[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Attribute Cert Policies Rationale

To: "Christopher S. Francis" <chris.francis@xxxxxxxxxxxxxxxx>
Subject: RE: Attribute Cert Policies Rationale
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 27 Dec 2002 10:52:04 -0500
Cc: "'Ietf-Pkix'" <ietf-pkix@xxxxxxx>
In-reply-to: <NEBBKNLKHMMPAKLAPDMDCEIODDAA.chris.francis@wetstonetech.com>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <NEBBKNLKHMMPAKLAPDMDCEIODDAA.chris.francis@wetstonetech.com>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Title: RE: Attribute Cert Policies Rationale

At 9:46 AM -0500 12/27/02, Christopher S. Francis wrote:

Steve,

What Santosh said. Overloading the attribute value OID with policy information seems like a messy solution to me that will not scale well.

Furthermore, it is conceivable that applications may want to take different actions when they don't understand the syntax of a particular attribute vs. when they don't find the policy under which it was issued acceptable. Using the attribute value OID to convey policy information makes it impossible to make this distinction.

Chris

Chris,

I agree that encoding both the attribute type and policy in the OID is less elegant than having a separate, explicit policy extension in an AC. But from my reading of the discussion, there has not been strong support for adding an explicit policy facility to ACs, so I was just suggesting an alternative that would meet your perceived requirement in case the WG does not add the facility you want.

Steve

References:
- RE: Attribute Cert Policies Rationale
  - From: Christopher S. Francis

Prev by Date: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Next by Date: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Previous by thread: RE: Attribute Cert Policies Rationale
Next by thread: RE: Attribute Cert Policies Rationale
Index(es):
- Date
- Thread