[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: TSA draft V7.0

To: Carlisle Adams <carlisle.adams@xxxxxxxxxxx>
Subject: RE: TSA draft V7.0
From: tgindin@xxxxxxxxxx
Date: Fri, 28 Apr 2000 20:22:21 -0400
Cc: Denis.Pinkas@xxxxxxxx, "'Michael Zolotarev'" <mzolotarev@xxxxxxxxxxxxx>, PKIX mailing group <ietf-pkix@xxxxxxx>

Carlisle Adams <carlisle.adams@entrust.com> on 04/28/2000 10:14:20 AM

To:   Denis.Pinkas@bull.net, "'Michael Zolotarev'"
      <mzolotarev@baltimore.com>
cc:   PKIX mailing group <ietf-pkix@imc.org>
Subject:  RE: TSA draft V7.0

Hi Michael,

My interpretation is more along the following lines.  If a CA explicitly
puts an extension in a certificate designating the subject to be a TSA
then, in some sense at least, the time stamp authority function becomes a
CA service.  Thus, I see no conflict with such use of the AIA extension.

[Tom Gindin] I have a hard time with the idea that a service becomes a CA
service in any meaningful sense simply by having the CA issue a certificate
containing an ExtendedKeyUsage value.  A CA issuing a server certificate is
not vouching that the service will be properly performed, much less that it
will be performed on the CA's behalf.  How much verification of the
features of a service by the CA occurs  when an operator gets a server
certificate for a Web or LDAP server and asks for Extended Key Usage
id-kp-serverAuth?  So how much more is required for id-kp-timeStamping,
which is the standard way in which the CA designates the subject as a TSA?
(snip)

Prev by Date: RE: TSA draft V7.0
Next by Date: enrollment protocols
Previous by thread: RE: TSA draft V7.0
Next by thread: RE: TSA draft V7.0
Index(es):
- Date
- Thread