David A. Cooper wrote:
Peter Sylvester wrote:If something hasn't changed since years, this doesn't mean that is correct.Peter,You said "Section 3.2.3 now has *reintroduced* the 'prospective' certification path." I was simply pointing out that this was not a change. Nothing was "reintroduced".
indeed, I was incorrect:
The text introduces the word 'prospective' in 3.2.3
in order to make it formally compatible withe 3.2.2.
As a resolution of what we discussed a year ago,
I would have expected something different, i.e. clarifying that
id-stc-build-aa-path: Build a prospective certification path to a
trust anchor for the AC issuer
is problematic if one takes the definition of 3280. 3.2.3
said before that the server returns a certificate path (and not just
a set of certs).
DaveDavid A. Cooper wrote:Peter Sylvester wrote:Section 3.2.3 now has reintroduced the 'prospective' certification path.I think that we had understood that either this term borrowed from 3280 only means an arbitrary sequence of n certificates and that is not exactly what is desired here.Peter,The paragraph that you are referring to in section 3.2.3 is discussing the use of the path building wantBacks (id-stc-build-pkc-path and id-stc-build-aa-path), which are described in section 3.2.2 as follows:- id-stc-build-pkc-path: Build a prospective certification path to a trust anchor (as defined in section 6.1 of [PKIX-1]);- id-stc-build-aa-path: Build a prospective certification path to atrust anchor for the AC issuer;The description of id-stc-build-pkc-path has been unchanged since draft 18 and the description of id-stc-build-aa-path has been unchanged since draft 24.Dave
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature