Re: PKI and Relying Parties

From: john.veldhuis@universal.nl
Date: 03/29/02

Next message: Nico Kadel-Garcia: "Re: newbie - scp: stderr i.n.a tty, broken pipe error"
Previous message: Richard E. Silverman: "Re: copy the key between machines vs client adding it for you"
In reply to: Harold Hammond: "Re: PKI and Relying Parties"
Next in thread: Anne & Lynn Wheeler: "Re: PKI and Relying Parties"
Next in thread: Citizen Fish: "Re: PKI and Relying Parties"
Reply: Anne & Lynn Wheeler: "Re: PKI and Relying Parties"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: john.veldhuis@universal.nl
Date: 29 Mar 2002 10:11:51 GMT

>I want to be able to check Certificate Revocation Lists for digital
certificates
>being presented at my website. I do not want to be a CA. I do not want
anyone
>to be a CA on my behalf.

CRLs for certain certificates are usually signed by the CA who has
certified them.
So, one way or another, someone has to perform CA duty.

No CA, no CRLs.

Regards,
John

Next message: Nico Kadel-Garcia: "Re: newbie - scp: stderr i.n.a tty, broken pipe error"
Previous message: Richard E. Silverman: "Re: copy the key between machines vs client adding it for you"
In reply to: Harold Hammond: "Re: PKI and Relying Parties"
Next in thread: Anne & Lynn Wheeler: "Re: PKI and Relying Parties"
Next in thread: Citizen Fish: "Re: PKI and Relying Parties"
Reply: Anne & Lynn Wheeler: "Re: PKI and Relying Parties"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: PKI CA CRL Extension: "Inlcude in all CRLs"
... Thank you for throwing light on this, Brian. ... However, I'm still wondering, why the system wouldn't just refer to the URL in the CDP extension of the certificate to get an updated copy of the CRLs. ... "Include in the CDP extension of issued certificates", include this URL in the CDP extension of all *certificates* issued by the CA. ...
(microsoft.public.security)
Re: Why is PC established a connection to http://crl.verisign.net :1063
... > seen a browser check a CRL yet. ... certificates which provide a OCSP url, or to check a central OCSP server for ... all certificates. ... With the "Mange CRLs" you can update already imported CRLs. ...
(comp.security.misc)
Re: Certificate Services: Windows 2000
... CRLs are at this time set to the default. ... "Upgrade" however could be longer ... maintenance or upgrade and still have certificates available for ...
(microsoft.public.windows.server.security)
Re: PKI and Relying Parties
... >I want to be able to check Certificate Revocation Lists for digital ... >being presented at my website. ... CRLs for certain certificates are usually signed by the CA who has ... No CA, no CRLs. ...
(comp.security.misc)
Re: [Full-disclosure] OpenSSL-Bug still allows MITM, Browser(s) set up badly - Re: Ident
... test the certificates which have been *signed* by the CAs. ... I actually tested a few of those and I also found one of a major bank ... in Germany to vulnerable for a few hours ... ... other Browsers don't check CRLs either. ...
(Full-Disclosure)