[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Name Constraints, was Re: [caops-wg] Re: ca signing policy file
- To: "Cowles, Robert D." <rdc@xxxxxxxxxxxxxxxxx>
- Subject: Re: Name Constraints, was Re: [caops-wg] Re: ca signing policy file
- From: Frank Siebenlist <franks@xxxxxxxxxxx>
- Date: Wed, 12 Oct 2005 15:27:58 -0700
- Cc: David Chadwick <d.w.chadwick@xxxxxxxxxx>, helm@xxxxxxxxxxxx,Von Welch <vwelch@xxxxxxxxxxxxx>, "Tony J. Genovese" <tony@xxxxxx>,CAOPS-WG <caops-wg@xxxxxxx>, Olle Mulmo <mulmo@xxxxxxxxxx>,Joni Hahkala <joni.hahkala@xxxxxxx>, Jules Wolfrat <wolfrat@xxxxxxx>,Ron Trompert <ron@xxxxxxx>
- Delivered-to: grdfm-caops-wg-outgoing@mailbouncer.mcs.anl.gov
- Delivered-to: grdfm-caops-wg@mailbouncer.mcs.anl.gov
- In-reply-to: <A34E01EABE96174A81D754F98FC574E8016738D0@exch-mail4.win.slac.stanford.edu>
- References: <A34E01EABE96174A81D754F98FC574E8016738D0@exch-mail4.win.slac.stanford.edu>
- Sender: owner-caops-wg@xxxxxxx
- User-agent: Thunderbird 1.4.1 (Macintosh/20051006)
Cowles, Robert D. wrote:
The obvious choice for the "identifier" is the public
key. The drawback is that it would be good to change
the keypair more often than you change identity.
:-)
Can you explain name collisions cannot occur?
Careful... I said "should", not "cannot"...
CA's are supposed to "know" not to overstep their issuing boundaries
through secret handshakes and such.
-Frank.
-----Original Message-----
From: Frank Siebenlist [mailto:franks@mcs.anl.gov]
...
When you say "name collisions", you must be referring to either
compromised CAs or errors as name collisions should not occur...
--
Frank Siebenlist franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory