From: adam@bwh.harvard.edu (Adam Shostack)
Date: Fri, 18 Aug 95 14:39:51 PDT
To: jsw@neon.netscape.com (Jeff Weinstein)
Subject: Re: Netscape security
In-Reply-To: <412tij$704@flop.mcom.com>
Message-ID: <9508182133.AA03147@joplin.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


| > >        There is no word as to how to become a KSA.  Netscpe has
| > >ignored the question on several occaisons.
| > 
| > I'm fairly sure that I remember Taher saying at the W3C security
| > meeting that they intend to do this, and that hardcoding the CA's
| > into the library was as quick hack.  I also have the impression
| > that they don't know how to do it, but my recollection is fuzzier there.
| 
|   It has been stated publicly several times that we do plan to allow
| user configurable certificate authority and server trust.  A user
| will be able to configure their browser to talk to servers that have
| certificates signed by any CA they choose to trust.

	But I think I can work cheaper than Verisign.  What do I have
to do to get set up as a KCA today?


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume