RE: [ietf-dkim] RFC 4387 on Internet X.509 Public Key Infrastructure Ope

Might make sense in a policy record, but I don't think that either this
draft or the companion 4386 draft someone or other wrote that describes
an LDAP lookup scheme quite meshes with the DKIM approach where the data
flow of a signed message is driven first by the signature header and
then by the key record.

This is why I think that the correct placement for any cert linkage
would be from the key record to the cert. An alternative would be from
the key record to the cert store but that introduces an extra SRV lookup
and might be more complex to manage. The argument might be made that it
would be easier to manage for end user keys but we are not there yet.

 

> -----Original Message-----
> From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
> [mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of 
> william(at)elan.net
> Sent: Tuesday, February 07, 2006 8:41 PM
> To: ietf-dkim(_at_)mipassoc(_dot_)org
> Subject: [ietf-dkim] RFC 4387 on Internet X.509 Public Key 
> Infrastructure Operational Protocols: Certificate Store 
> Access via HTTP (fwd)
>
>
> Obviously per your limited charter you'd consider this OT, 
> but still FYI.
>
> ---------- Forwarded message ----------
> Date: Tue, 7 Feb 2006 17:25:38 -0800
> From: rfc-editor(_at_)rfc-editor(_dot_)org
> To: ietf-announce(_at_)ietf(_dot_)org, rfc-dist(_at_)rfc-editor(_dot_)org
> Cc: ietf-pkix(_at_)imc(_dot_)org, rfc-editor(_at_)rfc-editor(_dot_)org
> Subject: RFC 4387 on Internet X.509 Public Key Infrastructure 
> Operational
>      Protocols: Certificate Store Access via HTTP
>
> A new Request for Comments is now available in online RFC libraries.
>
>          RFC 4387
>
>          Title:      Internet X.509 Public Key Infrastructure
>                      Operational Protocols: Certificate Store 
> Access via
>                      HTTP
>          Author:     P. Gutmann,  Ed.
>          Status:     Standards Track
>          Date:       February 2006
>          Mailbox:    pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz
>          Pages:      25
>          Characters: 63182
>          Updates/Obsoletes/SeeAlso:   None
>
>          I-D Tag:    draft-ietf-pkix-certstore-http-09.txt
>
>          URL:        http://www.rfc-editor.org/rfc/rfc4387.txt
>
> The protocol conventions described in this document satisfy 
> some of the operational requirements of the Internet Public 
> Key Infrastructure (PKI).
> This document specifies the conventions for using the 
> Hypertext Transfer Protocol (HTTP/HTTPS) as an interface 
> mechanism to obtain certificates and certificate revocation 
> lists (CRLs) from PKI repositories.  Additional mechanisms 
> addressing PKIX operational requirements are specified in 
> separate documents.  [STANDARDS TRACK]
>
> This document is a product of the Public-Key Infrastructure 
> (X.509) Working Group of the IETF.
>
> This is now a Proposed Standard Protocol.
>
> STANDARDS TRACK: This document specifies an Internet 
> standards track protocol for the Internet community,and 
> requests discussion and suggestions for improvements.Please 
> refer to the current edition of the Internet Official 
> Protocol Standards (STD 1) for the standardization state and 
> status of this protocol.  Distribution of this memo is unlimited.
>
> This announcement is sent to the IETF list and the RFC-DIST list.
> Requests to be added to or deleted from the IETF distribution 
> list should be sent to IETF-REQUEST(_at_)IETF(_dot_)ORG(_dot_)  Requests to 
> be 
> added to or deleted from the RFC-DIST distribution list 
> should be sent to RFC-DIST-REQUEST(_at_)RFC-EDITOR(_dot_)ORG(_dot_)
>
> Details on obtaining RFCs via FTP or EMAIL may be obtained by 
> sending an EMAIL message to rfc-info(_at_)RFC-EDITOR(_dot_)ORG with the 
> message body
>
> help: ways_to_get_rfcs. For example:
>
>          To: rfc-info(_at_)RFC-EDITOR(_dot_)ORG
