[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: x.509 v3 Certificates and Compatbility

To: Stefan Santesson <stefan@xxxxxxxxxxx>
Subject: Re: x.509 v3 Certificates and Compatbility
From: Patrik Nilsson <patrik@xxxxxxxxxx>
Date: Wed, 19 Aug 1998 12:21:20 +0200
Cc: ietf-pkix@xxxxxxx, cert-talk@xxxxxxxxxxxxxxxxxx
In-reply-to: <>
Sender: owner-ietf-pkix@xxxxxxx

At 09:58 AM 98-08-19  Stefan Santesson wrote:
>My concern is mainly. How do the certificate holder select the appropriate
>certificate.
>Suppose that the entity has two certificates with the same key usage. One
>anonymous for his www.sex.com and one digital ID certificate for banking
>applications over the internet. In both cases the applications is run over
>http. 
>
>Will there be any suitable mechanisms that selects the appropriate
>certificate. Is there any actions that can be taken by the server to help
>the client to select the appropriate certificate or will the entity be
>forced to select by him self?

In SSL3 (http://home.netscape.com/eng/ssl3/3-SPEC.HTM#7-6-4) and TLS, the
server may request a certificate issued by a specific CA (Issuer DN), or a
list of CA:s, from the client software.
If you have two different certificates issued by the same CA, there's no
option to request anything more specific than Issuer DN though, so the
client user will have to choose manually.
Also - I think that only a few of the current SSL 3 clients and servers
support this functionality.

Patrik
----------------------------------------------------------------------
 Patrik Nilsson   |  "Reality is not optional"  |  +46 (0)708 452 859
----------------------------------------------------------------------

References:
- Re: x.509 v3 Certificates and Compatbility
  - From: Stefan Santesson

Prev by Date: Re: German Key Usage
Next by Date: Re: block padding formats
Previous by thread: Re: x.509 v3 Certificates and Compatbility
Next by thread: Re: x.509 v3 Certificates and Compatbility
Index(es):
- Date
- Thread