[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
X.509 certs that don't guarantee identity
On the 23rd, Jeff Weinstein said this concerning the natural
semi-anonymity of the net:
> Given that verisign and others will soon begin issuing large numbers of
> certificates that do not guarantee the identity of the key holder, it seems
> that this tradition will continue even with the wide deployment of X509
> certs.
This has been bugging me since I read it. I'm not sure I understand the
plan; it only makes sense to me if "anonymous" X.509 certs are issued
for user authentication only, not for server authentication. Is that
what this is about?
(If anonymous certs are issued for servers, why should such a cert be
treated any differently than one I generate on my own, which causes
warning screens about an unknown CA to pop up?)