[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: Qualified Certificates

To: <Stefans@xxxxxxxxxxxxx>, "Tim Polk" <tim.polk@xxxxxxxx>
Subject: RE: Last Call: Qualified Certificates
From: "Jim Schaad" <jimsch@xxxxxxxxxx>
Date: Wed, 12 Nov 2003 14:18:41 -0600
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: <jimsch@xxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx



Comments on this draft are as follows:

1.  Section 1 para 3;  I object to the phrase "private extensions".
This document does not defined private extensions even if they exist in
the id-pe arc.  These are now public extensions. -- Remove the word
private.

2.  Section 1 para 3: Remove all references to 1993 ASN.1

3.  New section 1.1 is required to be added stating the differences
between this document and 3039

4.  Section 2, para 2:   
 	The text "where the certificate meet some qualification
requirements" should be imported to either "certificates meet" or
"certificate meets"

5.  Section 2, bullet item 3:  Suggest new text of  
 	"-  Definition of usage for the key usage extension in Qualified
      Certificates.."

6.  Section 3.2.1 - DateOfBirth SHOULD state the proper encoding to be
used.  I.E. are we looking for seconds, minutes or hours or just DATE in
the GeneralTime field?

7.  Section 3.2.1 - countryOfResidence and countryOfCitizenship - If you
have multiple countrys to be listed, should this be a multi-value item
or should there be two distinct attributes? (Alternatively should this
be restricted back to a single attribute with a single value - i.e you
can only list one of your countries of citizenship.)

8.  Section 3.2.4 - This is something that I have no experence with.  If
you look at a jpeg, bitmap or other type if image, who defines what is
considred to be a label and what is considered to be the image data?
What is done in this case about different sized images?

9.  Section 3.2.5.1 - I would like to know the reason that qcstatement-1
has not been updated to a new OID.  This is a new draft document with
some different semantics than 3039.  Are these changes all suffiently
small that a new policy is not needed?

10. Sectin 3.2.5.1 - I have decided to put the predefined statement into
my QC.  After reading this document I understand that what I want
stearts as follows:

	EXTENSION { id-pe-qcStatements,
			{ id-qcs-pkixQCSyntax-v1, {ABSENT, ? }}
In this case I don't have asemanticsIdentifier created by the document,
so I must be incoluding the NameRegistrationAuthorities otion.  However
I don't know if what goes here is the pkix working group name or some
other value.

11.  Sectin A.1 - I suggest changing the pretty name to
PKIXqualified88-03 to distinquish from rfc3039.



jim

Prev by Date: Re: Last Call: Qualified Certificates
Next by Date: [I-D] Revised multi-domain PKI interoperability
Previous by thread: Re: Last Call: Qualified Certificates
Next by thread: RE: Last Call: Qualified Certificates
Index(es):
- Date
- Thread