[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Required Algorithms for Certificates

To: "IETF-PKIX \(E-mail\)" <ietf-pkix@xxxxxxx>
Subject: Required Algorithms for Certificates
From: "Jim Schaad" <jimsch@xxxxxxxxxx>
Date: Tue, 12 Dec 2000 17:45:55 -0800
Importance: Normal
Reply-to: <jimsch@xxxxxxxxxx>

In reviewing the algorithm draft (draft-ietf-pkix-ipki-pkalgs-01.txt) again,
I remembered that I did have one problem with the draft.  I think that it is
fine that the certificate structure draft does not contain algorithm
information.  However I feel that the algorithms draft needs to have some
MUST style statements contained in it.  I propose adding the following text:

To fully comply with this document, implementations MUST support DSA
Signature (section 2.2.2).  Implementations MAY support MD2 RSA signatures
for validation but MUST NOT create new certificates using this algorithm.
Implementations MAY support all other algorithms in this document at their
discretion.

jim schaad

Follow-Ups:
- Re: Required Algorithms for Certificates
  - From: Russ Housley

Prev by Date: Comments on draft-ietf-pkix-ocspv2-01
Next by Date: RE: Question about CRL DP
Previous by thread: Comments on draft-ietf-pkix-ocspv2-01
Next by thread: Re: Required Algorithms for Certificates
Index(es):
- Date
- Thread