[caops-wg] Name Constraints - attempt at framing issues
Cowles, Robert D.
rdc at slac.stanford.edu
Sat Oct 15 21:04:46 CDT 2005
> As I have said before, the purpose of a CA is to authenticate
> a user's
> right to use a claimed name, and then bind that to his public
> key ie. to
> certify the key to name binding. ie., a certification
> authority. It is
> not, I repeat not, to be a naming authority.
As I have said before, the purpose of a CA it to be sure that if
it is issuing a certificate either the DN has not been used before
by that CA or it can verify that it is issuing the Cert to the
same person as used the DN before. Unfortunately, this means
storing Personally Identifiable Information so you can have
something to check at time of renewal / re-issue ... and we are
being required to have more and more protection associated with
any PII we retain.
More information about the caops-wg