ietf-smime
[Top] [All Lists]

Re: ESS EquivalentLabel Proposal

1998-05-25 06:35:39
I would like to suggest that this mapping could eventually be accomplished
through a proposed extension for Attribute Certificates instead of an
authenticated attribute. The following document on these proposed attribute
certificate extensions contains an extension specifically for that purpose.

ftp://ftp.bull.com/pub/OSIdirectory/Helsinki97Output/21DIR4.DOC

"The attribute value mappings extension, which is for use in attribute
certificates issued to Attribute Authorities only, allows a certificate
issuer to indicate that, for the purposes of the user of a delegation path
containing this certificate, one of the issuer's attribute values can be
considered equivalent to a different attribute value used in the subject
Attribute Authority's domain."

As suggested by Jim Schaad, through using this attribute certificate
extension to convey this mapping is something that should be implemented in
policy verification code.

Francois Rousseau

<Prev in Thread] Current Thread [Next in Thread>