[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCKID - question about the format

To: Vesa Suontama <vsuontam@xxxxxxx>
Subject: Re: OCKID - question about the format
From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Fri, 22 Mar 2002 14:07:57 +0100
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Reply-to: michael@xxxxxxxxxxxx
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020310


Vesa Suontama wrote:
>
> Just one comment about OCKID draft. I think the idea is good: There
> should be a standard way to represent the hash of the PKI objects.

I concur.

> However, I do not like the idea of using the base32 conversion in
> converting the binary to ASCII. Numerous programs already out there just
> use the hex presentation of the SHA-1 hash. See for example, MS
> certificate viewer in Windows, Netscape, SSH Sentinel, etc.
>
> I suggest that the OCKID would also use the plain HEX representation of
> the SHA-1 hash. This would make the ID's provided by the programs
> already out there compatible with OCKID.

I strongly agree. I would additionally like to provide the MD5 hash of the certificates (like Netscape does). Maybe with a prefix describing the hash algorithm.

SHA1-CC48-7D7A A622-8613-E997

Ciao, Michael.

References:
- OCKID - question about the format
  - From: Vesa Suontama

Prev by Date: RE: draft PKIX meeting minutes
Next by Date: Re: draft PKIX meeting minutes
Previous by thread: OCKID - question about the format
Next by thread: WG Last Call: CP and CPS Framework
Index(es):
- Date
- Thread