[cabfpub] [CABFORUM] Re: Intermediate certificate names

Eddy Nigg eddy_nigg at startcom.org
Tue Mar 10 17:07:46 UTC 2015

On 03/10/2015 06:59 PM, Peter Bowen wrote:
> How do you define "the real CA"?

When speaking about intermediate CAs I believe there are two external 
types. Those that are fully controlled by the CA holding the private key 
and those that are managed and controlled by the parent CA not holding 
the private key.

However in both scenarios the intermediate CA is designed to be used for 
an by a particular entity for whatever purpose the parent CA agreed to. 
The difference is the way each type is audited and disclosed (Mozilla).

The third type is the intermediate CA that is controlled and used by the 
parent CA internally and directly.

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/b2a45a73/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/b2a45a73/attachment.p7s>

More information about the Public mailing list