[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Name Constraints, was Re: [caops-wg] Re: ca signing policy file
- To: "Frank Siebenlist" <franks@xxxxxxxxxxx>
- Subject: RE: Name Constraints, was Re: [caops-wg] Re: ca signing policy file
- From: "Cowles, Robert D." <rdc@xxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Oct 2005 16:00:59 -0700
- Cc: "David Chadwick" <d.w.chadwick@xxxxxxxxxx>, <helm@xxxxxxxxxxxx>,"Von Welch" <vwelch@xxxxxxxxxxxxx>, "Tony J. Genovese" <tony@xxxxxx>,"CAOPS-WG" <caops-wg@xxxxxxx>, "Olle Mulmo" <mulmo@xxxxxxxxxx>,"Joni Hahkala" <joni.hahkala@xxxxxxx>,"Jules Wolfrat" <wolfrat@xxxxxxx>, "Ron Trompert" <ron@xxxxxxx>
- Delivered-to: grdfm-caops-wg-outgoing@mailbouncer.mcs.anl.gov
- Delivered-to: grdfm-caops-wg@mailbouncer.mcs.anl.gov
- Sender: owner-caops-wg@xxxxxxx
- Thread-index: AcXPf7fGM6/kPbeDQOKvuXapZBLFoAAAMWOQ
- Thread-topic: Name Constraints, was Re: [caops-wg] Re: ca signing policy file
But such "ageeemwnts" are just a way of encoding the CA in the
random number. What about number portability? If I have a
number from CA-1 are you saying I can't take that cert to
CA-2 and get a certificate from them?
BC
> -----Original Message-----
> From: Frank Siebenlist [mailto:franks@mcs.anl.gov]
...
> This means that when you allow multiple CAs to issue random
> numbers as
> names for subjects, those CAs should have some agreement that none of
> their fellow CAs should issue the same random number to a different
> person/entity. There are some technical solutions that could help to
> prevent collisions, but the main issue is one of policy conformance.
>
> -Frank.