<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 03/10/2015 06:59 PM, Peter Bowen
wrote:<br>
</div>
<blockquote
cite="mid:CAK6vND8FCCUOgtP6=iwjg4Xxnndsqn9VK5EoFd1s4a4ODcZ3DQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">How do you define "the real CA"? </div>
</div>
</div>
</blockquote>
<br>
When speaking about intermediate CAs I believe there are two
external types. Those that are fully controlled by the CA holding
the private key and those that are managed and controlled by the
parent CA not holding the private key.<br>
<br>
However in both scenarios the intermediate CA is designed to be used
for an by a particular entity for whatever purpose the parent CA
agreed to. The difference is the way each type is audited and
disclosed (Mozilla). <br>
<br>
The third type is the intermediate CA that is controlled and used by
the parent CA internally and directly. <br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>