[All Lists] [By Thread] [By Date] [Next]
From: Devorah
Subject: What does certification prove?
Date: 10 Tishrei 5782
Following the founding discussion, I have implementation questions.
My system will receive certificates. It will verify signatures. It will check that the certificate was issued by an authority I recognize, under a policy I trust.
Questions:
1. After verification succeeds, what has been proven? 2. What claims can I make to downstream systems? 3. What should my API return?
The cryptography tells me the signature is valid. It does not tell me what the signature means.
Thread:
[Next]