[10912] in cryptography@c2.net mail archive
Re: RSA getting rid of trusted third parties?
daemon@ATHENA.MIT.EDU (Greg Rose)
Fri Jun 21 17:11:20 2002
Date: Sat, 22 Jun 2002 06:50:58 +1000
To: Ian Clelland <ian@veryfresh.com>
From: Greg Rose <ggr@qualcomm.com>
Cc: cryptography@wasabisystems.com, Michael_Heyman@nai.com
In-Reply-To: <20020621184800.GD27465@fullfactor.com>
At 11:48 AM 6/21/2002 -0700, Ian Clelland wrote:
>The trust model doesn't break down just because anyone can create a
>valid X.509 certificate. There still has to be a valid chain of trust
>leading back to a trusted party (RSA, in this case). If that trust is
>abused, then RSA can revoke your cert and break the chain.
a) it isn't clear to me that RSA would have the right to revoke the
organisations certificate; maybe they build it into their license agreement.
b) browsers *don't check* the revocation status on certificates, and the
field that points to the server for the revocation list is almost never
filled in anyway.
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
