Re: CA with only certSign keyUsage
From: Lars Olaussen (Isolauss_at_hotmail.com)
Date: 06/02/04
- Next message: Keith W. McCammon: "Re: Auditing Question - PLease help!!"
- Previous message: David Cross [MS]: "Re: CA with only certSign keyUsage"
- In reply to: David Cross [MS]: "Re: CA with only certSign keyUsage"
- Next in thread: David Cross [MS]: "Re: CA with only certSign keyUsage"
- Reply: David Cross [MS]: "Re: CA with only certSign keyUsage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jun 2004 15:04:56 +0200
"David Cross [MS]" <dcross@online.microsoft.com> wrote...
> We don't support a CA that does not issue a CRL since the CA itself
requires
> the CRL to validate certs it will issue. This may be a slight bug by
not
> detecting the valid KU from a standards perspective, but we don't
consider
> that a valid configuration for our system.
David,
Thanks for the clarification. I have one follow-up:
Do you know if any CA components fail, or will other PKI-components fail
if the (root)-CA cert is issued with certSign only?
Regards,
Lars Olaussen
Isolauss@hotmail.com
- Next message: Keith W. McCammon: "Re: Auditing Question - PLease help!!"
- Previous message: David Cross [MS]: "Re: CA with only certSign keyUsage"
- In reply to: David Cross [MS]: "Re: CA with only certSign keyUsage"
- Next in thread: David Cross [MS]: "Re: CA with only certSign keyUsage"
- Reply: David Cross [MS]: "Re: CA with only certSign keyUsage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
