Nelson Bolyard wrote:
> Robert Sayre wrote:
>> Nelson Bolyard wrote:
>>> In effect, all the root CA certs are subordinate to the user himself.
>> I can't accept this assertion, but I admit I am unable to articulate the
>> reason. Maybe it's that users have never, ever cared about "root CA certs"?
> 
> But it has always been true.  In all Netscape and Mozilla products, the
> user has always had complete control over the trusted certs.  He was
> always able to add more trusted certs, and to remove trust from certs
> he chose not to trust.
> 
> A surprising number of users actually use these features.  There are
> SO MANY people, groups, schools, ISPs, etc. who insist on being their
> own CAs, with their own CA certs, and MANY MORE besides them who issue
> self-signed server certs (no CA involved, just a trusted EE cert).
> 
> ALL those users must use the UI to add the new trusted certs, and when
> the time comes to replace them, they use the UI to delete the old
> certs and install the new ones.
> 
> (Deleting the old certs would be completely unnecessary, except that most
> home-grown CAs use the same serial numbers for their certs, over and
> over and over.  For their root CAs, they always use serial number zero,
> naturally, no matter how many times they reissue that cert.)
> 
> Now, there's simply no way that we can deny that those users are in control
> of the CAs they trust.  The collected trust information stored by NSS for
> them is their trust anchor (in my view).
> 

If the issue is whether to allow USERS to limit the scope of
certificates, I have no problem with that.  I also have no problem in
limiting the scope of a certificate if explicitly requested by the CA.

I do have a problem with a trust model where the application developer
imposes a limited scope on certificates that might not be intended by
the CA or desired by the user.  That imposed limit is especially
unwanted when it results from an work-around to avoid the need for
rigorous validation of the CA's trustworthiness.
X.509

In the case of PKI -- whether OpenPGP or X.509 -- trust require candor
(public exposure).  Secret software and secret audits are not trustworthy.

-- 

David E. Ross
<http://www.rossde.com/>.

Anyone who thinks government owns a monopoly on inefficient, obstructive
bureaucracy has obviously never worked for a large corporation. © 1997
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to