Re: draft-ietf-pkix-rfc3161bis-01.txt

[Johannes Merkle <johannes.merkle@xxxxxxxxxxx>]

so, if a "time stamp Responder" uses several signature creation devices in order to increase performance, but the
corresponding certificates are issued for the same subject names, these signature creation devices represent the same
TSU? This seems counterintuitive to me.
And I am not sure whether this (quite typical) scenario is reflected by the new draft. At least the last sentence in
section 3.3 indicates a different scenario:
   A TSS MAY have distinct TSUs, e.g., to accommodate different
   policies, different algorithms, different private key sizes or to
   increase the performance.

Johannes


Alfredo Esposito schrieb am 12.03.2009 17:27:
> 
> I love joking with the words in my own language, but my English is not
> smart enough
> TSU is the subject of a X.509 public key certificate and the
> corresponding private key is used to sign time-stamp-token compliant
> with IETF RFC 3161
> Is it better?
> 
> 
> Stefan Santesson wrote:
>> Alfred,
>>
>>  
>>> The meaning of TSU seems to me pretty clear: it is the entity signing
>>> the time stamp token.
>>>     
>>
>> You see, already here you loose me.
>>
>> How can a "Unit" be an Entity? If so, how do you define entity?
>>
>> /Stefan
>>
>>
>>
>>
>>   
> 

-- 
Viele Grüße,
Johannes Merkle