At 05:04 PM 9/30/97 -0400, David Solo wrote:
extensions which have the greatest value in the S/MIME environment.
The basicConstraints, keyUsage, and certificatePolicies extensions are
defined in [X.509].
Sending and receiving agents MUST correctly handle the v3 Basic
Constraints Certificate Extension, the Key Usage Certificate
Extension, authorityKeyID, subjectKeyID, and the subjectAltNames when
they appear in end-user certificates. Some mechanism SHOULD exist to
handle the defined v3 certificate extensions when they appear in
intermediate or CA certificates.
In the S/MIME environment, CAs which issue v3 certificates SHOULD
include only the extensions listed here.
For these extensions, the criticality flag SHOULD be set to False
unless the proper handling of the corresponding extension is deemed
critical to the correct interpretation of the associated certificate.
Also, in an S/MIME environment, when additional v3 extensions are
included in a certificate, the corresponding criticality flags SHOULD
be set to False.
Replace with:
Certificates issued for the S/MIME environment SHOULD not contain any
critical extensions other than those listed here. These extensions SHOULD
be marked as non-critical unless the proper handling of the extension is
deemed critical to the correct interpretation of the associated certificate.
When other extensions are included, those extensions MUST be marked as
non-critical.
Dave, This is fine. Since this will be an IETF document, shouldn't we
reference the PKIX Certificate and CRL profile instead of X.509?
The PKIX Working Group last call on this document was issued this morning.
Russ