1997-07-17 - Re: Verisign gets export approval
Header Data
From: Eric Murray <ericm@lne.com>
To: frantz@netcom.com
Message Hash: 7de5ee12738558d6d8b635be9133b239bd4eea4874f4bd8b1531842353635947
Message ID: <199707171803.LAA25949@slack.lne.com>
Reply To: <v0300781aaff3f52c25a1@[207.94.249.49]>
UTC Datetime: 1997-07-17 18:26:19 UTC
Raw Date: Fri, 18 Jul 1997 02:26:19 +0800
Raw message
From: Eric Murray <ericm@lne.com>
Date: Fri, 18 Jul 1997 02:26:19 +0800
To: frantz@netcom.com
Subject: Re: Verisign gets export approval
In-Reply-To: <v0300781aaff3f52c25a1@[207.94.249.49]>
Message-ID: <199707171803.LAA25949@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain
Bill Frantz writes:
>
> It seems to me that someone who has a one year export approved Verisign
> cert should use it to authenticate a new top-level CA cert which they pass
> to their customers. Cut Verisign and their nosy/noisy partner out of the
> loop.
My understanding is that Verisign's licensing agreement
explicitly forbids using any certs they issue as CA certificates.
Maybe if the 'someone' paid Verisign an appropriate fee they
might allow it, but I'd bet that fee would be very high.
Verisign's no dummy, they don't want to enable new competition
to ride on their backs.
In the case of this special strong-crypto-allowing cert, Verisign
would probably be encouraged to discourage cert holders from
using the special Verisign certs as CA certs, for the very
reason you suggest. :-)
The format of the X.509 extensions that will enable strong crypto
operation will be known soon. Even if Netscape et. al. tried to keep
them secret, since they're public certificates they'll be available to
anyone with an ASN.1 parser.
--
Eric Murray ericm@lne.com Security and cryptography applications consulting.
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Thread
Return to July 1997
- Return to “Adam Shostack <adam@homeport.org>”
- Return to “amp@pobox.com”
- Return to “Bill Frantz <frantz@netcom.com>”
- Return to “Bill Stewart <stewarts@ix.netcom.com>”
- Return to “Eric Murray <ericm@lne.com>”
- Return to “iang@cs.berkeley.edu (Ian Goldberg)”
- Return to “Jason William RENNIE <jrennie@hardy.ocs.mq.edu.au>”
- Return to “Lucky Green <shamrock@netcom.com>”
- Return to ““Michael Froomkin - U.Miami School of Law” <froomkin@law.miami.edu>”
- Return to “Steve Schear <azur@netcom.com>”
- Return to “Tom Weinstein <tomw@netscape.com>”
- Return to “tomw@netscape.com (Tom Weinstein)”
Return to ““William H. Geiger III” <whgiii@amaranth.com>”
- 1997-07-17 (Thu, 17 Jul 1997 13:53:18 +0800) - Verisign gets export approval - Bill Stewart <stewarts@ix.netcom.com>
- 1997-07-17 (Thu, 17 Jul 1997 15:23:29 +0800) - Re: Verisign gets export approval - Lucky Green <shamrock@netcom.com>
- 1997-07-17 (Thu, 17 Jul 1997 21:56:42 +0800) - Re: Verisign gets export approval - Adam Shostack <adam@homeport.org>
- 1997-07-17 (Fri, 18 Jul 1997 01:21:31 +0800) - Re: Verisign gets export approval - Lucky Green <shamrock@netcom.com>
