
>    Internet media type application/pkix-cert.
> The IETF Secretariat