Re: x.509 v3 Certificates and Compatbility

At 09:58 AM 98-08-19  Stefan Santesson wrote:
>My concern is mainly. How do the certificate holder select the appropriate
>certificate.
>Suppose that the entity has two certificates with the same key usage. One
>anonymous for his www.sex.com and one digital ID certificate for banking
>applications over the internet. In both cases the applications is run over
>http. 
>
>Will there be any suitable mechanisms that selects the appropriate
>certificate. Is there any actions that can be taken by the server to help
>the client to select the appropriate certificate or will the entity be
>forced to select by him self?

In SSL3 (http://home.netscape.com/eng/ssl3/3-SPEC.HTM#7-6-4) and TLS, the
server may request a certificate issued by a specific CA (Issuer DN), or a
list of CA:s, from the client software.
If you have two different certificates issued by the same CA, there's no
option to request anything more specific than Issuer DN though, so the
client user will have to choose manually.
Also - I think that only a few of the current SSL 3 clients and servers
support this functionality.

Patrik
----------------------------------------------------------------------
 Patrik Nilsson   |  "Reality is not optional"  |  +46 (0)708 452 859
----------------------------------------------------------------------