SCVP Update Summary

[Russ Housley <housley@xxxxxxxxxxxx>]

This message summarizes the changes that were made to SCVP in the recently 
posted draft.  Most of these changes were discussed at the IETF meeting in 
Atlanta.  A few of them are the result of comments received by email.

1.  Criticality of extensions.  The meaning of the criticality boolean in 
extensions was aligned with RFC 3280.

2.  Changed replyChecks to a sequence of an OID and an INTEGER.  The 
integer value indicates whether the requested check was successful.

3.  Changed replyWantBack to a sequence of an OID and an OCTET STRING.  The 
octet string contains the requested data, and the OID indicates the ASN.1 
type that is used to decode the value of the octet string.

4.  Support for returning the certificate subject's public key.

5.  Limited the scope of SCVP to public key certificates and attribute 
certificates.  Eliminated the CHOICE that allows other data structures to 
be specified in the future.

6.  Removed optional path length constraint from the trust anchor information.

7.  Changed CertBundle to support public key certificates and attribute 
certificates.  Either of them can be included directly or referenced.

8.  Moved checks and wantBack down to queriedCerts allows.  This allows 
different checks and returned items for each certificate in the 
query.  This is especially important for a query with one public key 
certificate and an attribute certificate.  The checks are similar, but not 
exactly the same, but the things that a client might want back are 
significantly different.

9. The checks and wantBack OIDs that were in the previous draft are clearly 
identified for use with public key certificates.  A new set of OIDs was 
added for use with attribute certificates.

10.  Defined a separate revocation information type for delta CRLs.