[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verisign gets export approval




> On Thu, 17 Jul 1997, Tom Weinstein wrote:
>>Lucky Green wrote:
>> Even if Communicator would never check CRL's, not even in the future,
>> the mere fact that the Global ID cert have only a one year lifetime
>> means anyone relying on Global ID can be held hostage by threatening
>> to refuse to renew their cert. The reader may not be aware that unlike
>> other certs, the Global ID certs are *only* issued by VeriSign. You
>> can not go to a non-US CA and obtain such a cert. [Which of course
>> would defy the whole purpose of this rather slick deal :-]
>
>Aren't all certs VeriSign issues only valid for one year?  This isn't
>any different.
>
>There's nothing preventing another CA from getting permission from the
>USG to issue these magic certs.  We would have to distribute a patch,
>but I don't see any problem with that.

There's probably no technical reason these patches must originate with
Netscape.  Seems like a healthy cottage industry could spring up to supply
patch software to offshore companies which want magic certs w/o USG
approval.

--Steve