To:
Jakob Schlyter <jakob@crt.se>
Cc:
Simon Josefsson <jas@extundo.com>, Edward Lewis <lewis@tislabs.com>, <dnssec@cafax.se>
From:
Derek Atkins <warlord@MIT.EDU>
Date:
31 Aug 2001 11:40:57 -0400
Delivery-Date:
Fri Aug 31 20:35:37 2001
In-Reply-To:
Jakob Schlyter's message of "Fri, 31 Aug 2001 17:36:10 +0200 (MEST)"
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
Jakob Schlyter <jakob@crt.se> writes: > On Fri, 31 Aug 2001, Simon Josefsson wrote: > > > > correct, but cert implies that it contains a public key and a signature. > > > > Well, the CERT RR already discuss CRLs which isn't a signed public key. > > > > It seems to me that the CERT RR is a everything-applications-might-want- > > that-is-PKI-related RR. > > everything stored in a CERT RR has its own signature and this difference > is very important to consider. No, a CERT record is just a blob. It specifically states that the 'certificate' portion of the RR is opaque to DNS and may contain multiple parts. If SSH wants to define a CERT record for 'Vanilla Key' then I think that would work fine. We do not need two RRs that essentially perform the same task. > jakob -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available