[x500standard] SV: Re: DR on def of certification path

• From: "Erik Andersen" <era@xxxxxxx>
• To: <x500standard@xxxxxxxxxxxxx>
• Date: Mon, 25 Jul 2011 16:01:58 +0200

Hi Denis,

 

Thanks Denis, I accept your proposal. Unless I hear valid objections from
others, that is what goes into text.

 

Erik Andersen

Andersen's L-Service

Elsevej 48,

DK-3500 Vaerloese

Denmark

Mobile: +45 2097 1490

e-amail: era@xxxxxxx

Skype: andersen-erik

 <http://www.x500.eu/> http://www.x500.eu/

 <http://www.x500standard.com/> http://www.x500standard.com/

 <http://dk.linkedin.com/in/andersenerik>
http://dk.linkedin.com/in/andersenerik

 

Fra: x500standard-bounce@xxxxxxxxxxxxx
[mailto:x500standard-bounce@xxxxxxxxxxxxx] På vegne af denis.pinkas@xxxxxxxx
Sendt: 25. juli 2011 09:56
Til: x500standard@xxxxxxxxxxxxx
Cc: SG17-Q11; Directory list
Emne: [x500standard] Re: DR on def of certification path

 

Eric, 

I don't believe the proposal is fully adequate. 

It is currently proposed: 
  


An ordered list of public-key certificates starting with a public-key
certificate signed by a trust anchor and ending with the public-key
certificate to be validated. 



We currently have: 

CertificationPath    ::= SEQUENCE { 
  userCertificate        Certificate, 
  theCACertificates      SEQUENCE OF CertificatePair OPTIONAL } 

The proposed definition does not match with the ASN.1 definition. 

I would rather propose: 

An ordered list of public-key certificates starting with the public-key
certificate to be validated, 
optionally followed by an ordered list of CA certificates, the last one
being signed by a trust anchor. 

Denis Pinkas
Bull SAS 



De :        "Erik Andersen" <era@xxxxxxx> 
A :        "Directory list" <x500standard@xxxxxxxxxxxxx>, "SG17-Q11"
<t09sg17q11@xxxxxxxxxxxxx> 
Date :        22/07/2011 17:20 
Objet :        [x500standard] DR on def of certification path 
Envoyé par :        x500standard-bounce@xxxxxxxxxxxxx 

  _____  




After some discussion, especially on the PKIX list, there seems to be some
consensus on the definition of certification path. This consensus is
reflected in DR 369 (see
<http://www.x500standard.com/uploads/Ig/DR_369.pdf>
http://www.x500standard.com/uploads/Ig/DR_369.pdf). 
  
Erik Andersen 
Andersen's L-Service 
Elsevej 48, 
DK-3500 Vaerloese 
Denmark 
Mobile: +45 2097 1490 
e-amail: era@xxxxxxx 
Skype: andersen-erik 
 <http://www.x500.eu/> http://www.x500.eu/ 
 <http://www.x500standard.com/> http://www.x500standard.com/ 
 <http://dk.linkedin.com/in/andersenerik>
http://dk.linkedin.com/in/andersenerik 
  

• References:
  • [x500standard] DR on def of certification path
    • From: Erik Andersen
  • [x500standard] Re: DR on def of certification path
    • From: denis . pinkas

Other related posts:

• » [x500standard] SV: Re: DR on def of certification path - Erik Andersen

1. Home
2. x500standard
3. Archive
4. 07-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---