OK. I understand this. ALthough I doln't really understand the numbers defined for each LOA in loa.xml...
--On Mittwoch, 21. Januar 2004 13:14 +0000 Nuno Miguel Neves <[EMAIL PROTECTED]> wrote:
Hi.the LOA concept used for OpenCA stands for ensuring kind of 'quality' of proofen Attributes inside the Certificate, means how trustworthy are data inside a issued zertificate... that's similar to class 1-3 certs of verisign for example or other common issuers
Can you please explain to me what exactly is the LOA concept and what it is used for?
there are other LOA concepts regarding PKIs, which state the reliability of the Infrastructure itself, that means how fast will the pki respond to key-issues, how uptime is guaranteed of importend servers like, crl-availability und informational repositories... also it means for example that an crl is never older than 2h - importend for financial transactions and so on... this is not the case for OpenCA type of LOA ;o)
In particular, a certificate issued by OpenCA will appear in IE 6 with anthe cps should point out for each level of the loa - what it gurantees, so its the same link - maybe there are cases, where you will have different cps but usally u have one for the pki - or?
issuer statement what links to www.some.org/cps.
OpenCa, in config.xml, defines the policy_link. Here you could (should?) state the organizational method for CA, So this should be the cps that appears in the certificate (In IE, it appears as "Issuer Statement"). So, shouldn't loa.xml by default use the policy_link for loa? The guide says to change config.xml, and you end up with certificates that point to www.some.org/cps. Maybe they could point to the policy_link defined in config.xml. This is not difiicult to make, but does it make sense?
cps stands for common practice statement, which every pki should have and where you can read how this pki handels things regarding the management of this pkiWhat is supposed to appear there? Should the page be different for each LOA?
greetings dalini
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
--
[EMAIL PROTECTED] Dept. Informatica, Fac. Ciencias,
|\ | |\ | Tel: +351 21 7500528 Univ. Lisboa, Bloco C5, Campo Grande
| \|uno | \|eves Fax: +351 21 7500084 1700 Lisboa, Portugal
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
