-
Enhancement
-
Resolution: Fixed
-
P3
-
1.4.0
-
beta2
-
generic
-
solaris_7
In the CertPath architecture, an RFC service provider attribute is defined to
advertise the RFC that a PKIX compliant CertPathValidator,
CertPathBuilder or LDAP CertStore is conformant with. All PKIX or
LDAP implementations SHOULD set this service attribute.
If not set, a default is assumed (currently 2459 for PKIX and 2587
for LDAP).
We would like to change the name of this attribute to allow implementations
to be conformant with a standard that is not attached to an RFC #, or
is not finalized (ex: an Internet Draft).
The proposal is to remove the RFC service attribute and create two new
attributes:
ValidationAlgorithm: the name or version of the validation algorithm
specification that an implementation of CertPathBuilder or CertPathValidator
complies with. RFCs MUST be specified using the format "RFC#" where #
is the number of the RFC (ex: "RFC2459"). Internet Drafts must be specified
using the format "name-of-draft" (ex: "draft-ietf-pkix-new-part1-06.txt").
The format is
case insensitive, and leading and trailing whitespace are ignored.
There is no default. If the attribute is not defined, users must not
make any assumptions about the version of the algorithm that the provider
conforms to, unless it has been specifically documented elsewhere.
LDAPSchema: the name or version of the LDAP schema specification that
an implementation of CertPathBuilder or CertPathValidator
complies with. The format of this attribute is the same as described for
the ValidationAlgorithm attribute. There is no default. If the attribute
is not defined, users must not make any assumptions about the
specification of the schema that the provider conforms to, unless it has
been specifically documented elsewhere.
advertise the RFC that a PKIX compliant CertPathValidator,
CertPathBuilder or LDAP CertStore is conformant with. All PKIX or
LDAP implementations SHOULD set this service attribute.
If not set, a default is assumed (currently 2459 for PKIX and 2587
for LDAP).
We would like to change the name of this attribute to allow implementations
to be conformant with a standard that is not attached to an RFC #, or
is not finalized (ex: an Internet Draft).
The proposal is to remove the RFC service attribute and create two new
attributes:
ValidationAlgorithm: the name or version of the validation algorithm
specification that an implementation of CertPathBuilder or CertPathValidator
complies with. RFCs MUST be specified using the format "RFC#" where #
is the number of the RFC (ex: "RFC2459"). Internet Drafts must be specified
using the format "name-of-draft" (ex: "draft-ietf-pkix-new-part1-06.txt").
The format is
case insensitive, and leading and trailing whitespace are ignored.
There is no default. If the attribute is not defined, users must not
make any assumptions about the version of the algorithm that the provider
conforms to, unless it has been specifically documented elsewhere.
LDAPSchema: the name or version of the LDAP schema specification that
an implementation of CertPathBuilder or CertPathValidator
complies with. The format of this attribute is the same as described for
the ValidationAlgorithm attribute. There is no default. If the attribute
is not defined, users must not make any assumptions about the
specification of the schema that the provider conforms to, unless it has
been specifically documented elsewhere.