<X509Data> grouping restrictions

The list seems dead lately. Allow me to throw out a question here :)

I have been reading section 4.4.4 regarding the restrictions on the grouping
of the <X509Data> elements. The trivial restriction (e.g. X509IssuerSerial,
X509SKI, and X509SubjectName, if used, all must point to the same public
key) makes sense, but I am pondering the restrictions about how one can
group these elements in separate <X509Data> elements.

The recommendation currently says that if all such certificate identifiers
(e.g. X509IssuerSerial, X509SKI, and X509SubjectName), point to the same
certificate, they must be grouped together. Is this restriction simply to
prevent redundancy of the semantics of <X509Data> elements? What is the
purpose behind this?

Thanks,

Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 

Received on Tuesday, 12 June 2001 03:57:29 UTC