All,
IMHO, Blake has done a wonderful job of incorporating the comments into
CERT-04 (4 May 98) upon which the group has reached concurrence. I have a
few comments related to the open issues listed in App C:
Key usage for signing / encrypting certificate explanation
[JSP: Don't need it, just refer to PKIX. Please delete this issue.]
Attribute certificates -- keep 'em or pitch 'em?
[JSP: Keep the X.509 syntax and the CERT-04 text as is. Please delete this
issue.]
Delete DN jabber from 3.1?
[JSP: This was deleted in CERT-04. Please delete this issue.]
Extensions -- do we make this list the "maximum allowable" instead of
the "minimum required"?
[JSP: NO. PKIX allows extensions other than those listed in CERT-04.
Please delete this issue.]
What is the criticality for the "minimum required" extensions?
[JSP: CERT-04 should just refer to PKIX on this. Please delete this issue.]
Shouldn't 4.4.2.1 be in PKIX I?
[JSP: Yes. Recommend that Blake propose that the text be added to PKIX Pt I.]
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================