On Fri, 6 Jun 2003, Haren Visavadia wrote:
Dave wrote:
Only a fool would accept a self-signed certificate
CA certificate is self-signed.
Are you suggesting CA should cross sign each others certificates?
If a root certificate is installed by a process you choose to trust, it is
not self signed. Self signed in my experience refers to the ability
frequently used internally for QA labs where there is no accepted root
server. Even if the root cert, installed by my explicit or implicit
approval, is used to sign another cert from the same organization, that
second cert isn't self-signed.
FWIW, for UBM suppression, I'm not concerned about my grand parents
understanding trust models. Meaningful trust boundaries must begin with
the MTA. The MTA owns the trust issue between itself and individual MUAs.
As Phill implied, the cost of security must be less than the value of the
protected entity. If major operators of MTAs discover that a particular CA
root private key is compromised. Addressing the problem quicky should be
easy, if the possiblity was anticipated. Will that protect every user, no,
but costs here are based on the scale of the activity, not individual
occurances (as is any value received from sending the UBE) so getting
rapid response from 20-100 MTA operators is likely to be effective.
Dave Morris