[EMAIL PROTECTED] wrote:
Hi David,
On Mon, 01 May 2006 16:17:58 -0700 David E. Ross wrote:
Note that my checklist for CA audit (originally developed for reviewing CACert,
another free certificate authority) specifies
Is it published somewhere? I couldn't find it by searching the Web. It
migh
Hi David,
On Mon, 01 May 2006 16:17:58 -0700 David E. Ross wrote:
> Note that my checklist for CA audit (originally developed for reviewing
> CACert, another free certificate authority) specifies
Is it published somewhere? I couldn't find it by searching the Web. It
might be very interesting.
C
Hi,
On Mon, 01 May 2006 16:17:58 -0700 David E. Ross wrote:
> ... I would not trust any Class 1 subscriber certificate ...
On Mon, 01 May 2006 20:24:40 -0400 Frank Hecker wrote:
> ...Whether one agrees that it's sufficient or not, "class 1"
certificates ... As you'll recall,... the ultimate resul
PKIX standards (RFC 3280) state the following about Serial Numbers:
4.1.2.2 Serial number
The serial number MUST be a positive integer assigned by the CA to
each certificate. It MUST be unique for each certificate issued by a
given CA (i.e., the issuer name and serial number identify
It was an oversight. Our SAs created a script to automatically generate
certs for all users, and when it came to assigning a value to serial number
they couldn't find any documentation or guidance on how to properly assign
this value. Plus the fact that our combined experience with LDAP and SSL
While the traditional definition of a digital certificate is taken to
be the "binding of a name to a public key", why would you issue certs
with duplicate serial numbers? Was this an oversight or a design
decision? If the latter, it would help the forum to understand the
business/technical requi
On 5/2/06, Michael Pratt <[EMAIL PROTECTED]> wrote:
The problem was with the directory server (5.2 patch 4, Solaris 8) and how
it handles client certificates (or possibly in how we created the
certificates). Apparently if the same DS machine receives two certifcates
at the same time with the sa
I'm cross posting this to crypto and ldap in the hopes nobody else will
waste months of effort on a simple issue :)
Those of you that frequent these boards have probably seen several posts
from me dating back to January regarding problems with client authentication
and Sun directory server. We'v
8 matches
Mail list logo
