On 11/11/2008 04:58 AM, Ian G:
Yes, you are confirming and reinforcing his point: the dominant paridigm -- to push a concept of a binding of legal name to key -- is making it difficult for advocates of crypto to gain traction.
It serves a purpose, it's not the only form in current applied PKI on the web. An email address or domain name is a valid binding too. We've said that already.
One reason (there are many) is that there is no "legal identity" in existence, so efforts to push it run into invisible barriers. Your examples don't work, because many courts simply don't care so much about the name, only about the body: habeus corpus. The names in passports are not "legally given" as you suggest, they are just names in passports. E.g., over at CAcert there is a statistic that something like 1% of passports have errors in them; it is not a perfectly reliable document. That's because passports are evidence of citizenship, and the inclusion of a name there is more an attempt to narrow down frauds on citizenship; passports are not intended for other purposes, and they are not necessarily an accurate representation of any name of the person. IOW, the issuer doesn't care. Also, bear in mind that ones mother is a better authority on names than the government, generally, and all other things are derivative. And, different cultures do different things .... Granted, the name of an organisation registered at the creation authority is likely a better bet as to the name, but that is only when the registry is also the creation entity. Even then there are things like trading names, wholly owned companies, foreign registrations, multiple rights to the same trading name, etc, which are fine, "legally," before the court, depending. The court is happy when it has the right guy, name or not. You can't even identify an entity uniquely by insisting on an ID number, as some countries don't issue numbers, and some issue more than one.
Oh really....I expect better from you! We all know what "legal identities" are, we aren't in the kindergarten anymore, right?
There are enough reasons when a relying party needs to know which entity or identity he/she/it is. The authority is that of the respective, governing country. the courts system and legislative is that of the respective authority (governing country). I believe that you don't have any better alternative binding than the legal system set up by the respective authority!
The purpose is to identify a person or company up to the extend that he/she/it can be found and charged if needed. I think that's about it...
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
