Skip to Content.
Sympa Menu

cacert-policy - current class3 usage of registeredcommons and issue mixup was: Re: proposal to stop issuing class3 certificates

Subject: Policy-Discussion

List archive

current class3 usage of registeredcommons and issue mixup was: Re: proposal to stop issuing class3 certificates


Chronological Thread 
  • From: Daniel Black <daniel AT cacert.org>
  • To: cacert-policy AT lists.cacert.org
  • Subject: current class3 usage of registeredcommons and issue mixup was: Re: proposal to stop issuing class3 certificates
  • Date: Thu, 14 Jan 2010 23:31:14 +1100
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
  • Organization: CAcert
On Thursday 14 January 2010 22:22:25 Alexander Prinsier wrote:
> On 01/14/2010 02:49 AM, Daniel Black wrote:
> >> I am against it, since we still have users that require Class3
> >> certificates for their applications.
> >> One such application I know of is http://registeredcommons.org/
> >> There might be others as well that I have not heard about yet.
> >
> > it seems as though they could achieve the same thing with class1
> > certificates.
> >
> >         SSLVerifyDepth 3
> >         SSLCACertificatePath /usr/share/ca-certificates/cacert.org/
> >         SSLCADNRequestPath /usr/share/ca-certificates/cacert.org/
> >         SSLOptions +StdEnvVars +ExportCertData
> >     SSLRequire %{SSL_CLIENT_S_DN_CN} != 'CAcert WoT Member'
> 
> Why doesn't registeredcommons use the class3 as their trusted root, and
> not the class1? (at least for the purpose of verification in apache). It
> looks more simple to me.

ask them.

> Same idea for those 2 universities: why don't they install the class3 as
> their trusted root instead of class1?

Because trust verification isn't the issue for these two universities.

-- 
Daniel Black

Archive powered by MHonArc 2.6.16.

Top of Page