W3C home > Mailing lists > Public > public-xg-webid@w3.org > March 2011

RE: Certificate Authorities under increasing spotlight

From: peter williams <home_pw@msn.com>
Date: Thu, 24 Mar 2011 18:14:48 -0700
Message-ID: <SNT143-ds6F4E012A74954C18BC2BE92B90@phx.gbl>
To: "'Henry Story'" <henry.story@bblfish.net>
CC: "'WebID XG'" <public-xg-webid@w3.org>
Good place to start would be the X.509 standard at this point.


Another place is the IETF PKIX standard. It's mostly created by the US
government and lots of US military defense contractors - including the
office systems vendors (like Microsoft, Netscape/Mozilla, Novell, IBM, etc).

http://tools.ietf.org/html/rfc5280 section



For example, "   DNS name restrictions are expressed as host.example.com.

   name that can be constructed by simply adding zero or more labels to

   the left-hand side of the name satisfies the name constraint.  For

   example, www.host.example.com"



I have not read it but there is likely to be good stuff at 

http://www.wiley.com/legacy/compbooks/catalog/39702-4.htm. Both are world
experts, with lots of real world experience.


its likely to be a book form of the PKIX specs, detailing some additional
background from the various US government projects that folks used to help
define the requirements for the IETF's profiling choices.  


If one wants to think like a phone company or defense dept doing secure
comms, read the above. Alternatively, there is a Wikipedia article, which
general rants on about the evils of PKI and certs, per usual. Other rants go
on about signed XML too, though. So pick your poisen.


if you are a user of Windows, one can also see what that platform supports
at: http://technet.microsoft.com/en-us/library/cc780153(WS.10).aspx. 

Received on Friday, 25 March 2011 01:16:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:42 UTC