Changes between Version 4 and Version 5 of GeniApiCertificates


Ignore:
Timestamp:
04/19/12 11:50:32 (12 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniApiCertificates

    v4 v5  
    9090}}}
    9191
     92=== Validation ===
     93To be valid, certificates must
     94 - Follow the format rules above
     95 - Expire later than the current time
     96 - Be issued by a trusted certificate (possibly via a certificate chain)
     97  - Issuer's certificate must also validate
     98  - Signers must be marked as a CA, per above
     99  - Signers must have a URN indicating they are of type `authority`, as described in the [wiki:GeniApiIdentifiers URN wiki page]
     100  - Signers must have namespace authority over the subject of the certificate
     101   - Essentially, The authority name of the signer must be a prefix of the subject name. EG: `a\.b` is an authority for, `a\.b.c.d`, but `a` is not an authority for, `a\.b.c.d` (the subject's name starts with `a.b`, where we've escaped the `.`). Also any authority name is an authority for itself.
    92102
    93103=== Hierarchy ===