1995-02-08 - Re: skronk

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: ad7fc5fe0eca594bec5ef254751d4fdec9a73b42ed873a09546f776aef15cbb7
Message ID: <199502082025.MAA00565@jobe.shell.portal.com>
Reply To: <199502081852.KAA01719@gwarn.versant.com>
UTC Datetime: 1995-02-08 20:25:47 UTC
Raw Date: Wed, 8 Feb 95 12:25:47 PST

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Wed, 8 Feb 95 12:25:47 PST
To: cypherpunks@toad.com
Subject: Re: skronk
In-Reply-To: <199502081852.KAA01719@gwarn.versant.com>
Message-ID: <199502082025.MAA00565@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


>THUS SPAKE "Kipp E.B. Hickman" <kipp@warp.mcom.com>:
># It does what you are trying to accomplish (I think), and it is already deployed
># in production code (the Netscape client and server products). In addition, we
># announced this week a free (for non-commerical use) reference implementation.
># The code will be out on the net as soon as the lawyers are happy :-)

When we last left this story, only certificates from a few (one?)
signatory authorities were going to be accepted by Netscape clients.
Would this mean that competitors offering Netscape servers would have to
go to Netscape to get their keys signed in order to interoperate with
existing Netscape clients?  I think this is too limiting.

People should be able to choose their own key signers.  This should be a
configuration option.  It should not be compiled into the client!  That
hurts your own flexibility as well as interfering with interoperatbiliy.

Can I use this reference implementation and set up a SSL-compatible
service today, or do I have to go to you and/or everyone's friends at RSA
and get a signature first?  As long as it is the latter I think that SSL
is not going to be able to be a well-established standard.  People are
going to resent having to register with the authorities in order to set
up a secure web page.

Hal Finney
hfinney@shell.portal.com





Thread