Hi Dennis, On Sat, Sep 06, 2008 at 08:40:59AM -0700, Dennis Glatting wrote: > > Is [SUB_CA_2] the successor of [SUB_CA_1], i.e. do they only differ > > in validity (and possibly key)? > > > No. Each SUB_CA is an semi-independent business unit (subsidiary) tied > together by the root so that devices and traveling employees can be > linked together by the root.
Hmmm, then I guess you will need a PKI realm for each entry in your diagram - PKI realms group together CAs that are successors of each other. Cheers, Alex -- Dipl.-Math. Alexander Klink | IT-Security Engineer | [EMAIL PROTECTED] mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de ----------------------------+----------------------+--------------------- HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer: Bad Homburg v. d. Höhe | | Martin Bartosch
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
