[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: unqualified topic - not solved yet.
The current QC profile (draft -02) does not require that any "feature"
be populated ... how did you get the impression that one particular
attribute might be special-cased in the next draft?
The description of every attribute in the current draft, including
dnQualifier, begins with:
"The xxx attribute type SHALL, when present, be used to ..."
The description of the Issuer is quite clear:
"The unmistakable identity of the issuer SHALL be specified using an
appropriate subset of the following attributes.:"
The description of the Subject is not as clear, but in a roundabout
manner it indicates that the unmistakable identity of the subject is
specified using a set of attributes where no single attribute is
required to be populated.
Dave Kemp
> From: Charles Moore <cmoore@spyrus.com.au>
>
> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren@jaybis.com]
> Sent: Wednesday, 1 December 1999 20:18
> To: 'ietf-pkix@imc.org'; 'Stefan Santesson'; 'Tony Bartoletti'; 'Charles
> Moore'
> Cc: 'David P. Kemp'
> Subject: RE: unqualified topic - not solved yet.
>
>
> Charles,
>
> <snip>
>
> cm> If all certs must have an unique identifier then one CANNOT control the
> usage of the number....
>
> They don't. This is just a "feature" that some QC-implementations
> (profiles) require.
>
> If unique identifiers are bad or good is outside of the QC-draft. The
> technical reasons
> for using them are pretty clear. As well as the possible consequences as
> you point out.
>
> cm> My point was that the QC profile must not require that the "feature" is
> always populated... I belive that you agree....