[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in RFC 2459

To: ietf-pkix@xxxxxxx
Subject: Re: Bug in RFC 2459
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Wed, 24 Feb 1999 12:54:28 -0500 (EST)
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

> From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
> 
> (ObGrumble: You have to wonder why anyone even bothers adding half the 
>  extensions in a cert for all the attention that gets paid to them - the 
>  policy extension could probably have just about anything in there and noone 
>  would even notice).

That would be an implementation bug.

If an implementation follows the path validation procedure of section
6, it pays attention to the certificatePolicies extension.  If an
implementation can't be bothered with path validation, you could make
the same statement about anything:  "the { signatureValue | validity |
issuerDN | CRL | ... } could probably have just about anything in there
and noone would even notice."

Prev by Date: Re: A web of directories
Next by Date: RE: A web of directories
Previous by thread: RE: Bug in RFC 2459
Next by thread: Re: Bug in RFC 2459
Index(es):
- Date
- Thread