[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: I-D ACTION:draft-ietf-pkix-okid-00.txt
Greetings again. In December, there was a great deal of discussion on
this list about how to get rid of preshared secrets in the
SuccessorToIKE protocol using self-signed certificates. One of the
problem with self-signed certificates today is that there is not
standard way of identifying them on the telephone or written
out-of-band communications. The following new Internet Draft, being
discussed in the PKIX WG, would solve that problem.
With this new protocol, using self-signed certificates should be
about as easy as proper use of preshared secrets. If it isn't, please
let me know so I can improve the document. Thanks!
>To: IETF-Announce: ;
>Cc: ietf-pkix@IMC.ORG
>From: Internet-Drafts@ietf.org
>Reply-to: Internet-Drafts@ietf.org
>Subject: I-D ACTION:draft-ietf-pkix-okid-00.txt
>Date: Wed, 30 Jan 2002 07:02:15 -0500
>Sender: nsyracus@cnri.reston.va.us
>
>
>
>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
>This draft is a work item of the Public-Key Infrastructure (X.509)
>Working Group of the IETF.
>
> Title : Out-of-Band Key Identifier Protocol (OKID)
> Author(s) : P. Hoffman
> Filename : draft-ietf-pkix-okid-00.txt
> Pages :
> Date : 29-Jan-02
>
>In general, certificates need not be communicated with communication or
>storage media that are integrity-secure or authentic. This is because
>certificates are digitally signed and users are expected to validate the
>signatures using configured trust anchors. However, distribution of
>trust anchor certificates, or distribution of self-signed end-entity
>certificates, requires a mechanism for establishing the authenticity of
>the public key contained in such certificates.
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-ietf-pkix-okid-00.txt
>
>To remove yourself from the IETF Announcement list, send a message to
>ietf-announce-request with the word unsubscribe in the body of the message.
>
>Internet-Drafts are also available by anonymous FTP. Login with the username
>"anonymous" and a password of your e-mail address. After logging in,
>type "cd internet-drafts" and then
> "get draft-ietf-pkix-okid-00.txt".
>
>A list of Internet-Drafts directories can be found in
>http://www.ietf.org/shadow.html
>or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
>Internet-Drafts can also be obtained by e-mail.
>
>Send a message to:
> mailserv@ietf.org.
>In the body type:
> "FILE /internet-drafts/draft-ietf-pkix-okid-00.txt".
>
>NOTE: The mail server at ietf.org can return the document in
> MIME-encoded form by using the "mpack" utility. To use this
> feature, insert the command "ENCODING mime" before the "FILE"
> command. To decode the response(s), you will need "munpack" or
> a MIME-compliant mail reader. Different MIME-compliant mail readers
> exhibit different behavior, especially when dealing with
> "multipart" MIME messages (i.e. documents which have been split
> up into multiple messages), so check your local documentation on
> how to manipulate these messages.
>
>
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.
>
>
>[The following attachment must be fetched by mail. Command-click the
>URL below and send the resulting message to get the attachment.]
><mailto:mailserv@ietf.org?body=ENCODING%20mime%0D%0AFILE%20/internet-drafts/draft-ietf-pkix-okid-00.txt>
>[The following attachment must be fetched by ftp. Command-click the
>URL below to ask your ftp client to fetch it.]
><ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-okid-00.txt>
--Paul Hoffman, Director
--VPN Consortium