metadata-support - RE: [Metadata-Support] MDQ format options?

Subject: InCommon metadata support

List archive

RE: [Metadata-Support] MDQ format options?

From: "Cantor, Scott" <>
To: "" <>
Subject: RE: [Metadata-Support] MDQ format options?
Date: Thu, 8 Dec 2016 15:32:38 +0000
Accept-language: en-US
Authentication-results: spf=pass (sender IP is 164.107.81.222) smtp.mailfrom=osu.edu; incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=osu.edu;
Ironport-phdr: 9a23:Q52ajRz09r1GbGzXCy+O+j09IxM/srCxBDY+r6Qd2usfIJqq85mqBkHD//Il1AaPBtSAra8YwLGI+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFGiTanYb5/Ixq6oAvQu8ILnYZsN6E9xwfTrHBVYepW32RoJVySnxb4+Mi9+YNo/jpTtfw86cNOSL32cKskQ7NWCjQmKH0169bwtRbfVwuP52ATXXsQnxFVHgXK9hD6XpP2sivnqupw3TSRMMPqQbwoXzmp8qFmQwLqhigaLT406GHZhNJtgqJHrhyvpBJ/zIzVYI6JO/RxcbjQfc8BSmdFQspdSzBND4G6YoASD+QBJ+FYr4zlqlcAsxaxHw+sBP/oyj9SnnP9wLA03PgmEQHawAwsEc8FvXPIo9rvMqcSTee1zLPSwTnddP5W3iz96JXSfh8/vP6MQKt9fMzMwkcsDwPIlkicpZDqMj+P2ekAsXKX4uV+We61j2MqpRl9riWxysovkIXFm40Yx1He+Sh9z4s5P8C0RU97bNK8HptfqSKXO5dzT84nTWxnpDs1yrMDtJO1fiUG1oooyhvQZvOZc4WF4BfuW/uKLjtmnn1ofq+0iQyo/ki60OL8U9G50FZUoSpBldnBrmgD2gDU5MSbRPZx51qs1jSR2wzK7eFLOl47mbDcK5483r4/jZ0TsVnFHiDrgkn2lLWWdkI4+ue29+vnfrTmppiaN4NujQH+L7gumsi4AeQ/MQgCRXSU+eO51LH7/E35RqtFjuEun6XErJzXKt4Xq6G7DgNP3Ysv9QyzAjOo3dgAmHkINlNFeBaJj4jzPFHOJej1AuuljFSqjDdrwOrGMqf/DpjWKXjDi6rhcaxj5EFB1Qo/1cpf6I5MCrEdPPLzXVf8tN3eDhAlNAy0xuPnCNJ71o8EXmKPGKCZPLrXsVCW+uIgOfSDa5UJuDnnMvQl/OPujWchmV8aZ6mpwYAaaHS5HvR9P0WZemTgjs0AEWcMogoxUvbqiFucXj5PeXq+Rbwz6SwmCNHuMYCWDIWgnLWN1TuyW4ZLfnhBEEykEHHjcICBXPFKbzidaIc1lzEYXLSoV4Zkzgy2rAjg15JmKOHT/ygfs9TkztcjtMPJkhRnvxd9CdiaySXFdGpzgn9CD2s91aZjplY7kH+EyrU+jvBFQ48Ar8hVWxs3YMaPh9dxDMr/D1rM
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

> I've never seen such a thing. Can you point me to an example or a
> further explanation?

Comodo's recent SHA1/2 migration is an example, they had an additional CA in
the mix that was the same intermediate key but was signed by their old SHA-1
root, so that root stores that only contained the old SHA-1 CA would trust
the new SHA-2 certs.

But now that I write it, I'm not sure it works if you don't control both
hierarchies, so I'm probably wrong, at least with most PKIX code. The actual
EE cert is going to have a single issuer, and Comodo wouldn't let you sign a
CA cert to issue others with, so the issuer at the bottom is going to be
Comodo and there will only be one path up from there.

Oh well...

Separate URL would still work.

-- Scott

Re: [Metadata-Support] MDQ format options?, (continued)
- Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/06/2016
  - Re: [Metadata-Support] MDQ format options?, Tom Poage, 12/06/2016
    - Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/06/2016
      - Re: [Metadata-Support] MDQ format options?, David Langenberg, 12/06/2016
      - Re: [Metadata-Support] MDQ format options?, Tom Poage, 12/07/2016
        
        Re: [Metadata-Support] MDQ format options?, Klingenstein, Nate, 12/07/2016
        
        Re: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/07/2016
        
        Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/07/2016
        
        Re: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/07/2016
        Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/08/2016
        RE: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/08/2016
        
        Re: [Metadata-Support] MDQ format options?, Tom Scavo, 12/07/2016
        
        Re: [Metadata-Support] MDQ format options?, Tom Poage, 12/07/2016
        
        Re: [Metadata-Support] MDQ format options?, Cantor, Scott, 12/07/2016
        Re: [Metadata-Support] MDQ format options?, Nick Roy, 12/08/2016
- Re: [Metadata-Support] MDQ format options?, Ian Young, 12/06/2016

List archive

RE: [Metadata-Support] MDQ format options?