[EMAIL PROTECTED] writes:
Your certificate definition says additionalRecipients, mine says
additionalSubjects, Fred-over-there's says coKeyOwners. The OIDs for
these extensions end up all different. A human may be able to parse the
intent from the ASN.1 it but email programs will have difficulty.
[EMAIL PROTECTED] writes:
2 centsIn the business cases pointed out where it is good that the multiple
parties hold the private key, I feel the certificate should indicate that
there are multiple parties so that Bob can realize he is having authenticated
and private communications with Alice _and_
Anne Lynn Wheeler [EMAIL PROTECTED] write:
the assertion here is possible threat model confusion when the same exact
technology is used for two significantly different business purposes.
I don't think there's any confusion about the threat model, which is Users
find it too difficult to generate
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes:
Peter, are you talking about generic CAs or in-corporation ones?
Both. Typically what happens is that the CA generates the key and cert and
mails it to the user as a PKCS #12 file, either in plaintext, with the
password in the same email,
Peter Gutmann wrote:
A depressing number of CAs generate the private key themselves and mail out to
the client. This is another type of PoP, the CA knows the client has the
private key because they've generated it for them.
It's also cost-effective. The CA model as presented
is too expensive.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter Gutmann
Sent: Saturday, July 24, 2004 9:07 PM
[SNIP]
A depressing number of CAs generate the private key
themselves and mail out to the client.
Replies to this talked about business cases to have control of the
private
At 07:07 PM 7/24/2004, Peter Gutmann wrote:
A depressing number of CAs generate the private key themselves and mail out to
the client. This is another type of PoP, the CA knows the client has the
private key because they've generated it for them.
one could claim that there might be two possible
In message [EMAIL PROTECTED] on Sun, 25 Jul 2004 13:41:56 -0600, Anne Lynn Wheeler
[EMAIL PROTECTED] said:
lynn At 07:07 PM 7/24/2004, Peter Gutmann wrote:
lynn A depressing number of CAs generate the private key themselves
lynn and mail out to the client. This is another type of PoP, the
lynn
At 02:00 PM 7/26/2004, Richard Levitte - VMS Whacker wrote:
That's all and well, but I can't see why that would be interesting to
a generic, third-party CA. If you're talking about a CA within the
same corporation, then I can understand, since they usually (as far as
I can guess) work from a
Sean W. Smith [EMAIL PROTECTED] writes:
I would have thought that de facto standard approach is: the client
constructs the certificate request message, which contains things like the
public key and identifying info, and signs it. The CA then checks the
signature against the public key in the
10 matches
Mail list logo
