[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ldapv2-schema and CA Certificates

To: WHenry <WHenry@xxxxxxx>
Subject: Re: ldapv2-schema and CA Certificates
From: Dave Horvath <dave@xxxxxxxxxxxxx>
Date: Fri, 14 Aug 1998 08:49:00 -0400
Cc: "'Yuriy Dzambasow'" <ydzambasow@xxxxxxxxxx>, "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>, kpcmwg <kpcm@xxxxxxxxxxxxxxxxxxxxxxxx>
Organization: Chromatix Inc.
References: <>
Sender: owner-ietf-pkix@xxxxxxx

WHenry,

It's not just a DMS issue.  I found two genetically separate pieces of
freeware that were used in various European and NASA(early work for
postal - probably not being used now) initiatives that implemented path
construction.   They both built paths using the cACertificate
attribute.   And the reason they did this, is because of the '88, '93,
and '97  standards.  If you go all the way back to the '88 standard, CAs
were REQUIRED to populate the cACertificate attribute.  Unless you
change the standard by either claiming it's defective or unclear, you
had no choice but to populate that attribute.  It was required! Since
you populated it, it was the logical place to go when building paths.  I
never heard any comments from early prototypers that the standards were
defective.   


Dave H

WHenry wrote:
> 
>  Is this DMS or the new Medium Assurance PKI (i.e. Netscape)? If you're
> referring to DMS my only comment would be: $1billion (and growing)and 10
> years later I guess that's what we paid for. Except, no one outside U.S.
> Govt (i.e. industry) is implementing DMS.
> 
>  Does anyone have any comment on the new Cylink PKI being fielded for the
> U.S. Postal Service? Maybe the functional requirements for USPS are
> different than those supported by PKIX and DMS...?
> 
> > -----Original Message-----
> > From: Yuriy Dzambasow [SMTP:ydzambasow@spyrus.com]
> > Sent: Thursday, August 13, 1998 2:06 PM
> > To:   Stephen Kent; WHenry
> > Cc:   ietf-pkix@imc.org
> > Subject:      RE: ldapv2-schema and CA Certificates
> >
> > In addition, there is currently over 100 CA workstations deployed today
> > within the DoD (all under one common Root), with more planned for
> > fielding.
> > This is a very real, fully operational, deployed base of CAs.
> >
> > Yuriy
> >
> > -----Original Message-----
> > From: owner-ietf-pkix@imc.org [mailto:owner-ietf-pkix@imc.org] On Behalf
> > Of
> > Stephen Kent
> > Sent: Thursday, August 13, 1998 12:46 PM
> > To:   WHenry
> > Cc:   'ietf-pkix@imc.org'
> > Subject:      RE: ldapv2-schema and CA Certificates
> >
> > The first large scale U.S Gov PKI was established in the mid-80s and
> > served
> > about 500,000 secure telephone users, both in gov jobs and in the gov
> > contractor sector.
> >
> > Steve
> >
> >

-- 
               ================================================

      _/_/_/                   David J. Horvath
   _/      _/                  
  _/       _/                  Chromatix, Inc. 
 _/           _/  _/           10451 Twin Rivers Road, Suite 265
_/            _/_/             Columbia, MD 21044
 _/     _/   _/_/  Phone:  (301) 596-8466  |  http://www.chromatix.com
  _/_/_/   _/   _/ Fax:    (410) 997-4306  |  dave@chromatix.com

References:
- RE: ldapv2-schema and CA Certificates
  - From: WHenry

Prev by Date: RE: FW: ldapv2-schema and CA Certificates
Next by Date: Question about WebCAP
Previous by thread: RE: ldapv2-schema and CA Certificates
Next by thread: Re: ldapv2-schema and CA Certificates
Index(es):
- Date
- Thread