Re: [TLS] Re: Russ Housley: Fwd: problems with draft-ietf-tls-openpgp-keys-10.txt

"Anyang Ren" <anyang.ren@gmail.com> Wed, 28 June 2006 15:15 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fvbl4-0006cj-RP; Wed, 28 Jun 2006 11:15:14 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fvbl3-0006bO-JW for tls@lists.ietf.org; Wed, 28 Jun 2006 11:15:13 -0400
Received: from nz-out-0102.google.com ([64.233.162.196]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fvbl2-00021p-Ct for tls@lists.ietf.org; Wed, 28 Jun 2006 11:15:13 -0400
Received: by nz-out-0102.google.com with SMTP id z31so63488nzd for <tls@lists.ietf.org>; Wed, 28 Jun 2006 08:15:12 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QIhYmprJQ1FyLmW4nx/VFjIs3GCkudHoCtY7HaeBa87+elVLHb9RPSWWC6fXNjOghJErJjLqWX1VQplGWcqR4mv8jxlY311Fk97HA0o8wXeDs05Ng1lUBginhpzJ9j9YbVrEvpL7M83O1MHrChUSPkZnyc5Jzg9tHLpNUkaugRs=
Received: by 10.36.139.12 with SMTP id m12mr1372757nzd; Wed, 28 Jun 2006 08:15:11 -0700 (PDT)
Received: by 10.36.80.13 with HTTP; Wed, 28 Jun 2006 08:15:11 -0700 (PDT)
Message-ID: <39932b4c0606280815p78adb345u7961a5aefcba4176@mail.gmail.com>
Date: Wed, 28 Jun 2006 08:15:11 -0700
From: "Anyang Ren" <anyang.ren@gmail.com>
To: tls@lists.ietf.org
Subject: Re: [TLS] Re: Russ Housley: Fwd: problems with draft-ietf-tls-openpgp-keys-10.txt
In-Reply-To: <200606270659.37003.nmav@gnutls.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20060626203923.59F81222426@laser.networkresonance.com> <200606270659.37003.nmav@gnutls.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

On 6/26/06, Nikos Mavrogiannopoulos <nmav@gnutls.org>; wrote:
>
> My understanding from reading the overview rfc3280:
>
>    "Following is a simplified view of the architectural model assumed by
>    the PKIX specifications.
>
>    The components in this model are:
>
>    end entity: user of PKI certificates and/or end user system that is
>                the subject of a certificate;
>    CA:         certification authority;
>    ..."
>
> and by the fact that only one issuer per certificate is allowed, makes
> clear to me there is a hierarchy of certification. Is there an example
> of a non-hierarchic PKIX deployment?

Although only one issuer per certificate is allowed, an end entity can
get multiple certificates from different CAs.

CAs can also issue certificates to each other (cross-certification).

-- 
Anyang Ren
Open source developer

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls