[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 certs that don't guarantee identity



Michael A. Atzet wrote:
> How will Navigator differentiate between the different level certs? I am not
> aware of any fields in the cert itself that designate what level it is.
> I know that the subject info would "look" different for a persons name vs.
> email address vs commom name.

  The navigator will not differentiate them.  We build in a default set of
CA certificates into the navigator, and then allow the user to modify them as
they see fit based on their local trust policy.  The default set of CAs that
we ship with our product will not include the verisign level 1&2 CAs as trusted
SSL Server CAs.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.