ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

escertid-06: question when multiple certificates are present

2007-05-04 06:15:10
from [Julien Stern] [Permanent Link] 

Folks,

in the suggested change to ESS (draft-ietf-smime-escertid-06.txt),
(as well as in the current RFC2634 actually), it is said:

"If more than one certificate is present, subsequent certificates limit
the set of certificates that are used during validation. Certificates
can be either attribute certificates (limiting authorizations) or public
key certificates (limiting path validation)."

Is this set of certificates limiting:

1) Only the "primary" path from the EE certificate to the Trust Anchor.

or 

2) All the certificates used in the validation (including possibly
OCSP responder certificates, Indirect CRL issuers, etc).


--
Julien
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • escertid-06: question when multiple certificates are present, Julien Stern <=
Previous by Date:  RE: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt, Jim Schaad
Next by Date:  Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt, Peter Sylvester
Previous by Thread:  Re: I-D ACTION:draft-ietf-smime-cms-auth-enveloped-03.txt, Peter Sylvester
Next by Thread:  Last Call: draft-housley-smime-suite-b (Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)) to Informational RFC, The IESG
Indexes:  [Date] [Thread] [Top] [All Lists]