[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Extended Key Usage and path validation

To: Frank Balluffi <frankb@xxxxxxxxxxxx>
Subject: RE: Extended Key Usage and path validation
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 3 Nov 2000 18:35:15 -0500
Cc: ietf-pkix <ietf-pkix@xxxxxxx>
In-reply-to: <>
References: <>

Frank & Jean-marc,

The Netscape discussion for this extension makes little or no sense to me, based on your description. As Frank notes, this is an extension one expects to see in an EE cert, vs. a CA cert, so one would not encounter multiple ones in validating a path. If I did use this extension in a CA cert, given the semantics, it might well conflict with an EE usage. Certainly the keyUasage bits for CA certs and EE certs are distinct, so why would one expect a relationship of the sort described for this extension.

Steve

Follow-Ups:
- Re: Extended Key Usage and path validation
  - From: Jean-Marc Desperrier

References:
- RE: Extended Key Usage and path validation
  - From: Frank Balluffi

Prev by Date: Re: Holder (was Re: Comments on draft-ietf-pkix-ac509prof-05.txt)
Next by Date: Re: WAP X.509 Certificate profile specification
Previous by thread: RE: Extended Key Usage and path validation
Next by thread: Re: Extended Key Usage and path validation
Index(es):
- Date
- Thread