[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate policy question

To: levitte@xxxxx, pgut001@xxxxxxxxxxxxxxxxx
Subject: Re: Certificate policy question
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Thu, 12 Dec 2002 14:36:50 +1300
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Richard Levitte - VMS Whacker <levitte@xxxxx> writes:

>What kind of certificate are we talking about, an EE certificate or a CA one?

It's an EE cert.

>If I assume a somewhat bastardous attitude, I'd say such a certificate
>invalidates the whole path, IF you end up having those clashing policies in
>your state at the end of path construction/validation.

I have yet to find anything [0] which even notices the two conflicting
policies (there are two different policy OIDs and two pointers to different
CPSes), thus my comment that while standard practice appears to be to totally
ignore policies, I really feel that I should be doing something about it, I'm
just not sure what.

Peter.

[0] At least in the set of generally-used, publicly-available PKI software,
    there are probably commercial/proprietary products around which get it
    right.

Prev by Date: RE: Certificate policy question
Next by Date: RE: Certificate policy question
Previous by thread: RE: Certificate policy question
Next by thread: RE: Certificate policy question
Index(es):
- Date
- Thread