The raw keys are actually very useful since they can be used with an XKMS service for validation. Essentially they become an index to the information bound to them. Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Derek Atkins [mailto:warlord@mit.edu] > Sent: Thursday, March 14, 2002 8:19 PM > To: Paul Hoffman / VPNC > Cc: ipsec@lists.tislabs.com > Subject: Re: Remove little-used algorithms from IKEv2 > > > Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes: > > > In the same vein, all certificate formats other than #4 (X.509 > > Certificate - Signature) should be deprecated as well. "PKCS #7 > > wrapped X.509 certificate" is particularly bad given that > there is no > > standard for how to "wrap" a certificate. > > I'm not sure I agree with the first statement here. I'm willing to be > convinced, but I think PGP certificates and maybe raw RSA keys are > both reasonable as well. > > > --Paul Hoffman, Director > > --VPN Consortium > > -derek > > -- > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory > Member, MIT Student Information Processing Board (SIPB) > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > warlord@MIT.EDU PGP key available >
Phillip Hallam-Baker (E-mail).vcf