On 7/21/10 2:07 AM, Rob Austein wrote: > FWIW, at least one implementation (mine) already generates subject > names containing a SHA-1 hash of the public key (ie, another encoding > of the same value we're already using as the SKI). I'll let the other > implementors speak to whether their implementations already do > something like this, or how hard it would be to add if needed.
As another implementor: Our system uses the base64 encoded SHA-1 hash of the public key to determine the subject name for a certificate. We are using the same strategy for subject names, as is currently proposed to determine file names as described here: http://tools.ietf.org/html/draft-ietf-sidr-repos-struct-04#section-2.2 There is one exception to this. For our TAs we felt is might be better to use human readable subjects and filenames for now: ETA: rsync://certrepo.ripe.net/eta/CN=ETA,O=RIPE%20NCC,C=NL.cer RTA: rsync://certrepo.ripe.net/rta/CN=RTA,O=RIPE%20NCC,C=NL.cer Regards, Tim _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
