Name Constraints, was Re: [caops-wg] Re: ca signing policy file
David Chadwick
d.w.chadwick at kent.ac.uk
Fri Oct 14 11:56:07 CDT 2005
Mike Helm wrote:
> Matt Crawford writes:
>
>>The two CAs were not of equal "quality" (security and assurance
>
>
> How do you measure the effect of this "quality" on certificates?
Good question. I had a research project 5 or more years ago in which we
built an expert system to evaluate the amount of trust that you could
place in (or quality of) certificates from a given CA. This worked by
evaluating the CPS and coming up with a trust quotient (a value between
0 and 1), where 0 meant completely untrustworthy (like those Thawte
certs quoted earlier) and 1 meant completely trustworthy. This trust
quotient could then be plugged into the authorisation decision process.
regards
David
>
> (Leaving aside the tools for doing authorization / eval on
> certificates, which are both lacking & out of scope imo.)
>
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the caops-wg
mailing list