On 05/21/2010 06:12 AM, From Kyle Hamilton:
The way that commercial "certifying authorities" have gone about things thus far is completely antithetical to how business is transacted on the commercial internet. (hint: banks require *two* forms of ID in order to open a bank account, and CAs provide only *one*. How would you solve this problem?)
That's probably the wrong analogy. CAs also require two ID documents (and least the one I know best) and may provide multiple certificates. But actually you should have two certificates from two different authorities in order to stay in line with the two IDs a bank requires.
Besides that, there are banks which don't require two IDs including Switzerland.
Why is it that CAs -- which have made amazing strides in implementing multiple "classes" of certificates -- never did their part to educate the end-user as to the differences between those classes?
I believe that it's not the CAs but the software vendors which refuse to do so.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
