[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CA vs. EE cert processing

To: ietf-pkix@xxxxxxx
Subject: RE: CA vs. EE cert processing
From: Russ Housley <housley@xxxxxxxxxx>
Date: Thu, 15 Apr 1999 14:32:32 -0400
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxx

I have kept quiet on this thread.  I cannot hold it in any longer.

RFC 2459 has no ambiguity in this area.  If basicConstraints is present,
then the cA boolean tells whether the certificate belongs to a CA or an EE.
 If basicConstraints is absent, then the certificate belongs to an EE.  Period.

If an implementor wishes to support other profiles in addition to RFC 2459,
then the logic may be more complex.  Fine.  This was a market choice made
by the implementor.

I do not think that RFC 2459 should be altered to make support for multiple
profiles easier.

Russ

Follow-Ups:
- Re: CA vs. EE cert processing
  - From: Moshe Litvin

References:
- RE: CA vs. EE cert processing
  - From: Alan Lloyd
- RE: CA vs. EE cert processing
  - From: Stephen Kent

Prev by Date: Re: New proposed solution to the QC biometric issue
Next by Date: Re: New proposed solution to the QC biometric issue
Previous by thread: RE: CA vs. EE cert processing
Next by thread: Re: CA vs. EE cert processing
Index(es):
- Date
- Thread