[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Embedded certificate image
RFC 2397 The data URL scheme. Limitations on the length of the URL are
application dependent.
> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-
> pkix@xxxxxxxxxxxx] On Behalf Of Stefan Santesson
> Sent: Thursday, July 30, 2009 10:15 AM
> To: Peter Gutmann; ietf-pkix@xxxxxxx; ynir@xxxxxxxxxxxxxx
> Subject: Re: Embedded certificate image
>
>
> Peter,
>
> In-line;
>
> On 09-07-30 10:01 AM, "Peter Gutmann" <pgut001@xxxxxxxxxxxxxxxxx>
> wrote:
>
> >
> > Stefan Santesson <stefan@xxxxxxxxxxx> writes:
> >
> >> This is the case for RFC 3709, which is the standard we would use to
> bind a
> >> cert image to the certificate. RFC 3709 does only offer a URL as
> means of
> >> referring to the actual image, it does not offer any other means of
> local
> >> storage.
> >
> > Why not use one of the type-and-value options, OtherLogoTypeInfo or
> something?
> > This just seems like a horrible kludge, like pounding a nail with a
> scredriver
> > because that's what was lying around.
>
> We have concluded that the RFC 3709 syntax does not allow any such
> option or
> extensibility. It's either in the URL or nothing at all.
>
> >
> > How do you distinguish real URLs from not-a-real-URLs?
> >
> > Peter.
> >
>
> That is my question to Jim. Apparently there is an RFC that would tell.
>
> In any case, this is just an interesting idea that we should
> investigate. I
> have scary feelings too about this but I would like to turn the stone
> and
> look at it before throwing this option away.
>
> /Stefan
>