>What is the purpose of global CAs such as
>Verisign if I can't trust the certificates to identify an end user?

That is indeed the question.  At least the part before the "if" :)

At least now you can have a single value (subject,issuer,serial#)
to map "global identity" (sic) into local credentials.  If you
think that any random cert signed by any random CA can be trusted
by your local programs.

In many cases globally-scalable identities have to be mapped down
into a smaller ID space -- e.g., a 32bit Unix userid.

There's no magic bullet here.
        /r$
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to