[Previous] [Next] [Index]
[Thread]
Re: Netscape Changes RSA tree
wcs@anchor.ho.att.com wrote:
>> From: Taher Elgamal <elgamal@netscape.com>
>...
>> I think we are mixing a certificate with a digital signature. A
>> certificate is a proof of identity attached to the use of a public key.
>...
>> I believe that we will need multiple levels of trust for certificates,
>> a hierarchy, however, is a convenient method of verifying the trust
>> level associated with a particular certificate.
>
>One of the problems with RSADSI's style of certificates is that
>they're inherently hierarchical, which means you need to trust
>the structure designed by the people at the top for certification,
>and tree-shaped chains of identification need to be adequate.
I remember reading a comic book one time where the lead villan was at an event
to honor his years of disservice (Dr. Doom was the bad guy in question).
Anyway, in the comic he was blamed for:
global warming
deforestation
acid rain
taxes
Mt. St. Helen(!)
etc.
It seems that these days everyone likes to blame/credit RSADSI for everything
in the crypto world. "RSADSI certificates" is a misnomer; "X.509 certificates
is much better".
X.509 certificates were designed with a heirarchy in mind. That doesn't mean
the have to be used that way. IMHO, there will be a chaotic structure in place
with no single trusted root. However, there will be points out in the chaos
that the individual will want to trust.
This is actually the challange: Figure out how to present the possibilities to
the consumer and let them make an informed decision without pissing them off.
Simple, really :-(
--
---------------------------------------------------------------------
Kipp E.B. Hickman Netscape Communications Corp.
kipp@netscape.com http://home.netscape.com/people/kipp/index.htm
References: