Vladas Lapinskas schrieb:
>
> > > > I have the Demo of Baltimore's UniCERT to play with and
> > my biggest interest
> > > > is to test OpenCA to make it cooperable with UniCERT.
> >
> > What do you mean with cooperable? The only think where the two systems
> > could cooperate are actually crosscertification and signing of
> > CA-requests in the meaning of Sub-CAs. There is no possibility to use
> > such features like policyenforcement because it is not standardized.
> >
> > Do you use UniCERT with LDAP or OCSP? If you are using it with LDAP
> > could you find out which schemas they use? This is an
> > important issue to
> > allow cooperation on directories.
>
> UniCERT does not have own LDAP or OCSP.
That's correct but all PKI-vendors has specifications which schemas they
need on a directoryserver to use it. So I'm very interested in such a
specification. If we know the specification it should be no problem to
setup an OpenLDAP for use with UniCERT and we could check our own
implementation too ;-D
> I would like to test UniCERT with OpenLDAP and my interest is to create OCSP
> which can operate with both OpenCA and UniCERT.
> The crosscertification is also should be tested.
OCSP is actually not imlemented for OpenCA. OCSP (ONLINE Certificate
Status Protocol) answer on questions about the status ONLINE. It works
directly on the PKI's database. So I know no way how these two systems
could cooperate because every OCSP-responder access directly a
proprietary database.
Regards Michael
----------------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email (work):
[EMAIL PROTECTED]
Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core
Developer]
http://openca.sourceforge.net
Kryptographische Unterschrift mit S/MIME
