[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Netscape as vehicle for cypherpunk agenda/the cypherpunk bully pulpit
In article <[email protected]>, [email protected] (sameer) writes:
> The really big sticking point I see, however, is the
> certification authorities. There is a single point of failure here and
> that is at Verisign. This becomes a large problem I think if the en
> rypted email that Netscape does requires personal x509 certificates (I
> read that Versign is issuing those for $9/each.) This is a problem
> because for one thing I don't think Versign will want to issue certs
> to psudonyms, and Netscape may not talk encrypted email to
> non-certified people. (I am not sure)
I believe that the identies of free certificates that verisign plans
to offer to netscape customers will not be checked in any way other than
to ensure that the name is unique for that CA. You will have to ask
someone from Verisign to get a certain answer.
> The solution to this, of course, is to allow Navigator to
> accept alternate certification hierarchies, so we can setup a
> Cypherpunks cert agency or a c2.org cert agency, which -will- sign
> nym's keys, etc. The question exists though, as to whether or not
> Netscape will allow for alternate agencies in Navigator.
I have stated here, and in other public forums, several times in the
past few months, that Netscape Navigator 2.0 will support user configurable
certificate authorities. You will be able to specify that you do or
do not trust specific server certificates and certificate authorities.
The user will be able to incorporate new CA certificates into their
certificate database, and mark them as trusted for signing certs for
SSL, email, etc.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.