[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on RFC 2459

To: suwc@xxxxxxxxxxxxxxxx
Subject: Re: Comments on RFC 2459
From: Russ Housley <housley@xxxxxxxxxx>
Date: Tue, 31 Aug 1999 14:18:48 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>

Wei-Ching:

RFC 2459 mandates the use of the key indentifier. The authorityCertIssuer/authorityCertSerialNumner may also be present.

So, I do not see a problem.

Russ

At 11:35 AM 8/31/99 +0800, suwc@mail.fisc.com.tw wrote:

I have some comments on sec 4.2.1.2 of the rfc 2459.

It says to facilitate chain building, the subject key identifier extenion
must appear in all conforming CA certificates. In fact, it is not always
true. If the CA issuers the certificates, and use the authorityCertIssuer +

authorityCertIssuerSerialNumber as these cetificates' authority key
identifier extenion, then the CA certificte need not include the subject
key identifier, because the information is included in its basic
certificate
fields.

I think the subject key identifier must be included in CA certificate only
if the CA issuers the certificates, and use keyIdentifier as these
cetificates'
authority key identifier extenion.

Regards

Wei-Ching Su

Senior Engineer
FISC (Financial Information Service Co., LTD.)
Taipei, Taiwan

References:
- Comments on RFC 2459
  - From: suwc

Prev by Date: Re: Multi-national company listing issues
Next by Date: Re: Deprecate the NR bit?
Previous by thread: Comments on RFC 2459
Next by thread: New Internet Draft on Non-Repudiation Requirements
Index(es):
- Date
- Thread