ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Change from "cert-only" in RFC2633-bis-01

2002-07-16 17:15:59
from [Jim Schaad] [Permanent Link] 

Blake,

I have just noticed in doing some re-writes on the CMC draft in the PKIX
group that it also refers to "certs-only".  I don't know if there are
other RFC's that might also do this.  I think that this might be a good
reason to revert back.

jim


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Blake 
Ramsdell
Sent: Tuesday, July 16, 2002 11:25 AM
To: jimsch(_at_)exmsft(_dot_)com; ietf-smime(_at_)imc(_dot_)org
Subject: Re: Change from "cert-only" in RFC2633-bis-01



----- Original Message ----- 
From: "Jim Schaad" <jimsch(_at_)nwlink(_dot_)com>
To: <ietf-smime(_at_)imc(_dot_)org>; "'Blake Ramsdell'" 
<blake(_at_)brutesquadlabs(_dot_)com>
Sent: Monday, July 15, 2002 7:22 PM
Subject: Change from "cert-only" in RFC2633-bis-01



Blake,

I think that there may be a major problem in making this change.

Issues: 
1.  You need to have a backwards compability section 

describing what the

old "certs-only" smime-type is and what it does.



From draft-ietf-smime-rfc2633bis-01.txt section 3.6:


Please note that in prior versions of S/MIME, the smime-type parameter
was set to "certs-only" for messages that contained only certificates
and/or certificate revocation lists. The new use of "cert-management"
is meant to clarify the semantic that both certificates and
certificate revocation lists might be found in these messages.
Receiving implementations SHOULD accept "certs-only" and
"cert-management" and treat them equivalently (that is, both could
contain certificates and/or certificate revocation lists).

Please let me know what other clarification would be useful 
here -- indeed this is something to be careful of if we 
change this smime-type.


2.  I dislike the term cert-management, because you are not doing
certificate managmement.  A better term would be cert-distribution.


And I'll further complain that "it distributes CRLs as well 
as certs".  This might end up being an interesting rathole.  
Well, "interesting" as far as ratholes go, that is ;).


Personally I have no problem with leaving this smime-type as is.


Me neither.  Maybe this should change back to "certs-only" 
and we focus on clarifying the generation / processing of the 
data rather than changing the smime-type.

Blake
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Change from "cert-only" in RFC2633-bis-01, Blake Ramsdell
Next by Date:  AES and PKCS #1 v1.5 Issue, Jim Schaad
Previous by Thread:  Re: Change from "cert-only" in RFC2633-bis-01, Blake Ramsdell
Next by Thread:  Re: Change from "cert-only" in RFC2633-bis-01, Housley, Russ
Indexes:  [Date] [Thread] [Top] [All Lists]