W3C home > Mailing lists > Public > ietf-tls@w3.org > January to March 1997

Re: Trust chaining & finer-grained CA trust

From: Ray Sarna <lpuadm@leonardo.net>
Date: Fri, 07 Feb 1997 18:01:05 -0800
Message-Id: <>
To: Tom Weinstein <tomw@netscape.com>
Cc: Pat Richard <patr@xcert.com>, Mark Shuttleworth <marks@thawte.com>, Dan Hurley <hurley@att.com>, SSL-Talk <ssl-talk@netscape.com>, Christopher Allen <ChristopherA@consensus.com>, ietf-tls@w3.org, Win Treese <treese@OpenMarket.com>, "Jeffrey I. Schiller" <jis@MIT.EDU>
Is Pat Richard enquiring re: what I interpret to be a grab for exclusive
power?  Is that "monopoly?"  Does that retain the inner-sanctum idea of
"open platform?"

Is winning a monopoly relevant?  Is this group not seeking the most
competent long-term resolution, irrespective of toolkit or patent control?

Should there be an additional period of time...2 weeks or a month, during
which to reflect on what is being driven home at this moment?

If this group were to express a desire for an extension of time and/or a
reconsideration of the proposal, who has the ultimate decision power?  The
individual at the outfit that will win the monopoly or someone else?

Is this the appropriate place to suggest a call for such a vote?  Do I have
the right to ask?

Ray Sarna

At 04:29 PM 2/7/97 -0800, you wrote:
>On Fri, 7 Feb 1997, Tom Weinstein wrote:
>> Mark Shuttleworth wrote:
>> > 
>> > Hiya
>> > 
>> > Perhaps I missed this bit,  but surely the UI on the browser should
>> > put big flashing warnings up before letting the user accept a
>> > chainable CA cert?
>> Nope.  If the CA issues a cert with the correct extension for the
>> navigator to trust it as a CA, we assume that they are delegating
>> issuing authority.  VeriSign uses this so that they can have multiple
>> CAs that actually issue certs descended from a single root CA that
>> just issues CA certs.
>> This makes a lot of sense from a security perspective.  The keys that
>> issue certs get used a lot, so they are most vulnerable to attack.  If
>> you expire them frequently and keep the only copy of the root key locked
>> up in a vault, for example, you reduce your exposure.
>Actually, it doesn't, with the respect to the question of this entire 
>thread, which is "Fine Grained Trust".
>By delegating authority with chains you end up with a PKI (all CA's
>participating in a chain with a single root) that either:
>1) forces all CAs to accept the "LCD" (lowest common denominator)
>with respect to trust (i.e. if a CA with low assurance is in the chain,
>then all CA's in that chain now have low assurance)
>2) force all CAs in that chain to be 100% compliant with the root
>CA's vetting policy, which is un-manageable and does not reflect
>real-world trust models.
>Alternatively, use a model where the CA's policies and signed and
>you have policy chains rather than CA cert chains.
>This way trust is not absolute and can actually exhibit "fine grained"
>features, like a PKI that can determine the assurance level of the
>2 parties involved.
>> -- 
>> You should only break rules of style if you can    | Tom Weinstein
>> coherently explain what you gain by so doing.      | tomw@netscape.com
>Pat Richard
Received on Friday, 7 February 1997 21:04:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC