[x500standard] Re: SV: [Spam] Re: SV: Re: Forward and Reverse Certification Path
- From: "David A. Cooper" <david.cooper@xxxxxxxx>
- To: "x500standard@xxxxxxxxxxxxx" <x500standard@xxxxxxxxxxxxx>
- Date: Wed, 05 Oct 2011 11:57:29 -0400
Erik,
The emails that you forwarded seemed to be addressing the question of
which direction is "forward" and which direction is "reverse" rather
than whether the first certificate in a certification path is the
certificate issued by the trust anchor or the target certificate.
However, Section 1.3 of RFC 4158, which Carl Wallace referenced, defines
"certification path" as follows:
Certification Path: An ordered list of certificates starting with a
certificate signed by a trust anchor and ending with the target
certificate.
RFC 4158 defines "Building in the Forward direction" as building from
the target certificate to a trust anchor, but it still defines the
certification path as starting with the certificate issued by the trust
anchor.
Dave
On 10/05/2011 11:40 AM, Erik Andersen wrote:
David, David and others,
Personally, I do not care too much, whether we define a certification
path going one direction or the other. However, defining as going from
top to bottom may ease some descriptions. We may even not need to
define forward and reverse direction, as validation is from top to
bottom. In any case, I do want a clear and unambiguous definition.
Attached you may see a couple of messages leading to the current
definition.
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
Other related posts:
