2003 PKI Design Question
From: Eric O'Callaghan (eric_ocallaghan_at_hotmail.com)
Date: 02/24/05
- Next message: NoSpam: "Re: SMTP Security"
- Previous message: Hairy One Kenobi: "Re: SMTP Security"
- Next in thread: Mark Gamache: "Re: 2003 PKI Design Question"
- Reply: Mark Gamache: "Re: 2003 PKI Design Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Feb 2005 15:54:15 -0500
Hi All,
I want to deploy a Intermediate CA (standalone subordinate to a third party
Trusted Root CA) and an Enterprise Issuing CA (sub to the Inetrmediate CA)
to avail of the auto-enrollment feature.
I plan to distribute the following types of certificates:
Digital Signatures
Secure Messaging Certificates (S/MIME)
EFS Certificates
Certificates for authentication (via smart cards)
Code Signing certificates
My questions are:
Will digital signatures & certificates issued to my users by the internal
issuing CA be trusted by external parties?
Is there a better way to do this? Am I opening up a potential can of worms
security wise with a Trusted Root CA?
Is it possible to generate certificate that do not chain to the trusted root
such as EFS/Authenication certs (via Policy CA)?
Sorry for the 'dumb' questions but I'm pretty new to PKI and just want to be
sure where I should be headed.
Thanks for your help.
- Next message: NoSpam: "Re: SMTP Security"
- Previous message: Hairy One Kenobi: "Re: SMTP Security"
- Next in thread: Mark Gamache: "Re: 2003 PKI Design Question"
- Reply: Mark Gamache: "Re: 2003 PKI Design Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
