Re: Something Stronger than a Passphrase? (UNCLASSIFIED)

To: "Friedrichs, Paul D CTR DISA PEO-IAN" <Paul.Friedrichs.ctr@disa.mil>
Subject: Re: Something Stronger than a Passphrase? (UNCLASSIFIED)
From: Olle Mulmo <mulmo@univa.com>
Date: Wed, 11 Apr 2007 23:15:36 +0200
Cc: Olle Mulmo <mulmo@univa.com>, "Daniel Clark" <dclark@pobox.com>, <myproxy-users@ncsa.uiuc.edu>
Content-transfer-encoding: 7bit
Content-type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
In-reply-to: <A1D78FBB8CE9CC4A9A12DEE15DD8D189EB198F@laccadive.disanet.disa-u.mil>
References: <A1D78FBB8CE9CC4A9A12DEE15DD8D189EB1989@laccadive.disanet.disa-u.mil> <16809.1176236279@ncsa.uiuc.edu> <5422d5e60704101331t7a918085me4ea72ceb15eefe7@mail.gmail.com> <A1D78FBB8CE9CC4A9A12DEE15DD8D189EB198F@laccadive.disanet.disa-u.mil>
Sender: owner-myproxy-users@ncsa.uiuc.edu


On Apr 11, 2007, at 21:48, Friedrichs, Paul D CTR DISA PEO-IAN wrote:

Does anyone know whether any commercial relying party products
understand, will not reject and will not require the revocation status
of proxy certificates even if they require status of the longer term
certificates in the chain?

Openssl supports proxy certificate validation as specified in RFC 3820, and will not require CRLs for them. You must however set a flag (in the form of an environment variable) to allow for proxy certificate handling, it's not turned on by default.

GNU/TLS support proxy certs as well, but I haven't played with that so I don't know any details.

I'm positive you will find many commercially supported relying party products out there that make use of one of these softwares under the covers.

/Olle

References:
- Something Stronger than a Passphrase? (UNCLASSIFIED)
  - From: "Friedrichs, Paul D CTR DISA PEO-IAN" <Paul.Friedrichs.ctr@disa.mil>
- Re: Something Stronger than a Passphrase? (UNCLASSIFIED)
  - From: Jim Basney <jbasney@ncsa.uiuc.edu>
- Re: Something Stronger than a Passphrase? (UNCLASSIFIED)
  - From: "Daniel Clark" <dclark@pobox.com>
- RE: Something Stronger than a Passphrase? (UNCLASSIFIED)
  - From: "Friedrichs, Paul D CTR DISA PEO-IAN" <Paul.Friedrichs.ctr@disa.mil>

Prev by Date: RE: Something Stronger than a Passphrase? (UNCLASSIFIED)
Next by Date: Re: Something Stronger than a Passphrase? (UNCLASSIFIED)
Previous by thread: RE: Something Stronger than a Passphrase? (UNCLASSIFIED)
Next by thread: RE: Something Stronger than a Passphrase? (UNCLASSIFIED)

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index