ietf-smime
[Top] [All Lists]

RE: Cert Attributes in CERTDIST

1999-07-31 13:03:33
That is one of the issues.  The reasons why this field is not used are as
follows:

1.  userCertificate holds X509 certificates for the use (there may be more
than one) and what we are publishing is a SignedData object not an X509
certificate.
2.  We want to include additional attributes which also are not certificates
and bind them together with the certificate in a cryptographic manner.  (The
main attributes being encryption algorithms and a publishing time.)

jim

-----Original Message-----
From: Blake Ramsdell [mailto:BlakeR(_at_)deming(_dot_)com]
Sent: Thursday, July 22, 1999 2:23 PM
To: 'Sean Turner'; ietf-smime(_at_)imc(_dot_)org
Subject: RE: Cert Attributes in CERTDIST


-----Original Message-----
From: Sean Turner [mailto:turners(_at_)ieca(_dot_)com]
Sent: Thursday, July 22, 1999 2:31 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Cert Attributes in CERTDIST

I'm sorry if I'm coming at this a bit late, but why are the attributes
that are used to store signature and encryption certificates not
userCertificate as defined in the LDAP schema RFC from PKIX?

I think that the problem is because userCertificate refers to exactly one
certificate.  In order to put in a certificate chain, along with the S/MIME
capabilities of the certificate holder, a new convention must be used.

I may have some of this wrong, so anyone feel free to correct me.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 376 0225 x103  Fax +1 425 376 0915

<Prev in Thread] Current Thread [Next in Thread>