>As I have said before, RFC1422 needs to be either revised or amended if
support
>for v3 certs is going to be required in comformant implementations.
Steve's language states that it comes down to an implementors choice.
Complete implementations will, incomplete implementations wont.
Bob certainly doesnt understand that v2 and v3 certificates *are*
wholly permitted (at ISO/ITU ratification time) in PEM.
RFC 1422 permits v3 certificates, without change, once the ISO process
terminates.
There is no can of worms in multiple PCAs certifying a CA in 1422;
quite to the contrary, 1422 ensure a unique trust path, in this area,
is always calculable; removing the 1422 constraints from x.509 is sheer
lunacy, given the goals of Classic PEM of facilitating privacy enhancement. I
personally expect complete and conformant implementations to exploit
the v3 authorityKeyIdentifier extension to aid the process of trust
chain verification, for example.
3.3.1 Version Number
The version number field is intended to facilitate orderly changes in
certificate formats over time. The initial version number for
certificates used in PEM is the X.509 default which has a value of
zero (0), indicating the 1988 version. PEM implementations are
encouraged to accept later versions as they are endorsed by
CCITT/ISO.
3.3.5 Issuer Name
A certificate provides a representation of its issuer's identity, in
the form of a Distinguished Name. The issuer identification is used
to select the appropriate issuer public component to employ in
performing certificate validation. (If an issuer (CA) is certified
by multiple PCAs, then the issuer DN does not uniquely identify the
public component used to sign the certificate. In such circumstances
it may be necessary to attempt certificate validation using multiple
public components, from certificates held by the issuer under
different PCAs. If the 1992 version of a certificate is employed,
the issuer may employ distinct issuer UIDs in the certificates it
issues, to further facilitate selection of the right issuer public
component.)