Short term stuff first. Boil ocean stage 2.
Replacing PKIX may be a noble goal, but is out of scope for phase 1. John B. Sent from my iPhone On 2011-08-06, at 1:30 PM, Joe Hildebrand <[email protected]> wrote: > On 8/6/11 7:43 AM, "Leif Johansson" <[email protected]> wrote: > >> So in that case I still support having the spec explain (very carefully) >> how you do "raw keys" - i.e keys with no intrinsic semantics - and then >> also adding the cryptographers caveat to that. > > To be clear, when I was talking about raw keys, I didn't mean keys with no > intrinsic semantics. I just meant something along the lines of PKCS1; a > modulus, an exponent, some algorithm info, and that's about it (I'd be ok > with defining private keys in the same format as well). It would have > defined semantic, it just wouldn't be tied to an identity. > > A definite goal for me that is NOT met by PKCS1 however, is to *limit* the > choices and extensibility in certain directions to reduce the overall > complexity. > > Of course, once you've got primitives for sign and encrypt and you've got a > key format, doing something like PKIX is possible. Perhaps we could sketch > that out as potential follow-on work in the charter, so we can make progress > on some of the shorter-term stuff first? > > -- > Joe Hildebrand > > _______________________________________________ > woes mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/woes _______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
