[10903] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RSA getting rid of trusted third parties?

daemon@ATHENA.MIT.EDU (Michael_Heyman@NAI.com)
Fri Jun 21 11:18:30 2002

From: Michael_Heyman@NAI.com
To: cryptography@wasabisystems.com
Date: Fri, 21 Jun 2002 08:28:40 -0500

I came across this interesting announcement by RSA:

<http://www.rsasecurity.com/news/pr/2002/020619.html>

Particularly from the above announcement:

   By using this solution, customers' Web server certificates 
   generated and issued by their RSA Keon Certificate Authority 
   (CA) software are designed to be automatically validated - 
   and therefore trusted - by popular Web browsers, e-mail 
   packages and other applications that leverage the recognized 
   issuer lists of these Web browsers.

This announcement appears to completely break down the trust model assuming
anybody can host a Keon CA that will issue trusted certificates.

-Michael Heyman

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10903] in cryptography@c2.net mail archive

RSA getting rid of trusted third parties?

daemon@ATHENA.MIT.EDU (Michael_Heyman@NAI.com)Fri Jun 21 11:18:30 2002

daemon@ATHENA.MIT.EDU (Michael_Heyman@NAI.com)
Fri Jun 21 11:18:30 2002