Subject Re: How to join the refeds wiki
From Milan Sova <sova@xxxxxxxxx>
Date Fri, 13 Mar 2009 14:05:49 +0100

	Hi Ian.
On 11.03.2009 14:22, Ian Young wrote:
> There are two different things being discussed:
> An embedded
> trust certificate is (to software like Shibboleth, in particular)
> independent of the CA by which was issued; think of it as a decorative
> wrapper for the public key in this case.  So almost[1] any certificate
> would be fine here for UK purposes, and indeed we frequently accept more
> than one if that makes sense for a transition from one certificate
> product to another.  We also accept self-signed certificates in this
> role in many cases.  
> [1] no short keys, no Debian weak keys, no expired certificates please

	That's interesting. Could you please explain why would you refuse an
expired certificate?

						Milan Sova

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature