On 03/27/2009 02:16 PM, Kyle Hamilton:
I'm also going to state, once more: your Assumptions (in this case, your Beliefs) are what are making this system NOT WORK. Your Beliefs are what are preventing people from wanting to participate. Sure, you set the rules, you set the UI... but nobody wants to play your game.
I wouldn't say "nobody", it seems that there are maybe two camps. Those that believe in our game and those that don't. Incidentally we are working on something that allows for validated identities with disclosure being optional at the discretion of the subscriber. But we aren't there yet.
(Not to mention the link that Ian posted, about the US State Department issuing 4 valid passports to 4 fraudulent applications all made by the same man, which was made possible by having a little bit of information about 4 people who were -- fortunately -- not real.
And fortunately I'm glad to inform you that he wouldn't have received a verified certificate from StartCom. I'm not saying it's imposable with faked passports to receive certification, however the hooks and jumps the subscriber has to go through makes it rather difficult. Since there are easier targets and easier ways to obtain such certification than through StartCom, I believe that there are none and most likely never will be.
Having said that, there are even arguments against face-to-face validations and should never be the only source for reliable verification. The above incident proves this.
THIS is why your concept of authentication fails -- because the policies that you are trying to impose are policies that are harmful to the people you're trying to impose them on!
Don't mistake between questionable procedures and failures and the concept. The concept isn't failing and if correctly implemented shouldn't. You must be careful not to draw premature conclusion because of failures which aren't related to digital certification. Second, I'm certain that you wouldn't have an alternative to offer - besides no validation at all.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
