- From: Hayes, Mark <Mhayes@verisign.com>
- Date: Tue, 27 Nov 2001 14:47:35 -0800
- To: Yassir Elley <yassir.elley@sun.com>, stephen.farrell@baltimore.ie
- Cc: Rich Salz <rsalz@zolera.com>, Blair Dillaway <blaird@microsoft.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, Mike Just <Mike.Just@entrust.com>, www-xkms-ws@w3c.org
> -----Original Message----- > From: Yassir Elley [mailto:yassir.elley@sun.com] > Sent: Tuesday, November 27, 2001 2:16 PM > To: stephen.farrell@baltimore.ie > Cc: Rich Salz; Blair Dillaway; Hallam-Baker, Phillip; Mike Just; > www-xkms-ws@w3c.org > Subject: Re: XKMS [snip] > So, if a client wanted to use three particular trusted roots, > they would have to find a service > that would have those three trusted roots. If they wanted to > use four trusted roots, > they would have to find a different service that used those > four trusted roots. If > they wanted to use four trusted roots and wanted every > certificate in the chain > to have a particular certificate policy, they would have to > find a third service that > supported that permutation. > > Is my understanding of the proposal correct? That is my understanding. However, I would put it slightly differently. In practice, a given PKI vendor would supply URL variants to provide all trusted roots and policy configurations that they provide. The user would likely choose a vendor and then use the appropriate URL variant for a given situation. Just another waying of viewing it... mark
Received on Tuesday, 27 November 2001 17:51:58 UTC