[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] Re: Public-key distribution via HTTP


On Jan 12, 2008, at 12:17 AM, Peter Gutmann wrote:
Don't be mislead by the title (http://www.ietf.org/rfc/rfc4387.txt), it was 
published under the auspices of PKIX but it's really "a simple, fairly
universal means of publishing your public key via HTTP". The CACert folks have set up a Wiki page to cover implementation info, feedback, and comments: 
http://wiki.cacert.org/wiki/RFC4387.



I like it.
The only complaint that I have is that the OpenPGP attributes are a bit behind the times. I would like to see it updated for 4880 and generalized. I think there are some similar issues for X.509, too.
(Actual technical details -- a key fingerprint there is defined to be a binary 160 bits. It ought to be a string because we very well may come up with a generic way to compute a fingerprint with an arbitrary hash. Given that a fingerprint in this context is really just a database retrieval handle (note the way I skillfully avoid the word "key"), having it be just text is a good thing. Also, in 4880, we deprecate the old-style keys. In the new-style keys, a key ID is just a truncation of a fingerprint.) 

	Jon



_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls