[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Self-signed root transport and CA expiration

To: ssl-talk@xxxxxxxxxxxx, ietf-pkix@xxxxxxxxxx
Subject: RE: Self-signed root transport and CA expiration
From: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Date: Tue, 19 Nov 1996 17:03:47 -0500

> There is no VeriSign root. It cannot expire, therefore. We
> were very careful to stay out of the militeristic hierachy
> path; the danger of some govt hijacking it capabilities 
> were far too great.


I must be especially stupid today.  If VeriSign is not a "root",
then substitute for that term one of:

1. the certificate farthest from the the leaf in a certification path, or

2. one of the distinguished certificates pre-embedded into products
   like Navigator and IE, or

3. a certificate of the globally-well-known entity which Rivest's SDSI
   proposal refers to as "Verisign!!"


I know some people are offended by referring to Washington's football
team as the "Redskins"; if VeriSign is offended by being referred to
as a "root", then we will just have to find some other shorthand
term for the service it is selling.  What do you suggest?

Prev by Date: Re: Self-signed root transport and CA expiration
Next by Date: RE: Self-signed root transport and CA expiration
Previous by thread: Re: Self-signed root transport and CA expiration
Next by thread: RE: Self-signed root transport and CA expiration
Index(es):
- Date
- Thread