[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Root Certificate integration of DFN-PCA
From:       George Staikos <staikos () kde ! org>
Date:       2002-02-21 20:57:24
[Download RAW message or body]

On Thursday 21 February 2002 14:50, Neil Stevens wrote:
> On Thursday February 21, 2002 11:44, Andreas Pour wrote:
> > Just to clarify on this point a bit.  The issue is one of legal
> > authority.  As you know, certificate issuers have procedures in place to
> > verify that (i) the organization seeking the certificate is legitimate
> > (easy in this case); (ii) that the organization has authorized the root
> > certificate; and (iii) that the person submitting the root certificate
> > is authorized to do so.  Probably there is something else I'm missing,
> > but those are the essential issues.
> >
> > With respect to a root certificate the issue is far more serious.  There
> > is no way for us to know you are who you claim to be, or, even if so,
> > that you are authorized to provide your institution's root certificate.
> > Verifying this entails certain legal procedures that we are ill-equipped
> > to handle on our own.  It's not that they would be overly complicated,
> > but you can see the problem if, say, some cracker posing as an official
> > convinced us to include a root certificate in the browser.
>
> Do the ones already included in KDE meet this standard?  Be consistent.
> It's the only way to be fair.

   Sorry for the long quote, but to keep the context for this email....

   Yes.  They do meet this standard in that they have already passed this 
procedure in a legal context with the two most proliferant browsers 
available.  We're riding off their legal work. :)

   I personally do not have time to verify these guys, and don't plan on it.  
If they get their certificate signed by Verisign and send me the chain, I 
will include it without a second thought.  Obviously this is a major ego-blow 
to anyone wishing to be a CA though.

-- 

George Staikos

[prev in list] [next in list] [prev in thread] [next in thread]