At 10:28 AM 4/3/96 -0500, you wrote:
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3633(_dot_)828545283(_dot_)2(_at_)tis(_dot_)com>
if a certificate contains a name using standard-type=value convention
...
should certificate validation software finding an illegal value:
While there are times that software can check for legal values, there
are also times that it can't. Does it make sense to have user
software enforce, say, country names according to iso3166, when the
same can't be done for state or province names? Basic syntax can be
checked by a program, but the correctness of distinguished names must
be handled by users and their certification authorities. There are
too many things that can be semantically wrong with a certificate, not
the least of which is information that is just plain false.
But the c= case isnt semantics; its clearly syntax. The other
are clearly semantics which some local policies might except, others
not. ISO calls out this case in bold type, as it were. Ive no
idea - as a computer - what GB is, only that it is or is not
in my set of allowed values, whereas fr is not.
Whatever CAs and NAs and RAs do, Im asking the question, what do
conformant parsing modules do!?
Whether a conformance requirement is sensible, is however, a perfectly
legitimate question.
Does anyone know of a conformance test in which syntax c=fr would
be rejected, or analagous cases in other type=value schemes using
contrained value notations?