Re: [xcbf] FW: Multiple certificates

["Phillip H. Griffin" <phil.griffin@asn-1.com>]

Title:

Yes, the certificates are concatenated.  In practice, I can see
no reason whatsoever for X9.68 and X.509 certificates to
ever be mixed in an application. There is no standard means
defined of chaining these two types together. So, you'd either
use one format or the other, not both.

Currently, X.509 is the market. The X9.68 format has just 
now been approved as a NWI in ISO TC68/SC2. But it may
well become the first all XML certificate format. If it should, 
we'll want to change XCBF to accommodate this new format, 
which will not need to be Base64 armored to be used in an
XML message.

Phil



Alessandro Triglia wrote:
> Phil,
>
> I haven't received any response to the question below.  
>
> Alessandro
>
>
>
> > -----Original Message-----
> > From: Alessandro Triglia [mailto:sandro@oss.com] 
> > Sent: Wednesday, April 09, 2003 19:23
> > To: [OASIS XCBF]
> > Subject: Multiple certificates
> >
> >
> > Phil,
> >
> > In the proposed XCBF CS, "certs" has type CertificateSet, 
> > which is defined as:
> >
> > 	CertificateSet ::= OCTET STRING
> >
> > Line 1523 says:  "Any combination of X9.68 domain 
> > certificates, X.509 certificates and attribute certificates 
> > may be included in the CertificateSet type in any order."
> >
> > It has just occurred to me that the text does not say how to 
> > combine multiple certificates in a single OCTET STRING.  
> >
> > Should they be simply concatenated?
> >
> > Alessandro
> >
> >
> >