[3014] in cryptography@c2.net mail archive
Re: Pseudonymous S/MIME certs?
daemon@ATHENA.MIT.EDU (Ed Gerck)
Mon Jul 20 16:32:37 1998
Date: Mon, 20 Jul 1998 17:01:25 -0300 (EST)
From: Ed Gerck <egerck@laser.cps.softex.br>
To: Jeff Weinstein <jsw@netscape.com>
cc: cryptography@c2.net
In-Reply-To: <35B38E48.9ADB5440@netscape.com>
On Mon, 20 Jul 1998, Jeff Weinstein wrote:
>The verisign class 1-4 hierarchies require cert chaining. I think some of the
>other CAs do now too. All netscape products have supported chaining for years.
>I'd think that most support chaining by now too.
>
> --Jeff
It's symptomatic to support cert chaining but not to support CRL
chaining, as Netscape does. After all, why would a user want to chain
to a CRL if chaining to other CAs already makes CRLs near to useless?
Why increase the security of what is already nigh unknown?
Cheers,
Ed Gerck
>
>
>Ben Laurie wrote:
>> Technical: I don't know whether enough products actually support cert
>> chains (admittedly I've never tested it, but since they are almost never
>> used in real life, I rather doubt anyone else has either).
>
______________________________________________________________________
Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
--- Meta-Certificate Group member, http://www.mcg.org.br ---
