At 7:11 PM 10/5/95, Jeff Weinstein wrote:
How about if the systems allows you to get a certificate that has any name in it that you want, where the issuer makes no claims about the identity of the owner of the certificate? How about if the software lets the user decide which CAs they will accept certificates from? Given these two features, would you still consider requiring a certificate to be bad?
Let's make sure what we mean by these two points: 1. "...allows you to get a certificate that has any name in it that you want, where the issuer makes no claims about the identity of the owner of the certificate?" I would expect that a certificate for "%63rrW209neU6q!" would be issuable for a miniscule amount of money, and as many of these as are desired. (No, I'm not saying "Verisign" must offer certificates for very low cost, only that there be no built-in costs, or built-in time delays and processing delays, that would prevent "Tim's Really Cheap and No Questions Asked Certificate Service" from issuing such certificates, cheaply and rapidly (in seconds, or less, as some applications will need this, if other services "demand" certificates). 2. "...software lets the user decide which CAs they will accept certificates from?" Fine, provided the following CAs are acceptable: -- an "automatic" certificate granter, essentially meant only to satisfy protocols which require certificates -- a certifier for the Mob, which sells certificates for some fee -- the application itself should be able to generate certificates immediately...call this the "null certification." It is true that some of these example seem to "undermine" the whole purpose of certificates, but this is precisely my point: if I want a key to be certified, I will determine the conditions under which I want it to be certified. Other parties are free to meet my conditions if they wish to do business with me, or not, as the case may be. The "null certification" is thus very important. Naturally, I think this null certification makes the idea of _requiring_ certification moot. Will Netscape allow this? --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."