User-Specified Trusted CAs in Netscape (Was: Re: NetScape's dependence upon RSA down for the count!)

[futplex@pseudonym.com (Futplex)]

Bill Soley writes:
> (3) Netscape is making the problem worse (yes, worse) in the next release
> by allowing the user to specify their own list of trusted CAs.  (I will
> elaborate on this unpopular view below.)
[...]
> Re: problem 3, about how allowing the user to specify their own list of
> trusted CAs is bad.  
[...]
> it.  Even Mary Moderately-Savy might be tricked in to doing it on the
> false assumption that it would only affect security for the naughty
> pictures site (that she may not care about), and not affect security for
> her stock-broker.  This false assumption might be based on the fact
> that the (legitimate) stock-broker uses a different CA.

You seem to be overstating your point a bit. The real problem here, AFAICS,
is that the proposed protocol in the software wouldn't allow sufficiently 
fine-grained control over the certification authority approval. The user
should be able to specify the conditions under which a CA is to be trusted,
not simply give a blanket approval or rejection. 

It looks as though a set of trusted (CA, site) pairs would suffice. 
How about it, Netscape ?  Give the user the opportunity to say "I trust 
certificates from Alfie's World of Key Certification regarding keys for
interactions with Elvira's Copier Shack."

-Futplex <futplex@pseudonym.com>