2008/6/12 Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]>: > I found that Frank created http://wiki.mozilla.org/CA:Problematic_Practices > and Kathleen has started to ask questions also relating to those practices > during here information gathering and reviews.
That page lists "Allowing external entities to operate subordinate CAs" as a problematic practice. If a company or school needs to issue a lot of certs to its internal servers, what is the recommended practice? I always thought the organization should operate an intermediate CA subordinate to a root CA. Isn't that the hierarchical model of PKI? If this is a problematic practice, is Mozilla recommending that the organization buy individual certs from a commercial CA, or operate its own root CA? Perhaps this is why we have so many root CAs now. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto