From: Steve Schear <azur@netcom.com>
To: Tom Weinstein <tomw@netscape.com>
Message Hash: 8051f42262866e39045c41e35c41db7f3a855ad33fd5aa54847ff7f8b834583c
Message ID: <v03102812aff53e85cc07@[10.0.2.15]>
Reply To: <Pine.3.89.9707171711.A10551-0100000@netcom2>
UTC Datetime: 1997-07-18 15:58:40 UTC
Raw Date: Fri, 18 Jul 1997 23:58:40 +0800
From: Steve Schear <azur@netcom.com>
Date: Fri, 18 Jul 1997 23:58:40 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Verisign gets export approval
In-Reply-To: <Pine.3.89.9707171711.A10551-0100000@netcom2>
Message-ID: <v03102812aff53e85cc07@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain
> On Thu, 17 Jul 1997, Tom Weinstein wrote:
>>Lucky Green wrote:
>> Even if Communicator would never check CRL's, not even in the future,
>> the mere fact that the Global ID cert have only a one year lifetime
>> means anyone relying on Global ID can be held hostage by threatening
>> to refuse to renew their cert. The reader may not be aware that unlike
>> other certs, the Global ID certs are *only* issued by VeriSign. You
>> can not go to a non-US CA and obtain such a cert. [Which of course
>> would defy the whole purpose of this rather slick deal :-]
>
>Aren't all certs VeriSign issues only valid for one year? This isn't
>any different.
>
>There's nothing preventing another CA from getting permission from the
>USG to issue these magic certs. We would have to distribute a patch,
>but I don't see any problem with that.
There's probably no technical reason these patches must originate with
Netscape. Seems like a healthy cottage industry could spring up to supply
patch software to offshore companies which want magic certs w/o USG
approval.
--Steve
Return to July 1997
Return to ““William H. Geiger III” <whgiii@amaranth.com>”