[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificate policy question

To: ietf-pkix@xxxxxxx
Subject: Certificate policy question
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Wed, 11 Dec 2002 18:19:00 +1300
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

[Warning: This is one of those questions which is probably best answered in
          the Style Guide with a note saying "Don't do that"]

Someone just sent me yet another weird cert [0] which has two different, in
some places mutually exclusive, policies (that is, CPSes) in the
certificatePolicies.  I know the de facto standard handling for this is to
ignore the policy, but what's the official word on this?  Do you pick the one
you like best and ignore the rest?  Use the LSB of the public key as an index
to pick one?  Pop up a copy of Acrobat in a dialog box, ask the user to read
the 100-odd-page CPSes, and pick the one with the flashiest graphic on the
cover?

I'd like to at least do *something* in my code other than just ignoring it.

Peter.

[0] The cool thing about 2459/3280's complexity is that everyone gets their
    own mistake arc without ever having to duplicate anyone else's.  Maybe we
    could formalise this with OIDs or something :-).

Follow-Ups:
- Re: Certificate policy question
  - From: Richard Levitte - VMS Whacker

Prev by Date: RE: Attribute Cert Policies Rationale
Next by Date: Re: Certificate policy question
Previous by thread: Attribute Cert Policies Rationale
Next by thread: Re: Certificate policy question
Index(es):
- Date
- Thread