Re: Certificate policy question

[Richard Levitte - VMS Whacker <levitte@xxxxx>]

In message <BFEMKEKPCAINGFNEOGMEOEFCCBAA.ambarish@xxxxxxxxxxx> on Thu, 12 Dec 2002 09:42:32 -0800, "Ambarish Malpani" <ambarish@xxxxxxxxxxx> said:

ambarish>     You might want to regard the certificate as being compatible
ambarish> with *both* the policies specified. If either of the policies
ambarish> is acceptable for your needs (and you can create a valid path),
ambarish> feel free to accept the certificate. That is the best you can
ambarish> do as certificate processing software.
ambarish> 
ambarish> If the CA should not have issued a cert with both policies (because
ambarish> they a incompatible, etc.), that is a problem you should let the CA
ambarish> deal with.

As I understand Peter, the two policies weren't compatible.  So OK,
the way to deal with it would then be to speak with the CA in
question, and then set them up in my own software as untrusted, at
least until they've dealt with the situation and reissued the
offending certificate.

After all, this is about trust, and I can't see how I can trust
anything from a CA that the kind of certificate I believe Peter is
talking about.

Harsch?  Tough!

-- 
Richard Levitte     | http://richard.levitte.org/ | Spannv. 38, I
Levitte Programming | http://www.lp.se/           | S-168 35 Bromma
T: +46-708-26 53 44 |                             | SWEDEN
     "Price, performance, quality...  choose the two you like"