On 4/9/2014 2:04 PM, Rob Stradling wrote:
Right, the key word here is "controls" and from certificate data its not too obvious, at least for me, who in reality is the CA (that owns the private key).On 09/04/14 11:57, Moudrick M. Dadashov wrote: <snip>Comodo operate intermediate CAs for several of our partners in a similar fashion. The partner is named in the intermediate certificate's Subject organizationName, but it is Comodo who controls the intermediate CA private key and checks each certificate request.Rob, should we call this as "Hosted CA" or "CA hosting" service?Hi Moudrick. Yes, something like that, although I'd prefer to call this something that explicitly states that it's the Issuer of the Intermediate CA that controls the private key (and not, as you might expect, the Subject). If we can think of a suitable term...
We should make this clear - either the technical controller (hosting service provider) is the entity who controls (in legal sense owns) the private key or the Subject is the owner of the private key, despite the fact that its technically under the control of a hosting service provider.
Like in case of domain names, we need somehow to distinguish these two aspects: ownership and technical control.
Only the entity that owns the private key is the CA (?). Thanks, M.D.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
