>>>>> "Paul" == Paul Hoffman <[email protected]> writes: Paul> http://tools.ietf.org/html/draft-ietf-ipsecme-oob-pubkey
I have read this document anew. I found the jump in section 3 to: When the certificate encoding type 'Raw Public Key' is used then the Certificate Data only contains the SubjectPublicKeyInfo part of the PKIX certificate. to be confusing on first read. Perhaps this is because I attempt to be as ignorant of PKCS/PKIX stuff as possible. (I admit that I'm a failure at this). I think that it is telling me that it's not just a raw RSA key, which is really the whole point of this exercise, but rather just the SubjectPublicKeyInfo part. I think that this paragraph could be made clearer to people who are trying to avoid knowing anything about PKIX. I followed the reference to draft-ietf-tls-oob-pubkey-07, which I read. I would like to suggest that section 3 more quickly refers to the tls-oob-pubkey Appendix A, and that it say something like: In order to provide a simple and standard way to indicate the key type when the encoding type is 'Raw Public Key', the SubjectPublicKeyInfo structure of the PKIX certificate is used. This is a a very simple encoding, as most of the ASN.1 part can be included literally, and recognized by block comparison. See [draft-ietf-tls-oob-pubkey] Appendix A for a detailed breakdown. In addition, Appendix A has a few examples. (Yes, add a second example... an RSA example.) -- Michael Richardson <[email protected]>, Sandelman Software Works
pgpwdZAmTFah7.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
