From: futplex@pseudonym.com (Futplex)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 5f2f34642220d58b4173b6ee695b4913a55aab23de03c3fbaef3045998e0b21b
Message ID: <199510020516.BAA21934@giane.cs.umass.edu>
Reply To: <199510012043.NAA06905@illilouette.Eng.Sun.COM>
UTC Datetime: 1995-10-02 05:16:19 UTC
Raw Date: Sun, 1 Oct 95 22:16:19 PDT
From: futplex@pseudonym.com (Futplex)
Date: Sun, 1 Oct 95 22:16:19 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: User-Specified Trusted CAs in Netscape (Was: Re: NetScape's dependence upon RSA down for the count!)
In-Reply-To: <199510012043.NAA06905@illilouette.Eng.Sun.COM>
Message-ID: <199510020516.BAA21934@giane.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain
Bill Soley writes:
> (3) Netscape is making the problem worse (yes, worse) in the next release
> by allowing the user to specify their own list of trusted CAs. (I will
> elaborate on this unpopular view below.)
[...]
> Re: problem 3, about how allowing the user to specify their own list of
> trusted CAs is bad.
[...]
> it. Even Mary Moderately-Savy might be tricked in to doing it on the
> false assumption that it would only affect security for the naughty
> pictures site (that she may not care about), and not affect security for
> her stock-broker. This false assumption might be based on the fact
> that the (legitimate) stock-broker uses a different CA.
You seem to be overstating your point a bit. The real problem here, AFAICS,
is that the proposed protocol in the software wouldn't allow sufficiently
fine-grained control over the certification authority approval. The user
should be able to specify the conditions under which a CA is to be trusted,
not simply give a blanket approval or rejection.
It looks as though a set of trusted (CA, site) pairs would suffice.
How about it, Netscape ? Give the user the opportunity to say "I trust
certificates from Alfie's World of Key Certification regarding keys for
interactions with Elvira's Copier Shack."
-Futplex <futplex@pseudonym.com>
Return to October 1995
Return to “William.Soley@Eng.Sun.COM (William Soley)”