Name Constraints, was Re: [caops-wg] Re: ca signing policy file
Frank Siebenlist
franks at mcs.anl.gov
Wed Oct 12 17:27:58 CDT 2005
Cowles, Robert D. wrote:
> The obvious choice for the "identifier" is the public
> key. The drawback is that it would be good to change
> the keypair more often than you change identity.
>
:-)
> Can you explain name collisions cannot occur?
>
Careful... I said "should", not "cannot"...
CA's are supposed to "know" not to overstep their issuing boundaries
through secret handshakes and such.
-Frank.
>> -----Original Message-----
>> From: Frank Siebenlist [mailto:franks at mcs.anl.gov]
>>
> ...
>
>> When you say "name collisions", you must be referring to either
>> compromised CAs or errors as name collisions should not occur...
>>
>>
>
>
--
Frank Siebenlist franks at mcs.anl.gov
The Globus Alliance - Argonne National Laboratory
More information about the caops-wg
mailing list