[EMAIL PROTECTED] writes: >I would think this would be rather common, and I may have heard about certs >that had authority to sign other certs in some circumstances...
The desire to do it isn't uncommon, but it runs into problems with PKI religious dogma that only a CA can ever issue a certificate. For example I proposed this on the PKIX working group nearly a decade ago, specifically the ability for end entities with signing certs to issue their own encryption certs, since there's absolutely no need to involve a CA in this. I've still got the draft online at http://www.cs.auckland.ac.nz/~pgut001/pubs/autonomous.txt. The WG chair's response was "we don't want to turn X.509 into PGP", and that was the end of it. The grid computing folks eventually got something through in the form of proxy certificates for the Globus GSI, but that probably isn't what you're looking for. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
