|
|
|
|
|
|
by MattPalmer1086
564 days ago
|
|
|
Oh sure, any change to X.509 certs would require a lot of change. I'm not sure it would make much difference to most of the existing PKI infrastructure though. CAs wouldn't see any difference. For example, currently this is what happens: 1. Owner: generate CSR and send to CA
2. CA: validates owner identity, signs cert and returns cert to owner. All we would then add is: 3. Owner: signs cert with own private key and uses it. As far as I can see, the only other changes required would be to clients (so they could reject non owner signed certs), and maybe some revocation stuff. |
|
|