> On Mar 8, 2015, at 6:04 PM, Paul Hoffman <[email protected]> wrote:
>
> I fully agree on this. In fact, I think I brought the lack of interop up
> during the discussion leading up to RFC 2440, and was told that it was too
> late to change. (To be fair, we used the "too late to change" phrase a lot
> leading up to the spec for S/MIME v2. Ah, those carefree '90s.)
To be fair here — back in the carefree '90s, we were *forbidden* from being a
"PKI" because there already was one, and it was PKIX.
Despite that, if you look at section 3.6 of RFC 4880, you will see in its
entirety:
3.6. Keyrings
A keyring is a collection of one or more keys in a file or database.
Traditionally, a keyring is simply a sequential list of keys, but may
be any suitable database. It is beyond the scope of this standard to
discuss the details of keyrings or other databases.
The second sentence of that, "...a keyring is simply a sequential list of
keys..." is in fact the *exact* definition of a keyring. The sentence adverb in
that sentence, "Traditionally," is the weasel word that satisfies the
requirement not to be a PKI. If you add in the last sentence of the paragraph,
it seals the deal.
All you need else to do is to follow the SHOULD in the Trust Packet section
(5.10) and of course interpret a "local" signature as well, local.
Poof, you’re done.
Jon
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
