[3004] in cryptography@c2.net mail archive
Re: Pseudonymous S/MIME certs?
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Jul 20 11:18:04 1998
Date: Mon, 20 Jul 1998 16:13:49 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Enzo Michelangeli <em@who.net>
CC: cryptography@c2.net
Enzo Michelangeli wrote:
>
> By the way: are there technical or legal issues preventing someone from
> using a personal certificate, issued by Verisign or equivalent, to initiate
> a certification chain useable by third parties? The advantage, of course,
> would be the inheritance of the trust when the message is received by
> popular agents which come with the public keys of those CA's built-in (like
> Messenger or Outlook Express).
I think there are legal and common sense issues and possibly technical
ones, too:
Technical: I don't know whether enough products actually support cert
chains (admittedly I've never tested it, but since they are almost never
used in real life, I rather doubt anyone else has either).
Legal: seems to me this would not be a permitted use of an ordinary
cert.
Common-sense: just coz I trust A, doesn't mean I trust B who A signed
for.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/
