[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 certs that don't guarantee identity



Alex Strasheim wrote:
> 
> On the 23rd, Jeff Weinstein said this concerning the natural
> semi-anonymity of the net:
> 
> > Given that verisign and others will soon begin issuing large numbers of
> > certificates that do not guarantee the identity of the key holder, it seems
> > that this tradition will continue even with the wide deployment of X509
> > certs.
> 
> This has been bugging me since I read it.  I'm not sure I understand the
> plan;  it only makes sense to me if "anonymous" X.509 certs are issued
> for user authentication only, not for server authentication.  Is that
> what this is about?
> 
> (If anonymous certs are issued for servers, why should such a cert be
> treated any differently than one I generate on my own, which causes
> warning screens about an unknown CA to pop up?)

  The navigator will not be configured to automatically trust the verisign
level 1 and 2 certificates for SSL servers.  You will get the same warning
dialog with these certs as you do with one you generate on your own.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.