RE: SCVP 16 comments deadline

["Trevor Freeman" <trevorf@xxxxxxxxxxxxxxxxxxxxxx>]

* -----Original Message-----
* From: Peter Sylvester [mailto:Peter.Sylvester@xxxxxxxxxx]
* Sent: Friday, December 10, 2004 5:02 AM
* To: Peter.Sylvester@xxxxxxxxxx; Trevor Freeman
* Cc: ietf-pkix@xxxxxxx
* Subject: RE: SCVP 16 comments deadline
* 
* > *
* > *
* > * Does this means that the validate Algorithm is cert specific and
not
* > * request specific?
* > [TF] The request specifies a policy, which in tern references an
* > algorithm. The policy applies globally to the request. There is no
* > relationship between the certificate and the algorithm.
* > Trevor
* >
* 
* I agree that it seems sufficient for one request to have the same
* *algorithm(s)* performed for all the certs, but the only examples
defined
* contain a *parameter* which is specific to each cert, i.e. an
* identity/name
* that has to be matched with the content of a cert, thus currently the
* usage of this 'extension' features limits the requests to one cert
only.
* 
* For requests concerning SSL servers, IPsec auths, *one signature*, one
* cert will be present in the request, a case for multiple requests
*may*
* be certs for encryption. It may be sufficient to allow multiple names
* for e-mail protection certs in the existing parameter, and a rule
saying
* that names must be present.
[TF] If you just want to check all the certs to be email protection, you
can do that via the basic policy. If you want ot check specific certs
with specific names, yes you have to submit multiple requests.