[x500standard] Re: DR on def of certification path
- From: denis.pinkas@xxxxxxxx
- To: x500standard@xxxxxxxxxxxxx
- Date: Mon, 25 Jul 2011 09:55:57 +0200
Eric,
I don't believe the proposal is fully adequate.
It is currently proposed:
An ordered list of public-key certificates starting with a public-key
certificate signed by a trust anchor and ending with the public-key
certificate to be validated.
We currently have:
CertificationPath ::= SEQUENCE {
userCertificate Certificate,
theCACertificates SEQUENCE OF CertificatePair OPTIONAL }
The proposed definition does not match with the ASN.1 definition.
I would rather propose:
An ordered list of public-key certificates starting with the public-key
certificate to be validated,
optionally followed by an ordered list of CA certificates, the last one
being signed by a trust anchor.
Denis Pinkas
Bull SAS
De : "Erik Andersen" <era@xxxxxxx>
A : "Directory list" <x500standard@xxxxxxxxxxxxx>, "SG17-Q11"
<t09sg17q11@xxxxxxxxxxxxx>
Date : 22/07/2011 17:20
Objet : [x500standard] DR on def of certification path
Envoyé par : x500standard-bounce@xxxxxxxxxxxxx
After some discussion, especially on the PKIX list, there seems to be some
consensus on the definition of certification path. This consensus is
reflected in DR 369 (see http://www.x500standard.com/uploads/Ig/DR_369.pdf
).
Erik Andersen
Andersen's L-Service
Elsevej 48,
DK-3500 Vaerloese
Denmark
Mobile: +45 2097 1490
e-amail: era@xxxxxxx
Skype: andersen-erik
http://www.x500.eu/
http://www.x500standard.com/
http://dk.linkedin.com/in/andersenerik
Other related posts:
