[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-certpathbuild-00.txt

To: "Masaki SHIMAOKA" <shimaoka@xxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: Re: I-D ACTION:draft-ietf-pkix-certpathbuild-00.txt
From: "Wen-Cheng Wang" <wcwang@xxxxxxxxxx>
Date: Fri, 25 Jul 2003 17:45:35 +0800
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> 
> 1. path building over http
> 
[snip]
> IMHO, path building over http may be achieved using cAIssuers
> accessMethod in AIA extension, but it only describes single path like
> strict hierarchy.
Not exactly so, if we let caIssuers accessMethod be a HTTP URI points
to a PKCS#7 wrapped certificate list which contains all cross-certificates
issued to the issuer of the nominated certificate, there is no problem to
traverse the whole cross-certification network. However, AIA-assisted
path building only supports forward direction (I mean "from the target
certificate to a trusted root" as defined by the draft.).

-----
Wen-Cheng Wang
Project Researcher
Telecommunication Laboratories
Chunghwa Telecom Co., Ltd

References:
- I-D ACTION:draft-ietf-pkix-certpathbuild-00.txt
  - From: Internet-Drafts
- Re: I-D ACTION:draft-ietf-pkix-certpathbuild-00.txt
  - From: Masaki SHIMAOKA

Prev by Date: Re: Why is privateKeyUsagePeriod deprecated?
Next by Date: RE: Microsoft and multi-valued RDNs (was: draft minutes)
Previous by thread: Re: I-D ACTION:draft-ietf-pkix-certpathbuild-00.txt
Next by thread: RE: I-D ACTION:draft-ietf-pkix-certpathbuild-00.txt
Index(es):
- Date
- Thread