OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: PRIMAIRY KEY Authorisation DBase/ registration utility?
From: Kick Willemse (k.willemsediginotar.nl)
Date: Mon Feb 28 2000 - 02:13:03 CST


Hello All,

Doing some projects with customers who are building a xtranet solution
based on certificates I face the following dilemmas:

1. What is a good primairy key to link the cert to the authorisation
database, also when we take into account that the cert is changing every
2 years.
2. How do these customers fill their databases using different CA's.
They want to be proactive and fill the dbase on forehand but it is not
possible to have all certs distrubuted from the ca. On the otherhand it
is only possible to have some kind of registration utility that makes it
possible to register, show your cert and the "registration officer" puts
it in the dbase. The registration util must also cope with changes and
canceling subscribtion Any registration utilities available for the
web??
3. Looking at the EU regulations. It is better to use two keypairs. One
for Signing and one for encryption. What key-usages should be in which
cert (extended key-usages like client authentication, file encryption,
e-mail protection?) Are there any tests available on how applications
like NS/M$ deal with two key-pairs. My first experience is that it is a
total dark forrest...

Maybey there are some other ideas on this......

Kick Willemse
Amsterdam