[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why is Inhibit Any Policy a mandatory extension to support for the client?

To: "Pkix List (E-mail)" <ietf-pkix@xxxxxxx>
Subject: Why is Inhibit Any Policy a mandatory extension to support for the client?
From: "Trevor Freeman" <trevorf@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 2 Mar 2001 17:03:26 -0800
Thread-index: AcCjfb9APjErjUf4Q+upv/+IxLgW7A==
Thread-topic: Why is Inhibit Any Policy a mandatory extension to support for the client?

Title: Why is Inhibit Any Policy a mandatory extension to support for the client?

Certificate policies is a mandatory to support extension for the client, but policy mapping is optional, therefore the minimal conformant client with son of 2459 can only support CA hierarchies with homogeneous certificate issuance policies and practices. This client does not support policy mapping therefore can only operate in a controlled issuance policy environment. We are expecting the need to use the inhibit any policy extension in such an environment?

This does not seem consistent.
If the CAs are operating to a homogeneous set of issuance policies, you can legislate in said policies, whether a CA can have the all policy OID or not rather than require the client to support such an extension.

Why do we need to mandate support for this extension, in our profile for such an environment?

Trevor Freeman
Program Manager
Phone: (425) 936-8477
Pager: 800-759-8352, id#1631457
Pager email: 1631457@xxxxxxxxxx

Prev by Date: Re: Integration of OCPv2 , DPV & DPD
Next by Date: Re: UIDs popping up in new-part1
Previous by thread: Re: Integration of OCPv2 , DPV & DPD
Next by thread: ATTN ALL WEBMASTERS We're Now Paying Out $0.60 per Min, Cum Make $$$$ TODAY!!!
Index(es):
- Date
- Thread