> >What is the purpose of global CAs such as
> >Verisign if I can't trust the certificates to identify an end user?
>
> That is indeed the question. At least the part before the "if" :)
>
> At least now you can have a single value (subject,issuer,serial#)
> to map "global identity" (sic) into l
>What is the purpose of global CAs such as
>Verisign if I can't trust the certificates to identify an end user?
That is indeed the question. At least the part before the "if" :)
At least now you can have a single value (subject,issuer,serial#)
to map "global identity" (sic) into local credentia
> >What I was hoping to determine from this thread was whether or not by
> >using a verified cert one could determine in a trusted manner who the
> >user is.
>
> You really think X509 certs should be a global ID
> mechanism? You think it's a step backwards that
> they're not?
I wouldn't describ
On Thu, 4 Nov 1999, Jeffrey Altman wrote:
> So lets modify the question to be:
>
> Given that there is no mechanism for certificate to userid mapping
> that is both universal and secure and satisfies the privacy concerns
> of end users, does anyone have an opinion on what this API shoul
I'm not certain that using the subjectAltNames field is the "proper"
thing to do.
The problem I see is that you may wish to use a certificate at more
than one site, with possibly different usernames.
Even if you can store an arbitrarily long list of local usernames
in *any* of the fields in a
Michael Urban wrote:
> Perhaps a file mapping a certificate subject name to a local
> username is a better solution. The certificate can be used at sites
> with different usernames that aren't known at certificate issue time,
> and doesn't require extra baggage in the certificate.
This might wo