[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Certificate validity issues
In my thinking, there's another attribute about certificates I've not seen
mentioned:
There are two sorts of certificates one might want:
(1) I might want a certificate for membership in an organization;
however, *they* might want me (and I might not want to be a member).
In this sort of case, one might want to have the recipient of the
certificate have a signature *within* the issuer-signed certificate.
(2) I might be, say, a con artist, and someone might have issued a
certificate to that effect (i.e., Don't work with / for this person).
I certainly wouldn't consent to sign such a certificate (unless I'm
an organization, and signing all complaint certificates is part of a
better-business-bureau type certification.) In this case, it should
be possible to issue a certificate that doesn't require an inside
signature.
I don't see any that there could be any sort of automatic way to
distinguish between the necessity for recipient-signed vs.
recipient-unsigned certificates; One would assume that recipient-unsigned
certificates would be effective only when issued from a high-reputation
source.
Some method should be required to allow user decisions as to this, but
whatever system is designed should definitely allow for both types, and
*require* relevant software to handle both types.
There's actually a third sort of important certificate the system should
handle:
(3) I might be a member of a secret society; I might need a membership
certificate to get access, say, to certain web sites. The system
should allow a "secret certificate," readable only by the issuer.
There may be more important cases like this; someone should take a list
of certificate uses (perhaps CME's list) and categorize them by how the
certs should behave, using the above categories or others. Once that's
done, we can consider what sort of format is necessary to handle all
these cases with equal aplomb.
Jon Lasser
----------
Jon Lasser (410)494-3072 - Obscenity is a crutch for
jlasser@rwd.goucher.edu inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D) - Fuck the CDA.