[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attribute Cert Policies Rationale

To: "Roger Younglove" <ryounglove@xxxxxxxxxxxxxxxxx>, "Stephen Kent" <kent@xxxxxxx>
Subject: Re: Attribute Cert Policies Rationale
From: "Chris @ work" <chris.francis@xxxxxxxxxxxxxxxx>
Date: Mon, 23 Dec 2002 15:11:37 -0500
Cc: "Ietf-Pkix" <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Title: RE: Attribute Cert Policies Rationale

Steve,

I considered that approach initially, but rejected it becuase it inhibits interoperability. If issuers have to define a unique OID for an attribute type to reflect their particular policy, then this makes it difficult for AC processing software to be developed to support a common set of attribute types (such as those defined in RFC-3281 for instance).

Chris

----- Original Message -----

From: Stephen Kent

To: Roger Younglove

Cc: 'Christopher S. Francis' ; Ietf-Pkix

Sent: Friday, December 20, 2002 11:57 AM

Subject: RE: Attribute Cert Policies Rationale

We seem to be overlooking another, perhaps simpler solution, namely to assign different attribute OIDs to represent the same attributes associated with different policies. In the example Chris provided, the lab could issue green vs. red attributes, distinguished by OID, rather than adding a policy extension to the AC.

Steve

Follow-Ups:
- Re: Attribute Cert Policies Rationale
  - From: Stephen Kent

References:
- RE: Attribute Cert Policies Rationale
  - From: Roger Younglove
- RE: Attribute Cert Policies Rationale
  - From: Stephen Kent

Prev by Date: Re: Fw: Reserved characters for a LDAP URI
Next by Date: WG Last Call: Logotypes
Previous by thread: RE: Attribute Cert Policies Rationale
Next by thread: Re: Attribute Cert Policies Rationale
Index(es):
- Date
- Thread