From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 15:25:27 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: PGP, Inc.
In-Reply-To: <v02120d09adb880179541@[192.0.2.1]>
Message-ID: <Pine.GUL.3.93.960510152222.2815B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Actually talking about VeriSign certs]

On Thu, 9 May 1996, Lucky Green wrote:

> At 23:10 5/9/96, E. ALLEN SMITH wrote:
> 
>>        The first level, in other words, is less of a certification than a
>>PGP key with self-signature and signature from one other person. It
>>doesn't have _any_ effort to verify that the email address stated on it
>>is the actual email address of that nym. Or am I misinterpreting you?

For the first level, this is correct. I didn't even see an AUP
discouraging spoofing.

> I was on a panel with a representative from VeriSign at Interop in Las
> Vegas. He said that uniqueness was the only requirement for the first level
> of cert. I don't have any information beyond that.

Just visit www.verisign.com with the Netscape 3.x beta and see.

-rich