Re: PKI and Relying Parties

• Previous message: Nico Kadel-Garcia: "Re: newbie - scp: stderr i.n.a tty, broken pipe error"
• In reply to: Paul Rubin: "Re: PKI and Relying Parties"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Citizen Fish <fishy@<tut tut>answer.me.uk>
Date: Fri, 29 Mar 2002 15:48:15 +0000

Paul Rubin coughed up the following:

> Citizen Fish <fishy@<tut tut>answer.me.uk> writes:
>> (In my opinion) Any public CA not providing 1) and a relying party
>> agreement against it is a waste of time. Essentially you need to strike
>> up relying party agreements with CAs (and their revocation lists) which
>> ensure that they carry liability for not meeting their advertised CPs,
>> which will include authentication process, crl publishing frequency and
>> process.
>
> Do these even exists? I've seen CA agreements that indemnify the
> cert holder in various ways, but I've never seen one that promised
> anything for relying parties.

Sure do, I am currently working for one in the UK.

Be-aware that these agreements provide liability against the CA process NOT
the identity itself, ie. they will pay if they do not follow their
authentication process.

-- 
Come inside boy - they call this fun!,..........

• Previous message: Nico Kadel-Garcia: "Re: newbie - scp: stderr i.n.a tty, broken pipe error"
• In reply to: Paul Rubin: "Re: PKI and Relying Parties"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]