On Wed, Feb 05, 2014 at 10:30:38PM +0100, Peter Lebbing wrote: > By the way, I still think the CA certifies that the certificate belongs to the > person or role identified by the DN. The problem is that when someone vouches > for the truth of something, that doesn't make it an actual fact. It sometimes > means the certifier is simply sloppy or a liar. Certification is a statement, > not truth.
I think that the CA certifies whatever its Certification Practice Statement says it certifies -- because that is a document you could present to a court as evidence. Commercial CAs typically are audited periodically to determine that their operations conform to their CPS. The problem is that a CPS can say *anything*. Without reading it, you have no way of knowing what you should expect that CA's certificates to mean. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
