[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PKIX Part 1 private internet extensions

To: ietf-pkix@xxxxxxxxxx
Subject: PKIX Part 1 private internet extensions
From: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Date: Thu, 26 Jun 1997 13:49:49 -0400

Section 4.2.2 of PKIX part 1 defines two private internet extensions,
SubjectInfoAccess and AuthorityInfoAccess.  Each of these contains
URIs represented by IA5Strings, but the ASN.1 definition uses GeneralName
instead of IA5String for the various information fields.  Given the
processing descriptions in Section 4.2.2, it doesn't make sense to use
any of the other GeneralName forms (IPAddress, EDIPartyName, etc) as
info access fields.

The following paragraph appears at the end of 4.2.2.2:
  "The expected values for CertStatus and authorityInfo are those defined
   in 4.2.2.1 for subjectInfo field. Processing rules for other values
   for certStatus and authorityInfo are not defined."

Presumably the "other values" refers to other types of GeneralName.
Before PKIX can progress along the standards track, it must be well
specified, with undefined options eliminated.  If no suitable processing
rules are specified for all the types of GeneralName, the non-URI types
must be explicitly prohibited.

Because of the extra unnecessary complexity of GeneralName, I propose
eliminating its use here, with the following replacement extension
definitions:


    AccessDescription ::= SEQUENCE OF IA5String

    SubjectInfoAccess ::= SEQUENCE SIZE (1..MAX) OF AccessDescription

    AuthorityInfoAccess ::= SEQUENCE SIZE (1..MAX) OF {
	authorityInfo    [0] AccessDescription OPTIONAL,
	certStatus       [1] AccessDescription OPTIONAL }



Comments?

Dave Kemp

Prev by Date: Subscription to PKIX Working Group
Next by Date: Certificate Policies field - looking for CertPolicyID values
Previous by thread: Subscription to PKIX Working Group
Next by thread: Certificate Policies field - looking for CertPolicyID values
Index(es):
- Date
- Thread