RE: Certificate Authorities under increasing spotlight

Good place to start would be the X.509 standard at this point.


Another place is the IETF PKIX standard. It's mostly created by the US
government and lots of US military defense contractors - including the
office systems vendors (like Microsoft, Netscape/Mozilla, Novell, IBM, etc). section



For example, "   DNS name restrictions are expressed as

   name that can be constructed by simply adding zero or more labels to

   the left-hand side of the name satisfies the name constraint.  For




I have not read it but there is likely to be good stuff at Both are world
experts, with lots of real world experience.


its likely to be a book form of the PKIX specs, detailing some additional
background from the various US government projects that folks used to help
define the requirements for the IETF's profiling choices.  


If one wants to think like a phone company or defense dept doing secure
comms, read the above. Alternatively, there is a Wikipedia article, which
general rants on about the evils of PKI and certs, per usual. Other rants go
on about signed XML too, though. So pick your poisen.


if you are a user of Windows, one can also see what that platform supports


Received on Friday, 25 March 2011 01:16:20 UTC