Tomas,
Hi,
I originally suggested (in the mail thread referenced) the
CertTemplate format from RFC4211, it has subject, issuer, serialNumber
and extensions (basically a TBSCertificate).
Although the RFC says that serialNumber MUST be omitted, this is for
certificate request purposes and can surely be redefined.
Don't remember if there were any other technical issues preventing a
CertTemplate to be used?
Cheers,
Tomas
I agree that using a redefined (to include the serial number) cert
template from CRMF would avoid the 5280 issue, but it still requires the
CA to assign the serial number before
the cert is issued. That is my biggest concern, i.e., it imposes a new
requirement on
CAs, one that may have adverse security implication for some.
Nonetheless, I like your suggestion (minus the serial number) as a
starting point. See my next message.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
