[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verifying certificate chains with different policies

To: Dean Povey <povey@xxxxxxxxxxx>
Subject: Re: Verifying certificate chains with different policies
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Mon, 18 Jan 1999 17:04:20 +0100
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Bull
References: <>
Sender: owner-ietf-pkix@xxxxxxx

Dean,

Let me add an important point to the problem you raised:

> However when processing Certificate paths, you simply input a list of
> acceptable policies and each certificate in the path must support one
> of those policies (or an equivalent policy).

Another parameter has to be taken into consideration: the naming constraints
as well. They may be even more important than the policies.

Regards,

Denis


> --
> Dean Povey,         | e-m: povey@dstc.edu.au     | Cryptozilla:
> Research Scientist  | ph:  +61 7 3864 5120       |  www.cryptozilla.org/
> Security Unit, DSTC | fax: +61 7 3864 1282       | Oscar - PKI Toolkit:
> Brisbane, Australia | www: security.dstc.edu.au/ |  oscar.dstc.qut.edu.au/
>
>

References:
- Verifying certificate chains with different policies
  - From: Dean Povey

Prev by Date: Verifying certificate chains with different policies
Next by Date: Re: Verifying certificate chains with different policies
Previous by thread: Verifying certificate chains with different policies
Next by thread: RE: Verifying certificate chains with different policies
Index(es):
- Date
- Thread