c) DirectoryAttributes: This field conveys any desired
X.500 attribute values for the subject of the
certificate. It is applicable to both CA-certificates
and end-entity certificates.
There's a possible problem here. The attributeValue is essentially a SET
OF ANY which may require your ASN.1 compiler to handle DER pretty well - we
use one quite good ASN.1 compiler which doesn't support DER ("not enough
people have asked for it").
We have one which handle DER pretty well it was used for our developpements
in the PASSWORD project......
I don't have a solution other than to avoid multivalued attributes -
perhaps someone who knows X.500 better could comment?
The problem in this particular area is that a user or an authority may
which use several different certificates : one for RSA, one for ElGamal
aso. This will allow some correspondant to use the most suitable key.
Currently this may be acheive only by storing several values in the
Certifacet attribute.
An other solution to avoid multiple values would be to type the various
certificates (RSACertificate, ElGamalCertificate). But this imply to define
new OID (well maybe quite heavy). Furthermore one may which to store several
certificates corresponding to different authoriies (arc at the edge). These
Certificates could not be typed...
ClearanceSyntax ::= BIT STRING {
topSecret (0),
secret (1),
confidential (2),
restricted (3),
unclassSensitive (4),
canadaProtectedC (5),
canadaProtectedB (6),
canadaProtectedA (7),
companyProprietary (8),
unclassified (9) }
ALain Zahm
=======================================================================
Why ASN.1 94 wasn't called ASN.2?
Because ASN.1 88 stand for Abstract Syntax Notation one when ASN.1 94 stand
for Absurd Syntax Notation one.