[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SCVP 16 comments deadline
H Peter,
* -----Original Message-----
* From: owner-ietf-pkix@xxxxxxxxxxxx
[mailto:owner-ietf-pkix@xxxxxxxxxxxx]
* On Behalf Of Peter Sylvester
* Sent: Tuesday, December 07, 2004 4:15 AM
* To: Trevor Freeman
* Cc: ietf-pkix@xxxxxxx
* Subject: Re: SCVP 16 comments deadline
*
*
* There are several boolean values like
*
* ValidationPolicy ::= SEQUENCE {
* ...
* inhibitPolicyMapping [2] BOOLEAN OPTIONAL,
*
* and a policy definition.
*
* ValidationPolValues ::=SEQUENCE {
* ...
* inhibitPolMap BOOLEAN,
*
*
* - It would be nice to use the same field names.
[TF] Fixed
*
* - I suggest BOOLEAN DEFAULT FALSE for the inhibitPolMap together
* with some apppropriate tagging, it doesn't make much sense to
* me to code useless values.
*
* Would it be possible to add some statement about the intended
* meaning of the 6 possible combination:
*
*
* inhibitPolMap = FALSE
*
* inhibitPolicyMapping absent 1
* FALSE 2
* TRUE 3
*
* inhibitPolMap = TRUE
*
* inhibitPolicyMapping absent 4
* FALSE 5
* TRUE 6
*
[TF] There is only one Boolean value for inhibitPolicyMapping. It can be
defined in the policy, supplied in the request or defined in the servers
default policy. Section 1.3 defines the precedence for each. Further
3.1.5.1 also requests the server to reject a request which summits a
request which attempts to override the precedence.
*
* Does it mean that when the client value takes preceedence over the
* server value?
*
* 1 = FALSE
* 2 = FALSE
* 3 = TRUE
* 4 = TRUE
* 5 = FALSE
* 6 = TRUE
*
*
* It had been said some time ago (as far as I remember) that these
* inputs are not global ones but in principle for each of the
* certs to be asked for. what was the conclusion why they stay global
* for all certs?
[TF] There is one validation policy per request therefore the same
policy applies to all certs in the request.
Trevor