Pretty much what the question says. What's the difference between the two classes of roots? The differences between the certificates signed by such roots? What uses would a class 1 signed certificate have that a class 3 doesn't, and vice versa?
What's the difference between class 1 and class 3 roots, and the certificates signed by them?
Asked Answered
The class 3 root certificate is the high-security subset of the CAcert class 1 root certificate.
Class 1 is the 'normal' and older root certificate of CAcert. It includes both, low security and high security certificates. As it might not be possible to get the class 1 certificate included into some browsers or distributions, the Class 3 certificate was introduced. The Class 3 root certificate includes only high security certificates and is a subset of the Class 1 certificate.
In general: The class 3 will probably be integrated into more browsers and distributions in the future, whereas the class 1 certificate probably works with more and especially older browsers.
(See http://www.luga.at/mailing-lists/luga/2006/02/msg00109.html)
Is the class difference a CAcert only thing, then? If that's the case, why not class 1 and 2, then? –
Ravenna
This is not only a
CAcert thing only, I've seen this all around other CAs –
Glassy Wikipedia has a meager but clear answer, as concerns VeriSign, and references a Symantec (who bought Verisign's certificate business) page as its source.
Class 1 for individuals, intended for email.
Class 2 for organizations, for which proof of identity is required.
Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority.
Class 4 for online business transactions between companies.
Class 5 for private organizations or governmental security.
Adding that,
Other vendors may choose to use different classes or no classes at all as this is not specified in the PKI standards.
So the best, the most reliable, the only authoritative resource is the certificate vendor's site definition. For CACert, Andrew Rollings answer is complete, and a second source can be found at CACert's Technical FAQ
The class 3 root certificate is the high-security subset of the CAcert class 1 root certificate.
Class 1 is the 'normal' and older root certificate of CAcert. It includes both, low security and high security certificates. As it might not be possible to get the class 1 certificate included into some browsers or distributions, the Class 3 certificate was introduced. The Class 3 root certificate includes only high security certificates and is a subset of the Class 1 certificate.
In general: The class 3 will probably be integrated into more browsers and distributions in the future, whereas the class 1 certificate probably works with more and especially older browsers.
(See http://www.luga.at/mailing-lists/luga/2006/02/msg00109.html)
Is the class difference a CAcert only thing, then? If that's the case, why not class 1 and 2, then? –
Ravenna
This is not only a
CAcert thing only, I've seen this all around other CAs –
Glassy © 2022 - 2024 — McMap. All rights reserved.