[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SCVP 16 comments deadline

To: Peter.Sylvester@xxxxxxxxxx, trevorf@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: SCVP 16 comments deadline
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Fri, 10 Dec 2004 14:01:58 +0100 (MET)
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> * 
> * 
> * Does this means that the validate Algorithm is cert specific and not
> * request specific?
> [TF] The request specifies a policy, which in tern references an
> algorithm. The policy applies globally to the request. There is no
> relationship between the certificate and the algorithm.
> Trevor
>

I agree that it seems sufficient for one request to have the same
*algorithm(s)* performed for all the certs, but the only examples defined
contain a *parameter* which is specific to each cert, i.e. an identity/name
that has to be matched with the content of a cert, thus currently the
usage of this 'extension' features limits the requests to one cert only.

For requests concerning SSL servers, IPsec auths, *one signature*, one
cert will be present in the request, a case for multiple requests *may* 
be certs for encryption. It may be sufficient to allow multiple names
for e-mail protection certs in the existing parameter, and a rule saying
that names must be present.

Prev by Date: RE: SCVP 16 comments deadline
Next by Date: Proposed Changes to RFC 3280
Previous by thread: RE: SCVP 16 comments deadline
Next by thread: RE: SCVP 16 comments deadline
Index(es):
- Date
- Thread