[Top] [All Lists]

Re: I-D ACTION:draft-ietf-smime-certcapa-02.txt

2005-02-17 13:37:08

On Feb 17, 2005, at 1:35 PM, Tony Capel wrote:

The logic of putting the encryption capabilities in the encryption public key certificate (and NOT the signing public key certificate) - !I think! - is straightforward. My problem is with the capabilities that relate to signing, should they be in the signing public key certificate? And for capabilities relevant for both, should they be in both certs or only one - and which one?
Maybe something like:

I'm having a problem with the notion of capabilities that relate to signing.
These would be capabilities that I have and someone else needs to know
about before they can send me a signed message, right?  How is the
distribution bootstrapped?  I send them to him in a signed message?
But what if he has the same problem and needs to inform me about his
capabilities before I can sign that message?

Eric Norman
University of Wisconsin -- DoIT