>> Some CAs issue DNs that do provide contact details via email.
>
> No doubt leading to them getting even more spam :)
Of course the UK also keeps certs "secret" from evil people,
now that we do have email hidden in personal certs.
They can actually be downloaded even without a certificate but
only if you know where to go, and not easily by bots (security
by obscurity :-) It is easy enough for anyone who is vaguely
familiar with the process (got a cert once) and who is vaguely
bashly literate to get the certs out. I will plug that whole
when I have a spare moment.
It turned out DutchGrid had implemented roughly the same
"secrecy" mechanism.
Cheers.
-j
|