[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-scvp-31.txt

To: pkix <ietf-pkix@xxxxxxx>
Subject: Re: I-D ACTION:draft-ietf-pkix-scvp-31.txt
From: "David A. Cooper" <david.cooper@xxxxxxxx>
Date: Tue, 16 Jan 2007 17:44:16 -0500
In-reply-to: <E1H6YmI-0002eq-2y@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <E1H6YmI-0002eq-2y@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.8 (X11/20061109)


All,

The only changes that were made in draft -31 of SCVP were corrections oftypographic errors, mainly misspellings in words that were used tocreate ASN.1 terms. A diff file highlighting the changes between drafts-30 and -31 is available athttp://csrc.nist.gov/pki/documents/PKIX/wdiff_draft-ietf-pkix-scvp-30_to_31.html.

The following changes were made to the ASN.1 module (none of whichchange the DER encoding of objects):

1) In CVRequest, changed reqestExtensions to requestExtensions (missing"u" in request).

2) In SCVPCertID, added "algorithm" in front of sha-1, so that it nolonger implicit that sha-1 is the value for "algorithm" rather than"parameters". SCVPCertID is now:


      SCVPCertID ::= SEQUENCE {
          certHash        OCTET STRING,
          issuerSerial    SCVPIssuerSerial,
          hashAlgorithm   AlgorithmIdentifier DEFAULT { algorithm sha-1 } }

3) In CVStatus code, changed inhibitPolicyMappingUnsuported toinhibitPolicyMappingUnsupported (missing "p" in Unsupported) and changedvalidityTimeUnsupported to validationTimeUnsupported (error code isintended to indicate that the server does not support the validationTimeitem in Query).

4) In HashValue, added "algorithm" in front of sha-1, as was done withSCVPCertID.


      HashValue ::= SEQUENCE {
        algorithm         AlgorithmIdentifier DEFAULT { algorithm sha-1 },
        value             OCTET STRING }

5) In ReplyStatus, changed unavailableValidityTime tounavailableValidationTime, since error code indicates that historicaldata for the time specified in validationTime in the request is notavailable.

6) In ValPolResponse, changed maxCVResponseVersion tomaxCVRequestVersion and changed maxVPResponseVersion tomaxVPRequestVersion, since these terms were referred to asmax...RequestVersion everywhere except the ASN.1 and since the semantics(sections 6.2 and 6.3) are that they indicate that maximum versionnumbers that the server accepts for requests.

7) Also in ValPolResponse, changed validationPolices tovalidationPolicies (added the final "i" in Policies).


Dave

Internet-Drafts@xxxxxxxx wrote:

A New Internet-Draft is available from the on-line Internet-Draftsdirectories.

This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title		: Server-based Certificate Validation Protocol (SCVP)
	Author(s)	: A. Malpani, et al.
	Filename	: draft-ietf-pkix-scvp-31.txt
	Pages		: 86
	Date		: 2007-1-15
	
SCVP allows a client to delegate certificate path construction and
   certificate path validation to a server.  The path construction or
   validation (e.g., making sure that none of the certificates in the
   path are revoked) is performed according to a validation policy,
   which contains one or more trust anchors.  It allows simplification
   of client implementations and use of a set of predefined validation
   policies.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-31.txt

References:
- I-D ACTION:draft-ietf-pkix-scvp-31.txt
  - From: Internet-Drafts

Prev by Date: RE: Straw poll for Algorithm Identifiers in Subject Public Key Info.
Next by Date: RE: Straw poll for Algorithm Identifiers in Subject Public Key Info.
Previous by thread: I-D ACTION:draft-ietf-pkix-scvp-31.txt
Next by thread: Exit
Index(es):
- Date
- Thread