[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SCVP 16 comments deadline

To: Peter.Sylvester@xxxxxxxxxx, trevorf@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: SCVP 16 comments deadline
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Thu, 9 Dec 2004 12:48:38 +0100 (MET)
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Either I was unclear in my question or you have totally misunderstood it,
or I don't understand what your are responding.

> Hi Peter,
> All parameter assonated with policy mapping are names the same. If you
> want guidance on their use in combination with the policy reference see
> section 1.3.
It is obviously not difficult to guess which names corresponds, that
is not the problem. 


> SCVP only supports one policy per request therefore if you want to
> process different polices for different certificates - send different
> requests.
Where do I talk about different policies and different certificates,
are you confusing this with another message? 

I am just asking how parameters from the client and the server are
combined in a request for one signed cert with one policy. And, to
be sure, I can also assume that a client sets all the input flags
or none, if you want. 

The current syntax allows all kind of combinations of settings and
by the client and the server, it is not specified:

- how they are combined
- whether there this only a subset of useful meanings. 

> Trevor
> 
> * -----Original Message-----
> * From: Peter Sylvester [mailto:Peter.Sylvester@xxxxxxxxxx]
> * Sent: Tuesday, December 07, 2004 4:15 AM
> * To: Trevor Freeman
> * Cc: ietf-pkix@xxxxxxx
> * Subject: Re: SCVP 16 comments deadline
> * 
> * There are several boolean values like
> * 
> *   ValidationPolicy ::= SEQUENCE {
> *     ...
> *     inhibitPolicyMapping  [2] BOOLEAN OPTIONAL,
> * 
> * and a policy definition.
> * 
> *   ValidationPolValues ::=SEQUENCE  {
> *     ...
> *     inhibitPolMap            BOOLEAN,
> * 
> * 
> * - It would be nice to use the same field names.
> * 
> * - I suggest BOOLEAN DEFAULT FALSE for the inhibitPolMap together
> *   with some apppropriate tagging, it doesn't make much sense to
> *   me to code useless values.
> * 
> * Would it be possible to add some statement about the intended
> * meaning of the 6 possible combination:
> * 
> * 
> * inhibitPolMap = FALSE
> * 
> * inhibitPolicyMapping absent  1
> *                      FALSE   2
> *                      TRUE    3
> * 
> * inhibitPolMap = TRUE
> * 
> * inhibitPolicyMapping absent  4
> *                      FALSE   5
> *                      TRUE    6
> * 
> * 
> * Does it mean that when the client value takes preceedence over the
> * server value?
> * 
> * 1 = FALSE
> * 2 = FALSE
> * 3 = TRUE
> * 4 = TRUE
> * 5 = FALSE
> * 6 = TRUE
> * 
> * 
> * It had been said some time ago (as far as I remember) that these
> * inputs are not global ones but in principle for each of the
> * certs to be asked for. what was the conclusion why they stay global
> * for all certs?
> 
> 
>

Prev by Date: RE: SCVP 16 comments deadline
Next by Date: RE: SCVP 16 comments deadline
Previous by thread: RE: SCVP 16 comments deadline
Next by thread: RE: SCVP 16 comments deadline
Index(es):
- Date
- Thread