[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKIX-2 http

To: "'Russ Housley'" <housley@xxxxxxxxxx>, "'peter@xxxxxxxxxxxx'"<peter@xxxxxxxxxxxx>, "'gangolli@xxxxxxxxxxxxxxxxxx'"<gangolli@xxxxxxxxxxxxxxxxxx>
Subject: RE: PKIX-2 http
From: "Blake Ramsdell" <BlakeR@xxxxxxxxxx>
Date: Fri, 3 Oct 1997 17:20:06 -0700
Cc: "'ietf-pkix@xxxxxxxxxx'" <ietf-pkix@xxxxxxxxxx>

On Thursday, October 02, 1997 1:46 PM, Russ Housley
[SMTP:housley@spyrus.com] wrote:
> I propose that we define two types:
> 
> 	application/pkix-cert
> 	application/pkix-crl

These will have file extensions also, right?

> I suggest the use of "pkix" insepad of "x509" so that an application can be
> assured that the PKIX Certificate and CRL Profile is followed.  I suspect
> that many programmers will implement to the PKIX profile, not the full
> generality of X.509.  If I am wrong, we wasted a lot of time developing a
> profile that will be ignored.

I agree with this.

> Anil, I do not see a reson to distinguish between user and CA certificates
> in the MIME type.  In your message, you proposed separate MIME types.
> Don't you think that the same software application will process the
> certificate?  If so. then the signed information inside the certificate
> should be used to determine if it is a CA certificate or a user certificate.

I think that from an implementor's point of view, having different MIME
types might make processing easier, but checking the basicConstraints
has to be the final word on the matter, or it seems that there would be
a potential security problem.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060

Follow-Ups:
- RE: PKIX-2 http
  - From: Russ Housley

Prev by Date: Re: PKIX-2 http
Next by Date: How can unsubscribe this list?
Previous by thread: Re: PKIX-2 http
Next by thread: RE: PKIX-2 http
Index(es):
- Date
- Thread