Comment by 🚬 sy
The issuer CA may be yourself with a self-signed CA certificate – not necessarily an established CA company. And the verifiers will arrive at that CA certificate only via the chain of certificates that they are trying to verify. They won’t see all the certificates that you, as a CA, have issued.
Apr 02 · 5 weeks ago
2 Later Comments ↓
📻 eugene [OP] · Apr 02 at 12:15:
They will, however, be able to identify any two certificates they happen to have as being signed by the same CA, and will be able to do this for any certificates they encounter later that are signed by the same CA. I.e. the moment we give up the CA to be verified, we don't just depseudonymize a certain pair of certificates, but every possible pair that the one we want to prove identity to ever had access to, or, unless that's where we drop the CA, *will* have access to in the future.
I can imagine how this could be undesirable.
I thought *that* was what you meant by saying ‘tree’. You can have separate CA trees if that’s not what you want. Or if you want the ability to reveal the connection later, you would not publish the real root certificate and use the certificates issued by it as if they were separate roots.
Original Post
Tree identity — So I had a random idea, and hopefully, someone more knowledgeable in the internals of x509 and related technologies can chime in. When, say, Lagrange encounters a page requesting a client certificate, it offers you an option to generate a certificate explicitly for this particular server. The certificate remains entirely disconnected from any other certificate you might be using. Which is both a good thing, as it ensures privacy, and a not so good thing, as it prevents you,...