A question for those who follow PKI usage trends.
Is there a list of CAs that issue X.509 end-user certificates?
Here is the rationale for the question:
If an end-user has a certificate, he (more or less consciously) controls
a private key. Suppose one deploys a web server that cares *only* about
end-user public keys, e.g. it keeps track of end-user reputation and
that's it for trust management. Then any type of certificate is good
enough (self-signed, auto-issued, issued by a regular
"client-cert-issuing CA").
This web server can have an immediate potential user base if it
negotiates the TLS session with a long list of CA distinguished names
(in the CertificateRequest message).
The management tools for the contemplated web server scheme would
include an issuer DN extraction utility from end-user or CA certificates
so that the list may be augmented based on casual observations. Also,
the SSL debugging tools will report the contents of CertificateRequest
messages from public servers supporting client certs.
Anyone went through such data collection before?
Thanks in advance.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
