At 9:11 AM -0400 9/30/10, Sean Turner wrote:
draft-mavrogiannopoulos-rfc5081bis reuses the Certificate Type value assigned
in RFC 5081 (it's 1). The extension defined in
draft-mavrogiannopoulos-rfc5081bis is not backwards compatible with RFC 5081.
If there were many implementations, then I'd be concerned about reusing the
value. The authors (and I) don't think there are any implementations other
than GnuTLS, but I'd like to know if anybody knows of TLS implementations that
support RFC 5081.
Given that there is a known implementation of 5081, and given that GnuTLS is
reasonably well-deployed, why doesn't draft-mavrogiannopoulos-rfc5081bis simply
use a new certificate type number? So far, only 2 out of >200 have been
allocated, so there is no shortage.
--Paul Hoffman, Director
--VPN Consortium