OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: PKI


Dear all,

Just for starting the discussion on the PKI for the interop.

At present we may count with two separated hierarchies of CAs.

The first hierarchy has the following structure:

RootCA
  |     \
LevelA  TSA1
  |
LevelB
  |
  users


So end entities certs are generated by CA in LevelB. At present, the 
three CAs generate CRLs and each one also incorporates an OCSP server 
(direct model), so that we may get both types of revocation information.

Additionally, the root CA also certifies a TSA.

Finally, for this hiearchies there are a number of pre-generated 
end-entities certificates: one is expired; the other is revoked. These 
end-entities certs could also be used for negative test cases.

In addition, I think that there are also some intermediate CA whose cert 
is also revoked, although I am not completely sure.



The second hierarchy is a hierarchy that incorporates only a root CA 
that certifies a second TSA. No end entities certified here....will 
explain in the call what is this second hierarchy for....

May I suggest that we start discussions on what PKI requirements we have 
for conducting the DSS interop tests?

Regards

Juan Carlos.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]