[Previous] [Next] [Index]
[Thread]
Re: Netscape Changes RSA tree
On Thu, 20 Apr 1995, Lee Neely <lkn@llnl.gov> wrote:
>I just learned that Netscape added a new root to the RSA tree
>when they licensed the Digsig part of the netsite server.
>
> You see, if you're a current Certificate Authority
>(I am) and you wish to assign a Digital Certificate to Netscape, you can't.
>(Unless you pay RSA *MORE* money and upgrade your software, which isn't
>really available yet.) The alternative is to pay RSA for your certificate
>(yes, like everyone else!) and then get one from them.
EIT's Secure NCSA Mosaic for X and Secure SPRY Mosaic, both of which support
Secure-HTTP, support the addition (in the client and the server) of new root
certificates. I have the impression (for some reason) that Netscape was going
to allow this capability in the next major release of their browsers and server,
at the same time as they add client-certificate support.
>While this seems minor, after all, I am only talking about one server;
>WHEN we get to version 1.5, which is supposed to support Certificates at
>the client level, we could be forced to pay for many certificates, outside
>of our current purchase arrangement with RSA. Further, the potential
>exists for users to have to have TWO certificates. One for their "regular"
>digitally signed documents, and one for Netscape. And at $279, plus the
>browser, this is not a bargain!! *so much for a distinguished name that
>uniquely identifies you*
Heh. That's true. At the WWW conference last week, during the Security panel,
an attendee said that their pet peeve is web services which require personal
logins, since you end up having needless multiplication of logins. However,
Owen Rees of ANSA, who was on the panel, brought up the point that a user should
not necessarily always have same set of access rules - the identification is not
always ôthis is meö, sometimes it is ôthis is me, the person who fills this
role.ö An example given was the "Duty Officer" in the armed services - the DO
is identified by their role, not their name. Just food for thought.
I do agree that multiplication of keys due to different required rootings of the
tree hierarchy is, in general, a bad thing. The problem, though, is the issue
of trust. SPRY certainly wouldn't want to depend on Netscape to certify keys
used by SPRY employees to authenticate for sensitive internal documents, vice
versa. The need for a "universally trusted" root exists, and the possibility of
that being government-based gives me the willies. I can't think of any party
that could be said to be completely disinterested.
-Chris Wilson
:::::::::::::::::::::<<< NETWORKING THE DESKTOP >>>::::::::::::::::::::
Chris Wilson Spry, Inc.
WWW Technology Lead 316 Occidental Avenue S. 2nd Floor
Email: cwilson@spry.com Seattle, WA 98104
Phone: (206) 447-0300 FAX: (206) 447-9008
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Follow-Ups: