[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification request on RFC 2560

To: Dr S N Henson <drh@xxxxxxxxxxx>
Subject: Re: Clarification request on RFC 2560
From: Rich Salz <rsalz@xxxxxxxxxx>
Date: Fri, 14 Sep 2001 10:52:32 -0400
Cc: "Pkix (E-mail)" <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> An OCSP client might assume that only a single certificate corresponds
> to the responder ID and for example just look for the first certificate
> in the certs attribute which matches the reponder ID and verify that.

I think most -- like 99.9999% -- PKI programs are not equipped to handle
cross-certified entities.
	/r$

-- 
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com

Follow-Ups:
- Re: Clarification request on RFC 2560
  - From: David P. Kemp

References:
- RE: Clarification request on RFC 2560
  - From: Ryan Hurst
- Re: Clarification request on RFC 2560
  - From: Dr S N Henson

Prev by Date: Re: Notary systems requirements
Next by Date: CRLs for OCSP
Previous by thread: Re: Clarification request on RFC 2560
Next by thread: Re: Clarification request on RFC 2560
Index(es):
- Date
- Thread