Russ,
To answer your questions:
CertificateSerialNumber *is* defined in the current X.509 draft. I'm
not sure when it appeared, but it doesn't appear in the '88 version of
X.509. So, if you plan to use '88 syntax I suppose we ought to go '88
all the way.
Yes, the definition of Name is exported from the '88 version of X.501.
Scott
-----Original Message-----
From: Russ Housley [SMTP:housley(_at_)spyrus(_dot_)com]
Sent: Wednesday, November 12, 1997 12:35 PM
To: Scott Hollenbeck
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Initial S/MIME 3 CMS Comments
Scott:
1. The definition of SignedData includes
crls [1] IMPLICIT CRLs OPTIONAL
but no definition for CRLs is provided. A definition for the old PKCS #7
CertificateRevocationLists is provided in section 7.1. Either section
7.1 should be changed to define CRLs or the SignedData definition should be
changed to use CertificateRevocationLists. I suggest changing the SignedData
definition to use the existing PKCS #7 definition.
Fixed.
2. Section 5.2 includes
signatureAlgorithm signatureAlgorithmIdentifier
"signatureAlgorithmIdentifier" should be SignatureAlgorithmIdentifier, with
an upper case "S".
Fixed.
3. Section 7.7 includes
serialNumber CertificateSerialNumber
PKCS #7 says that CertificateSerialNumber is imported from X.509, but the
1988 X.509 spec doesn't include a definition for CertificateSerialNumber.
It defines "SerialNumber". This should be changed to SerialNumber unless
CertificateSerialNumber is defined in a later version of X.509.
Okay. I droped "Certificate." And I added a sentence about the imports.
Is Name in X.501?
4. In section 7.9 a definition for Version is included. Version is defined
in X.509, so maybe it could be included from X.509 instead of adding a
definition here.
I do not want to get it from there because it nails down the numbers that
are allowed.
Russ