Re: PKI and Relying Parties
From: lyal collins (lyalc@ozemail.com.au)Date: 03/28/02
- Previous message: toylet [mozilla]: "Re: TERM type of openssh client"
- In reply to: Harold Hammond: "PKI and Relying Parties"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "lyal collins" <lyalc@ozemail.com.au> Date: Thu, 28 Mar 2002 21:15:57 +1100
"Harold Hammond" <HammondITS@netscape.net> wrote in message
news:3CA1DE39.87E7579C@netscape.net...
> I have a pretty good understand of PKI, however, I'm not sure what would
> be the solution for an enterprise that wishes to be a relying party but
> not a CA. We don't want to be issuing certs. Right now, we don't want
> anyone else to be issuing certs on our behalf. We just want to be able
> to validate certificates. If its a level 3 cert and its from an
> approved CA (or a subondinate of an approved CA) then we can be certain
> of the user's identity and will let then attempt to access our system.
>
> TIA
> -Harold
Checking the cert validity (or rather, revocation status) on a CRL each time
it's used might help you control acecss.
And I assume you still maintain an access control list to manage the
accesses that the external user can undertake, so maybe you don't really
save much time or overheads.
Lyal
- Next message: Richard E. Silverman: "Re: Permission denied (publickey) Problem."
- Previous message: toylet [mozilla]: "Re: TERM type of openssh client"
- In reply to: Harold Hammond: "PKI and Relying Parties"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
