[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verifying certificate chains with different policies

To: Dean Povey <povey@xxxxxxxxxxx>
Subject: Re: Verifying certificate chains with different policies
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 19 Jan 1999 14:28:30 -0500
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Dean,

I think that one should keep the notion of accrediation of CAs (relative to
some criteria) very separate from PKI topology for validation of
certificate paths.  CAs can express the policies that they follow via
appropriate extensions, and the accrediation authorities can then attest to
the fact that the CAs in question do follow these policies.  The
attestation can take many forms, including attribute certificates, online
queries, etc.

Steve

Follow-Ups:
- Re: Verifying certificate chains with different policies
  - From: Dean Povey

References:
- Verifying certificate chains with different policies
  - From: Dean Povey

Prev by Date: RE: Verifying certificate chains with different policies
Next by Date: Re: Verifying certificate chains with different policies
Previous by thread: RE: Verifying certificate chains with different policies
Next by thread: Re: Verifying certificate chains with different policies
Index(es):
- Date
- Thread