Copy and paste error: Amend that diagram: <cert b> Issuer : Issuer B Subject: This Responder Extended Key Usage: OCSP-Signing </cert b>
On Thu, 2002-03-28 at 13:16, Rick Ziegler wrote: > One example where multiple certification is needed is an OCSP responder > that responds for multiple CAs, and whose relying parties expect > responses to indicate that the CA has delegated the authority to that > responder. > > Because an OCSP response may only be signed by a single key, a response > that includes information from multiple CAs must be signed by a key > certified by each of those CAs. See the crude diagram below: > > <OCSP request> > Issuer A, Serial 1? > Issuer B, Serial 5? > </OCSP request> > > <OCSP Response> > Issuer A, Serial 1 : GOOD > Issuer B, Serial 5 : GOOD > /signature/ > <optional certs> > <cert a> > Issuer : Issuer A > Subject: This Responder > Extended Key Usage: OCSP-Signing > </cert a> > <cert b> > Issuer : Issuer A > Subject: This Responder > Extended Key Usage: OCSP-Signing > </cert b> > </optional certs> > > Hope that helps! > > On Thu, 2002-03-28 at 08:40, Chandu wrote: > > Hi, > > > > I have a query regarding the Certificates public key. > > > > Is it possible according to PKI standards to get more than one certificate > > from different CA's for the same public key? > > > > I feel theoritically it is possible. But I do not know how practical it is. > > > > If this is possible can some one give the practical situation of where it > > can be used? If not why it should not be allowed. > > > > I would like to have some comments and feeback on this issue. > > > > Regards > > Suram > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > -- > Richard Ziegler > Software Engineer / ClearCase Administrator > (617) 503-0442 > CertCo, Inc. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Richard Ziegler Release Engineer / ClearCase Administrator (617) 503-0442 CertCo, Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
