[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Extended Key Usage and path validation

To: ietf-pkix <ietf-pkix@xxxxxxx>
Subject: Re: Extended Key Usage and path validation
From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Wed, 08 Nov 2000 08:27:49 +0100
Organization: stroeder.com
References: <> <>
Sender: michael@xxxxxxxxxx

Terry Hayes wrote:
> 
> Patrick.Patterson@sita.int <mailto:Patrick.Patterson@sita.int> wrote:
> 
> > It's my reading of
> > the various standards that the Certificate Policy field should contain the OID
> > for the Certificate Policy under which that particular Certificate was issued -
> > and within that document, there would be the application limitation as specified
> > in section 1.4 of the Certificate Policy RFC.
> 
> This seems to be the dominant interpretation of the Certificate Policies
> extension.  However, as I said before, this does not provide a standard
> OID value that can built into mass-market applications and used to check
> the intended use.

Yes.

> Maybe what is needed is a very basic Certificate Policy document with a
> corresponding OID, that spells out the (small number) of requirements
> for issuing highly interoperable SSL or S/MIME certificates.

No. This would be messing with policies.

Ciao, Michael.

References:
- Re: Extended Key Usage and path validation
  - From: Patrick.Patterson
- Re: Extended Key Usage and path validation
  - From: Terry Hayes

Prev by Date: Re: X509 ACs - Too late, too little
Next by Date: AC Scenarios
Previous by thread: Re: Extended Key Usage and path validation
Next by thread: Re: Extended Key Usage and path validation
Index(es):
- Date
- Thread