The syntax should be simplified and changed into : ValidationPolicy ::= SEQUENCE { valPolId OBJECT IDENTIFIER, parameters ANY DEFINED BY valPolId OPTIONAL } Then a specific validation policy, based on the algorithm described in RFC 3280, should defined «id-svp-basicValPol», with its own parameters : userPolicySet [1] SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL, inhibitPolicyMapping [2] BOOLEAN OPTIONAL, requireExplicitPolicy [3] BOOLEAN OPTIONAL, inhibitAnyPolicy [4] BOOLEAN OPTIONAL, trustAnchors [5] TrustAnchors OPTIONAL, keyUsages [6] KeyUsages OPTIONAL, extendedKeyUsages [7] SEQUENCE OF KeyPurposeId OPTIONAL } Section 6.1 from 3280bis specifies a single trustAnchor. |