[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multi-Tag-Cert Tag Creation and Validation

ERRATUM:  I wrote:

> 1.2 Every tag in a certificate you issue has a tag-id constructed
>     of the form <some-cert-id>-<small-index> detailed below.
>     HINT:  For a single-tag cert, the tag-id is simply the cert-id
>            of the cert which grants your key-as-issuer authority.

The HINT should have read:

             For a single-tag cert, the tag-id is essentially the cert-id
             of the "eldest" ancestor cert from which you derive the
             authority to bind that tag, possibly your own auto-cert-id.

As the remainder of the post indicates, this would usually be a simple copy
from the immediate parent cert.