[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Recommendation on subject matching rules needed..
> >Sounds good, but I suppose we still need to select the keys somehow
> >(using the certs) through the CryptoAPI CSP and RSA CrypTokI
> interface,
> >so that the applications are satisfied.
>
> It looks like you've been painted into a corner by the
> selection of software you have to use. The solution using
> other software is fairly simple, but if you're stuck with
> using CryptoAPI and have various other constraints I don't
> really know what you could do, sorry. I guess saying "Don't
> do that then" isn't much help :-).
Yep. Although I don't know of any other non-proprietary
crypto-interfaces that have "widespread" application support so I don't
really see another way around the problem other than put pressure on the
application vendors.
And putting this pressure would be greatly helped by you guys at IETF
PKIX & SMIME if you would draft up a paper about the subject. It could
be part of SMIME specs but I would like to see it a part of PKIX specs,
since the same issue is present when building certification paths during
certificate verification process, as well as when making the call wether
to trust the presented CA certificate or not..
Saku.