Re: [caops-wg] Name Constraints - attempt at framing issues

[David Chadwick <d.w.chadwick@xxxxxxxxxx>]

Cowles, Robert D. wrote:
>  
>
>
> > Trusted third parties that cannot be trusted!! Why are we 
> > bothering with 
> > them? Building a whole trust infrastructure on untrusted TTPs is a 
> > pointless exercise in futility.
>
> Yes ... well, it was pointed out at the last EUgridPMA meeting
> that the VO's go thru almost the exact same process to register
> people ... so what value did the CA's provide? 
Well if its a Thawte cert, precisely none.

As I have said before, the purpose of a CA is to authenticate a user's 
right to use a claimed name, and then bind that to his public key ie. to 
certify the key to name binding. ie., a certification authority. It is 
not, I repeat not, to be a naming authority.

regards
David

> BC
--

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************