From: "Amanda Walker" <amanda@intercon.com>
Date: Tue, 13 Dec 94 11:30:51 PST
To: kipp@warp.mcom.com (Kipp E.B. Hickman)
Subject: Re: Clarification of my remarks about Netscape
Message-ID: <9412131431.AA19841@amanda.dial.intercon.com>
MIME-Version: 1.0
Content-Type: text/plain


> All you need to do is get your server certificate from one of 
> several places, including: 
>  
> 	RSA (commercial CA or server CA) 

Do you need a server certificate issued directly by one of these PCAs, or does 
it just need to be rooted there (i.e., can I use my [hypothetical] corporate 
PCA, which itself has a certificate from the RSA commercial PCA)?

If it's the former, I would strongly urge you to extend your clients to 
include the latter.  I don't want to have to go to RSA for every server 
certificate--that's in part what the PCA hierarchy exists for.

Similarly, if I set up a personal server (with my home page, for example), can 
I'd like to be able to use a certificate issued by the RSA Unaffiliated User 
CA, which is itself a PCA certified by the Commercial CA.


Amanda Walker
InterCon Systems Corporation