[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CA vs. EE cert processing

To: Stephen Kent <kent@xxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: CA vs. EE cert processing
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Tue, 06 Apr 1999 13:12:40 -0700
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

This summary is great. However, I come to slightly different conclusions than you do, based on the same logic. My conclusion is that X.509 by itself is broken due to the (now glaring) ambiguity. RFC 2459, though no paragon of clarity, fixes the problem of X.509. Thus, *any* CA vendor or cert authority who doesn't follow RFC 2459, for at least this part of the cert, is using a broken protocol.

<gratuitous-swipe>
Folks who implement protocols that start with "X." are used to this kind of ambiguity. Let them figure out how to fix it.
</gratuitous-swipe>

Should we have added an "ConformsToRFC2459" attribute to RFC 2459?

--Paul Hoffman, Director
--Internet Mail Consortium

References:
- CA vs. EE cert processing
  - From: Stephen Kent

Prev by Date: Re: SEIS: RE: Spec. on QC-low-fat & QC-heavy-bio
Next by Date: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio
Previous by thread: CA vs. EE cert processing
Next by thread: RE: CA vs. EE cert processing
Index(es):
- Date
- Thread