On Tue, Sep 9, 2014 at 10:30 AM, Stephen Kent <[email protected]> wrote: > Brian, > > Can you re-state your proposal. I'm confused, in part because one does > not sign anything using a cert; one verifies a signed thing using a public > key from a cert.
Rick and Carl did a good job of explaining why my line of reasoning didn't make sense in the first place, regardless of my poor choice of terminology. By the way, in draft -04 there are similar abuses of terminology that should be cleaned up. Here's one example, "The resulting TBSCertificate [RFC5280] is then signed with either [...] a special-purpose [...] Precertificate Signing Certificate [...] or, the CA certificate that will sign the final certificate." There are probably more. Also, it might be worth mentioning in the draft that it doesn't make sense to use a Precertificate Signing Certificate if it has the same public key as the issuing certificate. Cheers, Brian _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
