[cabfpub] Intermediate certificate names
Eddy Nigg
eddy_nigg at startcom.org
Tue Mar 10 10:37:23 MST 2015
On 03/10/2015 07:20 PM, Gervase Markham wrote:
> That "even" is the key question. The counter argument is that if you
> still have the private key, you haven't issued a certificate to that
> organization. You've created one which has their name in...
Right, and we give them the right to use it for the agreed purpose etc.
But it's not used by ourselves and it's not used by company XYZ, but by
a particular company we engaged with, validated and probably signed a
contract and which uses it for the agreed purpose using some mechanism.
The root CA still issued the intermediate CA to that company....
I believe Mozilla defines this as a managed/controlled CA which doesn't
require disclosure of the CA as compared to an intermediate CA that
controls the private key (some lose recollection from memory).
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150310/d92d6ff1/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20150310/d92d6ff1/attachment-0001.bin
More information about the Public
mailing list