x509 v1 certificate
Werner Koch
wk at gnupg.org
Mon Sep 25 17:19:01 CEST 2006
On Mon, 25 Sep 2006 16:44, Kazu Yamamoto (山本和彦) said:
>> Isn't that the company who once issue a certificate for MICROS0FT.COM :-)
>
> I don't understand what's point here.
The point is that the whole CA business is about collecting money and
not about security. A security aware CA would have checked names not
just by scripts but by proper manual checks. And then a name as
simliar to MICROSOFT.COM (watch out for the "0/O") would not be
eligable for such a certificate.
> Some authors of RFC 3280 belongs to versign. Why did they have to
[The advantage for them to work in the WG was to help them educate a
little bit on how to CA the right way.]
> It seems to me that it is not the case. They wrote RFC3280 so as their
> certificates are all valid and unfortunately Section 4 is mis-leading
> somewhat.
Yep. The usual specification mangling process to turn all bugs in a
software into a feature.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list