[caops-wg] OCSP & Proxy Certs
Mike Helm
helm at fionn.es.net
Thu Jan 26 14:26:33 CST 2006
Matt Crawford writes:
>
> On Jan 22, 2006, at 19:12, Mike Helm wrote:
> > Proxy cert characteristics
> > Autochthonous - typically generated on the spot, by the user or
> > a delegated process
>
> A fine word, but not applicable. When a user on host A delegates to
> B, which then authenticates to C, the proxy cert is created at A,
> stored at B and seen at C. The private key is autochthonous, but
> this is generally true of non-proxy private keys as well.
I think you have the generation wrong. What I should have said
is "the proxy key pair", which is what I think is often what is
commonly meant when "proxy cert" is used, and what I meant, but
there is no dispute that that word usage is wrong. Certainly, the
proxy cert, which is a label on one of the keys, is created
at A. But that key pair is typically created = generated at B and stays
there, or is meant to stay there, and that is what is autochthonous.
At least, that's how I understand the typical usage. If the key
pair appears somewhere else, that is strange, and probably not
a good thing either.
More information about the caops-wg
mailing list