RE: SCVP 16 comments deadline

[Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>]

3.1.5.2.3 Name Validation Algorithm 
   
I find the possibilities for the Name Validation Algorithm
rather unsafisfying. 

It should be possible IMO to have a matching simply by
presenting whatever form of Generalname and this should
be compared with the corresponding value in the cert.

In fact, the id-svp-dnValAlg sounds rather restrictive to
me, it seems to imply that only the subject field is
compared (or does this also compare with the Dirname in
a subjectAltname).

This restriction about a DN doesn't seem necssary to me,
Any generalName can be compared with any in the subjectAltname.

E.g. an IP address. 

'id-nvae-unknown-pupose'   ==> 'id-nvae-unknown-purpose'

  id-nvae-name-mismatch vs   The id-nvae-nameMismatch value

please align the spellings of all the errors types.

  The id-nvae-badName value means the client supplied either and 
  empty or malformed name in the request. 

what is a bad or malformed name? How can this happen without raising
a general asn1 decoding error

since it comes right next? 

--- 
cleanup the following text, please 

  The userPolicySet item specifies a list of policy identifiers that 
  the SCVP server MUST use when forming and validating a certificate 
  If certPolicies is not specified, then any-policy MUST be used. 
   
3.1.5.3 userPolicySet 
   
  The userPolicySet item specifies a list of certificate policy 
  identifiers that the SCVP server MUST use when constructing and 
  validating a certification path.  If userPolicySet is not specified, 
  then any-policy MUST be used.