- From: Ray Sarna <lpuadm@leonardo.net>
- Date: Fri, 07 Feb 1997 18:01:05 -0800
- To: Tom Weinstein <tomw@netscape.com>
- Cc: Pat Richard <patr@xcert.com>, Mark Shuttleworth <marks@thawte.com>, Dan Hurley <hurley@att.com>, SSL-Talk <ssl-talk@netscape.com>, Christopher Allen <ChristopherA@consensus.com>, ietf-tls@w3.org, Win Treese <treese@OpenMarket.com>, "Jeffrey I. Schiller" <jis@MIT.EDU>
Is Pat Richard enquiring re: what I interpret to be a grab for exclusive power? Is that "monopoly?" Does that retain the inner-sanctum idea of "open platform?" Is winning a monopoly relevant? Is this group not seeking the most competent long-term resolution, irrespective of toolkit or patent control? Should there be an additional period of time...2 weeks or a month, during which to reflect on what is being driven home at this moment? If this group were to express a desire for an extension of time and/or a reconsideration of the proposal, who has the ultimate decision power? The individual at the outfit that will win the monopoly or someone else? Is this the appropriate place to suggest a call for such a vote? Do I have the right to ask? Ray Sarna At 04:29 PM 2/7/97 -0800, you wrote: >On Fri, 7 Feb 1997, Tom Weinstein wrote: > >> Mark Shuttleworth wrote: >> > >> > Hiya >> > >> > Perhaps I missed this bit, but surely the UI on the browser should >> > put big flashing warnings up before letting the user accept a >> > chainable CA cert? >> >> Nope. If the CA issues a cert with the correct extension for the >> navigator to trust it as a CA, we assume that they are delegating >> issuing authority. VeriSign uses this so that they can have multiple >> CAs that actually issue certs descended from a single root CA that >> just issues CA certs. >> >> This makes a lot of sense from a security perspective. The keys that >> issue certs get used a lot, so they are most vulnerable to attack. If >> you expire them frequently and keep the only copy of the root key locked >> up in a vault, for example, you reduce your exposure. >> > >Actually, it doesn't, with the respect to the question of this entire >thread, which is "Fine Grained Trust". > >By delegating authority with chains you end up with a PKI (all CA's >participating in a chain with a single root) that either: > >1) forces all CAs to accept the "LCD" (lowest common denominator) >with respect to trust (i.e. if a CA with low assurance is in the chain, >then all CA's in that chain now have low assurance) > >or > >2) force all CAs in that chain to be 100% compliant with the root >CA's vetting policy, which is un-manageable and does not reflect >real-world trust models. > >Alternatively, use a model where the CA's policies and signed and >you have policy chains rather than CA cert chains. > >This way trust is not absolute and can actually exhibit "fine grained" >features, like a PKI that can determine the assurance level of the >2 parties involved. > >> -- >> You should only break rules of style if you can | Tom Weinstein >> coherently explain what you gain by so doing. | tomw@netscape.com >> > >---- >Pat Richard >patr@x509.com > > >
Received on Friday, 7 February 1997 21:04:37 UTC