[3009] in cryptography@c2.net mail archive
Re: Pseudonymous S/MIME certs?
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Mon Jul 20 15:44:19 1998
Date: Mon, 20 Jul 1998 11:28:47 -0700
From: jsw@netscape.com (Jeff Weinstein)
To: cryptography@c2.net
Enzo Michelangeli wrote:
>
> By the way: are there technical or legal issues preventing someone from
> using a personal certificate, issued by Verisign or equivalent, to initiate
> a certification chain useable by third parties? The advantage, of course,
> would be the inheritance of the trust when the message is received by
> popular agents which come with the public keys of those CA's built-in (like
> Messenger or Outlook Express).
You want to use the cert that verisign gives you to sign other certs?
Obviously verisign (or most other CAs) won't want you to use an end-user
cert to sign other certs. In fact there are cert extensions required
to act as an intermediate CA, and the certs that verisign issues
to end users do not include these extensions. I suspect that verisign
also has some legalese in their license or CPS that also prevents this.
> Another question, specifically for Jeff: are there plans for supporting DSS
> and DH certificates in Navigator?
Current communicator/navigator supports DSS. We are working on DH, but
I can't say yet when we will have it in a product.
--Jeff
