[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]a couple of questions and suggestions
From: |
Norbert Sendetzky |
Subject: |
Re: [Auth]a couple of questions and suggestions |
Date: |
Fri, 13 Jul 2001 21:18:01 +0200 |
On Friday 13 July 2001 20:40, Norbert Sendetzky wrote:
> On Friday 13 July 2001 15:19, David Sugar wrote:
> > In certificate authorities, I recall that root certificates for each
> > authority must be distributed before certificates issued by that
> > authority can be used. This could present a problem and a means to
> > control and limit what indipendent authorities exist. Imagine, for
> > example, if MS stuff like IE makes it even harder to load new CA root
> > certificates other than those originally issued with their IE base
> > distribution, and wipes out any add on ones every time you "upgrade".
> > Also, the CA must then issue the individual certificates for everything
> > that is used and deployed, rather than users individually, as is the case
> > with gpg.
>
> This may be a real threat!
Sorry, I should think twice before I write once!
Like I mentioned before, if we use certs or public/private keys is irrelevant
because the browser is only responsible for executing the plugin and
displaying it. The auth data (cert or key) must be stored by the Auth.GNU
service and not by the web browser.
But we have to use certificates anyway, because the transport of the data
(request and reply) must be done in a secure way (encrypted). This should be
no problem, even if Microsoft wants to make trouble.
Norbert