CFP: PKI research workshop

lynn.wheeler at firstdata.com lynn.wheeler at firstdata.com
Sun Jan 13 13:04:40 EST 2002


to be fair ... most commercial CA's have to verify with the domain name
infrastructure as to the owner of the domain name ... before issuing a SSL
domain name server cert. Note however, one of the justifications for having
SSL domain name server cert is because of concerns with regard to domain
name infrastructure integrity issues and things like domain name
hikjacking. Note however, that if the domain name infrastructure has had a
domain name hijack before the SSL server cert is applied for ... when the
CA goes to the domain name infrastructure to verify the domain name
ownership ... it will verify and a SSL server cert can be issued to the
wrong entity (aka the issuing of a SSL server cert is subject to some of
the same integrity exposures as concerns that gave rise to having SSL
server certs in the first place).

Furthermore, some of the proposals to address domain name infrastructure
integrity issues so that CAs can trust their verification as to domain name
ownership ... also eliminates justifications for needing SSL server certs

random refs:
http://www.garlic.com/~lynn/subtopic.html#sslcerts



kudzu at tenebras.com on 1/12/2002 12:31 pm wrote:



To be fair,  most commercial CA's require evidence of "right to use"
a FQDN in an SSL server cert.  But your point is apt.






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list