RE: Three short fixes

The null assurance CAs are already out there 

Have been for five years   

> -----Original Message-----
> From: owner-ietf-pkix <at> mail.imc.org 
> [mailto:owner-ietf-pkix <at> mail.imc.org] On Behalf Of Kemp, David P.
> Sent: Monday, June 11, 2007 3:42 PM
> To: ietf-pkix <at> imc.org
> Subject: RE: Three short fixes
> 
> 
> In order to achieve backwards compatibility with a billion 
> browsers, you would have to mark any new extension as 
> non-critical, where it would be ignored by every single 
> browser currently in existence.
> 
> Therefore users would be told that their communication is 
> secure while issuing practices permit (no, positively 
> encourage, once the word on this extension gets out) web site 
> spoofing.
> 
> If you want to use Peter's OID for this, no one can stop you. 
>  But the PKIX WG can refuse to assign an OID whose ostensible 
> purpose is to enable non-advertised encryption but whose 
> actual effect on current browsers would be to advertise 
> secure communications while using null-assurance certificates.
> 
> 
> 
> 
> -----Original Message-----
> From: owner-ietf-pkix <at> mail.imc.org 
> [mailto:owner-ietf-pkix <at> mail.imc.org]
> On Behalf Of Hallam-Baker, Phillip
> 
> These are not anonymous communications, they are merely 
> communications that do not require the level of assurance 
> that is necessary to alert the user to tell tham that the 
> communication is secure.
>  
> > > The reason for using a certificate is to allow for backwards 
> > > compatibility with a billion installed browsers.
> 
> 
> -----------
> 
> P.S., the difference between anonymous communications and
> communications for which the participants can claim any desired
> name (e.g. my webserver operating as https://www.verisign.com)
> and into which third parties (e.g. hotel wireless APs) may
> insert themselves eludes me. One definition of anonymous is
> "unnamed", but the second definition is "of unknown origin".
> Spoofed names certainly seem to fit the second definition.
> 
>