Jeff Weinstein wrote:
Alex Strasheim wrote:
On the 23rd, Jeff Weinstein said this concerning the natural semi-anonymity of the net:
Given that verisign and others will soon begin issuing large numbers of certificates that do not guarantee the identity of the key holder, it seems that this tradition will continue even with the wide deployment of X509 certs.
This has been bugging me since I read it. I'm not sure I understand the plan; it only makes sense to me if "anonymous" X.509 certs are issued for user authentication only, not for server authentication. Is that what this is about?
(If anonymous certs are issued for servers, why should such a cert be treated any differently than one I generate on my own, which causes warning screens about an unknown CA to pop up?)
The navigator will not be configured to automatically trust the verisign level 1 and 2 certificates for SSL servers. You will get the same warning dialog with these certs as you do with one you generate on your own.
--Jeff
-- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
How will Navigator differentiate between the different level certs? I am not aware of any fields in the cert itself that designate what level it is. I know that the subject info would "look" different for a persons name vs. email address vs commom name. -- Michael A. Atzet IBM AIX Systems Center Roanoke, Texas *** All opinions above are mine and not necessarily that of IBM. *** atzet@vnet.ibm.com