1995-09-27 - Re: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit

Header Data

From: jsw@neon.netscape.com (Jeff Weinstein)
To: cypherpunks@toad.com
Message Hash: 9094d4861da885c9fa93d7fd609969d98e855dc9a0cc16255dfe84ea5501b3e2
Message ID: <44a7mr$jda@tera.mcom.com>
Reply To: <199509251741.KAA04656@infinity.c2.org>
UTC Datetime: 1995-09-27 01:01:01 UTC
Raw Date: Tue, 26 Sep 95 18:01:01 PDT

Raw message

From: jsw@neon.netscape.com (Jeff Weinstein)
Date: Tue, 26 Sep 95 18:01:01 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit
In-Reply-To: <199509251741.KAA04656@infinity.c2.org>
Message-ID: <44a7mr$jda@tera.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain

In article <199509251741.KAA04656@infinity.c2.org>, sameer@c2.org (sameer) writes:
> 	The really big sticking point I see, however, is the
> certification authorities. There is a single point of failure here and
> that is at Verisign. This becomes a large problem I think if the en
> rypted email that Netscape does requires personal x509 certificates (I
> read that Versign is issuing those for $9/each.) This is a problem
> because for one thing I don't think Versign will want to issue certs
> to psudonyms, and Netscape may not talk encrypted email to
> non-certified people. (I am not sure)

  I believe that the identies of free certificates that verisign plans
to offer to netscape customers will not be checked in any way other than
to ensure that the name is unique for that CA.  You will have to ask
someone from Verisign to get a certain answer.

> 	The solution to this, of course, is to allow Navigator to
> accept alternate certification hierarchies, so we can setup a
> Cypherpunks cert agency or a c2.org cert agency, which -will- sign
> nym's keys, etc. The question exists though, as to whether or not
> Netscape will allow for alternate agencies in Navigator.

  I have stated here, and in other public forums, several times in the
past few months, that Netscape Navigator 2.0 will support user configurable
certificate authorities.  You will be able to specify that you do or
do not trust specific server certificates and certificate authorities.
The user will be able to incorporate new CA certificates into their
certificate database, and mark them as trusted for signing certs for
SSL, email, etc.


Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.