[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: NEW Data type for certificate selection ?
Dwight and Stephen,
Thank you Dwight for valuable information.
Just some remarks.
1) I did not focus on a prticular selecting mechanism such as policy OID
over Issuer Name. I'm looking for selective mechanisms that will work
generally in standard products in closed and in open environments.
2) Selection by policy OID is covered by the discussed X.500
certificateMatch rule
3) Thank you for pointing out that Netscape have mechanisms for slecting
certificate by issuer in crypto.signText(). This was new to mee. I will
check this within our projects.
3) My primary concern is how to manage certificate selection by using
standard products. I'm not focusing on whether this is a closed or an open
PKI. In my cases the PKI is closed in most cases but the problem is still
relevant.
/Stefan Santesson
At 12:13 PM 10/11/98 -0400, Stephen Kent wrote:
>Dwight,
>
>Thanks for a good characterization of the underlying assumptions that have
>been driving much of this discussion. I agree completely! In a completely
>open, public PKI model, it's very hard to find the "right" certificate and
>I agree that this sort of PKI model is questionable for many reasons, not
>just in a business context. I'll send you a paper on the topic from last
>fall, separately, that I believe you will find consistent with the views
>articulated in your message.
>
>Steve
>
>
-------------------------------------------------------------------
Stefan Santesson <stefan@accurata.se>
Accurata Systemsäkerhet AB
Lotsgatan 27 D Tel. +46-40 152211
216 42 Malmö Fax. +46-40 150790
Sweden Mobile +46-70 5247799
PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------