Name Constraints, was Re: [caops-wg] Re: ca signing policy file
Frank Siebenlist
franks at mcs.anl.gov
Wed Oct 12 15:39:55 CDT 2005
If you could trust a CA for "some" names, you may be able to trust more
CAs and more easily...
-Frank.
Mike Helm wrote:
> Frank Siebenlist writes:
>
>> name-issuing to a CA is the only safeguard you have against any rogue CA
>> among the zillions that may be present in your trusted CA-directory.
>>
>
> If you don't / can't trust the CA - don't use it.
>
>
--
Frank Siebenlist franks at mcs.anl.gov
The Globus Alliance - Argonne National Laboratory
More information about the caops-wg
mailing list