On 11/11/2008 03:54 PM, Ian G:
And, in particular, the PKI industry's obsession with some concept that you refer to as "legal identity" is ruining its own market.
I personally don't perceive it as such nor do I think that there is such an obsession. I *do* believe that more verified identities may be good for the Internet in general - which would allow to view unverified ones with a grain of suspicion. Or lets make some comparison to transportation, where one in order to drive a car must undergo some training and carry a license. I could imagine something similar applied to the Internet, where one carries a license in order to drive on the network. Anybody without a license can't drive along.
However - and this might be interesting for the other camp - one doesn't stick the drivers license in bold letters onto the rear window for everybody to see, instead you've got license plates for the car. In some way, the driver remains anonymous to some extend. Applying this to the Internet, I'd know that you've got a license and I'd even know the number. I still don't know your personal details - which I could request from you if I wanted to. It would be known by an authority should need arise (in case of unlawful actions like malware distribution).
Now of course this is some form of reducing the freedom of the individual, but on the other hand would bring some piece of mind (with malware and fraud removed, children clearly protected and so forth). Similar to the transportation system where not every individual can do as he likes.
In such a network where "drivers" hold "licenses to drive", one could according to preferences and policies apply rules, for example require a license to send mail to a server, or to view some private content, or publish software etc. Where it's permissible, no license should be required like posting a message on an anonymous blog.
Don't eat me alive here, it's a possible solution to solve a problem differently (instead of arming ourselves with anti-spam, anti-viruses, anti-malware etc. a game which never can be won). :-)
Sure, that's a claim that is frequently made, albeit *only in PKI circles*.
Really?
That's what that whole CN is about. Some name that is fairly clear, and an implied CA claim that there really is only one Paypal in its list of certs, so you can rely that this is "the one".
There is one in San Jose, CA, USA. The claim is that of Paypal that they hold the trademark, there is a difference.
Then there is the one between the end user and the website business. This might or might not be the one that is central in the dispute. Then there are other agreements that pop in and out in the normal course of business.
Of course. There shall be no difference from when I walk into their shop or buy from the web site. Confirmations of CAs provide the verified information (like a Notary as I said earlier). CAs don't interfere in the handling of their respective businesses nor legal system. I think this is very clear.
I have the feeling you are trying to create a problem where there isn't one and make something up which never was claimed. And there is no sand castle either...
Yes, you are almost there. The purpose is to resolve a dispute.
Duuuh? -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
