On Thu, 17 Jul 1997, Tom Weinstein wrote:
Lucky Green wrote: Even if Communicator would never check CRL's, not even in the future, the mere fact that the Global ID cert have only a one year lifetime means anyone relying on Global ID can be held hostage by threatening to refuse to renew their cert. The reader may not be aware that unlike other certs, the Global ID certs are *only* issued by VeriSign. You can not go to a non-US CA and obtain such a cert. [Which of course would defy the whole purpose of this rather slick deal :-]
Aren't all certs VeriSign issues only valid for one year? This isn't any different.
There's nothing preventing another CA from getting permission from the USG to issue these magic certs. We would have to distribute a patch, but I don't see any problem with that.
There's probably no technical reason these patches must originate with Netscape. Seems like a healthy cottage industry could spring up to supply patch software to offshore companies which want magic certs w/o USG approval. --Steve