Timothy C. May wrote:
At 7:11 PM 10/5/95, Jeff Weinstein wrote:
How about if the systems allows you to get a certificate that has any name in it that you want, where the issuer makes no claims about the identity of the owner of the certificate? How about if the software lets the user decide which CAs they will accept certificates from? Given these two features, would you still consider requiring a certificate to be bad?
Let's make sure what we mean by these two points:
1. "...allows you to get a certificate that has any name in it that you want, where the issuer makes no claims about the identity of the owner of the certificate?"
I would expect that a certificate for "%63rrW209neU6q!" would be issuable for a miniscule amount of money, and as many of these as are desired.
(No, I'm not saying "Verisign" must offer certificates for very low cost, only that there be no built-in costs, or built-in time delays and processing delays, that would prevent "Tim's Really Cheap and No Questions Asked Certificate Service" from issuing such certificates, cheaply and rapidly (in seconds, or less, as some applications will need this, if other services "demand" certificates).
If you take a look at verisign's home page, they will be offering "low assurance" certificates for free for non-commercial uses. The only thing they will guarantee about these certs is that the subject name in the certificate is unique across all certificates signed by their class I CA. You should be able to get one of these certs in real time via an HTML form.
2. "...software lets the user decide which CAs they will accept certificates from?"
Fine, provided the following CAs are acceptable:
-- an "automatic" certificate granter, essentially meant only to satisfy protocols which require certificates
-- a certifier for the Mob, which sells certificates for some fee
-- the application itself should be able to generate certificates immediately...call this the "null certification."
It is true that some of these example seem to "undermine" the whole purpose of certificates, but this is precisely my point: if I want a key to be certified, I will determine the conditions under which I want it to be certified. Other parties are free to meet my conditions if they wish to do business with me, or not, as the case may be.
Anyone is free to set up a CA. In Netscape Navigator 2.0 the user can decide which CAs they want to accept certs from, or just mark individual certs as "trusted" no matter what CA they were signed by. If you the user choose to trust a CA run by the Mob, then thats your business.
The "null certification" is thus very important.
Naturally, I think this null certification makes the idea of _requiring_ certification moot.
Will Netscape allow this?
I assume that by "null certification" you mean self-signed certificate. As I said above, the user can choose to accept any certificate they want, independent of who signed it. If you tell netscape that you want to accept "joe's" certificate for the purposes of encrypted e-mail, then we don't care who signed it. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.