[caops-wg] Name Constraints - attempt at framing issues
David Chadwick
d.w.chadwick at kent.ac.uk
Sun Oct 16 07:01:11 CDT 2005
Cowles, Robert D. wrote:
>
> As I have said before, the purpose of a CA it to be sure that if
> it is issuing a certificate either the DN has not been used before
> by that CA or it can verify that it is issuing the Cert to the
> same person as used the DN before. Unfortunately, this means
> storing Personally Identifiable Information so you can have
> something to check at time of renewal / re-issue ... and we are
> being required to have more and more protection associated with
> any PII we retain.
Well no-one said it was an easy task being a CA!. I would expect the CA
to keep copies of all the documents on which it made its decision
(photocopies of passports, ID cards or whatever) plus an audit of the
messages that were exchanged.
regards
David
>
> Bob Cowles
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the caops-wg
mailing list