Practicalities of Deployment (3)

• Cross Certificates:

  • consumable by existing trust domain client software?

• The ‘New Root’ CA problem

  • each end entity must have access to public key certificate
  • mass distribution?

• For both cross-certificates and new root CA’s:

  • use of extensions for policy by introduced entity:
    • Compatible with existing trust domain client software?
    • Desirable for policy for existing trust domain?

• Interoperable policy, but ‘pruning’ trust?

  • “we agree with this policy extension but not that one”
  • “we accept cross certification with our root CA but not for this branch beneath”

Previous slide

Next slide

Back to first slide

View graphic version