On Mon, 24 Jul 2000, ppruett wrote:
>
> FYI for list users, we to have searched long and hard
> for the steps to be a "bundled root CA"
>
...
>
> I think that it would be a good to have a section on "bundled root CA"
> for Simos' bookon openpki http://ospkibook.sourceforge.net
> If anyone else out there has some more information on this please
> send it to the list. I suspect like ourselves others have wasted effort
> with Netscape and MSIE trying to determine their process for picking
> root CAs that they bundle.
...
Hello,
Thanks for your e-mail.
I will add a section on this issue in the new version of the document,
using the information provided from your two e-mails to the openssl
mailling list, making appropriate references to the source.
>From documents I read from the FPKI (Federal PKI/NIST), I found that
the term "trust-list PKI" is a good one to describe the PKI that the
browsers constitute.
I believe that the browser companies would want the highest assurance
from the CAs that they are serious and are doing their best to keep the
private key safe. Thus, there should be a strict procedure in place.
My guess is that one needs to pay lot of money to have ones root
certificate in the browser.
Nevertheless, I believe that there is no much information on bundling
of root certs because it's not some typical procedure. The communication
of the CAs with the browser companies probably takes place off the Net.
It's an issue of finding a person that was involved in the procedure,
and it's a tough one because it does not seem to involve techies rather
than law people, insurance people and managers.
Any non-techies in this list?
Simos Xenitellis
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
