Brendan Kearney wrote: > aside from the isolation of signing, what can be done to prevent > unintended cross authentication when certs are leveraged? Use multiple CAs. One main CA for your organization, and multiple intermediate ones for each service. There's not many other choices. Alan DeKok.