On Thu, Dec 18, 2003, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Thu, 18 Dec 2003 17:50:20 +0100, "Dr. Stephen > Henson" <[EMAIL PROTECTED]> said: > > steve> On Thu, Dec 18, 2003, Michael Bell wrote: > steve> > steve> > Hi all, > steve> > > steve> > there is a draft for a technical corrigendum of X.509. > steve> > > steve> > http://www.pki-page.info/download/N12599.doc > steve> > > steve> > Does somebody have an idea how to integrate the replacement of > steve> > nonRepudiation by contentCommitment seamlessly into OpenSSL? I'm a > steve> > little bit surprised that such an old and established standard is > steve> > subject of such a basic change. > steve> > > steve> > steve> Well it appears the only change as far as OpenSSL is concerned > steve> is that the name of the bit has changed. It's easy enough to > steve> change that in crypto/x509v3/v3_bitst.c That would break > steve> existing config files and anything which parses the output of > steve> the X509v3 print routines: something which I've strongly > steve> advised against several times but some people still do it. > steve> > steve> The current code doesn't support two different names for the > steve> same bit (if you add two it will misbehave and print out both > steve> names) but its easy enough to change. > > I wouldn't hurry, since this is just a draft, and if I read a certain > comment in ietf-pkix properly, there may be diverging opinions on this > particular issue. >
I'm in not rush, just making sure the possible pitfalls are apparent if anyone should decide to just edit the field names. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]