I don't know that there should be a MUST implement for this. Not every
S/MIME product will have the generation of keys inside of the product
nor should it be required. In the case of Microsoft Outlook Express, we
don't do any key enrollment in the product itself, that is done by an
external program (Microsoft Internet Explorer) and we just pick up its
output later. It would make sense for there to be a MUST on the CA
side, but not on the client side.
-----Original Message-----
From: Blake Ramsdell [SMTP:BlakeR(_at_)deming(_dot_)com]
Sent: Friday, November 07, 1997 2:16 PM
To: 'dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil';
'ietf-smime(_at_)imc(_dot_)org'
Subject: RE: Certificate request format (was RE: S/MIME V3 Msg
SpecComments)
On Friday, November 07, 1997 11:58 AM, dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil
[SMTP:dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil] wrote:
But IMO, IETF S/MIME should specify a single certificate management
message format as a MUST-implement, and that should be the syntax
specified by PKIX CMP. Implementors are always free to include
additional functionality over and above that required by the spec.
I expect most vendors will offer both S/MIME v2 and legacy PKCS-10
support even if S/MIME v3 does not require them.
I agree that there should be a single MUST implement. However, my
understanding of CMP is that it is quite broad in its format (there
are
several options to choose from, one of which is PKCS #10 encapsulated
in
the CMP format).
Do I misunderstand CMP (that is, does CMP define something other than
the big CHOICE for PKIBody that has as one choice the PKCS #10)?
It sounds like we have to do a separate document to constrain a MUST
profile for CMP down to size, if I understand this right.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060