[Top] [All Lists]

RE: Change from "cert-only" in RFC2633-bis-01

2002-07-16 17:15:59


I have just noticed in doing some re-writes on the CMC draft in the PKIX
group that it also refers to "certs-only".  I don't know if there are
other RFC's that might also do this.  I think that this might be a good
reason to revert back.


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Blake 
Sent: Tuesday, July 16, 2002 11:25 AM
To: jimsch(_at_)exmsft(_dot_)com; ietf-smime(_at_)imc(_dot_)org
Subject: Re: Change from "cert-only" in RFC2633-bis-01

----- Original Message ----- 
From: "Jim Schaad" <jimsch(_at_)nwlink(_dot_)com>
To: <ietf-smime(_at_)imc(_dot_)org>; "'Blake Ramsdell'" 
Sent: Monday, July 15, 2002 7:22 PM
Subject: Change from "cert-only" in RFC2633-bis-01


I think that there may be a major problem in making this change.

1.  You need to have a backwards compability section 
describing what the
old "certs-only" smime-type is and what it does.

From draft-ietf-smime-rfc2633bis-01.txt section 3.6:

Please note that in prior versions of S/MIME, the smime-type parameter
was set to "certs-only" for messages that contained only certificates
and/or certificate revocation lists. The new use of "cert-management"
is meant to clarify the semantic that both certificates and
certificate revocation lists might be found in these messages.
Receiving implementations SHOULD accept "certs-only" and
"cert-management" and treat them equivalently (that is, both could
contain certificates and/or certificate revocation lists).

Please let me know what other clarification would be useful 
here -- indeed this is something to be careful of if we 
change this smime-type.

2.  I dislike the term cert-management, because you are not doing
certificate managmement.  A better term would be cert-distribution.

And I'll further complain that "it distributes CRLs as well 
as certs".  This might end up being an interesting rathole.  
Well, "interesting" as far as ratholes go, that is ;).

Personally I have no problem with leaving this smime-type as is.

Me neither.  Maybe this should change back to "certs-only" 
and we focus on clarifying the generation / processing of the 
data rather than changing the smime-type.


<Prev in Thread] Current Thread [Next in Thread>