[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Who generates AOCE keys?
Christian D. Odhner writes:
>what keeps people from [getting certified] keys with somebody else's name
The The relation between the preferred signature authority for the
installation, and that installation. From the documentation:
>Some companies authorized to issue approval files to their employees may
>require that you sign a printed request form and have it notarized by a
>notary public. (To create a printed request form, choose Print from the File
>menu.) Note: If you are going to use your Signer as an individual or in a
>small business, look for the insert that came with this package for
>instructions on using an outside approval authority.
>Print your request and send it, with a copy of the Request file on disk if
>necessary, to your approval authority. See the insert that came with your
>package for details. Assuming that your request form has been completed
>properly, the approval authority will send back your Signer Approval file.
...which would seem to put the lie to (the general application of) my
ealier statement:
>[the key] can be mailed automagically to RSADSI
Which turns out to be true only for the 'low assurance' RSA Persona
Certificate Authority (currently handing out certificates for free) which
does no verification of the user<-->id link. CAs with more stringent
policies have stronger prerequisites for the issuance of a certificate.
Hope this helps,
Scott Collins | "Few people realize what tremendous power there
| is in one of these things." -- Willy Wonka
......................|................................................
BUSINESS. voice:408.862.0540 fax:974.6094 [email protected]
Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014
.......................................................................
PERSONAL. voice/fax:408.257.1746 1024:669687 [email protected]