17 Dec
2003
17 Dec
'03
11:17 p.m.
[Actually talking about VeriSign certs] On Thu, 9 May 1996, Lucky Green wrote:
At 23:10 5/9/96, E. ALLEN SMITH wrote:
The first level, in other words, is less of a certification than a PGP key with self-signature and signature from one other person. It doesn't have _any_ effort to verify that the email address stated on it is the actual email address of that nym. Or am I misinterpreting you?
For the first level, this is correct. I didn't even see an AUP discouraging spoofing.
I was on a panel with a representative from VeriSign at Interop in Las Vegas. He said that uniqueness was the only requirement for the first level of cert. I don't have any information beyond that.
Just visit www.verisign.com with the Netscape 3.x beta and see. -rich