[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: CA strong binds

To: 'Dave Horvath' <David.Horvath@chromatix.com>, Sean Turner <turners@ieca.com>, PKIX <ietf-pkix@imc.org>, Ldapext <ietf-ldapext@netscape.com>
Subject: RE: CA strong binds
From: Santosh Chokhani <chokhani@cygnacom.com>
Date: Tue, 13 Oct 1998 15:06:56 -0400
Resent-date: Tue, 13 Oct 1998 12:08:09 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"gEq-y1.0.Tu6.MKw8s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Dave:

I assume the digital signature bit is required to be turned only if the
key usage extension is marked critical.

> -----Original Message-----
> From:	Dave Horvath [SMTP:David.Horvath@chromatix.com]
> Sent:	Tuesday, October 13, 1998 2:44 PM
> To:	Sean Turner; PKIX; Ldapext
> Subject:	Re: CA strong binds
> 
> 
> Sean,
> 
>     The only requirement that we have for the SafePages LDAP/X.500
> products
> is that the certificate must have the digitalSignature bit asserted in
> the
> keyUsage field if it is a Version 3 certificate with the keyUsage
> extension
> present.    The other bits and the cA flag in the basicConstraints
> extensions are not consulted.
> 
>     The existence or the location of the certificate in the repository
> does
> not play a role for authentication.
> 
> Dave Horvath
> 
> -----Original Message-----
> From: Sean Turner <turners@ieca.com>
> To: PKIX <ietf-pkix@imc.org>; Ldapext <ietf-ldapext@netscape.com>
> Date: Tuesday, October 13, 1998 1:41 PM
> Subject: CA strong binds
> 
> 
> >All,
> >
> >Appologies in advance if you get two of this message but I wasn't
> sure
> >which list to send the message to.
> >
> >Recently some colleagues and I have been arguing whether applications
> >will choke when looking for CA certificates in
> >CertificationPath.userCertificate.  For example, when a CA binds to
> an
> >LDAP server (using say the X.509 Authentication  SASL Mechanism I-D)
> >the CA's certificate will be passed in
> >certification-path.userCertificate and the CA's superiors
> certificates
> >are passed in certication-path.theCACertificates.  Will applications
> >choke when trying to process the CA certificate from a field called
> >userCertificate or when trying to look for a "user's certificate"
> >which is in a CA's directory entry?
> >
> >I know the name of the field shouldn't be confused with the value
> that
> >goes into it, but we were concerned that many of the specifications
> >were clear on where CA certificates should be put when attempting to
> >perform strong binds to the directory.
> >
> >Any thoughts - implementation experience?
> >
> >Thanks,
> >
> >spt
> >
> >

Follow-Ups:
- Re: CA strong binds
  - From: David Horvath <dave@chromatix.com>

Prev by Date: Re: CA strong binds
Next by Date: RE: CA strong binds
Index(es):
- Chronological
- Thread