Matt Crawford writes:
On Jan 22, 2006, at 19:12, Mike Helm wrote:
Proxy cert characteristics Autochthonous - typically generated on the spot, by the user or a delegated process
A fine word, but not applicable. When a user on host A delegates to B, which then authenticates to C, the proxy cert is created at A, stored at B and seen at C. The private key is autochthonous, but this is generally true of non-proxy private keys as well.
I think you have the generation wrong. What I should have said is "the proxy key pair", which is what I think is often what is commonly meant when "proxy cert" is used, and what I meant, but there is no dispute that that word usage is wrong. Certainly, the proxy cert, which is a label on one of the keys, is created at A. But that key pair is typically created = generated at B and stays there, or is meant to stay there, and that is what is autochthonous. At least, that's how I understand the typical usage. If the key pair appears somewhere else, that is strange, and probably not a good thing either.