[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Dear all, Just for starting the discussion on the PKI for the interop. At present we may count with two separated hierarchies of CAs. The first hierarchy has the following structure: RootCA | \ LevelA TSA1 | LevelB | users So end entities certs are generated by CA in LevelB. At present, the three CAs generate CRLs and each one also incorporates an OCSP server (direct model), so that we may get both types of revocation information. Additionally, the root CA also certifies a TSA. Finally, for this hiearchies there are a number of pre-generated end-entities certificates: one is expired; the other is revoked. These end-entities certs could also be used for negative test cases. In addition, I think that there are also some intermediate CA whose cert is also revoked, although I am not completely sure. The second hierarchy is a hierarchy that incorporates only a root CA that certifies a second TSA. No end entities certified here....will explain in the call what is this second hierarchy for.... May I suggest that we start discussions on what PKI requirements we have for conducting the DSS interop tests? Regards Juan Carlos.