[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Syntax of Policy Constraints in Part 1
-----BEGIN PGP SIGNED MESSAGE-----
My apologies if this issue has been raised already...
In 4.2.1.12 (Policy Constraints), at the bottom of page 30, the ASN.1 for
this extension includes these lines:
CertificatePoliciesSyntax ::=
SEQUENCE SIZE (1..MAX) OF PolicyInformation
The ASN.1 in Appendix B, however, doesn't have any such thing. Is this
extension supposed to include a bunch of PolicyInformation structures?
In reading through the draft, I was wondering _which_ policies this
extension's requireExplicitPolicy field would refer to. The draft says:
An acceptable policy identifier is the identifier of a
policy required by the user of the certification path or the
identifier of a policy which has been declared equivalent through
policy mapping.
This seems to indicate that the extension itself should not have anything
that identifies a policy. I wonder, though, if that's wise. Wouldn't it
make sense for the issuer to use the certificate to state which policies
are acceptable? If so, a list of policy OIDs should be adequate rather
than a list of PolicyInformation structures.
Marc
+------------------------------------------------------------------------+
Marc Branchaud \/
Chief PKI Architect /\CERT SOFTWARE INC.
marcnarc@xcert.com PKI References page: www.xcert.com
604-640-6210x227 www.xcert.com/~marcnarc/PKI/
+------------------------------------------------------------------------+
PGP key fingerprint: 60 11 4B 9D 4E E5 2F 47 BD C5 C2 BF 26 DF 5A E1
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBNEQB2FrdFXNdDxPlAQEtvAMAmNDprGnJDW9/li8M1mKm23DbF+NdEPXA
/6RB2zVHwfu54QywWPRW01WWY2De/TC4JP2qAXuMUrKocSJpehfDaAxjO9eKM6nZ
b4OqWt5295308OK+EQxgNr7qzOFJnH86
=M4wL
-----END PGP SIGNATURE-----