[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues in LDAP schema IDs

To: Wen-Cheng Wang <wcwang@xxxxxxxxxx>
Subject: Re: Issues in LDAP schema IDs
From: Antonio Lioy <lioy@xxxxxxxxx>
Date: Fri, 18 Jul 2003 09:12:37 +0200
Cc: Michael Ströder <michael@xxxxxxxxxxxx>, David Chadwick <d.w.chadwick@xxxxxxxxxxxxx>, PKIX <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Politecnico di Torino
References: <> <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312


Wen-Cheng Wang wrote:
>

My concern is a CA may support dual key pairs for a single EE. One key pair
is for digital signature usage; the other key pair is for encipherment usage. A
CA
may even support triple key pairs for a single EE if non-repudiation usage is to
be
separated from digital signature usage. Therefore, a CA may issues two or three
certificates to an EE at a time. If the attribute is restricted to be single
valued, how
do these certificates be stored in the directory?

I can confirm that this is actually happening in Italy, where many legal-value CAs are giving to their customers three certs: - one for non-repudiation - one for authentication - one for encryption

So support for multiple certs per each user should be added to the schema.

Cheers,

Antonio Lioy

Follow-Ups:
- Re: Issues in LDAP schema IDs
  - From: David Chadwick
- Re: Issues in LDAP schema IDs
  - From: Michael Ströder

References:
- Issues in LDAP schema IDs
  - From: David Chadwick
- Re: Issues in LDAP schema IDs
  - From: Michael Ströder
- Re: Issues in LDAP schema IDs
  - From: Wen-Cheng Wang

Prev by Date: Re: Issues in LDAP schema IDs
Next by Date: Re: Issues in LDAP schema IDs
Previous by thread: Re: Issues in LDAP schema IDs
Next by thread: Re: Issues in LDAP schema IDs
Index(es):
- Date
- Thread