Juergen Rensen wrote:
>
> M2c: Credit card organizations and banks have successfully generated the
> image that strong encryption protecting from fraudaulent use of credit
> cards is solely in the interest of the customer. What the customer is
Hmm...I suspect its actually in the interest of t
M2c: Credit card organizations and banks have successfully generated the
image that strong encryption protecting from fraudaulent use of credit
cards is solely in the interest of the customer. What the customer is
actually protected from is an increase in credit card fees, since the CC
organi
Paul Rubin wrote:
>
> Well the CA *is* preloaded and Verisign just sign a bank subordinate CA
> using the global ID root. The subordinate CA can then issue global
> server IDs of its own but (presumably) no further global ID CAs because
> of a path length restricti
Well the CA *is* preloaded and Verisign just sign a bank subordinate CA
using the global ID root. The subordinate CA can then issue global
server IDs of its own but (presumably) no further global ID CAs because
of a path length restriction.
Stephen, are you saying
> What about if a recognized CA (such as Thawte) tries to issue GSID's?
> Are there special bits in the Verisign root that's shipped with the
> browser? Or only in the intermediate CA cert that signs the actual
> GSID?
This is all explained fairly well in the mod_ssl package.
/r$
__
On Fri, 23 Apr 1999, Dr Stephen Henson wrote:
> Well the CA *is* preloaded and Verisign just sign a bank subordinate CA
> using the global ID root. The subordinate CA can then issue global
> server IDs of its own but (presumably) no further global ID CAs because
> of a path length restriction.
Br
>I believe Verisign has certified some US banks to issue their
>own global server IDs by siging a CA certificate with their
>global server root, and with suitable path length protection.
I don't think that helps. In order to do be a "step-up CA" you
have to
Yes, you can't use an end user certificate as a CA (well there was this
one broken one you could...) with most software because it isn't marked
as being a valid CA. Either by having the CA flag set to FALSE in
basicConstraints or implicitly because basicConstraints
Salz, Rich wrote:
>
> >I believe Verisign has certified some US banks to issue their own global
> >server IDs by siging a CA certificate with their global server root, and
> >with suitable path length protection.
>
> I don't think that helps. In order to do be a "step-up CA" you have to get
> th
>Yes, you can't use an end user certificate as a CA (well there was this
>one broken one you could...) with most software because it isn't marked
>as being a valid CA. Either by having the CA flag set to FALSE in
>basicConstraints or implicitly because basicConstraints is absent and
>probably not
Ben Laurie wrote:
>
> Juergen Rensen wrote:
> >
> > Hi,
> >
> > I understand that the Global ID cert actually consists of two chained
> > certificates. Is there a way that someone with a valid Global ID (ie a
> > bank) can sign a new certificate (ie for a merchant server) which will
> > cause bro
Juergen Rensen wrote:
>
> Hi,
>
> I understand that the Global ID cert actually consists of two chained
> certificates. Is there a way that someone with a valid Global ID (ie a
> bank) can sign a new certificate (ie for a merchant server) which will
> cause browsers to use strong encryption when
12 matches
Mail list logo
