[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OCKID - question about the format

To: <ietf-pkix@xxxxxxx>
Subject: OCKID - question about the format
From: "Vesa Suontama" <vsuontam@xxxxxxx>
Date: Tue, 19 Mar 2002 16:18:27 -0600
Importance: Normal
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Paul, 

Just one comment about OCKID draft. I think the idea is good: There should be a standard way to represent the hash of the PKI objects. 

However, I do not like the idea of using the base32 conversion in converting the binary to ASCII. Numerous programs already out there just use the hex presentation of the SHA-1 hash. See for example, MS certificate viewer in Windows, Netscape, SSH Sentinel, etc. 

I suggest that the OCKID would also use the plain HEX representation of the SHA-1 hash. This would make the ID's provided by the programs already out there compatible with OCKID. 

The only drawback of this is that you need 24 characters instead of 20 (and probably one for the extra dash). 

E.g the example you provided in the draft would become CC48-7D7A A622-8613-E997 instead of 3TEH-48XG-ELDB-H4NZ. 

The change would also simplify the draft and the implementation. 

What was your motivation for re-inventing the wheel?

Vesa

---
 Vesa Suontama <vsuontam@xxxxxx>     Tel: +358-40-700 0131
                                     Fax: +358-9-8565 7151
 SSH Communications Security Corp    Fredrikinkatu 42
 http://www.ssh.com                  FIN-00100 Helsinki, Finland

Follow-Ups:
- Re: OCKID - question about the format
  - From: Michael Ströder

Prev by Date: Re: Candidate for moving OCSP to a Draft Standard
Next by Date: RE: Candidate for moving OCSP to a Draft Standard
Previous by thread: WG: <draft-ietf-pkix-pi-03.txt>
Next by thread: Re: OCKID - question about the format
Index(es):
- Date
- Thread