On 26 February 2014 14:13, Tomas Gustavsson <[email protected]> wrote: > > Did anyone consider using RFC4211 CRMF requests as "pre-certificates"? > CRMF has both issuer and serialNumber, as well as extensions. The > CertTemplate of RFC4211 is basically a TBSCertificate.
Hmm. So it is. I had not come across this RFC before. Does anything implement it? > > Cheers, > Tomas > > PS: time to change subject of the thread? > > > On 02/26/2014 05:46 AM, Rob Stradling wrote: >> On 26/02/14 13:33, Carl Wallace wrote: >>>>> >>>>> While I agree that lack of a CA certificate with the matching naming >>>>> really doesn¹t matter, breaking name chaining seems like an odd way to >>>>> maintain ³ritual compliance". Why not bump the version number instead? >>>>> v4 could be defined as a pre-certificate containing a poison extension >>>>> and >>>>> a serial number that matches its v3 counterpart. >>>> >>>> Hi Carl. I briefly discussed the idea of changing the version number >>>> with Ben a few months ago... >>> >>> Sorry for the rehash. There are occasions where I miss an email in this >>> list:-) >> >> No need to apologize. It was an off-list discussion. :-) >> > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
