[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OCSP authorized responder clarification.

To: PKIX-List <ietf-pkix@xxxxxxx>
Subject: OCSP authorized responder clarification.
From: Dr S N Henson <drh@xxxxxxxxxxx>
Date: Mon, 08 Jan 2001 12:33:55 +0000
Organization: S N Henson

In RFC2560 4.2.2.2 the certificate signing an OCSP request is valid if
it:

>    3. Includes a value of id-ad-ocspSigning in an ExtendedKeyUsage
>    extension and is issued by the CA that issued the certificate in
>    question."

A certain CA issues end user certificates signed by an intermediate CA
which is in turn signed by the root CA. 

The responder certificate is signed by the root CA. Does this, as
appears to be the case, mean that the above condition does not apply
because the OCSP reponder certificate is not signed by the intermediate
CA?

Alternatively is the condition satisfied because they both have the same
root CA?

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@xxxxxxxxxxxxxxxxxxxxxxxxxxx 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: drh@xxxxxxxxxxx PGP key: via homepage.

Follow-Ups:
- Re: OCSP authorized responder clarification.
  - From: Rich Salz

Prev by Date: Re: DPD & DPV requirements
Next by Date: A Curious and Interesting Opportunity!!
Previous by thread: Experimental TSA
Next by thread: Re: OCSP authorized responder clarification.
Index(es):
- Date
- Thread