[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Recommended change to Unique Identifier handling

To: ietf-pkix@xxxxxxx
Subject: Re: Recommended change to Unique Identifier handling
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Tue, 15 Feb 2000 07:57:27 (NZDT)
Reply-to: pgut001@xxxxxxxxxxxxxxxxx
Sender: pgut001@xxxxxxxxxxxxxxxxx

Anne Anderson <aha@east.sun.com> writes:

>There are problems with the processing of Unique Identifier values as
>currently specified in draft-ietf-pkix-new-part1-00.txt, including the
>following:
>
>a) PKIX recommends that PKIX-compliant CAs should not set Subject
>   and Issuer UID values.  This makes it impossible for certificates
>   from non-compliant CAs that use UIDs to be used as links in a
>   chain that includes certificates from compliant CAs.  This
>   creates a serious interoperability problem during the period
>   before all CAs become fully PKIX-compliant.

Given that no major[0] CA has ever used UID's, is this really an issue?  I 
assume (based on the above message) that someone somewhere is currently using 
them despite their having been deprecated for some time, but is it the job of 
PKIX to accomodate out-of-spec implementations?

Peter.

[0] "major" = visible enough that interoperability with others will be a 
    problem.

Prev by Date: RE: Cert comparison needs AI?
Next by Date: Re: Recommended change to Unique Identifier handling
Previous by thread: Recommended change to Unique Identifier handling
Next by thread: Re: Recommended change to Unique Identifier handling
Index(es):
- Date
- Thread