[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Storing Certificates in the DNS (draft-ietf-dnsext-rfc2538bis-08)

To: Russ Housley <housley@xxxxxxxxxxxx>
Subject: Re: Storing Certificates in the DNS (draft-ietf-dnsext-rfc2538bis-08)
From: Tom Gindin <tgindin@xxxxxxxxxx>
Date: Wed, 12 Oct 2005 18:38:58 -0400
Cc: ietf-pkix@xxxxxxx, simon@xxxxxxxxxxxxx
In-reply-to: <6.2.1.2.2.20051010142255.06892020@xxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

        Russ:

        Are there any guidelines for CRL owner names, since they're 
covered in the draft although DNS distribution points aren't detailed in 
RFC 3280?  If there aren't any, IMHO a reasonable rule would be that if 
any sequence member of the distribution point name is a domain name (not a 
URI), that should be used.  Also (and lower in precedence), if any 
sequence member of the distribution point name is an RFC 822 address, its 
standard translation should be used.  I doubt if URI's will work without 
conflicts.
        I don't know if these count as "concerns". 

                Tom Gindin
P.S.    The opinions above are mine, and not necessarily those of my 
employer.

References:
- Storing Certificates in the DNS (draft-ietf-dnsext-rfc2538bis-08)
  - From: Russ Housley

Prev by Date: Oops Re: Hash Workshop Program Ready and Posted
Next by Date: eBay Safe Department Notice
Previous by thread: Storing Certificates in the DNS (draft-ietf-dnsext-rfc2538bis-08)
Next by thread: Re: Storing Certificates in the DNS (draft-ietf-dnsext-rfc2538bis-08)
Index(es):
- Date
- Thread