[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: proposed text for attributes

To: ietf-pkix@xxxxxxx
Subject: RE: proposed text for attributes
From: "Flanigan, Bill" <flanigab@xxxxxxxxxxxx>
Date: Fri, 18 Sep 1998 16:39:58 -0400
Sender: owner-ietf-pkix@xxxxxxx

Hmm.  I'm starting to have a what-does-it really-say/mean problem with
things like the "may" word, the "local policy" words, and, in fact, the
wording of the entire paragraph on the cACertificate attribute.  What
happened to the "shall" word, and what does "local policy" add in the way
clarification?   
	It's not what goes where (we seem to have rough consensus here), but
rather how to express this with minimal ambiguity and number of words.  How
about a single sentence along the lines of "The cACertificate attribute of a
CA's directory entry shall be used to store self-issued certificates (if
any) and certificates issued to this CA by CAs in the same realm as this
CA"?

Bill Flanigan

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
William F. Flanigan, Jr., Ph.D.       Voice:           (703) 681-2318
Defense Information Systems Agency      Fax:           (703) 681-2814 
Information Assurance Engineering       DSN:                      761      
5600 Columbia Pike, Room 632     Voice Mail:           (703) 681-2318   
Falls Church, VA 22041-2717        Internet:  <flanigab@ncr.disa.mil>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

> -----Original Message-----
> From:	Paul Hoffman / IMC [SMTP:phoffman@imc.org]
> Sent:	Friday, September 18, 1998 12:39 PM
> To:	ietf-pkix@imc.org
> Subject:	Re: proposed text for attributes
> 
> >Unless there are any other objections to the wording, I'll get the draft
> >revised with this wording and submitted by Monday. 
> 
> I'd like to echo David Kurn's concern that the wording with respect to the
> cACertificate attribute of a CA's directory entry. If you don't define
> "realm",
> then there doesn't seem much point to saying that "some things that person
> accessing the directory cannot determine will appear in the cACertificate
> attribute". Why is that still in the spec if it's up to local policy to
> decide
> what to put there?
> 
> Maybe better wording would be "The cACertificate attribute of a CA's
> directory
> entry may be populated with certificates defined by local policy" and
> leave
> the
> rest of the paragraph out.
> 
> 
> --Paul Hoffman, Director
> --Internet Mail Consortium

Follow-Ups:
- RE: proposed text for attributes
  - From: Tony Bartoletti

Prev by Date: Who uses what?
Next by Date: RE: proposed text for attributes
Previous by thread: Re: proposed text for attributes
Next by thread: RE: proposed text for attributes
Index(es):
- Date
- Thread