Nelson Bolyard wrote: > Robert Sayre wrote: >> Nelson Bolyard wrote: >>> In effect, all the root CA certs are subordinate to the user himself. >> I can't accept this assertion, but I admit I am unable to articulate the >> reason. Maybe it's that users have never, ever cared about "root CA certs"? > > But it has always been true. In all Netscape and Mozilla products, the > user has always had complete control over the trusted certs. He was > always able to add more trusted certs, and to remove trust from certs > he chose not to trust. > > A surprising number of users actually use these features. There are > SO MANY people, groups, schools, ISPs, etc. who insist on being their > own CAs, with their own CA certs, and MANY MORE besides them who issue > self-signed server certs (no CA involved, just a trusted EE cert). > > ALL those users must use the UI to add the new trusted certs, and when > the time comes to replace them, they use the UI to delete the old > certs and install the new ones. > > (Deleting the old certs would be completely unnecessary, except that most > home-grown CAs use the same serial numbers for their certs, over and > over and over. For their root CAs, they always use serial number zero, > naturally, no matter how many times they reissue that cert.) > > Now, there's simply no way that we can deny that those users are in control > of the CAs they trust. The collected trust information stored by NSS for > them is their trust anchor (in my view). >
If the issue is whether to allow USERS to limit the scope of certificates, I have no problem with that. I also have no problem in limiting the scope of a certificate if explicitly requested by the CA. I do have a problem with a trust model where the application developer imposes a limited scope on certificates that might not be intended by the CA or desired by the user. That imposed limit is especially unwanted when it results from an work-around to avoid the need for rigorous validation of the CA's trustworthiness. X.509 In the case of PKI -- whether OpenPGP or X.509 -- trust require candor (public exposure). Secret software and secret audits are not trustworthy. -- David E. Ross <http://www.rossde.com/>. Anyone who thinks government owns a monopoly on inefficient, obstructive bureaucracy has obviously never worked for a large corporation. © 1997 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
