[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On Hold

To: Bob Jueneman <BJUENEMAN@xxxxxxxxxx>, ietf-pkix <ietf-pkix@xxxxxxx>
Subject: Re: On Hold
From: Juergen Walter <walter@xxxxxx>
Date: Tue, 22 Dec 1998 13:49:04 +0100
References: <s67e2c1c.068@prv-mail25.provo.novell.com>
Reply-to: Juergen.Walter@xxxxxx
Sender: owner-ietf-pkix@xxxxxxx


Bob ,

> I believe that most of these issues fall in the area of APIs, and/or program behavior, and not the PKIX protocol.

I would object that the usage and definition of the CRL entries is a
protocol matter. I have detected some differences in usage with respect
to these issues.
> 
> PKIX, AS A PROTOCOL, may specify a particular behavior, but that doesn't mean that the implementation is required to do something stupid, or against the user's wishes.

I would tend to agree. As long as program developers are aware of the
full range of PKIX CRL entries and its admissible interpretations these
issues fall certainly in the area of program behaviour. Otherwise, it
may happen that two applications give different answers ("valid",
"invalid", "yellow traffic light" or "black screen") about the status of
the same certificate at the same time. What does the subscriber think
about such case? So, I have still minor objections. 

Juergen

Prev by Date: Re: Invalidity Dates
Next by Date: RE: AKI and AuthorityCertIssuer
Previous by thread: Re: On Hold
Next by thread: CMC Comments?
Index(es):
- Date
- Thread