[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC 3280 : anyPolicy in the policy mapping extension

To: ietf-pkix@xxxxxxx
Subject: RFC 3280 : anyPolicy in the policy mapping extension
From: Takashi ITO <takashim@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 29 Oct 2002 13:30:17 +0900
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Hello,

I am studying certificate path validation in RFC 3280. And I have a
question about the policy mapping.

In clause 4.2.1.6, RFC 3280 says:

    Policies SHOULD NOT be mapped either to or from the special value
    anyPolicy (section 4.2.1.5).

However, Certification Path Processing in clause 6.1.4 says:

    (a)  If a policy mapping extension is present, verify that the
    special value anyPolicy does not appear as an issuerDomainPolicy
    or a subjectDomainPolicy.

The above procedure seems to mean checking the prohibition of using
anyPolicy in the policy mapping extension.

So I think that anyPolicy in this extension described in clause 4.2.1.6
should be prohibited, by replacing "SHOULD NOT" with "SHALL NOT" as the
following:

    Policies SHALL NOT be mapped either to or from the special value
    anyPolicy (section 4.2.1.5).

Is my understanding right?

Thanks,


Takashi ITO <takashim@xxxxxxxxxxxxxxxxxxx>
Mitsubishi Electric Corporation

Follow-Ups:
- Re: RFC 3280 : anyPolicy in the policy mapping extension
  - From: Housley, Russ

Prev by Date: Re: Extra Security Considerations for Logotypes (was Re: draft-ietf-pkix-logotypes-06.txt)
Next by Date: Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
Previous by thread: RE: Extra Security Considerations for Logotypes (was Re: draft-ietf-pkix-logotypes-06.txt)
Next by thread: Re: RFC 3280 : anyPolicy in the policy mapping extension
Index(es):
- Date
- Thread