[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can we make this kind of certificate?

To: "Jaeho Yoon" <jhyoon@xxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: Re: Can we make this kind of certificate?
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Sun, 07 Mar 2004 16:17:32 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

X.509 certificates do not have the capacity for multiple signatures, one from each of the "issuers."

Russ

At 09:31 AM 3/6/2004 +0900, Jaeho Yoon wrote:

Dear experts,

I have been studying the PKI in various environment. In doing that, I am troubled with the needs of this kind of certificate.

'a certificate issued by multiple CAs'

for example, RFC3280 certificate is Certificate = entity dependent field + CA dependent field + Signature(entity+CA field)

this certificate is Certificate = entity dependent field + [CA1 dependent field + Signature(entity+CA1 field)] + [CA2 dependent field + Signature(entity+CA2 field)] + ...
At first sight, it may have many problems, ex. path related things.
But in some cases, it would be very useful, I think.
Can we make this kind of certificate? I'd like to have your opinion.
It is just my curiosity.
Thanks.

References:
- Can we make this kind of certificate?
  - From: Jaeho Yoon

Prev by Date: Re: Can we make this kind of certificate?
Next by Date: I-D ACTION:draft-ietf-pkix-sonof3039-06.txt
Previous by thread: Re: Can we make this kind of certificate?
Next by thread: I-D ACTION:draft-ietf-pkix-sonof3039-06.txt
Index(es):
- Date
- Thread