[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CA vs. EE cert processing

To: Stephen Kent <kent@xxxxxxxxxxx>
Subject: Re: CA vs. EE cert processing
From: Moshe Litvin <moshe@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 15 Apr 1999 09:23:58 +0300
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-ietf-pkix@xxxxxxx

Stephen Kent wrote:

<snip>

> As David pointed out, this analysis focuses on the wrong cert.  The problem
> is NOT for EE certs, but for CA certs. We need to determine if a cert is or
> is not a CA cert when we encounter it along a path prior to the terminal
> cert.

<snip>

Steve,

The problem is determining weather a certificate is eligible to be in a
certificate path prior to the terminal cert. That is, is it an EE certificate or a
CA certificate. And the problem is what to do if the certificate doesn't contain
the basicConstraints extension.

Moshe

begin:vcard 
n:Litvin;Moshe
tel;fax:+972 3 5759256
tel;work:+972 3 7534601
x-mozilla-html:TRUE
org:Check Point Software Technologies Ltd.
adr:;;;;;;
version:2.1
email;internet:moshe@CheckPoint.com
fn:Moshe Litvin
end:vcard

References:
- Re: CA vs. EE cert processing
  - From: Stephen Kent
- Re: CA vs. EE cert processing
  - From: Stephen Kent
- Re: CA vs. EE cert processing
  - From: Stephen Kent

Prev by Date: Re: Time-Stamp: Why not use several hashes?
Next by Date: Re: New proposed solution to the QC biometric issue
Previous by thread: Re: CA vs. EE cert processing
Next by thread: Re: CA vs. EE cert processing
Index(es):
- Date
- Thread