[ppml] Policy Proposal 2007-1 - Staff Assessment

Randy Bush randy at psg.com
Sat Apr 14 01:59:49 EDT 2007

> Sorry for jumping into the middle of the discussion, but just a
> question in response to something Bill said w.r.t. x.509 -- this
> is an issue that continues to crop up on several fronts, yet there
> seems to be no real x.509 solution in sight.

not exactly.  to quote russ housley from a different room where related
issues are being discussed

> There are two mechanisms in X.509 that might be useful:
> Cert Policy - Here an OID says that the certificate was issued in 
> accordance with a particular policy, and then the application makes 
> sure that the certification path is valid under that policy.
> EKU - Here an OID is carried in the extended key usage extension to 
> indicate the applications that the certificate was intended to support.

these are not magic panacae.  but they are a path that might be trod.


More information about the ARIN-PPML mailing list