24 Nov
2005
24 Nov
'05
3 a.m.
On Wed, 23 Nov 2005 17:54:44 -0800 (PST) "william(at)elan.net" <william@elan.net> wrote:
On Thu, 24 Nov 2005, George Michaelson wrote:
According to what I understand, there have to be two certificates per entity:
one is the CA-bit enabled certificate, used to sign subsidiary certificates about resources being given to other people to use.
the other is a self-signed NON-CA certificate, used to sign route assertions you are attesting to yourself: you make this cert using the CA cert you get from your logical parent.
So how is the 2nd one different from the first?
the important distinction is that the certificate used to sign resource assertions doesn't have the CA bit set. -George