On 11/21/2008 10:12 PM, kgb:
Only validated and approved domain names can be included in a cert, whether in the Subject DN or the SAN. It is the default template, and best practice that the SAN (e.g. RFC822, dnsName) to be filled in the certificates. Its the case for some but not all customers. I really hope its not necessary once we can guarantee that only validated domains are used in the certificates.
The issue I care mostly about is, what happens when one if these systems get compromised without you (the CA) ever detecting. Since those system aren't under your control, this is entirely possible and the risk is certainly higher than at your infrastructure. The threats may come from unknown source or from the customer himself (or their employees).
The from you issued CA certificate with a path length of 0 and naming constraints limitation is what convinces me as a reasonable protection regarding above case. However it would have to be enforced by SAN extension. How come your customers can decide if to include the relevant alternative name or not? Isn't this something you should control?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto