Re: Very minor comment in the spec. from Carl Wallace on 2000-10-03 (w3c-ietf-xmldsig@w3.org from October to December 2000)

From: Carl Wallace <cwallace@erols.com>
Date: Tue, 3 Oct 2000 12:24:07 -0400
To: <tgindin@us.ibm.com>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: "Yoshiaki KAWATSURA" <kawatura@bisd.hitachi.co.jp>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <003201c02d56$6832a200$0700a8c0@WALLACE>

The text should not specify a version number.  X.509 mandates that CRLs
having no critical extensions also have no version number.  From X.509
section 11.2:

 "If any extensions included in a CertificateList are defined as critical,
the version element of the CertificateList  shall be present.  If no
extensions defined as critical are included, the version element shall be
absent. "

Elsewhere it is stated that when the version number is present it must be
set to two.  Requiring CRLs with version number equal to two requires the
presence of a critical extension.

Carl Wallace


----- Original Message -----
From: <tgindin@us.ibm.com>
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: "Yoshiaki KAWATSURA" <kawatura@bisd.hitachi.co.jp>;
<w3c-ietf-xmldsig@w3.org>
Sent: Tuesday, October 03, 2000 10:56 AM
Subject: Re: Very minor comment in the spec.


>      The CRL variant defined in X.509v3 is version 2 of the X.509 CRL data
> structure.  There is no version 3 of this data structure AFAIK.  That
> syntax could be plausibly referred to as "version 2 X.509 CRL's" because
> its version number is 2, or as "X.509v3 CRL's" after the spec in which it
> seems to have been first published.  "X.509v2 CRL's" is an apparent
> mistranscription of "X.509 v2 CRL's" (as used in RFC 2459) with the space
> indicating the structure version rather than the spec version.  The
> simplest description is actually "the X.509 CRL format with extensions".
>      Does anybody care which of these descriptions is used in our spec?
>
>           Tom Gindin
>
>
> "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>@w3.org on 10/03/2000
> 08:29:35 AM
>
> Sent by:  w3c-ietf-xmldsig-request@w3.org
>
>
> To:   Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
> cc:   w3c-ietf-xmldsig@w3.org
> Subject:  Re: Very minor comment in the spec.
>
>
>
> I don't think there is any significant use of other than v3 these days.
>
> Donald
>
> From:  Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
> To:  w3c-ietf-xmldsig@w3.org
> Cc:  kawatura@bisd.hitachi.co.jp
> In-Reply-To:  <4.3.2.7.2.20001002171759.02e06040@rpcp.mit.edu>
> References:  <200009280812.RAA10090@ns.trl.ibm.com>
>           <200009290127.KAA26690@ns.trl.ibm.com>
>           <4.3.2.7.2.20001002171759.02e06040@rpcp.mit.edu>
> Message-Id:  <20001003183030K.kawatura@bisd.hitachi.co.jp>
> Date:  Tue, 03 Oct 2000 18:30:30 +0900 (JST)
>
> >I have a very minor comment in the spec.
> >###
> >4.4.4 The X509Data Element
> >
> >    5. The X509CRL element, which contains a Base64-encoded X.509v2
> >                                                            ^^^^^^^
> >       certificate revocation list (CRL).
> >###
> >
> >X.509v3 is better though we can also contain a Base64-encoded X.509v2
> >CRL in the X509CRL...
> >
> >----
> >Yoshiaki Kawatsura : E-mail kawatura@bisd.hitachi.co.jp
> > Business Solution Systems Division, Hitachi,Ltd.
> >Voice: +81-44-549-1713(direct) Fax: +81-44-549-1721
> >
>
>

Received on Tuesday, 3 October 2000 12:25:27 UTC