From: futplex@pseudonym.com (Futplex)
Date: Sun, 1 Oct 95 22:16:19 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: User-Specified Trusted CAs in Netscape (Was: Re: NetScape's dependence upon RSA down for the count!)
In-Reply-To: <199510012043.NAA06905@illilouette.Eng.Sun.COM>
Message-ID: <199510020516.BAA21934@giane.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Soley writes:
> (3) Netscape is making the problem worse (yes, worse) in the next release
> by allowing the user to specify their own list of trusted CAs.  (I will
> elaborate on this unpopular view below.)
[...]
> Re: problem 3, about how allowing the user to specify their own list of
> trusted CAs is bad.  
[...]
> it.  Even Mary Moderately-Savy might be tricked in to doing it on the
> false assumption that it would only affect security for the naughty
> pictures site (that she may not care about), and not affect security for
> her stock-broker.  This false assumption might be based on the fact
> that the (legitimate) stock-broker uses a different CA.

You seem to be overstating your point a bit. The real problem here, AFAICS,
is that the proposed protocol in the software wouldn't allow sufficiently 
fine-grained control over the certification authority approval. The user
should be able to specify the conditions under which a CA is to be trusted,
not simply give a blanket approval or rejection. 

It looks as though a set of trusted (CA, site) pairs would suffice. 
How about it, Netscape ?  Give the user the opportunity to say "I trust 
certificates from Alfie's World of Key Certification regarding keys for
interactions with Elvira's Copier Shack."

-Futplex <futplex@pseudonym.com>