[TLS] Re: Public-key distribution via HTTP

To: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
Subject: [TLS] Re: Public-key distribution via HTTP
From: Jon Callas <jon at callas.org>
Date: Fri, 18 Jan 2008 14:48:21 -0800
Cc: ietf-smime at imc.org, tls at ietf.org, ietf-openpgp at imc.org
In-reply-to: <E1JDbYi-0005nq-DK@wintermute01.cs.auckland.ac.nz>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <E1JDbYi-0005nq-DK@wintermute01.cs.auckland.ac.nz>


On Jan 12, 2008, at 12:17 AM, Peter Gutmann wrote:

Don't be mislead by the title (http://www.ietf.org/rfc/rfc4387.txt), it was published under the auspices of PKIX but it's really "a simple, fairly universal means of publishing your public key via HTTP". The CACert folks have set up a Wiki page to cover implementation info, feedback, and comments: http://wiki.cacert.org/wiki/RFC4387.


I like it.

The only complaint that I have is that the OpenPGP attributes are a bit behind the times. I would like to see it updated for 4880 and generalized. I think there are some similar issues for X.509, too.

(Actual technical details -- a key fingerprint there is defined to be a binary 160 bits. It ought to be a string because we very well may come up with a generic way to compute a fingerprint with an arbitrary hash. Given that a fingerprint in this context is really just a database retrieval handle (note the way I skillfully avoid the word "key"), having it be just text is a good thing. Also, in 4880, we deprecate the old-style keys. In the new-style keys, a key ID is just a truncation of a fingerprint.)

Jon

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Public-key distribution via HTTP
  - From: Peter Gutmann

Prev by Date: Re: [TLS] Re: SIV as WG item?
Next by Date: [TLS] Status of IDEA and single-DES (ticket #64)
Previous by thread: [TLS] Re: Public-key distribution via HTTP
Next by thread: [TLS] I-D Action:draft-ietf-tls-rsa-aes-gcm-01.txt
Index(es):
- Date
- Thread

[TLS] Re: Public-key distribution via HTTP

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.