[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKIX Part 1 Certificate Policies extension
Actually, I believe we should just make the type OBJECT IDENTIFIER, rather
than try to hardwire in a fixed set. The PKIX syntax should not prohibit
the use of private or other policy qualifiers if applications and policy
writers wish to use them.
Warwick
At 11:13 AM 6/24/97 -0400, David P. Kemp wrote:
>
>Prodded by the release of the new Part 3, I've been working on examples
>for Part 1, and have a question about the syntax of the Certificate
>Policies extension.
>
>The text of section 4.2.1.5 shows:
>
> PolicyQualifierId ::= ENUMERATED { id-pkix-cps, id-pkix-unotice }
>
>where id-pkix-cps and id-pkix-unotice are OIDs. I'm not sure this is
>legal syntax - isn't ENUMERATED required to have integer values, not OIDs?
>But the use of the pkix OIDs agrees with the text in X.509, which says:
>
> CERT-POLICY-QUALIFIER ::= CLASS {
> &id OBJECT IDENTIFIER UNIQUE,
> &Qualifier OPTIONAL }
>
>
>However, PKIX part 1 section 9 (the ASN.1 appendix) says:
>
> PolicyQualifierID ::= ENUMERATED {
> qualId1 (1), qualId2 (2), ... qualId5 (5) }
>
>
>I believe section 9 is incorrect, and that section 4 is only half
>correct - the ENUMERATED should be replaced by a CHOICE.
>
>Comments?
>
>Dave Kemp
>
>
---------------------------------------------------------------------
Warwick Ford, VeriSign, Inc., One Alewife Center, Cambridge, MA 02140
wford@verisign.com; Tel: (617)492 2816 x225; Fax: (617)661 0716
---------------------------------------------------------------------