cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-02-01 - Re: Netscape, CAs, and Verisign

Header Data

From: hallam@w3.org
To: Adam Shostack <cypherpunks@toad.com
Message Hash: 76ce3eb4e2b0ff97b9dfaa465cb192e63420957f21744bcf508a4ea1d2af552a
Message ID: <9601302350.AA29444@zorch.w3.org>
Reply To: <199601291523.KAA03337@homeport.org>
UTC Datetime: 1996-02-01 01:16:45 UTC
Raw Date: Thu, 1 Feb 1996 09:16:45 +0800

Raw message

From: hallam@w3.org
Date: Thu, 1 Feb 1996 09:16:45 +0800
To: Adam Shostack <cypherpunks@toad.com
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <199601291523.KAA03337@homeport.org>
Message-ID: <9601302350.AA29444@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



A lot of people seem to misunderstand the Verisign plan, they are not simply 
looking to be a CA, they are looking to help other people become CAs. There is 
clearly a usefull role for a company to do this. there is also a usefull role 
for two, or more.

Question is how can Netscape (or anyone else) _securely_ allow an arbitrary CA's 
certificate to be used? Certainly the process cannot be automatic. Binding the 
Verisign public key into the browser may be an undesirable solution, but the 
problem is to think of a better one.

	Phill

Thread