[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
what we're about
Apart from administrivia, like a formal charter, our first step should be
to compile a list of desires/needs/requirements. We should also list issues.
I respectfully suggest that we defer discussing issues for the moment; with
one large exception, they're mostly orthogonal to each other. The exception,
of course, is whether or not we should suggest a profile of X.509 instead of
What I have so far, from the traffic on the list:
binary vs. ASCII
ASCII (for strings) vs. Unicode
asn.1 versus something (anything) else
CRLs vs. short-lived certificates
names, or the lack thereof
fields that belong in a certificate
The first three are more or less pure syntax issues, and -- though not unimportant
-- are of much less interest to me, and are probably less important overall.
After all, any syntax will work, though some are better than others for various
reasons or applications. (To answer one of the major complaints about PEM's
X.509 certificates, I once suggested that we register Country=Cyberspace and
use email addresses as the distinguished name format for that country.)
So -- let's first settle what it is we want; then, and only then, we can
negotiate the price.