ietf-smime
[Top] [All Lists]

RE: Corporate Key mechanism

1998-01-23 15:51:01
Blake,

I respectfully disagree that the proposed "corporate key" extension in the
user's cert should have the capability to contain the entire "corporate key"
cert because this would be extremely inefficient.  I believe that the
extension only needs to identify the "corporate key" cert (Issuer
GeneralNames and SerialNumber).  There are many ways that the "corporate
key" cert can be distributed such as: CMS SignedData certificates field, CMS
EnvelopedData originatorInfo field, LDAP, X.500, HTTP, etc.  Once the app
has obtained the "corporate key" cert, then it will probably want to store
only a single copy of the "corporate key" cert in its local database of
certs.  If the entire "corporate key" cert was stored in every user's cert,
then the app would have many redundant copies of the cert in its database
(within each user's cert).

Have a Great Weekend!
John Pawling  


<Prev in Thread] Current Thread [Next in Thread>