[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PKIX Part 1 Certificate Policies extension

To: ietf-pkix@xxxxxxxxxx
Subject: PKIX Part 1 Certificate Policies extension
From: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Date: Tue, 24 Jun 1997 11:13:52 -0400

Prodded by the release of the new Part 3, I've been working on examples
for Part 1, and have a question about the syntax of the Certificate
Policies extension.

The text of section 4.2.1.5 shows:

  PolicyQualifierId ::= ENUMERATED { id-pkix-cps, id-pkix-unotice }

where id-pkix-cps and id-pkix-unotice are OIDs.  I'm not sure this is
legal syntax - isn't ENUMERATED required to have integer values, not OIDs?
But the use of the pkix OIDs agrees with the text in X.509, which says:

   CERT-POLICY-QUALIFIER ::= CLASS {
        &id           OBJECT IDENTIFIER UNIQUE,
        &Qualifier    OPTIONAL }


However, PKIX part 1 section 9 (the ASN.1 appendix) says:

  PolicyQualifierID ::= ENUMERATED {
        qualId1 (1), qualId2 (2), ... qualId5 (5) }


I believe section 9 is incorrect, and that section 4 is only half
correct - the ENUMERATED should be replaced by a CHOICE.

Comments?

Dave Kemp

Prev by Date: I-D ACTION:draft-ietf-pkix-ipki3cmp-02.txt
Next by Date: RE: Authority Revocation List
Previous by thread: I-D ACTION:draft-ietf-pkix-ipki3cmp-02.txt
Next by thread: Re: PKIX Part 1 Certificate Policies extension
Index(es):
- Date
- Thread