On Fri, Aug 15, 2003 at 10:30:11AM -0700, Steve Hole wrote:
On Thu, 14 Aug 2003 19:58:11 -0700 Julien Pierre
<jpierre(_at_)netscape(_dot_)com>
wrote:
Why ?
Because you have to run a root. That is, the hierarchy has to have a top
level interconnect.
really?
I believe RSA works fine both for subject name matching issuer name
and for any other subject name. One could put trust directly in some
CA certificate (say, a corporation-wide one) and it could be root,
self-signed or otherwise. Fine-tuned client software is the point
This quickly becomes an issue of governance.
National goverments get involved the way they got involved in DNS. The
difference is that the governments got involved *before* the service was
running, not after the way they did with DNS.
One can easily sign with DSS/DSA using widely distributed quorum system,
maybe Shamir secret-sharing one. No single one would own
the signing key and it could be generated in shares right from the start
regards,
Vadim