[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: End-Entity Certificate Policies

To: ietf-pkix@xxxxxxx
Subject: RE: End-Entity Certificate Policies
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Fri, 3 Sep 1999 10:28:06 -0400 (EDT)
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

Isn't the extended key usage extension present for precisely the purpose
of containing "applicability label" OIDs?



> From: david.solo@citicorp.com
> 
> Just adding my voice to the chorus - I'd strongly object to limiting EE certs 
> to a single policy OID.  One of the planned deployment models uses policy OIDs 
> as applicability labels (OK for email; OK for transactions; Ok for intranet 
> access; OK for online banking; etc.)  These policy OIDs may well be 
> standardized across multiple issuers/organizations.  Thus, a given cert may 
> well have multiple such OIDs present (loosely like having multiple card 
network 
> logos on the back of your ATM/credit card) if approved for multiple purposes.  
> This model also makes RP configuration much simpler.

Prev by Date: Re: Deprecate the NR bit?
Next by Date: RE: End-Entity Certificate Policies
Previous by thread: Re: End-Entity Certificate Policies
Next by thread: RE: End-Entity Certificate Policies
Index(es):
- Date
- Thread