Talk:Certificate authority
From Wikipedia, the free encyclopedia
 |
This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks. |
|
It is intended that this article be included in WikiReader Cryptography, a WikiReader on the topic of cryptography. Help and comments for improving this article would be especially welcome. A tool for coordinating the editing and review of these articles is the daily article box. |
 To-do list for Certificate authority: |
edit · history · watch · refresh |
|---|---|
SSL CAs: Verisign, GeoTrust, Thawte, Cybertrust, DigiCert, Comodo, Entrust.net, GlobalSign, SecureTrust/Xramp, GoDaddy Random sampling of Certification Service Providers (CSP):
-- Cryptoki 01:25, 21 February 2007 (UTC) |
|
Contents |
[edit] The first CA
Who was the first commercial CA?
- RSA Certificate Services which was spun out as VeriSign Inc. --66.31.35.185 16:56, 14 March 2006 (UTC)
[edit] Trust of a CA
Should there not be some discussion and references to the methods involved in developing a third party trust particular to the Certificate Authority/PKI technology and industry?
http://www.ietf.org/rfc/rfc3647.txt
Internet Engineering Task Force IETF RFC3647
November 2003M
"This document presents a framework to assist the writers of certificate policies or certification practice statements for participants within public key infrastructures, such as certification authorities, policy authorities, and communities of interest that wish to rely on certificates. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy or a certification practice statement. This document supersedes RFC 2527."
http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+X9.79%3A2001
American National Standards Institute ANSI X9.79:2001
2001
"Defines the components of a PKI and sets a framework of practices and policy requirements for a PKI. The standard draws a distinction between PKI systems used in open, closed and network environments. It further defines the operational practices relative to industry accepted information systems control objectives. PKI practices implementing this standard can support multiple policies that incorporate the use of digital signature technology. This standard allows for the implementation of operational, baseline PKI practices that satisfy industry accepted information systems control objectives."
http://ftp.webtrust.org/webtrust_public/tpafile7-8-03fortheweb.doc
AICPA/CICA Web Trust Program for Certificate Authorities Version 1.0
American Institute of Certified Public Accountants/
Canadian Institute of Chartered Accountants
August 25, 2000
"This document provides a framework for licensed WebTrust® practitioners to assess the adequacy and effectiveness of the controls employed by certification authorities (CAs)." (p12!)
http://www.ietf.org/rfc/rfc2527.txt
Internet Engineering Task Force IETF RFC2527
March 1999
"This document presents a framework to assist the writers of certificate policies or certification practice statements for certification authorities and public key infrastructures. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy definition or a certification practice statement."
[edit] Requested move
While "certificate authority" is common, "certification authority" is the more correct (cf. "registration authority", not "register authority"). "Certification authority" is the term standardized by X.509. --Ant 09:38, 8 January 2007 (UTC)
- 509 is increasingly irrelevant to real world practice. And in the case of hte English terms here, certificate is a thing (though abstact) which is issued by some entity (the authority). That entity does not do certification in some even more abstract sense. I would retain the usual usage here for that reason, as well as for the reason of usual usuage. Disagree. ww 00:42, 9 January 2007 (UTC)
[edit] Safelayer.com
An editor using the IP address 81.44.89.205 has added a link to Safelayer.com in the "Free providers" section. However, when I took a cursory look at the link, I didn't see any mention of free certificates. Can the editor point out exactly what free services are avaialable? --Gerry Ashton 23:38, 20 February 2007 (UTC)
[edit] Alice, Bob and Mallory
It says "Bob can be tricked into accepting a forged signatures from Alice", but Alice is the good girl here, so I would recommend to change "apparently from Alice". -- Mtodorov 69 10:31, 14 May 2007 (UTC)
[edit] Market share
The bit about April 2007 market shares has Network Solutions separated from "VeriSign and its acquisitions," but the VeriSign article says that Network Solutions was acquired by VeriSign in 2000. Can someone clarify or verify?
-- Verisign bought Network Solutions in 2000 for $15 billion in stock. It sold Network Solutions' internet registrar business in 2003 to Pivotal Private Equity for $100 million (retaining exclusive control of the registry business). --Cryptoki 16:18, 7 June 2007 (UTC)
The Security Share link goes to a page that requires registration. Is there a freely available source for the information instead? If not, I think the link should be deleted as per Wikipedia:External_links#Sites_requiring_registration 67.43.134.60 (talk) 01:00, 11 April 2008 (UTC)
