Might make sense in a policy record, but I don't think that either this
draft or the companion 4386 draft someone or other wrote that describes
an LDAP lookup scheme quite meshes with the DKIM approach where the data
flow of a signed message is driven first by the signature header and
then by the key record.
This is why I think that the correct placement for any cert linkage
would be from the key record to the cert. An alternative would be from
the key record to the cert store but that introduces an extra SRV lookup
and might be more complex to manage. The argument might be made that it
would be easier to manage for end user keys but we are not there yet.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of
william(at)elan.net
Sent: Tuesday, February 07, 2006 8:41 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] RFC 4387 on Internet X.509 Public Key
Infrastructure Operational Protocols: Certificate Store
Access via HTTP (fwd)
Obviously per your limited charter you'd consider this OT,
but still FYI.
---------- Forwarded message ----------
Date: Tue, 7 Feb 2006 17:25:38 -0800
From: rfc-editor(_at_)rfc-editor(_dot_)org
To: ietf-announce(_at_)ietf(_dot_)org, rfc-dist(_at_)rfc-editor(_dot_)org
Cc: ietf-pkix(_at_)imc(_dot_)org, rfc-editor(_at_)rfc-editor(_dot_)org
Subject: RFC 4387 on Internet X.509 Public Key Infrastructure
Operational
Protocols: Certificate Store Access via HTTP
A new Request for Comments is now available in online RFC libraries.
RFC 4387
Title: Internet X.509 Public Key Infrastructure
Operational Protocols: Certificate Store
Access via
HTTP
Author: P. Gutmann, Ed.
Status: Standards Track
Date: February 2006
Mailbox: pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz
Pages: 25
Characters: 63182
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-pkix-certstore-http-09.txt
URL: http://www.rfc-editor.org/rfc/rfc4387.txt
The protocol conventions described in this document satisfy
some of the operational requirements of the Internet Public
Key Infrastructure (PKI).
This document specifies the conventions for using the
Hypertext Transfer Protocol (HTTP/HTTPS) as an interface
mechanism to obtain certificates and certificate revocation
lists (CRLs) from PKI repositories. Additional mechanisms
addressing PKIX operational requirements are specified in
separate documents. [STANDARDS TRACK]
This document is a product of the Public-Key Infrastructure
(X.509) Working Group of the IETF.
This is now a Proposed Standard Protocol.
STANDARDS TRACK: This document specifies an Internet
standards track protocol for the Internet community,and
requests discussion and suggestions for improvements.Please
refer to the current edition of the Internet Official
Protocol Standards (STD 1) for the standardization state and
status of this protocol. Distribution of this memo is unlimited.
This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution
list should be sent to IETF-REQUEST(_at_)IETF(_dot_)ORG(_dot_) Requests to
be
added to or deleted from the RFC-DIST distribution list
should be sent to RFC-DIST-REQUEST(_at_)RFC-EDITOR(_dot_)ORG(_dot_)
Details on obtaining RFCs via FTP or EMAIL may be obtained by
sending an EMAIL message to rfc-info(_at_)RFC-EDITOR(_dot_)ORG with the
message body
help: ways_to_get_rfcs. For example:
To: rfc-info(_at_)RFC-EDITOR(_dot_)ORG
Subject: getting rfcs
help: ways_to_get_rfcs
Requests for special distribution should be addressed to
either the author of the RFC in question, or to
RFC-Manager(_at_)RFC-EDITOR(_dot_)ORG(_dot_) Unless specifically noted
otherwise on the RFC itself, all RFCs are for unlimited distribution.
Submissions for Requests for Comments should be sent to
RFC-EDITOR(_at_)RFC-EDITOR(_dot_)ORG(_dot_) Please consult RFC 2223,
Instructions to RFC Authors, for further information.
Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute
...
--22b50466d5aa20ab9f92be34617c09da
A new Request for Comments is now available in online RFC libraries.
RFC 4387
Title: Internet X.509 Public Key Infrastructure
Operational Protocols: Certificate Store
Access via
HTTP
Author: P. Gutmann, Ed.
Status: Standards Track
Date: February 2006
Mailbox: pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz
Pages: 25
Characters: 63182
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-pkix-certstore-http-09.txt
URL: http://www.rfc-editor.org/rfc/rfc4387.txt
The protocol conventions described in this document satisfy
some of the operational requirements of the Internet Public
Key Infrastructure (PKI).
This document specifies the conventions for using the
Hypertext Transfer Protocol (HTTP/HTTPS) as an interface
mechanism to obtain certificates and certificate revocation
lists (CRLs) from PKI repositories. Additional mechanisms
addressing PKIX operational requirements are specified in
separate documents. [STANDARDS TRACK]
This document is a product of the Public-Key Infrastructure
(X.509) Working Group of the IETF.
This is now a Proposed Standard Protocol.
STANDARDS TRACK: This document specifies an Internet
standards track protocol for the Internet community,and
requests discussion and suggestions for improvements.Please
refer to the current edition of the Internet Official
Protocol Standards (STD 1) for the standardization state and
status of this protocol. Distribution of this memo is unlimited.
This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution
list should be sent to IETF-REQUEST(_at_)IETF(_dot_)ORG(_dot_) Requests to
be
added to or deleted from the RFC-DIST distribution list
should be sent to RFC-DIST-REQUEST(_at_)RFC-EDITOR(_dot_)ORG(_dot_)
Details on obtaining RFCs via FTP or EMAIL may be obtained by
sending an EMAIL message to rfc-info(_at_)RFC-EDITOR(_dot_)ORG with the
message body
help: ways_to_get_rfcs. For example:
To: rfc-info(_at_)RFC-EDITOR(_dot_)ORG
Subject: getting rfcs
help: ways_to_get_rfcs
Requests for special distribution should be addressed to
either the author of the RFC in question, or to
RFC-Manager(_at_)RFC-EDITOR(_dot_)ORG(_dot_) Unless specifically noted
otherwise on the RFC itself, all RFCs are for unlimited distribution.
Submissions for Requests for Comments should be sent to
RFC-EDITOR(_at_)RFC-EDITOR(_dot_)ORG(_dot_) Please consult RFC 2223,
Instructions to RFC Authors, for further information.
Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute
...
_______________________________________________
IETF-Announce mailing list
IETF-Announce(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf-announce
_______________________________________________
NOTE WELL: This list operates according to
<http://dkim.org/ietf-list-rules.html>
_______________________________________________
NOTE WELL: This list operates according to
<http://dkim.org/ietf-list-rules.html>