[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: x.509 v3 Certificates and Compatbility
Okay, I understand your response saying that its really not feasible
to have one all governing CA worldwide.
Let's narrow the scope down. Within a corporation they have their own
CA that issues a certificate to all of its' employees. Using the
different extensions shouldn't they be able to use their one
certificate for everything within their domain (web, S/Mime, VPN, etc.)?
Brad
---Mike Smith <mfsmith@zionsbank.com> wrote:
>
> Domains of trust. If your single cert came from a single source
that EVERYONE (worldwide) trusted (and who indemnified ALL who relied
on the certs they issued and that their authentication practices met
or exceeded those in other domains of trust) and they issued all the
rights to you at once, then, maybe that single cert could be
practical. However, I'm still not sure I would trust it for anything
other than issuing a cert to you to do business from me.
>
> michael
> >>> brad h <bradh_1998@yahoo.com> 08/13 2:46 PM >>>
> I have a question that the group might be able to help me out with.
> I've been researching this question but have not yet been able to come
> up with an answer.
>
> I was wondering why a person would have to have more than one x.509 v3
> certificate? From what I understand they should all be
inter-operable.
>
> If you have a x.509 v3 cert shouldn't you be able to add extensions
> for each type of device/solution that you're trying to access (ex.
> SSL, S/Mime, VPN, PKI, etc.)?
>
> Brad
>
>
>
>
>
> _________________________________________________________
> DO YOU YAHOO!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com