[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The CR payload still
At 2:39 PM -0800 3/5/03, Brian Korver wrote:
>On 3/5/03 1:31 PM, "Paul Hoffman / VPNC" <paul.hoffman@vpnc.org> wrote:
>> There are other meanings than "I don't care". We need to be able to
>> say "send me a cert of type other than 4", namely types 11, 12, and
>> 13. Currently, we can't specify that.
>>
>> It won't do that if we scope it correctly.
>>
>> --Paul Hoffman, Director
>> --VPN Consortium
>
>Paul,
>
>An empty CERTREQ still contains a cert type field. The issue
>being discussed is the semantics of a missing CA field (in
>other words the CA's DN), not a missing cert type.
The document says:
While intended to allow for future expansion, the only form of
certificate request currently defined is X.509 signing certificate
(4).
That's a pretty clear statement that other types are not covered by
the CERTREQ.
--Paul Hoffman, Director
--VPN Consortium