[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Too limiting: One subject type/CA?

To: <ietf-pkix@xxxxxxx>
Subject: Too limiting: One subject type/CA?
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Wed, 5 Dec 2001 19:36:25 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

List,
I'm plotting with a scheme that would benefit a *lot* if CAs restricted
issuance to various subjects (e-mail certs, ID-card-like certs, web-server
certs etc.) to one subject type (and CPS) per CA-cert/key.  It *seems* that
this is the case for most (all?) commercial vendors but I would like to
know if anybody has other input on this.

Actually it becomes very akward for any RP scheme, after accepting
a certain CA, not be able to *easy* figure out if the EE-cert is an identity
certificate or server ditto.   To read and interpret various non-standard
(de-facto-wise rather than w.r.t. PKIX) extensons is not an option if
we are talking open PKI.

Anders

Prev by Date: Re: Names in Proxy Certificate
Next by Date: PKIX meeting agenda for Salt Lake City
Previous by thread: Review Comments: draft-ietf-sacred-protocol-bss-00.txt
Next by thread: PKIX meeting agenda for Salt Lake City
Index(es):
- Date
- Thread