[Top] [All Lists]

RE: Recommendation on subject matching rules needed..

2003-03-18 05:37:06

Sounds good, but I suppose we still need to select the keys somehow 
(using the certs) through the CryptoAPI CSP and RSA CrypTokI 
so that the applications are satisfied.

It looks like you've been painted into a corner by the 
selection of software you have to use.  The solution using 
other software is fairly simple, but if you're stuck with 
using CryptoAPI and have various other constraints I don't 
really know what you could do, sorry.  I guess saying "Don't 
do that then" isn't much help :-).

Yep. Although I don't know of any other non-proprietary
crypto-interfaces that have "widespread" application support so I don't
really see another way around the problem other than put pressure on the
application vendors.

And putting this pressure would be greatly helped by you guys at IETF
PKIX & SMIME if you would draft up a paper about the subject. It could
be part of SMIME specs but I would like to see it a part of PKIX specs,
since the same issue is present when building certification paths during
certificate verification process, as well as when making the call wether
to trust the presented CA certificate or not..