IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Comments on draft-ietf-secsh-x509-03



> Overall I think this document should restrict itself to specifying the basic
> formats, and leave cert-processing details and policy issues to things like
> PKIX, who have generated thousands of pages (literally!) of documentation on
> this.  Also, since what's being done here is identical to what TLS has spent
> several years working on, re-using the results of the TLS work would help
> avoid the need to re-work the SSH stuff once people start rediscovering the
> various issues that the TLS folks have already dealt with.

This was our original intent (and if you look at the first couple
of versions of the document, what we did.)

However, it seemed like people wanted more out of the draft.

I'd be really happy to go back to simply describing how
to encode x.509 certificates and signatures in the SSH
protocol and call this draft done.

But-- I guess we need people who care about this to
come out of the woodwork and speak up now about what
the working group wants out of this document.

Thanks,

Joseph




Home | Main Index | Thread Index | Old Index