1994-12-13 - Re: Clarification of my remarks about Netscape

Header Data

From: “Kipp E.B. Hickman” <kipp@warp.mcom.com>
To: “Amanda Walker” <amanda@intercon.com>
Message Hash: 6d0fc31b5e6f63d9c80d48b8a969372da58bda9a24d70c451c97d9a4db9ee5c7
Message ID: <9412131132.ZM18680@warp.mcom.com>
Reply To: <9412131431.AA19841@amanda.dial.intercon.com>
UTC Datetime: 1994-12-13 19:33:57 UTC
Raw Date: Tue, 13 Dec 94 11:33:57 PST

Raw message

From: "Kipp E.B. Hickman" <kipp@warp.mcom.com>
Date: Tue, 13 Dec 94 11:33:57 PST
To: "Amanda Walker" <amanda@intercon.com>
Subject: Re: Clarification of my remarks about Netscape
In-Reply-To: <9412131431.AA19841@amanda.dial.intercon.com>
Message-ID: <9412131132.ZM18680@warp.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Dec 13,  2:31pm, Amanda Walker wrote:
> Subject: Re: Clarification of my remarks about Netscape
> > All you need to do is get your server certificate from one of
> > several places, including:
> >
> > 	RSA (commercial CA or server CA)
>
> Do you need a server certificate issued directly by one of these PCAs, or
does
> it just need to be rooted there (i.e., can I use my [hypothetical] corporate
> PCA, which itself has a certificate from the RSA commercial PCA)?

Unfortunately, for now, we only support cert's directly issued from the
imbedded CA's. One level deeper is not trustworthy in any case, unless you make
the user define trust. That requires a GUI and we haven't done that yet.

> If it's the former, I would strongly urge you to extend your clients to
> include the latter.  I don't want to have to go to RSA for every server
> certificate--that's in part what the PCA hierarchy exists for.

We agree, and someday this won't be a problem.

> Similarly, if I set up a personal server (with my home page, for example),
can
> I'd like to be able to use a certificate issued by the RSA Unaffiliated User
> CA, which is itself a PCA certified by the Commercial CA.

I didn't bother imbedding the RSA Unaffiliated User CA because I didn't think
server operators would use it to get certificates.


-- 
---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
kipp@mcom.com              http://www.mcom.com/people/kipp/index.html







Thread