[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: x.509 v3 Certificates and Compatbility

To: "Simonetti David" <simonetti_david@xxxxxxx>
Subject: Re: x.509 v3 Certificates and Compatbility
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Wed, 19 Aug 1998 17:51:52 +0200
Cc: ietf-pkix@xxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

Good point Dave.

This is very true for relying parties when verifying signatures.

And yes indeed, it would be very wise to use certificate policy OID
as a selecting mechanism for clients.

But is this feasible for the clients? Is there any standard mechanisms
to select certificates by policy? And even more important, is there
any way for the server to communicate to the client application
that a certificate with a particular policy should be used in the
service?

I'm talking about standard components for http here.

/Stefan

At 09:40 AM 8/19/98 -0400, Simonetti David wrote:
>Stefan,
>
>I would recommend use of the Certificate Policies extension to further
>assist in selecting appropriate certificates.  A critical Certificate
>Policies extension should ensure that the certificate is used only for
>the purpose for which it is intended.
>
>Dave S.
>

-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB     
Lotsgatan 27 D                  Tel. +46-40 152211              
216 42  Malmö                   Fax. +46-40 150790              
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Prev by Date: PKIX LDAPv3 Schema questions
Next by Date: Re: PKIX LDAPv3 Schema questions
Previous by thread: Re: x.509 v3 Certificates and Compatbility
Next by thread: RE: German Key Usage - errata
Index(es):
- Date
- Thread