On Wed, 13 Nov 2002, Frédéric Giudicelli wrote: > Well I hope MS will be able to get into an adult argumentation, I think it's > mostly about the comprehension of the RFC, since it's really not clear the > way IETF expresses it. > The best solution would be that one of you big people, contact IETF, about > the RFC comprehension, at least that would quit any kind of linguistic > argumentation.
I personally don't think this would be useful. The corresponding paragraph of the RFC3280 is more or less a copy of the text of the X.509 standard. It is clearly stated at the beginning of this paragraph (the one of the RFC3280, as not everyone has a copy of the X.509 right now) that: The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification MAY be based on either the key identifier (the subject key identifier in the issuer's certificate) or on the issuer name and serial number. So the purpose of this extension is to find 'the issuer of the present certificate', and the remaining text should be placed on that context. More precisely, when it is talked about 'the issuer name', one must understand 'the issuer name of the issuer of the present certificate', just as when it is talked about the 'keyIdentifier', one must understand 'the keyIdentifier of the issuer of the present certificate', and when it is talked about 'the serial number', one must understand 'the serial number of the issuer of the present certificate'. RFCs-reading is an art, just like Standards-reading ;) So far, I think that only Microsoft made this mistake, I never found it in any other product I've seen. Based on that, I really don't think it might be necessary to rewrite the RFC, or the X.509 standard (which would involve *much* more work). -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5 ----- Unspeakable error in module Cthulhu at address R'lyeh. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
