Re: un-*extended* key usage
1998-02-06 14:06:37
Friends,
I worry that we may end up putting too many constraints on the SMIME
certificate(s)
that are not related to interoperability of the protocol. We originally
specified the
key-usage and name extensions because they really (REALLY) did impact
interoperability.
Almost all of the other useful X.509 extensions effect how the signature or
encrypted/random data is interpreted and/or used. For example, if I, as a
CA, issue certificates that are good for any number of protocols, it is
hard for me to beleive
that SMIME (the protocol) really cares. Think of this in the 'Do I support
delta-CRLs' vain. I hope (pray) that we don't specify the CRL-ing technique
-- it's a CA policy decision. Much like what uses a particular certificate
is good for.
I vote to leave specific recommendations for extended key usage, beyond
what X.509 discusses for criticality and other stuff, out of the spec. If a
particular CA wants
to require extended OIDs in their certiifcates, so be it. But that's one of
those
CA 'policy kind of' things.
Pat
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Key usage. No, wait, *extended* key usage, (continued)
- Re: Key usage. No, wait, *extended* key usage, Tim Dierks
- Re: Key usage. No, wait, *extended* key usage, John Pawling
- Re: Key usage. No, wait, *extended* key usage, David P. Kemp
- Re: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage, Blake Ramsdell
- RE: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage, Blake Ramsdell
- RE: Key usage. No, wait, *extended* key usage, Blake Ramsdell
- Re: Key usage. No, wait, *extended* key usage, David P. Kemp
- Re: un-*extended* key usage,
Pat Cain <=
- RE: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage, Jim Schaad (Exchange)
- RE: Key usage. No, wait, *extended* key usage, John Pawling
- RE: Key usage. No, wait, *extended* key usage, Trevor Freeman
|
Previous by Date: |
RE: Key usage. No, wait, *extended* key usage, John Pawling |
Next by Date: |
OK to send e-mail?, owl |
Previous by Thread: |
Re: Key usage. No, wait, *extended* key usage, David P. Kemp |
Next by Thread: |
RE: Key usage. No, wait, *extended* key usage, John Pawling |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|