1996-02-26 - X.509 certs that don’t guarantee identity

Header Data

From: Alex Strasheim <cp@proust.suba.com>
To: cypherpunks@toad.com
Message Hash: 80b924007ba517d64442e535a8a43049a60af5fc6e23114b88a5d4b2e06b6543
Message ID: <199602260448.WAA01201@proust.suba.com>
Reply To: N/A
UTC Datetime: 1996-02-26 05:28:37 UTC
Raw Date: Mon, 26 Feb 1996 13:28:37 +0800

Raw message

From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 26 Feb 1996 13:28:37 +0800
To: cypherpunks@toad.com
Subject: X.509 certs that don't guarantee identity
Message-ID: <199602260448.WAA01201@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


On the 23rd, Jeff Weinstein said this concerning the natural 
semi-anonymity of the net:

> Given that verisign and others will soon begin issuing large numbers of
> certificates that do not guarantee the identity of the key holder, it seems
> that this tradition will continue even with the wide deployment of X509 
> certs.

This has been bugging me since I read it.  I'm not sure I understand the 
plan;  it only makes sense to me if "anonymous" X.509 certs are issued 
for user authentication only, not for server authentication.  Is that 
what this is about?

(If anonymous certs are issued for servers, why should such a cert be 
treated any differently than one I generate on my own, which causes 
warning screens about an unknown CA to pop up?)






Thread