[48732] in Cypherpunks
Re: Netscape, CAs, and Verisign
daemon@ATHENA.MIT.EDU (hallam@w3.org)
Tue Jan 30 19:03:03 1996
To: Adam Shostack <adam@lighthouse.homeport.org>, cypherpunks@toad.com
Cc: hallam@w3.org
In-Reply-To: Your message of "Mon, 29 Jan 96 10:23:44 EST."
<199601291523.KAA03337@homeport.org>
Date: Tue, 30 Jan 96 18:50:12 -0500
From: hallam@w3.org
A lot of people seem to misunderstand the Verisign plan, they are not simply
looking to be a CA, they are looking to help other people become CAs. There is
clearly a usefull role for a company to do this. there is also a usefull role
for two, or more.
Question is how can Netscape (or anyone else) _securely_ allow an arbitrary CA's
certificate to be used? Certainly the process cannot be automatic. Binding the
Verisign public key into the browser may be an undesirable solution, but the
problem is to think of a better one.
Phill
