[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-certstore-http-01.txt

To: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
Subject: Re: I-D ACTION:draft-ietf-pkix-certstore-http-01.txt
From: Eric Murray <ericm@xxxxxxx>
Date: Fri, 11 Jan 2002 08:34:22 -0800
Cc: Andreas.Sterbenz@xxxxxxx, ietf-pkix@xxxxxxx
In-reply-to: <>; from pgut001@cs.auckland.ac.nz on Fri, Jan 11, 2002 at 06:20:05PM +1300
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mutt/1.2.2i

On Fri, Jan 11, 2002 at 06:20:05PM +1300, Peter Gutmann wrote:
> 
> >. "If more than one certificate matches a query, it MUST be returned as a
> >multipart response." I assume you mean multipart/mixed? I would definitely
> >prefer a SEQUENCE of certificates.
> 
> Does anyone else have any thoughts on this?  The comments in the draft on
> SEQUENCE OF are:
> 
>   This has the advantage that it takes a lot less code to parse, OTOH it may be
>   harder to produce if what you're using is a web-enabled database, which is
>   what most of them are.

I think that it's best put in a SEQUENCE, the main reason being that
since we're talking X.509 certs, the recipient is guaranteed to
have ASN.1 parsing capability, but might not have MIME.

You should specify that it's in DER so it matches X.509.  If it's a
web-enabled database that's producing the list, wrapping the list
of certs in a SEQUENCE is a very simple bit of code.

Eric

References:
- Re: I-D ACTION:draft-ietf-pkix-certstore-http-01.txt
  - From: Peter Gutmann

Prev by Date: Re: I-D ACTION:draft-ietf-pkix-certstore-http-01.txt
Next by Date: Re: Cautionary Period
Previous by thread: Re: I-D ACTION:draft-ietf-pkix-certstore-http-01.txt
Next by thread: Re: I-D ACTION:draft-ietf-pkix-certstore-http-01.txt
Index(es):
- Date
- Thread