[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Name Constraints, was Re: [caops-wg] Re: ca signing policy file
- To: helm@xxxxxxxxxxxx
- Subject: Re: Name Constraints, was Re: [caops-wg] Re: ca signing policy file
- From: Frank Siebenlist <franks@xxxxxxxxxxx>
- Date: Wed, 12 Oct 2005 13:39:55 -0700
- Cc: "Cowles, Robert D." <rdc@xxxxxxxxxxxxxxxxx>,David Chadwick <d.w.chadwick@xxxxxxxxxx>,Von Welch <vwelch@xxxxxxxxxxxxx>, "Tony J. Genovese" <tony@xxxxxx>,CAOPS-WG <caops-wg@xxxxxxx>, Olle Mulmo <mulmo@xxxxxxxxxx>,Joni Hahkala <joni.hahkala@xxxxxxx>, Jules Wolfrat <wolfrat@xxxxxxx>,Ron Trompert <ron@xxxxxxx>
- Delivered-to: grdfm-caops-wg-outgoing@mailbouncer.mcs.anl.gov
- Delivered-to: grdfm-caops-wg@mailbouncer.mcs.anl.gov
- In-reply-to: <200510122024.j9CKO2Rb029106@fionn.es.net>
- References: <200510122024.j9CKO2Rb029106@fionn.es.net>
- Sender: owner-caops-wg@xxxxxxx
- User-agent: Thunderbird 1.4.1 (Macintosh/20051006)
If you could trust a CA for "some" names, you may be able to trust more
CAs and more easily...
-Frank.
Mike Helm wrote:
Frank Siebenlist writes:
name-issuing to a CA is the only safeguard you have against any rogue CA
among the zillions that may be present in your trusted CA-directory.
If you don't / can't trust the CA - don't use it.
--
Frank Siebenlist franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory