[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Verifying certificate chains with different policies

To: "Dean Povey" <povey@xxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: Verifying certificate chains with different policies
From: "Dwight Arthur" <darthur@xxxxxxxxxxx>
Date: Wed, 20 Jan 1999 08:34:07 -0500
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Dean, you may benefit from reading the document at
http://internetcouncil.nacha.org/CARAT/CARAT921.pdf

In the approach advocated by CARAT, your RA the Policy Authority. The Policy
that it adopts covers the obligations and responsibilities of all of the
other parties. Specific contracts may be derived from the policy for
specific types of parties but all are tied to the policy by contract.

Using this approach, instead of multiple policies you have a single policy,
but a need bind each party to one of the various roles within the policy.
Specifying roles within an X.509v3 PKI is not altogether straightforward but
it's closer to the mainstream than trying to enforce a defined hierarchy of
policies.
------------------------------------------------
p:(212) 412-8687                   Dwight Arthur
f:(212) 908-2345      Managing Director: Systems
b:(917) 646-6682    National Securities Clearing
darthur@bigfoot.com              55 Water Street
http://www.nscc.com      New York, NY 10041-0082

References:
- Verifying certificate chains with different policies
  - From: Dean Povey

Prev by Date: NSPW 1999 Call For Papers
Next by Date: Re: Verifying certificate chains with different policies
Previous by thread: Re: Verifying certificate chains with different policies
Next by thread: Re: Verifying certificate chains with different policies
Index(es):
- Date
- Thread