md-distro - Re: [md-distro] certs in metadata signed by the InC CA
Subject: Metadata Distribution Subcommittee of TAC
List archive
- From: Ian Young <>
- To:
- Subject: Re: [md-distro] certs in metadata signed by the InC CA
- Date: Sat, 10 Aug 2013 12:43:05 +0100
On 5 Aug 2013, at 17:53, Tom Scavo
<>
wrote:
> How many certs signed by the InC CA are expired? ALL of them.
>
> Note that most of the unique expired certs in metadata are signed by the
> InC CA.
As a matter of interest, do you happen to know offhand whether any or all of
these are accompanied by a KeyName, or are they all just bare certificate
data?
I ask because we've found less legacy PKI-related problems occur if there is
no KeyName. In Shibboleth's case, that's because the trust engines don't
fall back to PKIX unless there is a KeyName, but we've seen related behaviour
with other software.
-- Ian
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [md-distro] certs in metadata signed by the InC CA, Tom Scavo, 08/05/2013
- Re: [md-distro] certs in metadata signed by the InC CA, Ian Young, 08/10/2013
- Re: [md-distro] certs in metadata signed by the InC CA, Tom Scavo, 08/10/2013
- Re: [md-distro] certs in metadata signed by the InC CA, Ian Young, 08/10/2013
- Re: [md-distro] certs in metadata signed by the InC CA, Tom Scavo, 08/10/2013
- Re: [md-distro] certs in metadata signed by the InC CA, Ian Young, 08/10/2013
- Re: [md-distro] certs in metadata signed by the InC CA, Tom Scavo, 08/10/2013
- Re: [md-distro] certs in metadata signed by the InC CA, Ian Young, 08/10/2013
Archive powered by MHonArc 2.6.16.