[802] in WWW Security List Archive
Re: SSL, X509 Certificates and EuroSign
daemon@ATHENA.MIT.EDU (Michael Markowitz)
Wed Aug 2 19:47:42 1995
Date: Wed, 02 Aug 1995 13:50:31 +0000
From: mjmarkowitz@attmail.com (Michael Markowitz)
To: www-security@ns2.rutgers.edu
Cc: lemorton@attmail.com (Leven E Morton),
rschlafly@attmail.com (Roger Schlafly)
Errors-To: owner-www-security@ns2.rutgers.edu
Warwick wrote:
>There are other alternatives. Nortel markets the Entrust certificate
>management product which enables anyone to establish their own CA or CA
>hierarchy without licensing restrictions. Furthermore, Entrust is
>exportable.
I'm guessing this is simply a response to a somewhat off-topic remark I
made--it leaves the original question unanswered. As John Hemming posed it:
>All the certs are currently digitally signed by verisign.com.
>Netscape kindly provide UUencoded certificates with the public
>keys of those CAs recognised by Navigator.
>Indeed Netscape state that they will add other public keys as
>other CAs come on line.
>Meanwhile in the UK we at EuroSign set up our own CA, but not
>using any software written by RSA. We generate our own
>confidential key pair and contact Netscape requesting that it
>be placed into Navigator. Initially Netscape are helpful
>(I have generally found Netscape very helpful)
>and simply request our cert, however after a point they go
>quiet with a mention of legal issues that need to be resolved?
>Should RSA really sit at the top of commercial CAs so that
>no-one can become a CA without their permission? Alternatively
>should the system operate on a more widespread basis?
I'm curious to know, in particular, whether Nortel code can be used with
Netscape/VeriSign certificates (according to the VeriSign license agreement).
Also, how quickly will Netscape accept alternate CA certificates for use with
their licensed RSADSI code?
I guess all of these questions go the heart of SSL & S/MIME. Are these truly
open standards? Or is there really only one vendor wearing multiple
disguises?
-mjm
