On 18/07/2011, at 12:53 AM, Rob Austein wrote: > This draft defines the mappings from filename extension (.cer, .roa, > .crl, etc) to ASN.1 object type (X.509 certificate, ROA, CRL, etc). > > Without this mapping, relying party tools have no way of knowing what > they're looking at in most cases, and would have to attempt to decode > every object in various ways to see which (if any) worked. This would > be tedious, error prone, and generally a bad idea.
But wouldn't the CMS (and ASN.1 for that matter) effectively tell the RP what the object was intended to be? It strikes me that the file name extension is a bit of syntactic sugar rather than an essential and necessary component, so I'm curious to understand what has changed in this particular PKI that makes the filename extension such a necessary attribute. If this is the case would a rogue CA be able to mount an effective DOS attack for all RPs by deliberately mis-naming objects? Geoff _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
