undefined | Better HN

0 pointsMattPalmer10861y ago0 comments

Oh sure, any change to X.509 certs would require a lot of change.

I'm not sure it would make much difference to most of the existing PKI infrastructure though. CAs wouldn't see any difference. For example, currently this is what happens:

1. Owner: generate CSR and send to CA 2. CA: validates owner identity, signs cert and returns cert to owner.

All we would then add is:

3. Owner: signs cert with own private key and uses it.

As far as I can see, the only other changes required would be to clients (so they could reject non owner signed certs), and maybe some revocation stuff.

0 comments

bawolff1y ago

This doesn't make sense to me. What would you be trying to prove/show with step 3? How would it be different from the status quo?

MattPalmer1086OP1y ago

It doesn't help at all, just a poorly thought out idea.

j / k navigate · click thread line to collapse