[48471] in Cypherpunks
Re: Netscape, CAs, and Verisign
daemon@ATHENA.MIT.EDU (Adam Shostack)
Mon Jan 29 10:20:56 1996
From: Adam Shostack <adam@homeport.org>
To: jsw@netscape.com (Jeff Weinstein)
Date: Mon, 29 Jan 1996 10:23:44 -0500 (EST)
Cc: cypherpunks@toad.com
In-Reply-To: <310C6C1D.5A0@netscape.com> from "Jeff Weinstein" at Jan 28, 96 10:41:33 pm
Jeff Weinstein wrote:
| >
| > The problem is simple enough: sites with certificates from one of the CAs
| > that are preconfigured in Netscape have a tremendous advantage over sites
| > with certs from other CAs, and it's expensive and difficult to get a cert
| > if you're running an alternative server like ApacheSSL.
[...]
| > Netscape needs to address the situation. It's just not practical or
| > desireable for one company (Verisign) to have a stranglehold on
| > certificates.
Its unfortunate that Jeff speaks only for himself when he
wrote the following. I'd very much like to hear Netscape speaking as
Netscape announce that a policy for CAs is forthcoming.
Adam
| I agree with what you are saying. I very much want to see real competition
| in the certificate issuing business. We are in the process of developing
| a set of criteria that CAs have to meet in order to be included in the
| "default" list of CAs that our products support. The criteria focus
| on assuring support for our customers more than trying to specify a
| particular policy. The criteria will include things like required
| minimum response times for customer problems, compliance with an
| interoperability spec, publishing of policies, etc. Some time in
| the next few months these criteria will be made public, and that
| should allow for open competition.
[much elided]
| --
| Jeff Weinstein - Electronic Munitions Specialist
| Any opinions expressed above are mine.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume