Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am very familiar with OpenPGP but don\'t even use X.509 / S/MIME. I know that

ID: 661238 • Letter: I

Question

I am very familiar with OpenPGP but don't even use X.509 / S/MIME. I know that there are several classes for certificates (from email check to personal ID check). I would like to know how you determine the class of a certificate.

Is this information part of the CA signature? Or is that an organuzational feature only, using different root certificates for different classes? I noticed that one CA has different root certificates which have the class number in their name. Is there a real attribute for a root certificate which tells the user the class?

Explanation / Answer

Certificate "class" is essentially a marketing terminology. Each CA is free to call some of the certificates "class 0" or "class 1" or whatever, roughly meaning "I issued that but I did not bother to check" or "this time I did some checks because the owner paid me enough for that".

Theoretically, as per X.509 rules, the "class" should be encoded in the certificate as a Certificate Policies extension: the CA can put there some OID which designate the set of procedures applied for the issuance of the certificate. However, these OID are CA-specific, and can be understood only by having a look at the Certification Practice Statement, a legal-looking document that may or may not be referenced from the CP extension, and is usually a 200-pages PDF file that cannot be digested by a computer, only by a human being (or a lawyer).

Recently, some commercial CA and browser vendors have reached some agreement about Extended Validation certificates, which can be thought of as "upper class" certificates (certificates where the CA actually applied some care in the process), and are indeed identified by their CP extensions. Yet the identification is still made relatively to a big list of "EV-compliant policy OID" that clients (Web browser) somehow know in advance (it is maintained by the browser vendors).

Related Questions

I am using an iMac 21.5-inch, Mid 2011, on OSX 10.9.2. Excel Version 14.3.9 More
Question #3561087
I am using an msp430g2553 as my microcontroller. The program i am using for codi
Question #2085599
I am using c++ Here is the problem Reuse your code from part A. Find the item wi
Question #3575170
I am using c++ Problem A: Production line (20 points) Ask the user to read a fil
Question #3574168
I am using c++ to create a Connect 4 program, and now I am making graphics. I am
Question #3575787
I am using c++. If I want to implement the the two constructors from the header
Question #3850488
I am using chegg mobile and need it to help with a quiz tomorrow. How would I be
Question #2839964
I am using eclipse for this project. 1. Design a Java application that will read
Question #664822
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I am very curious as to thoughts and industry best practices regarding static me
Next
I am very frustrated because I have submitted this question multiple times and n

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.