And here is the cross posing from the RACF list as promised: QUOTE: This is a foil that I presented in SHARE and Vanguard. People think this helps them to clear things out. Would it help you?
Given: ? CA1 is the CA cert which signed the server cert S ? CA2 is the CA cert which signed the client cert C ? Ring X is the server?s key ring, ring Y is the client?s key ring Question: What cert(s) needed in ring X? in ring Y? ? For Server authentication Ring X: CA1, S Ring Y: CA1 ? For Client authentication (implies server authentication too) Ring X: CA1, S, CA2 Ring Y: CA2, C, CA1 Further thinking: Would it be simpler (for which case?) if both the server and client certs were signed by the same CA cert, say CA1? How do the rings look like? Regards, Wai Wai Choi - RACF Development Tie-line:295-7623 External: (845)435-7623 Internet: [EMAIL PROTECTED] END QUOTE. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html