blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
3.4.4.3 PERSONA CAs Connected: An Internet Encyclopedia
3.4.4.3 PERSONA CAs

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1422
Up: 3. Architecture
Up: 3.4 Roles and Responsibilities
Up: 3.4.4 Certification Authorities
Prev: 3.4.4.2 Residential CAs
Next: 3.4.4.4 CA Responsibilities for CRL Management

3.4.4.3 PERSONA CAs

3.4.4.3 PERSONA CAs

One or more CAs will be established to accommodate users who wish to conceal their identities while making use of PEM security features, e.g., to preserve the anonymity offered by "arbitrary" mailbox names in the current mail environment. In this case the certifying authority is explicitly NOT vouching for the identity of the user. All such certificates are issued under a PERSONA CA, subordinate to a PCA with a PERSONA policy, to warn users explicitly that the subject DN is NOT a validated user identity. To minimize the possibility of syntactic confusion with certificates which do purport to specify an authenticated user identity, a PERSONA certificate is issued as a form of organizational user certificate, not a residential user certificate. There are no explicit, reserved words used to identify PERSONA user certificates.

A CA issuing PERSONA certificates must institute procedures to ensure that it does not issue the same subject DN to multiple users (a constraint required for all certificates of any type issued by any CA). There are no requirements on an issuer of PERSONA certificates to maintain any other records that might bind the true identity of the subject to his certificate. However, a CA issuing such certificates must establish procedures (not specified in this document) in order to allow the holder of a PERSONA certificate to request that his certificate be revoked (i.e., listed on a CRL).

As an example, a PERSONA user certificate might include a subject DN of the form: C = "US" SP = "Massachusetts" L = "Boston" O = "Pseudonyms R US" CN = "Paul Revere." The issuer of this certificate might have a DN of the form: C = "US" SP = "Massachusetts" L = "Boston" O = "Pseudonyms R US". Note the differences between this PERSONA user certificate for "Paul Revere" and the corresponding residential user certificate for the same common name.


Next: 3.4.4.4 CA Responsibilities for CRL Management

Connected: An Internet Encyclopedia
3.4.4.3 PERSONA CAs

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609