[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Correct approach to certificate validation?

To: Al Arsenault <awa1@xxxxxxxx>
Subject: Re: Correct approach to certificate validation?
From: Rich Salz <rsalz@xxxxxxxxxxxxxxxx>
Date: Thu, 08 Jun 2000 23:10:42 -0400
Cc: Trevor Freeman <trevorf@xxxxxxxxxxxxxxxxxxxxxx>, "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
References: <> <>

Al,

You're saying that the current deployed base of CA's ensures that
the issuer DN of certs they issue is exactly the same as the subject
DN of its own signing cert?  If my understanding is correct, not
only do I strongly concur, but I don't know of any product that
works otherwise, in the course of normal operation/default config.
Does anyone know of a product that doesn't?

Even if there is one, it doesn't matter.  And if the standard is 20
years old, it doesn't matter (heck, TCP's older than that).

Generally speaking, "that's what everyone else does" is the kind
of argument that, in the IETF, generally trumps anything else.
Trevor, I thought you've been around long enough to know this.
	/r$

References:
- RE: Correct approach to certificate validation?
  - From: Trevor Freeman
- Re: Correct approach to certificate validation?
  - From: Al Arsenault

Prev by Date: Re: Correct approach to certificate validation?
Next by Date: RE: Correct approach to certificate validation?
Previous by thread: Re: Correct approach to certificate validation?
Next by thread: RE: Correct approach to certificate validation?
Index(es):
- Date
- Thread