Steve --
I think we have two different issues here: 1) the format for a
self-signed data item to be used in the certificate request
processing, and 2) what message type to be used in that and analogous
processing.
For 1), how about a self-signed certificate with the following
"implementor's agreements" (recommended, but not required):
- version number is v1988 (i.e., omitted)
- serial number is 1
- validity period, start and end is 12:00am GMT, January 1, 1970
I still consider the name-key-signature type to be better technically,
but not so much better that I'd hold up the PEM process to debate it.
Any supporters, please indicate now.
For 2), I'm willing to revert to MIC-ONLY and MIC-CLEAR, with a
"Certificate:" field carrying the self-signed certificate. With a
self-signed certificate (as opposed to a prototype certificate), the
message does bear resemblance to the MIC-ONLY/CLEAR intent, even if
one can't verify the signature on the certificate (yet). Indeed, one
often can't verify a certificate's signature, but at least a
self-signed certificate has one.
-- Burt