[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: crossCertificatePair, what exactly should the contents be?

In message <20021118.191210.50580257.levitte@stacken.kth.se> on Mon, 18 Nov 2002 19:12:10 +0100 (CET), Richard Levitte - VMS Whacker <levitte@stacken.kth.se> said:

levitte> It looks like there's a draft that would define the syntax a little
levitte> better: draft-ietf-pkix-ldap-pki-schema-00.txt.  It basically says
levitte> that the value "is the octet string that results from the BER/DER-
levitte> encoding an X.509 public key certificate pair".  However, I still
levitte> don't know what a "public key certificate pair" exactly is in this
levitte> context.  Is it a "SEQUENCE { issuedToThisCA Certificate,
levitte> issuedByThisCA Certificate }" or what?

Looks like I guessed correctly, at least judging (sp?) from the X.509
4th Edition draft V6 I found, where CertificatePair is defined like

CertificatePair ::= SEQUENCE {
	forward		[0]	Certificate OPTIONAL,
	reverse		[1]	Certificate OPTIONAL,
	-- at least one of the pair shall be present -- }

It's to wonder why this isn't specified in RFC 3280...

Richard Levitte   \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.