Classification: Public Hello together, apart from Rick's mentioned points in the document I have the following ones:
- Support of a multitier CA architecture in general (e.g. root - intermediate - end entity certificate) - Root rollover support i.e. more than one valid Root CA. -->I have seen several vendors not supporting these points. - Support of PKCS#10 creation (key generation on hosting machine side). Allow parallel existence of at least two unique key pairs for a dedicated certificate subject during renewal phases. (one for the still valid certificate and one for a queued PKCS#10 for the same subject). - Support of an automatic renewal mechanism (e.g. SCEP) As a relying party: - Clear distinguishment between authentication and authorization. --> Many vendors still implement direct trust for authorization which does not give any PKI benefit. This could be done e.g. through the usage of a pattern match of the certificate subject. Mit freundlichen Grüßen / Kind regards, Volker Simon ____________________________________________________ [cid:[email protected]] Volker Simon Assistant Vice President | Lead Technical Specialist | CISM Deutsche Bank AG Global Technology Alfred-Herrhausen-Allee 16-24, 65760 Eschborn, Germany Tel. +49(69)910-65335 Mobile +49 1731656228 Email [email protected]<mailto:[email protected]> Visit us: https://dbpki.tools.intranet.db.com [cid:[email protected]] From: wpkops [mailto:[email protected]] On Behalf Of Rick Andrews Sent: Mittwoch, 27. November 2013 01:27 To: [email protected] Subject: [wpkops] Early draft of vendor questionnaire Folks, Here's a very early draft, started by Tim with updates from David and me. I've turned on Track Changes; please feel free to add edits and comments. I'm sure there's many more questions we can ask. Please pile 'em on. -Rick --- Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter http://www.deutsche-bank.de/de/content/pflichtangaben.htm. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet. Please refer to http://www.db.com/en/content/eu_disclosures.htm for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
<<inline: image001.gif>>
<<inline: image002.gif>>
_______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
