[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: skronk

>THUS SPAKE "Kipp E.B. Hickman" <[email protected]>:
># It does what you are trying to accomplish (I think), and it is already deployed
># in production code (the Netscape client and server products). In addition, we
># announced this week a free (for non-commerical use) reference implementation.
># The code will be out on the net as soon as the lawyers are happy :-)

When we last left this story, only certificates from a few (one?)
signatory authorities were going to be accepted by Netscape clients.
Would this mean that competitors offering Netscape servers would have to
go to Netscape to get their keys signed in order to interoperate with
existing Netscape clients?  I think this is too limiting.

People should be able to choose their own key signers.  This should be a
configuration option.  It should not be compiled into the client!  That
hurts your own flexibility as well as interfering with interoperatbiliy.

Can I use this reference implementation and set up a SSL-compatible
service today, or do I have to go to you and/or everyone's friends at RSA
and get a signature first?  As long as it is the latter I think that SSL
is not going to be able to be a well-established standard.  People are
going to resent having to register with the authorities in order to set
up a secure web page.

Hal Finney
[email protected]