[cabfpub] Intermediate certificate names

Eddy Nigg eddy_nigg at startcom.org
Tue Mar 10 17:37:23 UTC 2015


On 03/10/2015 07:20 PM, Gervase Markham wrote:
> That "even" is the key question. The counter argument is that if you 
> still have the private key, you haven't issued a certificate to that 
> organization. You've created one which has their name in...

Right, and we give them the right to use it for the agreed purpose etc.

But it's not used by ourselves and it's not used by company XYZ, but by 
a particular company we engaged with, validated and probably signed a 
contract and which uses it for the agreed purpose using some mechanism. 
The root CA still issued the intermediate CA to that company....

I believe Mozilla defines this as a managed/controlled CA which doesn't 
require disclosure of the CA as compared to an intermediate CA that 
controls the private key (some lose recollection from memory).

-- 
Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/d92d6ff1/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150310/d92d6ff1/attachment-0001.p7s>


More information about the Public mailing list