RE: Comments on / suggested changes for RFC3280bis

["Santosh Chokhani" <chokhani@xxxxxxxxxxxx>]

Peter Guttman,

The KIDs are there for us to have fun.  No just kidding.  They are there for
performance enhancement during certification path development and should
play no role in path validation.

-----Original Message-----
From: pgut001 [mailto:pgut001@xxxxxxxxxxxxxxxxx] 
Sent: Thursday, May 26, 2005 12:27 PM
To: david.cooper@xxxxxxxx; ietf-pkix@xxxxxxx; pmhesse@xxxxxxxxxxxxxxxxxx
Cc: chokhani@xxxxxxxxxxxx; GSecrest@xxxxxxxxxxxxx;
guy@xxxxxxxxxxxxxxxxxxxxxxxxxx; mcooper@xxxxxxxxxxxx; MRamos8@xxxxxxxxxxxxx;
RGuida@xxxxxxxxxxxxx; Terry.Zagar@xxxxxxx
Subject: Re: Comments on / suggested changes for RFC3280bis


"Peter Hesse" <pmhesse@xxxxxxxxxxxxxxxxxx> writes:

>Location: 4.2.1.2, 2nd para, last sentence
>Original Text: "Applications are not required to verify that key 
>identifiers match when performing certification path validation."
>Recommendation: "Applications SHOULD NOT verify that key identifiers 
>match when performing certification path validation."
>Reason: Key identifier matching is not part of determining whether or 
>not a certification path is valid.

I hate to be the guy who always has to ask the blindingly obvious questions,
but if they're not required and SHOULD NOT be used, why are they there in
the first place?

(I know the answer to this question, but I'm interested in seeing what
responses are provided).

Peter.