Re: AW: Errors and Questions

     I agree with you.  I don't see why we should shift from having lots of
certificates allowed, with no guaranteed relationship between them, to
having only the EE certificate allowed and not allowing chains.  It makes
more sense, IMO, to set requirements on which certificates are allowed
along the lines of some earlier suggestions - for example, allowing only
one EE certificate and requiring that all other certificates be part of a
certification chain for that one.  We could even require that there be only
one chain and that the certificates appear in leaf-first order - it would
still be better than just a leaf and it would not be very hard to
implement.

          Tom Gindin

"Gregor Karlinger" <gregor.karlinger@iaik.at>@w3.org on 07/27/2000 03:54:06
AM

Sent by:  w3c-ietf-xmldsig-request@w3.org


To:   "Gregor Karlinger" <gregor.karlinger@iaik.at>, "Barb Fox"
      <bfox@Exchange.Microsoft.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
cc:   "XML" <w3c-ietf-xmldsig@w3.org>, "Brian LaMacchia"
      <bal@microsoft.com>
Subject:  AW: Errors and Questions




Sorry, I hit the  wrong key on my keyboard, and the message was gone ...

Hi Barb,



 > [GK20]Only a single certificate possible  here?  [Barb]  Yes. One per
clause.


Please see my comment on [GK20] in my  previous message:

http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JulSep/0176.html

Regards,  Gregor
---------------------------------------------------------------
Gregor  Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316  873 5541
Institute for Applied Information Processing and  Communications
Austria
---------------------------------------------------------------

Received on Friday, 28 July 2000 14:55:05 UTC