1997-07-18 - Re: Verisign gets export approval

Header Data

From: Tom Weinstein <tomw@netscape.com>
To: Lucky Green <shamrock@netcom.com>
Message Hash: 4faa4681208bc5288de08c93d42b0aec8ee79193ef95242f458509042bb2e1da
Message ID: <33CEBACC.31388B70@netscape.com>
Reply To: <>
UTC Datetime: 1997-07-18 00:50:29 UTC
Raw Date: Fri, 18 Jul 1997 08:50:29 +0800

Raw message

From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 18 Jul 1997 08:50:29 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Verisign gets export approval
In-Reply-To: <>
Message-ID: <33CEBACC.31388B70@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain

Lucky Green wrote:
> The cert is typically valid for a year, but is subject to revocation
> at any time by VeriSign upon the USG's request. Such revocation or
> refusal to issue a new cert after the first year of operation will
> leave the webserver operator with a server that is no longer able to
> encrypt communications to their customers in any meaningful way,
> thereby effectively shutting down Internet based operations of the
> company unfortunate enough to invest in such a flawed solution.

I don't know the details of the agreement between VeriSign and the
USG.  I'm curious: how will the CRL for this revocation get distributed?
Since Communicator doesn't automatically pull CRLs, how can any action
on VeriSign's part disable crypto for that server?  Or are you
suggesting that as part of the revocation process, the USG will bust
down their doors and grab all copies of their private keys?

What is appropriate for the master is not appropriate| Tom Weinstein
for the novice.  You must understand Tao before      | tomw@netscape.com
transcending structure.  -- The Tao of Programming   |