blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search: Facilitating Interoperation Connected: An Internet Encyclopedia Facilitating Interoperation

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1422
Up: 3. Architecture
Up: 3.4 Roles and Responsibilities
Up: 3.4.1 Users and User Agents
Prev: CRL Management
Next: 3.4.2 The Internet Policy Registration Authority (IPRA) Facilitating Interoperation Facilitating Interoperation

In the absence of ubiquitous directory services or knowledge (acquired through out-of-band means) that a recipient already possesses the necessary issuer certificates, it is recommended that an originating (PEM) UA include sufficient certificates to permit validation of the user's public key. To this end every PEM UA must be capable of including a full (originator) certification path, i.e., including the user's certificate (using the "Originator-Certificate" field) and every superior (CA/PCA) certificate (using "Issuer- Certificate" fields) back to the IPRA, in a PEM message. A PEM UA may send less than a full certification path, e.g., based on analysis of a recipient list, but a UA which provides this sort of optimization must also provide the user with a capability to force transmission of a full certification path.

Optimization for the transmitted originator certification path may be effected by a UA as a side effect of the processing performed during message submission. When an originator submits an ENCRYPTED message (as per RFC 1421, his UA must validate the certificates of the recipients (see Section 3.6). In the course of performing this validation the UA can determine the minimum set of certificates which must be included to ensure that all recipients can process the received message. Submission of a MIC-ONLY or MIC-CLEAR message (as per RFC 1421) does not entail validation of recipient certificates and thus it may not be possible for the originator's UA to determine the minimum certificate set as above.

Next: 3.4.2 The Internet Policy Registration Authority (IPRA)

Connected: An Internet Encyclopedia Facilitating Interoperation


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609