-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 12, 2008, at 12:17 AM, Peter Gutmann wrote:
Don't be mislead by the title (http://www.ietf.org/rfc/rfc4387.txt),
it was
published under the auspices of PKIX but it's really "a simple, fairly
universal means of publishing your public key via HTTP". The CACert
folks
have set up a Wiki page to cover implementation info, feedback, and
comments:
http://wiki.cacert.org/wiki/RFC4387.
I like it.
The only complaint that I have is that the OpenPGP attributes are a
bit behind the times. I would like to see it updated for 4880 and
generalized. I think there are some similar issues for X.509, too.
(Actual technical details -- a key fingerprint there is defined to be
a binary 160 bits. It ought to be a string because we very well may
come up with a generic way to compute a fingerprint with an arbitrary
hash. Given that a fingerprint in this context is really just a
database retrieval handle (note the way I skillfully avoid the word
"key"), having it be just text is a good thing. Also, in 4880, we
deprecate the old-style keys. In the new-style keys, a key ID is just
a truncation of a fingerprint.)
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHkSy4sTedWZOD3gYRAvR4AKDIg9jHBkbd4LYrq7Zy4Gb8SCCnvACfVutc
jGcjwQd2l6LQ0nEj8sjJo1w=
=Nn4m
-----END PGP SIGNATURE-----