[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Questions on Authority/Subject Key Identifiers

To: kent@xxxxxxx, pgut001@xxxxxxxxxxxxxxxxx
Subject: Re: Questions on Authority/Subject Key Identifiers
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Sun, 29 Sep 2002 17:52:22 +1200 (NZST)
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Stephen Kent <kent@xxxxxxx> writes:

>The real world issue you describe calls for re-issuance of certs; it does not
>justify violating the standards.

In *theory* it calls for the re-issuance of certs.  I can quite easily see
that the practical approach would be to chain by sKID, and obviously enough
people agree with this that they persuaded MS to change the behaviour of their
code to allow it (the issue you're referring to was a bug, not a deliberate
design decision like sKID chaining).

Peter.

Follow-Ups:
- Re: Questions on Authority/Subject Key Identifiers
  - From: Stephen Kent

Prev by Date: Re: Withdrawl of Proxy Cert Profile draft from PKIX
Next by Date: Re: I-D ACTION:draft-ietf-pkix-usergroup-01.txt
Previous by thread: Re: Questions on Authority/Subject Key Identifiers
Next by thread: Re: Questions on Authority/Subject Key Identifiers
Index(es):
- Date
- Thread