[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Holder

To: ietf-pkix@xxxxxxx
Subject: Re: Holder
From: Steve Hanna <steve.hanna@xxxxxxx>
Date: Fri, 10 Nov 2000 10:56:55 -0500
Organization: Sun Microsystems, Inc.

Well, my list of scenarios does not seem to be helping us resolve this
issue.

I will make a specific proposal, seeking comments or consensus. Since
none of the scenarios demonstrates a need for hints in Holder formats
that include the objectDigestInfo component, I propose that we adopt the
following recommendation, which would be incorporated into the next
version of ac509 (along with text explaining the various formats, how
they must be handled for validation purposes, and why each one might be
preferred to the others).

   AC issuers SHOULD use only formats 2, 4, or 5. They MAY use other
   formats, as necessary. AC verifiers SHOULD support formats 2, 4, and
   5 (subject to specific requirements and configuration). They MAY
   support other formats.

I welcome comments from others on this proposal. A good argument can be
made for replacing format 5 with format 9, if only for debugging
purposes. But I'd rather not recommend support for both, if possible.

-Steve

Prev by Date: RE: OCSP-X vs SCVP
Next by Date: Re: Extended Key Usage and CP extensions (path validation)
Previous by thread: OCSP-X vs SCVP
Next by thread: Re: Holder
Index(es):
- Date
- Thread