Metadata Distribution Subcommittee of TAC

["Cantor, Scott" <>]

On 1/16/14, 11:28 AM, "Joe St Sauver" 
<>
 wrote:
>
>-- The signing certifcate is defined as: "an X.509v3 certificate
>containing a public key used to verify the signature on a metadata file;
>a container for an RSA 2048-bit public key"
>
>Might it be better to describe the cert as "an X.509v3 (RFC3280) digital
>certificate tying an identity to a public/private keypair"?

No, there is no identity involved from the point of view of how the
certificate is being used. Adding in language that turns the certificate
into something more than a key container is definitely not the direction
we want.

>And as for the public key "container," in InCommon usage, wouldn't that
>actually normally be a PEM-format file, e.g.,
>http://md.incommon.org/certs/inc-md-cert.pem ?

It could be in any format you can express a certificate, I guess, PEM
included.

>(btw, if you try to go to https://md.incommon.org/certs/inc-md-cert.pem
>you get a cert error, because that host uses a cert that's only valid
>for wayf.incommonfederation.org,

I don't think the TLS option was on the table, based on the last round of
conversation about this on TAC, but I'd have to go back and look.

-- Scott