In message <[EMAIL PROTECTED]> on Thu, 07 Oct 2004 15:20:52 -0400, Charles B Cranston <[EMAIL PROTECTED]> said:
zben> So, this is perhaps the most simple "bridge" PKI arrangement: zben> zben> +-+-----------+ +-+-----------+ zben> |T| | |T| | zben> +-+-----------+ +-+-----------+ zben> | P Root +--------+ +-------+ Q Root | zben> +-------------+ | | +-------------+ zben> v v zben> +------+------+ +------+------+ zben> (1) | (P Root) | | (Q Root) | zben> +-------------+ +-------------+ zben> | Bridge +--+--+ Bridge | zben> +-------------+ | +-------------+ zben> | zben> +---------+---------+ zben> v v zben> +------+------+ +------+------+ zben> | (Bridge) | | (Bridge) | zben> +-------------+ +-------------+ zben> +--------+ P Sign | | Q Sign +--------+ zben> | +-------------+ +-------------+ | zben> v v zben> +------+------+ +------+------+ zben> | (P Sign) | | (Q Sign) | zben> +-------------+ +-------------+ zben> | P End User | | Q End User | zben> +-------------+ +-------------+ That diagram throws me off. I've a hard time figuring out what represents certificates, exactly, and it looks like you MIGHT imply that the a bridge certificate could be used directly to verify EE certificates, which is the wrong way to go about it. ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
