[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Jakob Schlyter <jakob@crt.se>
Cc: Simon Josefsson <jas@extundo.com>, Edward Lewis <lewis@tislabs.com>, <dnssec@cafax.se>
From: Derek Atkins <warlord@MIT.EDU>
Date: 31 Aug 2001 11:40:57 -0400
Delivery-Date: Fri Aug 31 20:35:37 2001
In-Reply-To: Jakob Schlyter's message of "Fri, 31 Aug 2001 17:36:10 +0200 (MEST)"
Sender: owner-dnssec@cafax.se
Subject: Re: CERTificates and public keys

Jakob Schlyter <jakob@crt.se> writes:

> On Fri, 31 Aug 2001, Simon Josefsson wrote:
> 
> > > correct, but cert implies that it contains a public key and a signature.
> >
> > Well, the CERT RR already discuss CRLs which isn't a signed public key.
> >
> > It seems to me that the CERT RR is a everything-applications-might-want-
> > that-is-PKI-related RR.
> 
> everything stored in a CERT RR has its own signature and this difference
> is very important to consider.

No, a CERT record is just a blob.  It specifically states that the
'certificate' portion of the RR is opaque to DNS and may contain
multiple parts.  If SSH wants to define a CERT record for 'Vanilla
Key' then I think that would work fine.

We do not need two RRs that essentially perform the same task.

> 	jakob

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

Home | Date list | Subject list