1995-11-30 - Re: Certificate Authorities?

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: “P. Rajaram” <rajaram@morgan.com>
Message Hash: 4095187baa0c8f401e741a44c64c7cc5e7e6b5873feae6b06e3346b9318203df
Message ID: <30BBB178.267A@netscape.com>
Reply To: <01BABCAF.9CDAE5C0@csasaki>
UTC Datetime: 1995-11-30 04:25:53 UTC
Raw Date: Thu, 30 Nov 1995 12:25:53 +0800

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 30 Nov 1995 12:25:53 +0800
To: "P. Rajaram" <rajaram@morgan.com>
Subject: Re: Certificate Authorities?
In-Reply-To: <01BABCAF.9CDAE5C0@csasaki>
Message-ID: <30BBB178.267A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


We are looking at adding the ability for enterprise security
administrators to lock various parts of the Navigator configuration
so that the user can not change them, including stuff relating
to trust and certificates.  This functionality will not be in
2.0, but we do consider it important for certain customers.

	--Jeff

P. Rajaram wrote:
> Yes.  But...
> I deal with the security infrastructure for a large corporation.
> I want only security administrators to configure the list of acceptable CAs.
> I specifically do not want our users to be able to add new CAs
> to the list of trusted "approved" CAs.
> 
> The concern is that some users who are not crypto enthusiasts may be
> "social engineered" into adding a very liberal CA to their list.
> Once this happens, the browser's signature verification capability
> is totally compromised.
> 
> This is one of the reasons why PGP has not been adopted by many large
> companies.  In response, Viacrypt now seems to have a product that
> can restrict user modifications to the public keyring.
> 
> -raj

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





Thread