[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: XKMS

To: "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>, "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
Subject: RE: XKMS
From: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
Date: Fri, 30 Nov 2001 10:20:11 -0800
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

XKMS makes no distinction, but an XKMS service provider may choose to do so.

> The only problem is the matter of transitive trust, since 
> when transposing
> one protocol into another, all the security (in particular the digital
> signature) is lost at the gateway.

That is not the case at all. There is a change in the security parameters,
but to claim that the change in the signing party means that 'all the
security'
is lost is untrue hyperbole. One aspect of the security context is
discarded,
that does not mean it is 'lost'.

If you want the cert chain, XKMS does allow you to request it.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@xxxxxxxxxxxx
781 245 6996 x227

Attachment: Phillip Hallam-Baker (E-mail).vcf
Description: Binary data

Prev by Date: Re: XKMS
Next by Date: Re: XKMS
Previous by thread: Re: XKMS
Next by thread: RE: XKMS
Index(es):
- Date
- Thread