Kyle, In a previous message you said
"...Trying to insist that the DN be matched solely from an authoritative CA violates this "principle of least privilege", which means that people can't use authoritative CAs if they want to protect their personal information from identity thieves and still communicate over the network."
PoLP is very well aligned with the model of authoritative CAs, since each CA is trusted only for the scope of identity info for which it is authoritative. If I have a gmail account for MrBig, then if Google issues a cert identifying me as [email protected] I can have privacy (well, maybe not so much as before the new Google policies ;-)) and still be consistent with the authoritative CA model.
Steve _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
