From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 29 Feb 1996 15:02:26 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <3135473B.332E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> On the 23rd, Jeff Weinstein said this concerning the natural
> semi-anonymity of the net:
> 
> > Given that verisign and others will soon begin issuing large numbers of
> > certificates that do not guarantee the identity of the key holder, it seems
> > that this tradition will continue even with the wide deployment of X509
> > certs.
> 
> This has been bugging me since I read it.  I'm not sure I understand the
> plan;  it only makes sense to me if "anonymous" X.509 certs are issued
> for user authentication only, not for server authentication.  Is that
> what this is about?
> 
> (If anonymous certs are issued for servers, why should such a cert be
> treated any differently than one I generate on my own, which causes
> warning screens about an unknown CA to pop up?)

  The navigator will not be configured to automatically trust the verisign
level 1 and 2 certificates for SSL servers.  You will get the same warning
dialog with these certs as you do with one you generate on your own.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.