To:
Jakob Schlyter <jakob@crt.se>
Cc:
Simon Josefsson <jas@extundo.com>, Edward Lewis <lewis@tislabs.com>, <dnssec@cafax.se>
From:
Derek Atkins <warlord@MIT.EDU>
Date:
31 Aug 2001 11:40:57 -0400
Delivery-Date:
Fri Aug 31 20:35:37 2001
In-Reply-To:
Jakob Schlyter's message of "Fri, 31 Aug 2001 17:36:10 +0200 (MEST)"
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
Jakob Schlyter <jakob@crt.se> writes:
> On Fri, 31 Aug 2001, Simon Josefsson wrote:
>
> > > correct, but cert implies that it contains a public key and a signature.
> >
> > Well, the CERT RR already discuss CRLs which isn't a signed public key.
> >
> > It seems to me that the CERT RR is a everything-applications-might-want-
> > that-is-PKI-related RR.
>
> everything stored in a CERT RR has its own signature and this difference
> is very important to consider.
No, a CERT record is just a blob. It specifically states that the
'certificate' portion of the RR is opaque to DNS and may contain
multiple parts. If SSH wants to define a CERT record for 'Vanilla
Key' then I think that would work fine.
We do not need two RRs that essentially perform the same task.
> jakob
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available