[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ietf-pkix-dpv-dpd-req-01.txt
Yes, thanks for the pointer. I found the ASN.1 definitions there.
One more question turned up:
Is DPV restricted to X.509 public key certificates or is it possible
to use it for X.509 attribute certificates as well?
- Petra
Denis Pinkas schrieb:
> Petra,
>
> Please take a look at RFC 3126, where many of the ASN.1 structures were
> imported from and are thus defined there. This should answer all your
> questions.
>
> Regards,
>
> Denis
>
> > Denis,
> >
> > may I still ask some questions concerning the document "Delegated
> > Path Validation and Delegated Path Discovery Protocols" ?
> >
> > > PathValues :: = SEQUENCE {
> > > certificateValues CertificateValues,
> > > revocationValues RevocationValues }
> > >
> > I'm missing some ASN.1 definitions. You refer to "CertificateValues"
> > and "RevocationValues" but I couldn't find these definitions.
> >
> > By the way, you should move this definition of "PathValues" from
> > the chapter "5.2.1. Request" to the chapter "5.2.2. Response Syntax"
> > where it is used.
> >
> > Another ASN.1 question:
> >
> > > UsefulRevoc ::= CHOICE {
> > > certificateRevocationLists CertificateRevocationLists,
> > > completeRevocationRefs CompleteRevocationRefs }
> > >
> > A DPV request may contain useful revocation information provided
> > by the client. Maybe it's because I don't know the element
> > "CompleteRevocationRefs" but where do I store OCSP answers?
> >
> > Could you please send the definition of "CompleteRevocationRefs"
> > and "completeCertificateRefs"? I guess they are imported from [ES-F],
> > "Electronic Signature Formats for long term electronic signatures", aren't
> > they?
> >
> > > CertOrCertRef ::= CHOICE {
> > > certificate [1] Certificate,
> > > certRef [2] OtherCertID }
> > >
> > I'm also missing the definition of OtherCertID used in a DPV and DPD
> > request.
> >
> > Thanks, Petra
> >
> > Denis Pinkas schrieb:
> >
> > > Petra,
> > >
> > > > Denis,
> > >
> > > > is there also a new version of the document "Delegated Path
> > > > Validation and Delegated Path Discovery Protocols"
> > >
> > > Not at this time. Currently we need first to agree on the DPV / DPD
> > > requirements, then we will discuss the solutions to these requirements.
> > >
> > > The so-called "Delegated Path Validation and Delegated Path Discovery
> > > Protocols" document could be a candidate to fulfill these requirements.
> > > It is too early to say and this will only be discussed once the
> > > requirements
> > > document is adopted.
> > >
> > > > or just a new requirement document?
> > >
> > > Correct. It is a new document for both the DPV and DPD requirements.
> > >
> > > There is also a companion document for the DSV requirements.
> > > We will only discuss the DSV requirements document in detail when
> > > the DPV / DPD requirements document has completed the WG last call.
> > >
> > > Denis