[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

basic constraints?

To: ietf-pkix@xxxxxxxxxx
Subject: basic constraints?
From: Tim Dierks <timd@xxxxxxxxxxxxx>
Date: Wed, 25 Jun 1997 03:40:31 -0700

Several questions and comment regading basic constraints:

Q: How do you count the depth of a certification path? Is a simple
single-CA model (self-signed root CA signs leaf cert- now that's a small
tree) a path depth of 0, 1, or 2? (or 7, for all I know). Also, how does
this work for sub-CAs? If I have the following chain:

    Root - CA1 - CA2 - Leaf

What are the minimum valid values for the CA's pathLenConstraint? Also, if
the optional pathLenConstraint is missing, what does this imply? No limit?

C: Basic constraints should probably be mentioned in section 6, Certificate
Path Validation.

Thanks!
 - Tim

Tim Dierks - timd@consensus.com - www.consensus.com
     Software Haruspex - Consensus Development
  Developer of SSL Plus: SSL 3.0 Integration Suite

Follow-Ups:
- Padding in the context of signature algorithms
  - From: Wolfgang Schneider
- Re: basic constraints?
  - From: Nick Pope

Prev by Date: Re: PKIX Part 1 Certificate Policies extension
Next by Date: RE: Authority Revocation List
Previous by thread: PKIX Part 1 Certificate Policies extension
Next by thread: Re: basic constraints?
Index(es):
- Date
- Thread