[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

what we're about

Apart from administrivia, like a formal charter, our first step should be
to compile a list of desires/needs/requirements.  We should also list issues.
I respectfully suggest that we defer discussing issues for the moment; with
one large exception, they're mostly orthogonal to each other.  The exception,
of course, is whether or not we should suggest a profile of X.509 instead of
something new.

What I have so far, from the traffic on the list:

        binary vs. ASCII
        ASCII (for strings) vs. Unicode
        asn.1 versus something (anything) else

        CRLs vs. short-lived certificates
        names, or the lack thereof
        fields that belong in a certificate

The first three are more or less pure syntax issues, and -- though not unimportant
-- are of much less interest to me, and are probably less important overall.
After all, any syntax will work, though some are better than others for various
reasons or applications.  (To answer one of the major complaints about PEM's
X.509 certificates, I once suggested that we register Country=Cyberspace and
use email addresses as the distinguished name format for that country.)

So -- let's first settle what it is we want; then, and only then, we can
negotiate the price.