- 1997-07-17 (Fri, 18 Jul 1997 06:03:02 +0800) - Re: Verisign gets export approval - “William H. Geiger III” <whgiii@amaranth.com>
- 1997-07-18 (Fri, 18 Jul 1997 18:55:04 +0800) - Re: Verisign gets export approval - Jason William RENNIE <jrennie@hardy.ocs.mq.edu.au>
- 1997-07-17 (Fri, 18 Jul 1997 01:21:31 +0800) - Re: Verisign gets export approval - Lucky Green <shamrock@netcom.com>
- 1997-07-17 (Fri, 18 Jul 1997 00:34:18 +0800) - Re: Verisign gets export approval - Bill Frantz <frantz@netcom.com>
- 1997-07-17 (Fri, 18 Jul 1997 02:26:19 +0800) - Re: Verisign gets export approval - Eric Murray <ericm@lne.com>
- 1997-07-17 (Fri, 18 Jul 1997 06:06:29 +0800) - Re: Verisign gets export approval - Steve Schear <azur@netcom.com>
- 1997-07-18 (Fri, 18 Jul 1997 08:50:29 +0800) - Re: Verisign gets export approval - Tom Weinstein <tomw@netscape.com>
- 1997-07-18 (Fri, 18 Jul 1997 09:37:54 +0800) - Re: Verisign gets export approval - Lucky Green <shamrock@netcom.com>
- 1997-07-18 (Fri, 18 Jul 1997 11:21:38 +0800) - Re: Verisign gets export approval - Tom Weinstein <tomw@netscape.com>
- 1997-07-18 (Fri, 18 Jul 1997 11:36:29 +0800) - Re: Verisign gets export approval - Adam Shostack <adam@homeport.org>
- 1997-07-18 (Fri, 18 Jul 1997 11:52:59 +0800) - Re: Verisign gets export approval - Tom Weinstein <tomw@netscape.com>
- 1997-07-18 (Fri, 18 Jul 1997 11:36:29 +0800) - Re: Verisign gets export approval - Adam Shostack <adam@homeport.org>
- 1997-07-18 (Fri, 18 Jul 1997 23:58:40 +0800) - Re: Verisign gets export approval - Steve Schear <azur@netcom.com>
- 1997-07-19 (Sat, 19 Jul 1997 12:15:30 +0800) - Re: Verisign gets export approval - amp@pobox.com
- 1997-07-19 (Sat, 19 Jul 1997 13:10:19 +0800) - Re: Verisign gets export approval - tomw@netscape.com (Tom Weinstein)
- 1997-07-19 (Sun, 20 Jul 1997 06:31:40 +0800) - Re: Verisign gets export approval - Steve Schear <azur@netcom.com>
- 1997-07-19 (Sun, 20 Jul 1997 07:53:09 +0800) - Re: Verisign gets export approval - tomw@netscape.com (Tom Weinstein)
- 1997-07-19 (Sun, 20 Jul 1997 07:53:24 +0800) - Re: Verisign gets export approval - iang@cs.berkeley.edu (Ian Goldberg)
- 1997-07-18 (Fri, 18 Jul 1997 11:21:38 +0800) - Re: Verisign gets export approval - Tom Weinstein <tomw@netscape.com>
- 1997-07-18 (Fri, 18 Jul 1997 09:37:54 +0800) - Re: Verisign gets export approval - Lucky Green <shamrock@netcom.com>
- 1997-07-17 (Thu, 17 Jul 1997 21:56:42 +0800) - Re: Verisign gets export approval - Adam Shostack <adam@homeport.org>
- 1997-07-17 (Fri, 18 Jul 1997 02:36:00 +0800) - Re: Verisign gets export approval - “Michael Froomkin - U.Miami School of Law” <froomkin@law.miami.edu>
- 1997-07-17 (Fri, 18 Jul 1997 06:03:40 +0800) - Re: Verisign gets export approval - Lucky Green <shamrock@netcom.com>
- 1997-07-18 (Fri, 18 Jul 1997 08:49:31 +0800) - Re: Verisign gets export approval - Tom Weinstein <tomw@netscape.com>
- 1997-07-17 (Thu, 17 Jul 1997 15:23:29 +0800) - Re: Verisign gets export approval - Lucky Green <shamrock@netcom.com>