LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Specify which TLDs the root CAs are responsible for!

Specify which TLDs the root CAs are responsible for!

Posted Feb 3, 2010 12:52 UTC (Wed) by paulj (subscriber, #341)
In reply to: Specify which TLDs the root CAs are responsible for! by cortana
Parent article: China Internet Network Information Center accepted as a Mozilla root CA

x.509 has this ability already. Subordinate CAs can be recognised by root CAs,
and the subordinate CAs can then sign certificates named below their name.

It's basically little used. My vague impression is that existing root CAs charge
*lots* of money to sign subordinate CA certs, and also other orgs want the
prestige of being a root CA.

Basically, while technical people love logical, hierarchical systems for
naming/responsibility delegate, politics, social dynamics and normal people
seem to abhor it. So these technical hierarchicalisation abilities tend to go to
waste.

SSL, DNS, etc.. They've all tended from hierarchalisation at inception towards
flat, unmanageable messes as deployment increases. (counter examples
would be really interesting, e.g. postal addresses have gotten flatter too
thanks to post codes).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds