[Cryptography] VCAT report on NIST's process review
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jul 17 00:21:25 EDT 2014
Phillip Hallam-Baker <phill at hallambaker.com> writes:
>You can indeed write a CPS that says 'we give any certificate to anyone who
>asks' and you will be fully compliant with the IETF RFCs. You would not
>however be compliant with the CABForum Certificate Policy requirements
That hasn't stopped commercial CAs from doing this in the past (and, no doubt,
in the future as well). In terms of effectiveness, the CABF is rather less
useful than the League of Nations.
>and your applications to get your root included would likely be rejected.
That's why you declare yourself to be compliant before you get your root
included, and only once you're in do you give any certificate to anyone who
asks.
Peter.
More information about the cryptography
mailing list