[x500standard] Re: User certificates
- From: Bill Russell <brussell@xxxxxxxxxxxx>
- To: Erik Andersen <era@xxxxxxx>, Directory list <x500standard@xxxxxxxxxxxxx>, PKIX <ietf-pkix@xxxxxxx>
- Date: Tue, 24 Mar 2009 10:32:09 -0400
I believe the directory attribute userCertificate is a multivalue attribute. I
see no reason why it cannot be used to store an attribute certificate. However,
some applications may get confused. I think in practice, most apps assume only
one certificate in the userCertificate.
The term "user" has proved ambiguous; so, I'd agree that there would be some
value in defining it. However, I would not define it to exclude attribute
certificates.
________________________________
From: owner-ietf-pkix@xxxxxxxxxxxx [owner-ietf-pkix@xxxxxxxxxxxx] On Behalf Of
Erik Andersen [era@xxxxxxx]
Sent: Tuesday, March 24, 2009 9:39 AM
To: Directory list; PKIX
Subject: User certificates
The term “user certificate” is used in X.509 (and X.511) without being defined.
I assume that a user certificate is a public-key certificate issued to an
end-user. There is an attribute type called userCertificate, which has the
syntax of public-key certificates. It seems therefore clear that a user
certificate cannot be an attribute certificate.
In the “8.6.2.7 AA Issuing Distribution Point extension” the term user
certificate is mentioned in last the paragraph just before the three notes. Is
that correct?
The term “user certificate” should be defined.
Any comments?
Erik Andersen
Andersen's L-Service
Elsevej 48, DK-3500 Vaerloese
Denmark
Mobile: +45 2097 1490
email: era@xxxxxxx
www.x500.eu
www.x500standard.com
Other related posts:
