[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cert image I-D
- To: Stephen Kent <kent@xxxxxxx>
- Subject: Re: cert image I-D
- From: Phillip Hallam-Baker <hallam@xxxxxxxxx>
- Date: Fri, 15 May 2009 22:45:42 -0400
- Cc: ietf-pkix@xxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=/AD28OA4rOBpHeL1hajfKagPp12/8WOVcvhlb9n3p3M=; b=QxPv4U7Pct6rqxZloaosWDiXPfnQFIbjCNWura9/PAtWnGK0pZnsFLo6V7Gpwc6Frc hQpOylEeApJKFsaIO+HmVuJwm1D+PhnCFTxx5bmIMjXmBE+Rz6aDiUpv1s0Gk5gw4RLF mZIBKglWLL0Ae6XO2LhQTs62gOchRj7PZyeUs=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=YqRnXTpFbTNnaRGCn5tgmApZoo4QUy7k07n/JqKwH16Ra7wXDs/UgsX6c+Aco2TfVa zKigXeNLMAP8ZzNyEfu9InbGkNuVtYl6to+TNzft5NV5FEB5eurTbgpuhIjsvIqgB9A/ lIu7gwrJY7RTY6P2n2BD9Bm/f4wYjfiLoC95Q=
- In-reply-to: <p06240807c630b8d9dead@xxxxxxxxxxx>
- List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
- List-id: <ietf-pkix.imc.org>
- List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
- References: <p06240807c630b8d9dead@xxxxxxxxxxx>
- Sender: owner-ietf-pkix@xxxxxxxxxxxx
I think this is usefull work to look at.
One change of approach I would suggest is to allow any extensions to
be expressed in either a cert itself or an OCSP response. That allows
for considerably greater flexibility in deployment as we discovered
was necessary during deployment of EV certs.
Think about the problem of enabling EV on every single web site of a
large bank at the same time, and the cost of customer service calls if
you do it piecemeal.
On Wed, May 13, 2009 at 1:56 PM, Stephen Kent <kent@xxxxxxx> wrote:
>
> Folks,
>
> I have reviewed the discussion on the list re Stefan's cert image proposal.
> While there were comments for and against, the positive comments, especially
> from folks who are in a position to make use of this feature, were
> persuasive.
>
> We will proceed with this a a new PKIX WG work item. This is not a
> guarantee that the WG will approve a document, but rather that we will
> explore approaches to achieving the goals described by Stefan and try to
> come to consensus on a specific technical approach. We can decide later
> whether this is standards track, experimental or even informational.
>
> Steve
>
>
--
--
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/