[ppml] Policy Proposal 2007-1 - Staff Assessment
Randy Bush
randy at psg.com
Sat Apr 14 01:59:49 EDT 2007
> Sorry for jumping into the middle of the discussion, but just a
> question in response to something Bill said w.r.t. x.509 -- this
> is an issue that continues to crop up on several fronts, yet there
> seems to be no real x.509 solution in sight.
not exactly. to quote russ housley from a different room where related
issues are being discussed
> There are two mechanisms in X.509 that might be useful:
>
> Cert Policy - Here an OID says that the certificate was issued in
> accordance with a particular policy, and then the application makes
> sure that the certification path is valid under that policy.
>
> EKU - Here an OID is carried in the extended key usage extension to
> indicate the applications that the certificate was intended to support.
these are not magic panacae. but they are a path that might be trod.
randy
More information about the ARIN-PPML
mailing list