-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 2001,MIC-CLEAR
Content-Domain: RFC822
Originator-Name: jefft(_at_)chirality(_dot_)rsa(_dot_)com
Originator-Certificate:
MIIB0zCCAX0CEHvlDG8l4VHdqec4RvFBuGIwDQYJKoZIhvcNAQECBQAwbzELMAkG
A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD
VQQLExNQZXJzb25hIENlcnRpZmljYXRlMSAwHgYDVQQDFBdqZWZmdEBjaGlyYWxp
dHkucnNhLmNvbTAeFw05MzExMzAxOTE1NTFaFw05NTExMzAxOTE1NTFaMG8xCzAJ
BgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoG
A1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZTEgMB4GA1UEAxQXamVmZnRAY2hpcmFs
aXR5LnJzYS5jb20wWDAKBgRVCAEBAgIB/gNKADBHAkAtAto1Bdion6FnjY2qkliO
7n6RxmL68IJ8r5XMMPX5IERpo4pSEiE/Fbrw2jVlFUTbdQ36Y65tezhS1E4oNsUX
AgMBAAEwDQYJKoZIhvcNAQECBQADQQAK/hg100zdjSCapJusmVSzwDaj6YKAa0p3
GJBYYMMIMZbGlE2gx1bnMiI+twftqA2nRj7v7zlaWv3WiP+pihyx
MIC-Info: RSA-MD5,RSA,
EiQmy5Pa/MIKGKpumn6NiLq58friH0sasrr4bxpUJybv1K9Zmuilj9awRi2bQ9ET
nB7SF4sc9y+RJwBxJsfoCQ==
Bob Jueneman writes:
- separation of the certificate infrastructue from the ability to use
PEM, i.e. the ability to get going without a hierarchy and be
spliced in later.
I agree, and I think we have seen enough discussion to see how this
could be possible. Use RIPEM or PGP with self-signed certificates,
then add CAs, then add a PCA to provide global exposure to your
certificates if that is what you want to do. Ignoring some valid
quibbles about the trustworthyness of a particular bit in the
certificate store, it appears that TIS-PEM would already support these
concepts.
The self-signed certificate option seems to be a common factor among most of
the deployed PEM implementations. If there is interest, I will post a
proposal for allowing a self-signed certificate in the
Originator-Certificate field, what the significance of the serial
number in this certificate would be, etc.
- - Jeff
-----END PRIVACY-ENHANCED MESSAGE-----
Signed with RIPEM 1.2