John Lowry> A certificate is an assertion of a binding between an identity
(in the form of a DN) and a public key. The purpose of PCAs and their
policies is to help establish how much faith to place in the veracity of
the stated identity.
Hmmm. I guess that you are agreeing with me although its hard to be sure.
You do seem to be mixing the identity of the user and its veracity with
the user's DN. The quality of the binding between the user and the DN
is what I have presumed is contained in the policy statement. The quality
of the binding between the DN and the public component of the key is
defined in the standard, (and the presumed quality of the algorithm used.)
While I agree with the statment, I would like to know what authority you
have to make it. I have unsuccessfully looked for such a definition of
purpose in both the CCITT and internet documents. Any help here would be
appreciated.
Peace ..