On Tue, 19 Jul 2011, Terry Manderson wrote:
On 19/07/11 9:15 PM, "Randy Bush" <[email protected]> wrote:
I think there is an easier way, as already suggested. Add the object
type to the manifest in FileandHash.
1) the rescert points to the publication point and manifest
2) the manifest is mandatory
3) the manifest is signed
4) the manifest is nicely(?) readable ASN.1
so move the deck chairs from coding the type in a directory maintained
by the operating system to one the spec and the programmers write and
maintain? big win there, eh?
The win is to eliminate a threat that has already been identified on the
list.
I see that someone else has already responded to this statement, but I'd
like to chime in that I'd like to see an explicit statement of the threat
and how the OID mechanism you suggest would counter it.
--Sandy, speaking as wg chair
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
