[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Self-signed certificates

I agree with Greg Troxel. In Netscape, for example, each time a user has to sign 
something with his private key, he must enter the password that protects that 
key. This rapidly becomes a pain. Thus, certificates should only be self-signed 
when it is necessary.

Many certificates need no signature by the holder. For example, we want to use 
SPKI certificates for authorization control in online electron microscopes. A 
certificate that is issued to the user after he has passed a training test does 
not need to be signed by the user because the test administrator is the only 
party that needs to be satisfied that the test was passed properly. However, a 
certificate of payment for the online session should be signed by the certificate 
holder because it implies a real financial liability that the holder must be 
legally liable for.

Jim Rome
Oak Ridge National Laboratory