- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Sun, 23 Dec 2007 06:09:13 -0500
- To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'W3 Work Group'" <public-wsc-wg@w3.org>
- Cc: "'Dan Schutzer'" <dan.schutzer@fstc.org>
This looks like it might be a very useful proposal I am wondering if there might not also be a desire to be able to link certificates as belonging to the same entity, where both certificates might actually still be in force. For example Bank A has three different subsidiaries, with three different names. Each has their own certificate. It might be useful to be able to recognize that all three certificates are linked by the fact that they are all part of the same company. Dan -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Stephen Farrell Sent: Saturday, December 22, 2007 9:04 AM To: W3 Work Group Subject: Linking certs Tyler was surprised on last week's call that there wasn't a good way to link various certs belonging to the same end entity. I personally hadn't thought about that before and actually didn't see an obvious way to achieve the result so I've written up a proposal [1] for a new cert extension that may solve the problem. I doubt that this'd be finished in time for us to make much use of it in the our REC (though one never knows:-) but it might be useful for a future version, and I'd definitely be interested in whether or not it looks like something the browser vendors and CA operators might want. And of course, any and all comments on the draft are welcome. Cheers, Stephen. PS: The draft is an individual submission, not an official IETF PKIX WG work item, though I've posted a note to that list too as they might end up taking it on (or not). [1] http://tools.ietf.org/html/draft-farrell-pkix-other-certs-00
Received on Sunday, 23 December 2007 11:09:40 UTC