On Feb 17, 2005, at 1:35 PM, Tony Capel wrote:
The logic of putting the encryption capabilities in the encryption
public key
certificate (and NOT the signing public key certificate) - !I think! -
is
straightforward. My problem is with the capabilities that relate to
signing,
should they be in the signing public key certificate? And for
capabilities
relevant for both, should they be in both certs or only one - and
which one?
Maybe something like:
I'm having a problem with the notion of capabilities that relate to
signing.
These would be capabilities that I have and someone else needs to know
about before they can send me a signed message, right? How is the
distribution bootstrapped? I send them to him in a signed message?
But what if he has the same problem and needs to inform me about his
capabilities before I can sign that message?
Eric Norman
University of Wisconsin -- DoIT