[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about Part 1...

To: marcnarc@xxxxxxxxx
Subject: Re: Question about Part 1...
From: Brian Korver <briank@xxxxxxxxxx>
Date: Thu, 25 Sep 1997 15:09:21 -0700 (PDT)
Cc: ietf-pkix@xxxxxxxxxx
In-reply-to: <> from "Marc Branchaud" at Sep 25, 97 02:30:59 pm

Marc Branchaud writes:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> 4.2.1.1 Authority Key Identifier
> 
> Does the authorityCertIssuer field indicate the CA that signed the
> certificate, or the CA that issued a certificate for the CA that signed
> the certificate (i.e. the CA's parent CA)?

The later.  For instance, here's a 3-level cert hierarchy (with a self-signed
root):

    Serial:   1
    Issuer:   Root CA
    Subject:  Root CA
    
    Serial:   2
    Issuer:   Root CA
    Subject:  UnderRoot CA
    AuthorityCertIssuer:  Root CA
    AuthorityCertSerial:  1

    Serial:   3
    Issuer:   UnderRoot CA
    Subject:  EndEntity
    AuthorityCertIssuer:  Root CA
    AuthorityCertSerial:  2

brian
briank@terisa.com

Follow-Ups:
- Re: Question about Part 1...
  - From: Marc Branchaud

References:
- Question about Part 1...
  - From: Marc Branchaud

Prev by Date: Question about Part 1...
Next by Date: Re: Question about Part 1...
Previous by thread: Question about Part 1...
Next by thread: Re: Question about Part 1...
Index(es):
- Date
- Thread