[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKIX Part 1 Certificate Policies extension

To: ietf-pkix@xxxxxxxxxx, dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Subject: Re: PKIX Part 1 Certificate Policies extension
From: "Housley, Russ" <housley@xxxxxxxxxx>
Date: Tue, 01 Jul 97 05:59:17
Encoding: 1206 Text

Dave:

I think you are correct.

Russ


______________________________ Reply Separator _________________________________
Subject: PKIX Part 1 Certificate Policies extension
Author:  dpkemp@missi.ncsc.mil (David P. Kemp) at internet
Date:    6/24/97 9:52 AM


Prodded by the release of the new Part 3, I've been working on examples 
for Part 1, and have a question about the syntax of the Certificate 
Policies extension.

The text of section 4.2.1.5 shows:

  PolicyQualifierId ::= ENUMERATED { id-pkix-cps, id-pkix-unotice }

where id-pkix-cps and id-pkix-unotice are OIDs.  I'm not sure this is 
legal syntax - isn't ENUMERATED required to have integer values, not OIDs? 
But the use of the pkix OIDs agrees with the text in X.509, which says:

   CERT-POLICY-QUALIFIER ::= CLASS {
        &id           OBJECT IDENTIFIER UNIQUE, 
        &Qualifier    OPTIONAL }


However, PKIX part 1 section 9 (the ASN.1 appendix) says:

  PolicyQualifierID ::= ENUMERATED {
        qualId1 (1), qualId2 (2), ... qualId5 (5) }


I believe section 9 is incorrect, and that section 4 is only half 
correct - the ENUMERATED should be replaced by a CHOICE.

Comments?

Dave Kemp

Prev by Date: registering a new object identifier
Next by Date: Re: registering a new object identifier
Previous by thread: Re: PKIX Part 1 Certificate Policies extension
Next by thread: basic constraints?
Index(es):
- Date
- Thread