THUS SPAKE "Kipp E.B. Hickman" <kipp@warp.mcom.com>: # It does what you are trying to accomplish (I think), and it is already deployed # in production code (the Netscape client and server products). In addition, we # announced this week a free (for non-commerical use) reference implementation. # The code will be out on the net as soon as the lawyers are happy :-)
When we last left this story, only certificates from a few (one?) signatory authorities were going to be accepted by Netscape clients. Would this mean that competitors offering Netscape servers would have to go to Netscape to get their keys signed in order to interoperate with existing Netscape clients? I think this is too limiting. People should be able to choose their own key signers. This should be a configuration option. It should not be compiled into the client! That hurts your own flexibility as well as interfering with interoperatbiliy. Can I use this reference implementation and set up a SSL-compatible service today, or do I have to go to you and/or everyone's friends at RSA and get a signature first? As long as it is the latter I think that SSL is not going to be able to be a well-established standard. People are going to resent having to register with the authorities in order to set up a secure web page. Hal Finney hfinney@shell.portal.com