John Lowry> A certificate is an assertion of a binding between an identity
(in the form of a DN) and a public key. The purpose of PCAs and their
policies is to help establish how much faith to place in the veracity of
the stated identity.
...
While I agree with the statement, I would like to know what authority you
have to make it. I have unsuccessfully looked for such a definition of
purpose in both the CCITT and internet documents. Any help here would be
appreciated.
John Lowry> While it is not stated in the words I used, I think that
paragraphs 1.2 and 10.2.1 of X.509 should help.
Shirey>Perhaps you have not looked seriously. This took me less then 60
seconds to find using a search command: ... stuff on bound &c. ...
I hadn't planned on replying to John, but Shirey's response really needs
a comment since it shows much of what I find problematic with the PEM
RFC's. In both cases these fellows discovered additional references to
the word "certificate" or "bound" which gave specific examples of the
use of certificates and helped to define the the minimum amount of
functionality that any certificate might be required to supply. The
difficulty here is that new and more wonderful uses for certificates
seem to be popping up all over the place and I can find no specification
of any sort which proscribes those uses. While I agree with John that
new uses may create new problems with the implementation of certificates,
I am afraid that the RFC must be changed, or the consequences of the
existing document must be endured.
I'm sorry, but I grew up in a standards environment where the first thing
we did was to define a purpose and scope for the working document. In
most cases the scope was proscriptive as well as prescriptive. A little
of that discipline would be very beneficial to this effort.
Peace ..