Re: QC comparisons are DEADLY serious!
1999-11-01 08:38:12 GMT
Anders, What you describe is another issue. Comparing the subjects name against an access control database may be a desired function. It should be noted though that in this case it is up to the local policy of the relying party (and the content of the certificate) to decide if a new certificate match a specific entity in the database (matching the old certificate). It should also be clear that it is NOT a function of the QC profile to guarantee that two certificates for the same person will be considered to match the same entity in an access control database. This must be resolved by other means. But I promise I will bring this up in Washington to check others view. /Stefan At 03:20 PM 10/30/99 +0100, Anders Rundgren wrote: >Stefan, > >I strongly disagree on your conclusions regarding certificate comparisons. >Rather, I consider the possibility to compare certificates from a certain >issuer and CPS >to be a major "quality" property that deserves a section of its own. > >To give an example. If you have a QC issued by a TTP (ID-certificates that >will only be used within the issuer's own domain are pretty uninteresting) and(Continue reading)