From owner-freebsd-current  Tue Aug  8  7: 5:31 2000
Delivered-To: freebsd-current@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id C045537B559
	for <freebsd-current@FreeBSD.ORG>; Tue,  8 Aug 2000 07:05:27 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA13534;
	Tue, 8 Aug 2000 10:05:13 -0400 (EDT)
	(envelope-from wollman)
Date: Tue, 8 Aug 2000 10:05:13 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200008081405.KAA13534@khavrinen.lcs.mit.edu>
To: Leif Neland <leifn@neland.dk>
Cc: freebsd-current@FreeBSD.ORG
Subject: inheriting certificate trust 
In-Reply-To: <Pine.BSF.4.05.10008080724480.53645-100000@arnold.neland.dk>
References: <Pine.BSF.4.05.10008080724480.53645-100000@arnold.neland.dk>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

<<On Tue, 8 Aug 2000 07:33:54 +0200 (CEST), Leif Neland <leifn@neland.dk> said:

> I've used this certificate to sign a new certificate, and Microsoft
> recognizes it and the trust chain, and will use it for verifying the
> servers identity, but not for mail.

My guess is that (regardless of the software issues involved) you've
just violated your agreement with Veri$ign.

I would not be surprised if Exploder and Outbreak will only accept a
certificate for one purpose, regardless of how many options are set in
the certificate's keyUsage.

-GAWollman



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message