Determinine the Trustworthiness of a Certificate Subject

The Subject field of a digital certificate usually shows the following for a certificate allowing Secure Email:

1. The Email address in the form name@domain
2. The CN common name which is usually in the form GivenName FamilyName

Secure Email certificates issued by the AllIncontext Intermediate Certificate Authority also provides additional OU (Organisational Unit) records for the Subject field:

1. OU = Nominated by: XXX where XXX is the Domain that has nominated you.
2. OU = Owner: YYY where YYY is the current Email address of the owner of the Domain. You can check this out by a Whois query on the Domain.
3. OU = Details: www.allincontext.com/ac.aspx?src=trust_or_not which is this page.

Since a digital certificate can ONLY establish an IDENTITY, you need some way of evaluating whether the Subject of the certificate can be trusted or not. The Allincontext approach is that if the owner of the domain is sufficiently trustworthy (either in a Business capacity or a Personal relationship, or both) then some information relating to that should be included in the certificate.

The reason that the Subject is only NOMINATED is that trust is a dynamic entity and all you have is a snapshot of what any relationship might have been at the time the certificate was issued. How do I check for additional information?

Watch this space...