16 Jul
2003
16 Jul
'03
4:28 p.m.
What I now heard was that the ssl connections will be strengthened by adding client side certificates which can be used for authentication. This might of course rise questions about the use of third-party-CA for the certificates, but this is (as clarified in this mail below) resolved by having the RIR being an CA by itself.
so i am supposed to install the RIRs' certs in my browser as root CAs and ignore the big hole for attack this opens? i already *remove* a bunch of root CAs when i bring up a new browser. this is the new internet. get paranoid. let the RIRs spend a few of the bucks they have getting their certs signed by a well-trusted root CA. randy