- From: Rodney Thayer <rodney@sabletech.com>
- Date: Fri, 07 Feb 1997 09:53:01 -0500
- To: ietf-tls@w3.org
Sorry, I missed where we got the assertion that TLS requires a CA.
As I understand it TLS requires a ROOT CERTIFICATE and CERTIFICATES.
[Assuming the identity-based case, not the anonymous case.]
Implementations can do whatever they wish to come up with the root
certificate. I might deal with that by configuring my implementation to
use Thawte's root certificate and use them as a CA. Someone else might set
up a CA for use inside a corporation or other organization. Someome might
even set things up to self-sign or deliver a signature engine fairly
widely. One can look at PGP as an example of this.
I don't see that there is any technical REQUIREMENT in TLS that I pay
anyone to act as my certificate authority. I myself use it that way
sometimes but that's an implementation and deployment detail, not a
requirement of the protocol.
>Resent-Date: Fri, 7 Feb 1997 04:10:51 -0500
>Resent-Message-Id: <199702070910.EAA11516@www19.w3.org>
>Date: Fri, 7 Feb 1997 11:08:47 +0200 (SAT)
>From: Mark Shuttleworth <marks@thawte.com>
>To: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>
>cc: billo@server.net, ietf-tls@w3.org, ssl-talk@netscape.com
>Subject: Re: secure tcp ports
>X-List-URL: http://lists.w3.org/Archives/Public/ietf-tls
>Resent-From: ietf-tls@w3.org
>X-Mailing-List: <ietf-tls@w3.org> archive/latest/593
>X-Loop: ietf-tls@w3.org
>Sender: ietf-tls-request@w3.org
>Resent-Sender: ietf-tls-request@w3.org
>
>>
>> TLS requires a CA, unless one of the proposed shared key
>> mechanisms are adopted. There is not a global CA
>> infrastructure, more or less a US infrastructure. Worse, in
>> the US there is the real possibility of escrow. Associated with
>
>Begging your pardon, but Thawte's strategy is entirely global. Also,
>because we are based outside the US, the only way we would consider
>escrow is if the US government explicitly banned the use of non-escrow
>keys within the US - an unlikely proposition.
>
>> most CAs is a financial transaction. Though traditional use of
>> security (in particular, cryptography) has often been
>> labeled as "not for free", requiring investment in a CA or
>> purchase of a CERT gives the term new meaning.
>
>As soon as it's possible to conduct quality checks free, there will be
>quality free certs. Certification should not be an expensive thing at
>all. We don't think so.
>
>Also, I think we'll see "micro-certification" become important. By this
>I mean the certification of small, easy to prove but also valuable
>relationships, like "this key is managed by the person at the end of this
>email address". Xcert, Thawte, Verisign, etc. all have projects that
>explicitly or implicitly suggest this trend.
>
>--
>Mark Shuttleworth
>Thawte Consulting
>
>
>
Rodney Thayer <rodney@sabletech.com> +1 617 332 7292
Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
Fax: +1 617 332 7970 http://www.shore.net/~sable
"Developers of communications software"
Received on Friday, 7 February 1997 09:55:14 UTC