Re: Netscape, CAs, and Verisign

[Adam Shostack <adam@lighthouse.homeport.org>]

Jeff Weinstein wrote:
| > 
| > The problem is simple enough:  sites with certificates from one of the CAs
| > that are preconfigured in Netscape have a tremendous advantage over sites
| > with certs from other CAs, and it's expensive and difficult to get a cert
| > if you're running an alternative server like ApacheSSL.
[...]
| > Netscape needs to address the situation.  It's just not practical or
| > desireable for one company (Verisign) to have a stranglehold on
| > certificates.

	Its unfortunate that Jeff speaks only for himself when he
wrote the following.  I'd very much like to hear Netscape speaking as
Netscape announce that a policy for CAs is forthcoming.

Adam


|   I agree with what you are saying.  I very much want to see real competition
| in the certificate issuing business.  We are in the process of developing
| a set of criteria that CAs have to meet in order to be included in the
| "default" list of CAs that our products support.  The criteria focus
| on assuring support for our customers more than trying to specify a
| particular policy.  The criteria will include things like required
| minimum response times for customer problems, compliance with an
| interoperability spec, publishing of policies, etc.  Some time in
| the next few months these criteria will be made public, and that 
| should allow for open competition.

      [much elided]
| -- 
| Jeff Weinstein - Electronic Munitions Specialist
| Any opinions expressed above are mine.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume