Date: Sat, 18 Sep 93 11:00:21 EST
From: Raymond Lau <raylau(_at_)MIT(_dot_)EDU>
I've noticed that RSA broke from the DN subordination requirement with its
residential CA (Unaffiliated User Certification Authority).
The name subordination rule does not apply for PCA's; hence PCA's can
certify CA's whose names are not subordinate to the PCA's name. It is
the PCA's responsibilities to coordinate with other PCA's (via the IPRA)
to make sure that a CA is only registered under one PCA.
RSA didn't set up a residential CA; it set up a residential PCA --- and
there's a world of difference between the two.
But this is a divergent implementation. With just RSA's UUCA, I satisfied
myself with saying "This is the exception, not the rule." But with TIS
joining the bandwagon, it appears to be the prevalent practice.
Nope, it's not diviergent; see RFC 1422.
- Ted