nAll procedures on the previous slide are based
on local policy i.e.
policy set by the zone administrator
nA PKI is as strong as itŐs weakest link, we do
not know the strength
of the weakest link
uCertificate Authorities control this by
SLAs
nIf the domain is under one administrative
control you might be able
to enforce policy