[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: registration authorities

To: David Chadwick <d.w.chadwick@xxxxxxxxxxxxx>
Subject: Re: registration authorities
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 30 Dec 2004 09:53:57 -0500
Cc: gonzalezcarlos@xxxxxxxxxxx, ietf-pkix@xxxxxxx
In-reply-to: <41D40F94.5050302@salford.ac.uk>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <41D40F94.5050302@salford.ac.uk>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 2:24 PM +0000 12/30/04, David Chadwick wrote:

Steve

a CA is a Certification Authority, and not necessarily a Registration Authority. Conceptually and operationally they are different and therefore there should always be an allowance for this.

regards

David

David,

I certainly agree with the distinction, but other than in the context of qualified certs, X.509 does not make explicit provision for inclusion of RA info, probably since it is not used in the cert validation process.

Peter Sylvester noted shortly after my message, a CA is certainly free to out an RA name in a cert, bnut I assumed he meant that one could include the qc extension and put the RA name in it. In that case the cert looks like a QC cert, syntactically, hence my comment.

Steve

References:
- registration authorities
  - From: Carlos González-Cadenas
- Re: registration authorities
  - From: Stephen Kent
- Re: registration authorities
  - From: David Chadwick

Prev by Date: Re: registration authorities
Next by Date: Re: registration authorities
Previous by thread: Re: registration authorities
Next by thread: Re: registration authorities
Index(es):
- Date
- Thread