[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I agree with Greg Troxel. In Netscape, for example, each time a user has to sign
something with his private key, he must enter the password that protects that
key. This rapidly becomes a pain. Thus, certificates should only be self-signed
when it is necessary.
Many certificates need no signature by the holder. For example, we want to use
SPKI certificates for authorization control in online electron microscopes. A
certificate that is issued to the user after he has passed a training test does
not need to be signed by the user because the test administrator is the only
party that needs to be satisfied that the test was passed properly. However, a
certificate of payment for the online session should be signed by the certificate
holder because it implies a real financial liability that the holder must be
legally liable for.
Oak Ridge National Laboratory