[TrustBar] [Fwd: Re: Low assurance SSL CAs]
Duane
duane at cacert.org
Wed Feb 16 00:40:26 EST 2005
On Wed, February 16, 2005 0:29, Ian G said:
> Consider someone steals your identity, goes and
> gets a PhD in astrophysics, and then what? Are
> you ... unhappy about that? Different standards
> for different purposes.
The point was they don't do any qualifying checks to cross reference the
name on the results really is me...
> Right. So the point is here: if you require a
> centralised system, then you end up with a
> system that doesn't do what you thought it
> would.
And then they want to wrap it in biometrics to make it more secure?
> So the challenge is to find a system that is
> not centralised. This is a 'known problem'
> in computer science, and it's not solved by
> asking someone else to solve it ;) You might
> like to look at the following essay:
There is no point in decentralising it, if you do that we'll end up with a
worst system then we currently have. We don't necisarily need a
centralised system, just a metric that the CA policy for ID checks can be
weighed against and if a user thinks it is unfair should be able to alter
the weighting.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the TrustBar
mailing list