[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKIX-2 http

To: <gangolli@xxxxxxxxxxxxxxxxxx>, "Russ Housley" <housley@xxxxxxxxxx>
Subject: Re: PKIX-2 http
From: "Peter Williams" <peter@xxxxxxxxxxxx>
Date: Fri, 3 Oct 1997 11:41:59 -0700
Cc: <ietf-pkix@xxxxxxxxxx>
Reply-to: "Peter Williams" <peter@xxxxxxxxxxxx>

-----Original Message-----
From: Russ Housley <housley@spyrus.com>
To: peter@verisign.com <peter@verisign.com>; gangolli@structuredarts.com
<gangolli@structuredarts.com>
Cc: ietf-pkix@tandem.com <ietf-pkix@tandem.com>
Date: Friday, October 03, 1997 4:53 AM
Subject: Re: PKIX-2 http

>Anil and Peter:
>
>We need to agree the MIME type for returning an http resource, and I
>suspect that the ones we select will be used by Trevor in the e-mial
document.
>
>I propose that we define two types:
>
> application/pkix-cert
> application/pkix-crl
>
>I suggest the use of "pkix" insepad of "x509" so that an application can be
>assured that the PKIX Certificate and CRL Profile is followed.  I suspect
>that many programmers will implement to the PKIX profile, not the full
>generality of X.509.  If I am wrong, we wasted a lot of time developing a
>profile that will be ignored.

application/pkix-cert|crl; [version=1|2|3...]

People will still specialise the http response with custom headers if
they want to specialise PKIX, or overload its meaning, note. There
is nothing one can or should do about this.

The suggestion of allow the optional version field is to note
that pkix profile will inevitably evolve its conformance
rules as deployment knowledge os ptaoed/

--------
Analysis:-

When a *user* uses a http-post method to accomplish cert
publication to the directories as part of PKIX-3, Im assuming
that when using ftp, they transfer using
file  name foo.crt. When they use
http-post, they use application/pkix-cert as a
element of the mime multipart msg specified
in RFC xxxx  for file uploads. Note, where
the URL referenced causes post-processing,
the http server would actually publish this in whatever
mechanism implied by the post-processing mechanism.
(e.g. see Microsoft Content Replication Service use
of http-post to post-process and distribute content to
mirrors, etc.)

The URL (or ftp access point)  to which users publish will be part of the
PKIInfo distributed by PKIX-3 processes

I dont believe any of this analysis needs to go into the
document; but we do need to understand here that
this use is expected of the mime types when considering
their selection and procedures for use.

>
>Anil, I do not see a reson to distinguish between user and CA certificates
>in the MIME type.  In your message, you proposed separate MIME types.
>Don't you think that the same software application will process the
>certificate?  If so. then the signed information inside the certificate
>should be used to determine if it is a CA certificate or a user
certificate.
>
>Russ
>
>

Prev by Date: Re: PKIX-2 http
Next by Date: RE: PKIX-2 http
Previous by thread: Re: PKIX-2 http
Next by thread: RE: PKIX-2 http
Index(es):
- Date
- Thread