Hiya David,
On 09/21/2013 04:32 PM, David Chadwick wrote:
>
>
> On 21/09/2013 13:48, Stephen Farrell wrote:
>>
>> Not sure what the question is really, but I absolutely
>> do wonder why anyone would consider it a good plan to
>> change specs like x.509 apparently without there being
>> any implementers who want those changes.
>>
>> Luckily, rfc 5280 has all you need anyway so its not
>> that important any more if x.509 changes.
>
> Yes for PKCs, but it does not address Erik's point which is about ACs
He asked about ACs, I asked about motivation. Mine is
a real question btw, I really don't get why its useful
to keep messing with x.509, nor why folks want to do
that when no implementers afaik want them to. If you
know the answer, I'd love to hear it.
Also, Tim just sent a mail looking for editors in this
wg. Doing that would seem to me to be far more beneficial
to all interested in PKI.
As for ACs, rfc 5755 does the job there, but is afaik
almost ubiquitously ignored. In the 20 or so years
since I started working with attribute certs (*) every
single proposed use-case turned out to have a better
non-AC approach. But maybe I've just been (un)lucky;-)
Cheers,
S.
(*) They were called PACs back then, based on ETSI TR/46.
The x.509 flavour ACs were added some time later.
>
> David
>>
>> S
>>
>> On 09/21/2013 01:42 PM, Tony Rutkowski wrote:
>>> does anyone have any druthers here for
>>> Erik who is trying to update the old
>>> X.509 spec?
>>>
>>> --tony
>>>
>>>
>>> -------- Original Message --------
>>> Subject: [T17Q11] Attribute certificate path
>>> Date: Sat, 21 Sep 2013 14:10:20 +0200
>>> From: Erik Andersen <e...@x500.eu>
>>> To: <t13sg17...@lists.itu.int>
>>>
>>>
>>>
>>> Hi Folks,
>>>
>>> I noticed that 12.2 of X.509 talks about attribute certificate path.
>>> However, the associated ASN.1 is a data type is called
>>> AttributeCertificationPath. As we for public-key certificates talk about
>>> certification path, it seems reasonable to use the term "attribute
>>> certification path" rather that "attribute certificate path".
>>>
>>> I also noticed that the ASN.1 indicates that the path is bottom up
>>> rather top down:
>>>
>>> AttributeCertificationPath ::= SEQUENCE {
>>>
>>> attributeCertificate AttributeCertificate,
>>>
>>> acPath SEQUENCE OF ACPathData OPTIONAL,
>>>
>>> ... }
>>>
>>> Please come back with comments.
>>>
>>> Erik
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> wpkops mailing list
>>> wpkops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/wpkops
>>>
>> _______________________________________________
>> wpkops mailing list
>> wpkops@ietf.org
>> https://www.ietf.org/mailman/listinfo/wpkops
>>
> _______________________________________________
> wpkops mailing list
> wpkops@ietf.org
> https://www.ietf.org/mailman/listinfo/wpkops
>
>
_______________________________________________
wpkops mailing list
wpkops@ietf.org
https://www.ietf.org/mailman/listinfo/wpkops
