RSA getting rid of trusted third parties?
Ian Clelland
ian at veryfresh.com
Fri Jun 21 17:30:51 EDT 2002
On Sat, Jun 22, 2002 at 06:50:58AM +1000, Greg Rose wrote:
> a) it isn't clear to me that RSA would have the right to revoke the
> organisations certificate; maybe they build it into their license agreement.
I hope that they would reserve the right to revoke the certificate
before it expires. There has to be a way for RSA to say that 'we no
longer trust the entity posessing this certificate'. Even if a company
has paid for the certificate, it should still be revocable in the event
of breach of contract, or loss/theft of the certificate.
> b) browsers *don't check* the revocation status on certificates, and the
> field that points to the server for the revocation list is almost never
> filled in anyway.
That's a good point, but I think it's more of an argument that the
browser-certificate model was already broken, not that this new service
suddenly changes anything.
Ian Clelland
<ian at veryfresh.com>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list