[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Who can be a Time Stamping Authority?

To: Denis.Pinkas@xxxxxxxx, FRousseau@xxxxxxxxxxxxxxxxx
Subject: Re: Who can be a Time Stamping Authority?
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Wed, 10 May 2000 13:10:11 +0200 (MET DST)
Cc: ietf-pkix@xxxxxxx

> 
> In the second case, the TSA certificate should contain an extension, which
> would indicate that this TSA may issue time stamping tokens within that CA
> realm.  Since RFC2459 is currently being revised and as suggested by Michael
What does mean 'issue time stamping tokens withing that CA realm'?

> Zolotarev, the Authority Information Access extension does not seem
> appropriate for this particular purpose, I would suggest that a new private
> Internet extension should probably be added in RFC2459 to achieve this
> requirement.
>
It seems to me that what is required is a kind of 'Subject Information Access'
extension as it was available in earlier drafts. The definition is similar
to the AIA by replacing 'issuer' by 'subject'.
 

Another possibility is to change in 2459:

   The authority information access extension indicates how to access CA
   information and services for the issuer of the certificate in which
   the extension appears. 

to

   The aia extension indicates how to access services related to the certificate
   in which the extension appears. 

The definition of accessMethod must describe anyway how the extension has to be
interpreted.

Prev by Date: Re: DER in ac509prof-03
Next by Date: Re: DER in ac509prof-03
Previous by thread: RE: Who can be a Time Stamping Authority?
Next by thread: DER in ac509prof-03
Index(es):
- Date
- Thread