On 18/07/2011, at 12:32 PM, Stephen Kent wrote: > At 7:41 AM +1000 7/18/11, Geoff Huston wrote: >> On 18/07/2011, at 12:53 AM, Rob Austein wrote: >> >>> This draft defines the mappings from filename extension (.cer, .roa, >>> .crl, etc) to ASN.1 object type (X.509 certificate, ROA, CRL, etc). >>> >>> Without this mapping, relying party tools have no way of knowing what >>> they're looking at in most cases, and would have to attempt to decode >>> every object in various ways to see which (if any) worked. This would >>> be tedious, error prone, and generally a bad idea. >> >> But wouldn't the CMS (and ASN.1 for that matter) effectively tell the RP >> what the object was intended to be? It strikes me that the file name >> extension is a bit of syntactic sugar rather than an essential and necessary >> component, so I'm curious to understand what has changed in this particular >> PKI that makes the filename extension such a necessary attribute. If this is >> the case would a rogue CA be able to mount an effective DOS attack for all >> RPs by deliberately mis-naming objects? > > If youy want to compare the RPKI to the general PKI repository model (X.500), > note that in an X.500 directory, every object is tagged in a fashion > analogous to the filename extension. LDAP tags objects as well. So why is it > not appropriate to do so, in a normative fashion here?
How is this X.500 directory "tagging" achieved in other PKIs? Three letter filename extension conventions? Or some other tag mechanism? _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
