ietf-openpgp
[Top] [All Lists]

Re: The purpose of this mailing list

1997-09-15 08:00:37
From: "A. Padgett Peterson P.E. Information Security" 
<PADGETT(_at_)hobbes(_dot_)orl(_dot_)lmco(_dot_)com>
1) For the forseeable future, key/cert servers must be able to respond to both
   "traditional" (PGPv5) requests and x.509 requests
2) This means that the server will need to be able to recognize a x.509 
request
2a)This could require a special "x.509 request"
2b)or assume anything that is not "traditional" is x.509 (not a great idea).

As a result, for near term I would expect a server to be able to create both
types of replies. Further would expect this to be a separate module or 
wrapper.

Since thusfar I have not seen any mention of a "request standard", would like
to add this subject.
                                              Warmly,
                                                      Padgett


The certificate retrieval protocols for X.509 are being hashed out
in the PKIX and ASID working groups, and LDAP certificate servers are
being rapidly rolled out by the big web server vendors and the big
PC LAN vendors.

Perhaps it would be cleaner for a keyserver machine to run a separate
PGP keyserver and LDAP X.509 certificate server, instead of trying
to merge both into a single executable and/or a single protocol
specification.  If open-PGP will support X.509 as a means of appealing
to commercial installations, open-PGP clients will have be able to
talk to the directories in use at those installations.  A PGP-specific
X.509 certificate retrieval protocol is likely to be a non-starter
in corporate environments, and developing one is probably not a good
use of this working group's time.

<Prev in Thread] Current Thread [Next in Thread>