[caops-wg] Name Constraints - attempt at framing issues
David Chadwick
d.w.chadwick at kent.ac.uk
Fri Oct 14 11:43:41 CDT 2005
Cowles, Robert D. wrote:
>
>
>
>
>>Trusted third parties that cannot be trusted!! Why are we
>>bothering with
>>them? Building a whole trust infrastructure on untrusted TTPs is a
>>pointless exercise in futility.
>>
>
>
> Yes ... well, it was pointed out at the last EUgridPMA meeting
> that the VO's go thru almost the exact same process to register
> people ... so what value did the CA's provide?
Well if its a Thawte cert, precisely none.
As I have said before, the purpose of a CA is to authenticate a user's
right to use a claimed name, and then bind that to his public key ie. to
certify the key to name binding. ie., a certification authority. It is
not, I repeat not, to be a naming authority.
regards
David
>
> BC
>
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the caops-wg
mailing list