Re: How to send class info from RA to CA
thayes@netscape.com (Terry Hayes) Wed, 21 March 2001 16:53 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA29864 for <pkix-archive@odin.ietf.org>; Wed, 21 Mar 2001 11:53:22 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id IAA14544; Wed, 21 Mar 2001 08:45:34 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Wed, 21 Mar 2001 08:45:31 -0800
Received: from netscape.com (r2d2.netscape.com [205.217.237.47]) by above.proper.com (8.9.3/8.9.3) with ESMTP id IAA14511 for <ietf-pkix@imc.org>; Wed, 21 Mar 2001 08:45:30 -0800 (PST)
Received: from judge.mcom.com (judge.mcom.com [205.217.237.53]) by netscape.com (8.10.0/8.10.0) with ESMTP id f2LGjV929446 for <ietf-pkix@imc.org>; Wed, 21 Mar 2001 08:45:31 -0800 (PST)
Received: from netscape.com ([205.217.229.61]) by judge.mcom.com (Netscape Messaging Server 4.15) with ESMTP id GAK3VV00.X19; Wed, 21 Mar 2001 08:45:31 -0800
Message-ID: <3AB8DAA6.2040008@netscape.com>
Date: Wed, 21 Mar 2001 08:45:26 -0800
From: thayes@netscape.com
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; m18) Gecko/20001108 SeaMonkey6/6.0
X-Accept-Language: en
MIME-Version: 1.0
To: Carlisle Adams <carlisle.adams@entrust.com>
CC: 'vivek saraf' <viveksaraf_2000@yahoo.com>, ietf-pkix@imc.org
Subject: Re: How to send class info from RA to CA
References: <DD62792EA182FF4E99C2FBC07E3053BD053FE5@sottmxs09.entrust.com>
Content-Type: multipart/alternative; boundary="------------050505060604090700090909"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
As Carlisle has indicated, the certificate template field can include data that will indicate the "class" of the request. A prime candidate for this purpose is the certificatePolices extension. The policy (or policies) included in this field should be a good indicator of the type of certificate desired. Terry Carlisle Adams wrote: > Hi Vivek, > > ---------- > From: vivek saraf[SMTP:viveksaraf_2000@yahoo.com] > Sent: Wednesday, March 21, 2001 5:08 AM > To: ietf-pkix@imc.org > Subject: How to send class info from RA to CA > > Hello, > > I have a CA running which issues multiple classes > of certifiactes. Now when RA requests a certifiacte > for a user, the RA should specify the class for which > it is requesting, but in the PKI message i don't find > any field for sending the class information. > > I have Free text in the PKI Header, if i use this it > will not be inter operable. > > Can any body help me > > > How does the issued certificate indicate what class it is? Is it by > some extension, or is it by an indicator somehow embedded in the name > of the subject or the issuer? Whatever mechanism you choose to use, > all you have to do is use the same mechanism in the certTemplate in > the request message from the RA to the CA. This is why the > certTemplate exists; it allows the requester to specify to the CA > exactly the cert contents that are important to them. > > Carlisle. >
- How to send class info from RA to CA vivek saraf
- RE: How to send class info from RA to CA Carlisle Adams
- Re: How to send class info from RA to CA Terry Hayes
- RE: How to send class info from RA to CA vivek saraf