Re: secure tcp ports

> TLS requires a CA, unless one of the proposed shared key
> mechanisms are adopted. There is not a global CA
> infrastructure, more or less a US infrastructure. Worse, in
> the US there is the real possibility of escrow. Associated with

Begging your pardon,  but Thawte's strategy is entirely global.  Also,
because we are based outside the US,  the only way we would consider
escrow is if the US government explicitly banned the use of non-escrow
keys within the US - an unlikely proposition.

> most CAs is a financial transaction.  Though traditional use of
> security (in particular, cryptography) has often been
> labeled as "not for free", requiring investment in a CA or
> purchase of a CERT gives the term new meaning.

As soon as it's possible to conduct quality checks free,  there will be
quality free certs.  Certification should not be an expensive thing at
all.  We don't think so.

Also,  I think we'll see "micro-certification" become important.  By this
I mean the certification of small, easy to prove but also valuable
relationships,  like "this key is managed by the person at the end of this
email address".  Xcert, Thawte, Verisign, etc. all have projects that
explicitly or implicitly suggest this trend.

Mark Shuttleworth
Thawte Consulting

Received on Friday, 7 February 1997 04:10:04 UTC