On Sat, Oct 19, 2013 at 5:19 PM, Sean Turner <turners(_at_)ieca(_dot_)com>
wrote:
On 9/10/13 7:45 AM, DataPacRat wrote:
I now have an Internet-Draft for the enhanced vCard spec up at
https://datatracker.ietf.org/doc/draft-boese-vcarddav-signedvcard/ .
As currently written, it allows vCards to be used not just to announce
one's own keys, but also describe one's trust in other keys, and even
announce revocation of your keys. And all of that is part of the main
goal of the I-D: cryptographically-signed identity assertion. There
isn't much debate going on about the I-D over on the VCARDDAV mailing
list, so it seems worthwhile to check in here at PKIX to see if
anybody might care to offer constructive criticism.
So: how can I make current draft better?
(no hat)
1)
Pet peeve: please don't call the output of an HMAC process:
OLD: containing a cryptographic signature of a text
stream consisting of the properties and values listed in HASHLIST.
NEW:
OLD: containing the output of an HMAC algorithm whose input was properties
and values listed in HASHLIST and the key in HASHKEY.
That change is easy enough to make in the next revision of the draft.
(I have another minor change pending, involving mention of calendars
other than Gregorian, which isn't significant enough to warrant its
own revision.) I think that I'll wait for a few days, to see if anyone
offers any further feedback about this detail, before issuing the
correction.
2) What happens if I use S/MIME or PGP to sign the message? Can I instead
point to the certificate in the SignedData or the appropriate PGP field?
I'm afraid that I'm not very familiar with S/MIME yet, such as what
fields are included in such a message. What I can say, at the moment,
is that the proposed HASHKEY field can point to any URI. IIRC, it's
possible to construct a URI which points to a particular email
message, identifying it with its Message-ID; I'd have to read up on
that to see if there's a way to use such URIs to point to a particular
part of a message, such as a header field which includes a key. (If
anyone reading this already knows whether that's possible, that could
save a bit of time.) If that's not feasible, but if the key itself is
stored in the message in the standard format (so that, for example, a
copy of PGP reading the message could extract the key), then simply
pointing to the Message-ID itself may be sufficient.
on a side note: Interesting to note that Alexey, Carl, and myself were
looking at a way to carry an indication of what algorithms are supported by
the clients:
http://datatracker.ietf.org/doc/draft-turner-vcard-smimecaps/
Have you gotten any support for that draft since it was last revised?
Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime