W3C home > Mailing lists > Public > www-xkms-ws@w3.org > November 2001

RE: XKMS

From: Hayes, Mark <Mhayes@verisign.com>
Date: Tue, 27 Nov 2001 14:47:35 -0800
Message-ID: <C713C1768C55D3119D200090277AEECA0411C420@postal.verisign.com>
To: Yassir Elley <yassir.elley@sun.com>, stephen.farrell@baltimore.ie
Cc: Rich Salz <rsalz@zolera.com>, Blair Dillaway <blaird@microsoft.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, Mike Just <Mike.Just@entrust.com>, www-xkms-ws@w3c.org
> -----Original Message-----
> From: Yassir Elley [mailto:yassir.elley@sun.com]
> Sent: Tuesday, November 27, 2001 2:16 PM
> To: stephen.farrell@baltimore.ie
> Cc: Rich Salz; Blair Dillaway; Hallam-Baker, Phillip; Mike Just;
> www-xkms-ws@w3c.org
> Subject: Re: XKMS

[snip]

> So, if a client wanted to use three particular trusted roots, 
> they would have to find a service
> that would have those three trusted roots. If they wanted to 
> use four trusted roots,
> they would have to find a different service that used those 
> four trusted roots. If
> they wanted to use four trusted roots and wanted every 
> certificate in the chain
> to have a particular certificate policy, they would have to 
> find a third service that
> supported that permutation.
> 
> Is my understanding of the proposal correct?

That is my understanding.  However, I would put it slightly differently.  In
practice, a given PKI vendor would supply URL variants to provide all
trusted roots and policy configurations that they provide.  The user would
likely choose a vendor and then use the appropriate URL variant for a given
situation.  Just another waying of viewing it...

mark
Received on Tuesday, 27 November 2001 17:51:58 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 13:51:42 EDT