[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reliable delete notifies
On Tue, 10 Oct 2000, Michael Richardson wrote:
> Angelos> I would in fact argue for removal of preshared-key
> Angelos> authentication...
>
> I would agree to this on one condition only:
> That the spec lists a simple, well known format (i.e. PKCS10) by which
> self-signed certificates can be loaded into the trusted store, and by which
> they will be produced. That implementations *MUST* support this.
I would agree wholeheartedly with this. This is a problem we've run into
during interoperability testing: even when both parties are perfectly
happy to exchange RSA keys manually, no two systems agree on the
key-exchange data format. Personally, I'd favor something much closer to
RFC 2537 format -- it's far simpler than any form of certificate -- but
*any* standard, even a messy one, would be better than none.
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: