On Thu, Jan 22, 2009 at 1:59 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Eddy Nigg: >> but I guess that sub CAs could be published, end-user certificates >> most likely not. > > Why not?
Among other things: - The ability for other entities to mine that data for improper contact - The ability for the information in the certificates to be otherwise misused - Not every certificate user wants to identify as being a part of a given PKI system - Requiring full disclosure of the linkage of legal name to email address (for end-user certs, not necessarily end-entity certs) violates the end-entity's ability to control dissemination of information * nobody has yet signed up for this * if this becomes common, it'll be the death knell for client certificate authentication (nobody will participate) - No CA wants to reveal its actual subscriber numbers I'm pretty sure that Eddy'll be able to come up with more, as well as Rob, and representatives from other CAs. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
