[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SCVP 16 comments deadline

To: trevorf@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: SCVP 16 comments deadline
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Tue, 7 Dec 2004 13:14:38 +0100 (MET)
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

We have

  Query ::= SEQUENCE { 
   queriedCerts               SEQUENCE SIZE (1..MAX) OF CertReference, 

   ...
   validationPolicy           ValidationPolicy, 

with 
  ValidationPolicy ::= SEQUENCE { 
    ...
    validationAlg         [0] ValidationAlg OPTIONAL, 


3.1.5 validationAlg 
   
  The validationAlg item, defines the validation algorithm to be used 
  by the SCVP server during certificate validation.  The value of 
  this item can be determined by agreement between the client and the 
  server, and is represented as an object identifier.  The server 
  might want to assign additional object identifiers that indicate 
  that some settings are used in addition to others given in the 
  request.  In this way, the validation algorithm object identifier 
  can be a shorthand for some SCVP options, but not others. 
   
  The validationAlg item uses the ValidationAlg type, which has the 
  following syntax: 
   
    ValidationAlg ::= SEQUENCE { 
      valAlgId              OBJECT IDENTIFIER, 
      parameters            ANY DEFINED BY valAlgId OPTIONAL } 


and also


3.1.5.2 validationAlg 
   
  The optional validationAlg item defines the validation algorithm to 
  be used by the SCVP server during certificate validation.  The 
  value of this item can be determined by agreement between the 
  client and the server, and the validation algorithm is represented 
  by an object identifier. 
   
   The syntax of the validationAlg is: 
   
    ValidationAlg ::= SEQUENCE { 
      valAlgId              OBJECT IDENTIFIER, 
      parameters            ANY DEFINED BY valAlgId OPTIONAL } 
   
  The following section specifies the basic validation algorithm and 
  the name validation algorithm.  SCVP clients and servers MUST 
  support both validation algorithms defined in this section.  Other 
  validation algorithms can be specified in other documents for use 
  with specific applications.  SCVP clients and servers MAY support 
  any such validation algorithms.  

---------------

3.1.5.2.3 Name Validation Algorithm 
   
  The name validation algorithm allows the client to supply an 
  application identifier and a name to the server.  The application 
  identifier defines the name matching rules to use in comparing the 
  name supplied in the request with the names in the certificate. 

There may be more than one certificate in the request. 

  
    NameValidationAlgParms ::= SEQUENCE { 
      keyPurposeId      KeyPurposeId, 
      validationNames   GeneralNames } 

What is the relation between the KeyPurposeId and the extendeddkeyusage
3.1.5.10 extendedKeyUsages 

  If the keyPurposeID supplied in the request is id-kp-mailProtection 
  [PKIX-1], then GeneralNames supplied in the request MUST be a 
  rfc822Name, and the matching rules are defined in [SMIME-CERT]. 

'an rfc822Name".

what is the meaning of this if I have more than one email certificate,
i.e. I want to validate all encryption certs before using them. 


Does this means that the validate Algorithm is cert specific and not
request specific?

Prev by Date: Re: WG Last Call: Certificate Schema
Next by Date: Re: SCVP 16 comments deadline
Previous by thread: RE: SCVP 16 comments deadline
Next by thread: Re: SCVP 16 comments deadline
Index(es):
- Date
- Thread