[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DPD & DPV requirements

To: Stephen Kent <kent@xxxxxxx>
Subject: RE: DPD & DPV requirements
From: Frank Balluffi <frankb@xxxxxxxxxxxx>
Date: Thu, 11 Jan 2001 20:45:36 -0800
Cc: ietf-pkix@xxxxxxx

Frank Balluffi said:

> >The client should supply some subset of each requested path 
> which must
> >include the least significant certificate and optionally:
> >
> >- one or more intermediate certificates
> >- one or more trusted certificates

Steve Kent said:

> An intermediate cert that is not trusted, but is not the end of a 
> partial path?  Why?  This is getting complicated.

OK. It is difficult for me to imagine a client supplying intermediate
certificates. But requirement 1.1 only supports a single certificate or a
chain:

1.1     A client request can contain a single certificate or a certificate
chain terminating in the "target" certificate, to assist the server in path
construction. 

Would it be valuable for a client to be able to supply the end-entity
certificate and the trusted certificate in the path?

Frank

Follow-Ups:
- RE: DPD & DPV requirements
  - From: Stephen Kent

Prev by Date: RE: DPD & DPV Basics
Next by Date: RE: DPD & DPV requirements - Recursion Issues
Previous by thread: RE: DPD & DPV requirements
Next by thread: RE: DPD & DPV requirements
Index(es):
- Date
- Thread