I'm not sure I understand the precise formulation of your note. I'd
phrase this in the followings terms: In addition to the procedures
defined in RFC 1422, some implementations include support for
cross-certification. Cross-certification is a means of validating
certificates across different hierarchies.
I THINK the nuances that are different between our formulations are:
- "not implement" versus "in addition"
- 1424 versus 1422
- "validated certificates" versus "validating certificates"
With respect to the last comparison, I view validation as a process
which results in a value, either "validated" or "not validated for
reason <x>". I don't view a certificate as having the property of
being either valid or invalid as an inherent property of the
certificate itself.
From: Steve Kent <kent(_at_)BBN(_dot_)COM>
To: Stephen D Crocker <crocker(_at_)TIS(_dot_)COM>
cc: Steve Kent <kent(_at_)BBN(_dot_)COM>, Jueneman(_at_)gte(_dot_)com,
pem-dev(_at_)TIS(_dot_)COM
Date: Thu, 29 Jul 93 16:25:33 -0400
Subject: Re: Global CRL distribution
Steve,
Unless you are advocating that PEM user agents not implement
the procedures defined in RFC 1424, cross-certification (at any level)
does not result in validated certificates.
Steve