From: jueneman%wotan(_at_)gte(_dot_)com
Cc: pem-dev(_at_)tis(_dot_)com
Reply-To: "Jueneman, Robert R." <Jueneman(_at_)gte(_dot_)com>
2. Abandon the notion of using the IPRA to sign all of the
certificates of all of the PCAs, and use a direct trust model to
install self-signed PCA certificate(s) in the user's software. That
is what will have to be done with the IPRA certificate in any case.
Since we have to support direct trust anyway, this seems like the
direction we're headed in.
...
1. The various PCAs need to publish their certificates via FTP,
and list them in several newspapers, or perhaps something
like the Journal of the IEEE? In any case the reference should
be included in the Policy statement, so users can double check.
Since PEM is an Internet standard, wouldn't the first place you
would think of be to publish it in the Internet Society News
which is the hardcopy official record of Internet standards
actions? As for FTP, the ietf shadow directories would be where
I would expect to find this.
...
Bob
Donald
PS: You can join the Internet Society by sending $70 (or $25 for student
memberhship) to Internet Society
12020 Sunrise Valley Drive, Suite 270
Reston, VA 22091-3429 USA
(tel +1 703 648 9888, fax +1 703 648 9887, email isoc(_at_)isoc(_dot_)org)