[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About RFC 3280bis

To: david.cooper@xxxxxxxx
Subject: Re: About RFC 3280bis
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Mon, 28 Feb 2005 17:29:39 +0100 (MET)
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> 
> This change was not made to accommodate "partial" path validation, so 
> there is no need to change section 6.1.6.  The change was only intended 
> to acknowledge that the final certificate in the certification path may 
> be a CA certificate, although it is being validated for some use other 
> than certificate signing (e.g., CRL signing, OCSP response signing, 
> signing of CMP/CMC transaction messages).

I see.

> In the -01 draft, I will add a note to section 6.1 stating that 
> certificate n is referred to as the "end certificate" (or "target 
> certificate" if WG consensus is that that term should be used instead).

Target seems sufficiently neutral.

What about adding your explanation above or something like:

"The path algorithm can be applied for all certificates which are
 used for purposes other than certificate signing. Such certificates
 can be end entity certificates, or CA certificates when they are used
 for other purposes than certificate signing."

Prev by Date: Re: About RFC 3280bis
Next by Date: Re: One final week of Last Call for SCVP
Previous by thread: Re: About RFC 3280bis
Next by thread: Re: About RFC 3280bis
Index(es):
- Date
- Thread