Organizations are strictly authenticated by real agents against business registry databases hosted by governments.Ĭlass 3 Certificate: This certificate will be issued to individuals as well as organizations. Organization Validated SSL Certificate (OV): Organizational certificates are Trusted. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases. Ĭlass 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that user's name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.Ī domain-validated certificate (DV) is an X.509 digital certificate typically used for Transport Layer Security (TLS) where the identity of the applicant has been validated by proving some control over a DNS domain. My first thought is that this has a striking similarity to the DV / OV / EV levels of certificate used in SSL:Ĭlass 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.Ĭlass 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. Think about what would happen to interoperability if every other application used different rules on which certificates to accept.Īn exception would be if you were dealing with specific software written by the indian government, which might have strict restrictions on which certificates to accept.īut really I don't think there's any way to tell for sure. Now, since most applications don't roll their own crypto and don't keep their own list of trusted cert authorities, and instead use software libraries to check signatures, I'd guess that you should be okay with using a non-indian cert. Usually such lists are distributed as a part of the operating system or the operating system's SSL libraries, and browsers come (I think) with their own additional lists of trusted cert authorities. So it's possible that an application that expected some kind of specific certificate might reject a "non-classified"-one.Īlso, in theory, an application could be picky about which cert authorities it trusted (e.g. Certificates can also be given a specific purpose (such as: only use this for client authentication). For example, an application might reject a certificate that used weak cryptography (Google chrome does this). If you look at any given certificate, you see that it contains various fields that could in theory be checked by an application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |