[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CERT records again

To: namedroppers@ops.ietf.org
Subject: CERT records again
From: Simon Josefsson <jas@extundo.com>
Date: Thu, 23 Nov 2000 15:48:16 +0100
Delivery-date: Thu, 23 Nov 2000 10:18:04 -0800
Envelope-to: namedroppers-data@psg.com

I'd like to know if there are any interest in adding new CERT types
for S/MIME, WAP TLS and/or other PKIX-derived certificate formats.

One argument is that the "PKIX" certificate type is very general.
Several certificate flavours are based on PKIX, and more are likely to
be defined in the future.  S/MIME and WAP TLS certificates are the two
I've been working with.  This suggest that the number of certificates
attached to a specific domain name will grow once more flavours gain
acceptance -- and clients will

        1) waste bandwidth by retrieving all PKIX certificates for a
domain, and

        2) waste time to parse through all certificates to find a
S/MIME, WAP TLS etc certificate.

this would cause quite some complexity in a client.

Another argument for this is that there are several MIME types defined
for various PKIX derived certificates. `application/x-x509-user-cert'
and `application/vnd.wap.wtls-user-cert' are two.  Also, S/MIME
certificates may be transfered under the `application/pkcs7-mime'
type.  I'm not sure how good this argument is, a comparison between
MIME types and CERT types might be flawed.

Thanks in advance



to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

Prev by Date: Re: Fwd: draft-ietf-dnsext-apl-rr-01.txt
Next by Date: applications using CERT?
Prev by thread: applications using CERT?
Next by thread: Re: CERT records again
Index(es):
- Date
- Thread