I've been very pleasantly surprised, in the last few months, at the
responsiveness of MS support people and developers whom I have
encountered by submitting support requests related to Kerberos and
X.509. If someone would turn down the flame-meter a notch or two and
construct a concise document exp
On Wed, 13 Nov 2002, Frédéric Giudicelli wrote:
> Well I hope MS will be able to get into an adult argumentation, I think it's
> mostly about the comprehension of the RFC, since it's really not clear the
> way IETF expresses it.
> The best solution would be that one of you big people, contact IETF
ED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, November 13, 2002 5:09 PM
Subject: Re: [openssl.org #323] Bug in "authorityKeyIdentifier" extension ?
> In message <03f201c28a97$38a075d0$0200a8c0@station1> on Tue, 12 Nov 2002
23:02:41 +0100, Frédéric Giudicelli <[EMAIL PROTECTE
In message <03f201c28a97$38a075d0$0200a8c0@station1> on Tue, 12 Nov 2002 23:02:41
+0100, Frédéric Giudicelli <[EMAIL PROTECTED]> said:
groups> I'm guessing that M$ is wrong, that would not be the first time, howerver
groups> the real question now, is how do you contact M$, the report the bug, the
, I guess I'll let you big guys convince them !
Cheers !
- Original Message -
From: "Frédéric Giudicelli" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, November 01, 2002 12:50 AM
Subject: Re: [openssl.org #323] Bug in &quo
> - Original Message -
> From: "Frédéric Giudicelli" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Friday, November 01, 2002 12:50 AM
> Subject: Re: [openssl.org #323] Bug in "authorityKeyIdentifier&q
, I guess I'll let you big guys convince them !
Cheers !
- Original Message -
From: "Frédéric Giudicelli" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, November 01, 2002 12:50 AM
Subject: Re: [openssl.org #323] Bug in &quo
On Fri, 1 Nov 2002, [iso-8859-1] Frédéric Giudicelli wrote:
> Well Microsoft support tells me it's openssl's fault, and you tell me it's
> microsoft's ?
> It's dead end, what am I supposed to tell my clients ?
Well. Since Microsoft's history if full of bugs, security problems, and
non-comformity
On Sat, 2 Nov 2002, Vadim Fedukovich wrote:
> On Fri, Nov 01, 2002 at 12:51:24AM +0100, Frédéric Giudicelli via RT wrote:
> >
> > Well Microsoft support tells me it's openssl's fault, and you tell me it's
> > microsoft's ?
> > It's dead end, what am I supposed to tell my clients ?
>
> Well, Micros
On Thu, 31 Oct 2002, Frédéric Giudicelli via RT wrote:
> ROOT CA's authorityKeyIdentifier extension gives its own DN as issuer (normal)
> INTERMEDIATE CA's authorityKeyIdentifier extension gives ROOT CA's DN as issuer
>(normal)
> A certificate signed by INTERMEDIATE CA, gives ROOT CA's DN as issu
Frédéric Giudicelli via RT wrote:
Well Microsoft support tells me it's openssl's fault, and you tell me it's
microsoft's ?
It's dead end, what am I supposed to tell my clients ?
Well... altough PKIX recommends the use of the authorityKeyId, and that the
French Government says you must to have this
On Fri, Nov 01, 2002 at 12:51:24AM +0100, Frédéric Giudicelli via RT wrote:
>
> Well Microsoft support tells me it's openssl's fault, and you tell me it's
> microsoft's ?
> It's dead end, what am I supposed to tell my clients ?
Well, Microsoft and openssl are not the only code available.
Would yo
In message <[EMAIL PROTECTED]> on Fri, 1 Nov 2002 00:51:24
+0100 (MET), "Frédéric Giudicelli via RT" <[EMAIL PROTECTED]> said:
rt> Well Microsoft support tells me it's openssl's fault, and you tell
rt> me it's microsoft's?
I'm basing what I say, not only on the way it's implemented, but also
o
In message <[EMAIL PROTECTED]> on Fri, 1 Nov 2002 00:51:24
+0100 (MET), "Frédéric Giudicelli via RT" <[EMAIL PROTECTED]> said:
rt> Well Microsoft support tells me it's openssl's fault, and you tell
rt> me it's microsoft's?
I'm basing what I say, not only on the way it's implemented, but also
on
uot; <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, November 01, 2002 12:23 AM
Subject: Re: [openssl.org #323] Bug in "authorityKeyIdentifier" extension ?
>
> In message <[EMAIL PROTECTED]> on Thu, 31 Oct 2002
23:19:17 +0100
f I had a 3
levels architecture ?
That's a non sense.
- Original Message -
From: "Richard Levitte - VMS Whacker via RT" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 31, 2002 11:07 PM
Subject: Re: [openssl.org #323] B
uot; <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, November 01, 2002 12:23 AM
Subject: Re: [openssl.org #323] Bug in "authorityKeyIdentifier" extension ?
>
> In message <[EMAIL PROTECTED]> on Thu, 31 Oct 2002
23:19:17 +0100
In message <[EMAIL PROTECTED]> on Thu, 31 Oct 2002 23:19:17
+0100 (MET), "Frédéric Giudicelli via RT" <[EMAIL PROTECTED]> said:
rt> All I know, is that MS Windows 2000 SP3 consider the chain broken,
rt> it links the EndUser Cert with the ROOT CERT, and since the issuer
rt> of the EndUser Cert is
In message <[EMAIL PROTECTED]> on Thu, 31 Oct 2002 23:19:17
+0100 (MET), "Frédéric Giudicelli via RT" <[EMAIL PROTECTED]> said:
rt> All I know, is that MS Windows 2000 SP3 consider the chain broken,
rt> it links the EndUser Cert with the ROOT CERT, and since the issuer
rt> of the EndUser Cert is
f I had a 3
levels architecture ?
That's a non sense.
- Original Message -
From: "Richard Levitte - VMS Whacker via RT" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 31, 2002 11:07 PM
Subject: Re: [openssl.org #323] B
In message <[EMAIL PROTECTED]> on Thu, 31 Oct 2002 22:44:33
+0100 (MET), "Frédéric Giudicelli via RT" <[EMAIL PROTECTED]> said:
rt> The "authorityKeyIdentifier" extension seems to behave weirdly...
rt>
rt> I have a two level CA architecture:
rt> ROOT CA
rt> INTERMEDIATE CA
rt> For both
In message <[EMAIL PROTECTED]> on Thu, 31 Oct 2002 22:44:33
+0100 (MET), "Frédéric Giudicelli via RT" <[EMAIL PROTECTED]> said:
rt> The "authorityKeyIdentifier" extension seems to behave weirdly...
rt>
rt> I have a two level CA architecture:
rt> ROOT CA
rt> INTERMEDIATE CA
rt> For both C
Hi,
The "authorityKeyIdentifier" extension seems to behave weirdly...
I have a two level CA architecture:
ROOT CA
INTERMEDIATE CA
For both CA:
authorityKeyIdentifier = keyid,issuer:always
ROOT CA's authorityKeyIdentifier extension gives its own DN as issuer (normal)
INTERMEDIATE CA's aut
23 matches
Mail list logo
