Stephen Kent writes:
Your point about DNS security extensions is a good one in so far as
it shows at least one example of a (still to be deployed) Interent protocol
where signatures will be employed. However, DNS security deals with
existing data structures in the DNS database, and it would not have been
appropriate to use ASN.1 for those non-ASN.1 data structures.
However, I will point out that other than SNMP there are no widely
used ASN.1 data structures on the internet.
I'm also not convinced that the range of data types in DNS records
is nearly as extensive or as complex as those that we will deal with
in the PKI environment.
I am far from convinced that makes any difference.
Also, the PKI is dealing with X.509 certificates,
For the moment :)
Certainly the pkix group is dealing with X.509 certificates.
Still, I agree that we should be open to alternatives[to ASN.1]. The
WG could develop a set of criteria for the syntax specification and
encoding for messages and evaluate alternatives including ASN.1. I
worry that this might be something of a distraction from our main
objectives, but if there is sufficient interest in the WG, we can
pursue this apporoach to evaluating alternatives.
A reasonably enlightened approach, I think.
Perry