In article <199509251741.KAA04656@infinity.c2.org>, sameer@c2.org (sameer) writes:
The really big sticking point I see, however, is the certification authorities. There is a single point of failure here and that is at Verisign. This becomes a large problem I think if the en rypted email that Netscape does requires personal x509 certificates (I read that Versign is issuing those for $9/each.) This is a problem because for one thing I don't think Versign will want to issue certs to psudonyms, and Netscape may not talk encrypted email to non-certified people. (I am not sure)
I believe that the identies of free certificates that verisign plans to offer to netscape customers will not be checked in any way other than to ensure that the name is unique for that CA. You will have to ask someone from Verisign to get a certain answer.
The solution to this, of course, is to allow Navigator to accept alternate certification hierarchies, so we can setup a Cypherpunks cert agency or a c2.org cert agency, which -will- sign nym's keys, etc. The question exists though, as to whether or not Netscape will allow for alternate agencies in Navigator.
I have stated here, and in other public forums, several times in the past few months, that Netscape Navigator 2.0 will support user configurable certificate authorities. You will be able to specify that you do or do not trust specific server certificates and certificate authorities. The user will be able to incorporate new CA certificates into their certificate database, and mark them as trusted for signing certs for SSL, email, etc. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.