[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Extended Key Usage and path validation

To: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Subject: Re: Extended Key Usage and path validation
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 16 Nov 2000 14:04:43 -0500
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
References: <>

David,

I agree with Patrick Patterson and Michael Ströder that using the
Certificate Policies extension to control usage of the EE key
"messes with" the CP extension.  The policy under which certificates
are issued seems tenuously related, if not completely unrelated,
to the applications which make use of the certificates.

There may be examples where the two are aligned. For example, in the S-BGP context, we anticipate defining a CP that clearly restricts the certs issued by registries to be used for S-BGP, as a means of limiting liability. But, I won't claim that this is a common case.

Steve

References:
- Re: Extended Key Usage and path validation
  - From: David P. Kemp

Prev by Date: Re: Should PKIX protocols support XML well?
Next by Date: Re: Should PKIX protocols support XML well?
Previous by thread: Re: Extended Key Usage and CP extensions (path validation)
Next by thread: Re: Extended Key Usage and path validation
Index(es):
- Date
- Thread