The Certificate ASN.1 syntax definitions in the PKIX and X.509 specs are
equivalent (i.e. they produce identical hex ASN.1 encodings), so it doesn't
matter to me which spec is referenced.
However, the AttributeCertificate syntax is an issue. RFC 2630 imports the
AttributeCertificate syntax from the 1997 X.509 Recommendation. The
AttributeCertificate syntax defined in the draft 2000 X.509 Recommendation
(X.509_4thEditionDraftV7, 23 Feb 2001) and PKIX AC Profile
(draft-ietf-pkix-ac509prof-06.txt, 10 Jan 2001) is incompatible with the
AttributeCertificate syntax defined in the 1997 X.509 Recommendation.
Recommend that the son-of-RFC2630 and symkeydist ASN.1 modules should import
the AttributeCertificate syntax defined in the draft 2000 X.509
Recommendation and PKIX AC Profile (again, it doesn't matter to me which
spec is referenced).
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
From: Sean P. Turner [mailto:turners(_at_)ieca(_dot_)com]
Sent: Thursday, March 22, 2001 11:30 AM
Subject: certificate and attribute certificate imported from PKIX or
One of the comments I received on the symkeydist draft was to import
certificate and attribute certificate from the PKIX documents and not
from X.509. The question is whether I should do this or not and if so
should CMS be changed to do the same?