[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificates, Attributes, Web of Trust



Timothy C. May wrote:
> 
> At 7:11 PM 10/5/95, Jeff Weinstein wrote:
> 
> >  How about if the systems allows you to get a certificate that
> >has any name in it that you want, where the issuer makes no
> >claims about the identity of the owner of the certificate?
> >How about if the software lets the user decide which CAs they
> >will accept certificates from?  Given these two features,
> >would you still consider requiring a certificate to be bad?
> 
> Let's make sure what we mean by these two points:
> 
> 1. "...allows you to get a certificate that has any name in it that you
> want, where the issuer makes no claims about the identity of the owner of
> the certificate?"
> 
> I would expect that a certificate for "%63rrW209neU6q!" would be issuable
> for a miniscule amount of money, and as many of these as are desired.
> 
> (No, I'm not saying "Verisign" must offer certificates for very low cost,
> only that there be no built-in costs, or built-in time delays and
> processing delays, that would prevent "Tim's Really Cheap and No Questions
> Asked Certificate Service" from issuing such certificates, cheaply and
> rapidly (in seconds, or less, as some applications will need this, if other
> services "demand" certificates).

  If you take a look at verisign's home page, they will be offering
"low assurance" certificates for free for non-commercial uses.  The
only thing they will guarantee about these certs is that the subject
name in the certificate is unique across all certificates signed
by their class I CA.  You should be able to get one of these
certs in real time via an HTML form.

> 2. "...software lets the user decide which CAs they will accept
> certificates from?"
> 
> Fine, provided the following CAs are acceptable:
> 
> -- an "automatic" certificate granter, essentially meant only to satisfy
> protocols which require certificates
> 
> -- a certifier for the Mob, which sells certificates for some fee
> 
> -- the application itself should be able to generate certificates
> immediately...call this the "null certification."
> 
> It is true that some of these example seem to "undermine" the whole purpose
> of certificates, but this is precisely my point: if I want a key to be
> certified, I will determine the conditions under which I want it to be
> certified. Other parties are free to meet my conditions if they wish to do
> business with me, or not, as the case may be.

  Anyone is free to set up a CA.  In Netscape Navigator 2.0 the
user can decide which CAs they want to accept certs from, or just
mark individual certs as "trusted" no matter what CA they were
signed by.  If you the user choose to trust a CA run by the Mob,
then thats your business.

> The "null certification" is thus very important.
> 
> Naturally, I think this null certification makes the idea of _requiring_
> certification moot.
> 
> Will Netscape allow this?

  I assume that by "null certification" you mean self-signed
certificate.  As I said above, the user can choose to accept
any certificate they want, independent of who signed it.  If you
tell netscape that you want to accept "joe's" certificate for
the purposes of encrypted e-mail, then we don't care who signed
it.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.