>          Subject: getting rfcs
>
>          help: ways_to_get_rfcs
>
> Requests for special distribution should be addressed to 
> either the author of the RFC in question, or to 
> RFC-Manager(_at_)RFC-EDITOR(_dot_)ORG(_dot_)  Unless specifically noted 
> otherwise on the RFC itself, all RFCs are for unlimited distribution.
>
> Submissions for Requests for Comments should be sent to 
> RFC-EDITOR(_at_)RFC-EDITOR(_dot_)ORG(_dot_)  Please consult RFC 2223, 
> Instructions to RFC Authors, for further information.
>
>
> Joyce K. Reynolds and Sandy Ginoza
> USC/Information Sciences Institute
>
> ...
>
>
> --22b50466d5aa20ab9f92be34617c09da
>
>
> A new Request for Comments is now available in online RFC libraries.
>
>
>          RFC 4387
>
>          Title:      Internet X.509 Public Key Infrastructure
>                      Operational Protocols: Certificate Store 
> Access via
>                      HTTP
>          Author:     P. Gutmann,  Ed.
>          Status:     Standards Track
>          Date:       February 2006
>          Mailbox:    pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz
>          Pages:      25
>          Characters: 63182
>          Updates/Obsoletes/SeeAlso:   None
>
>          I-D Tag:    draft-ietf-pkix-certstore-http-09.txt
>
>          URL:        http://www.rfc-editor.org/rfc/rfc4387.txt
>
> The protocol conventions described in this document satisfy 
> some of the operational requirements of the Internet Public 
> Key Infrastructure (PKI).
> This document specifies the conventions for using the 
> Hypertext Transfer Protocol (HTTP/HTTPS) as an interface 
> mechanism to obtain certificates and certificate revocation 
> lists (CRLs) from PKI repositories.  Additional mechanisms 
> addressing PKIX operational requirements are specified in 
> separate documents.  [STANDARDS TRACK]
>
> This document is a product of the Public-Key Infrastructure 
> (X.509) Working Group of the IETF.
>
> This is now a Proposed Standard Protocol.
>
> STANDARDS TRACK: This document specifies an Internet 
> standards track protocol for the Internet community,and 
> requests discussion and suggestions for improvements.Please 
> refer to the current edition of the Internet Official 
> Protocol Standards (STD 1) for the standardization state and 
> status of this protocol.  Distribution of this memo is unlimited.
>
> This announcement is sent to the IETF list and the RFC-DIST list.
> Requests to be added to or deleted from the IETF distribution 
> list should be sent to IETF-REQUEST(_at_)IETF(_dot_)ORG(_dot_)  Requests to 
> be 
> added to or deleted from the RFC-DIST distribution list 
> should be sent to RFC-DIST-REQUEST(_at_)RFC-EDITOR(_dot_)ORG(_dot_)
>
> Details on obtaining RFCs via FTP or EMAIL may be obtained by 
> sending an EMAIL message to rfc-info(_at_)RFC-EDITOR(_dot_)ORG with the 
> message body
>
> help: ways_to_get_rfcs. For example:
>
>          To: rfc-info(_at_)RFC-EDITOR(_dot_)ORG
>          Subject: getting rfcs
>
>          help: ways_to_get_rfcs
>
> Requests for special distribution should be addressed to 
> either the author of the RFC in question, or to 
> RFC-Manager(_at_)RFC-EDITOR(_dot_)ORG(_dot_)  Unless specifically noted 
> otherwise on the RFC itself, all RFCs are for unlimited distribution.
>
> Submissions for Requests for Comments should be sent to 
> RFC-EDITOR(_at_)RFC-EDITOR(_dot_)ORG(_dot_)  Please consult RFC 2223, 
> Instructions to RFC Authors, for further information.
>
>
> Joyce K. Reynolds and Sandy Ginoza
> USC/Information Sciences Institute
>
> ...
>
>
>
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce(_at_)ietf(_dot_)org
> https://www1.ietf.org/mailman/listinfo/ietf-announce
> _______________________________________________
> NOTE WELL: This list operates according to 
> <http://dkim.org/ietf-list-rules.html>
_______________________________________________
NOTE WELL: This list operates according to 
<http://dkim.org/ietf-list-rules.html>