X.509 certs that don't guarantee identity
Jeff Weinstein
jsw at netscape.com
Wed Feb 28 23:02:26 PST 1996
Alex Strasheim wrote:
>
> On the 23rd, Jeff Weinstein said this concerning the natural
> semi-anonymity of the net:
>
> > Given that verisign and others will soon begin issuing large numbers of
> > certificates that do not guarantee the identity of the key holder, it seems
> > that this tradition will continue even with the wide deployment of X509
> > certs.
>
> This has been bugging me since I read it. I'm not sure I understand the
> plan; it only makes sense to me if "anonymous" X.509 certs are issued
> for user authentication only, not for server authentication. Is that
> what this is about?
>
> (If anonymous certs are issued for servers, why should such a cert be
> treated any differently than one I generate on my own, which causes
> warning screens about an unknown CA to pop up?)
The navigator will not be configured to automatically trust the verisign
level 1 and 2 certificates for SSL servers. You will get the same warning
dialog with these certs as you do with one you generate on your own.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
More information about the cypherpunks-legacy
mailing list