>With that in mind, the PEM/MIME document does not care which
>version of certificate is used. The certificate is one
>mechanism among a few that facilitates the
>validation/distribution of a public key, a process which is
>explicitly independent of the support of the security services.
>Thus, what is required is the exchange of public keys. If that
>happens via certificate, there may be interoperability issues,
>but that is outside the scope of this specification.
How should I interpret that statment with respect to the
CRITICAL flag for extextions in v3? Are you seem to be saying
that you will pick out the public key part of the certificate,
and ignore everything else?! Am I reading you correctly?
Bob,
Almost. Let me try to say it yet another way.
The management of the certificate is explicitly outside the scope of the
PEM/MIME specification. PEM/MIME specification does not care where the
public key came from. It is the user's responsibility to figure that
out.
If the key came from a certificate, then something must have validated
the certificate and something must make the public key in the
certificate available to a PEM/MIME implementation. If the something
does not understand v3 certificates, then I agree it should properly
fail. In any case, the version of certificate in deployment is not
relevant to the PEM/MIME specification. If and when certificates are
deployed for real, by X.500, it will be an issue for X.500.
I think we're in agreement, Bob. We're just trying to understand the
words we're each using.
Jim