[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Embedded certificate image
Peter,
In-line;
On 09-07-30 10:01 AM, "Peter Gutmann" <pgut001@xxxxxxxxxxxxxxxxx> wrote:
>
> Stefan Santesson <stefan@xxxxxxxxxxx> writes:
>
>> This is the case for RFC 3709, which is the standard we would use to bind a
>> cert image to the certificate. RFC 3709 does only offer a URL as means of
>> referring to the actual image, it does not offer any other means of local
>> storage.
>
> Why not use one of the type-and-value options, OtherLogoTypeInfo or something?
> This just seems like a horrible kludge, like pounding a nail with a scredriver
> because that's what was lying around.
We have concluded that the RFC 3709 syntax does not allow any such option or
extensibility. It's either in the URL or nothing at all.
>
> How do you distinguish real URLs from not-a-real-URLs?
>
> Peter.
>
That is my question to Jim. Apparently there is an RFC that would tell.
In any case, this is just an interesting idea that we should investigate. I
have scary feelings too about this but I would like to turn the stone and
look at it before throwing this option away.
/Stefan