On 11/12/2008 08:32 AM, Ian G:
eBay users seems to survive without them?
Because a different body governs them.
Or lets make some comparison to transportation, where one in order to
drive a car must undergo some training and carry a license. I could
imagine something similar applied to the Internet, where one carries a
license in order to drive on the network. Anybody without a license
can't drive along.
Sure. This is nothing to do with *identity* tho, all it has to do with
is ones tested ability to drive safely. Try this thought experiment:
would a driver's licence without a name on it, but with a photo on it,
work as well?
No, because the license is tied to the person. His identity details are
part of the license document.
Right, certs without names or with nicknames achieve that. It might not
be possible to see the name, but seeing the issuer is sufficient to say
something. If a trail is all that is required, this can simplify things
a lot.
Right, if the issuer could confirm that the subscriber has disclosed his
details and was confirmed by the issuer (whatever procedure is not
imported for this exercise) and this is his identification number (some
random number issued by the issuer), it could be sufficient for most
operations. The protection is still real even though the certification
doesn't include the details of the subscriber.
Well, except there isn't much in the way of use cases. On the roads, bad
drivers keep bumping into each other.
Of course. Actually we aren't concerned about "bad drivers" and
accidents on the net, but about deliberate damage. This includes also
spam etc.
Of course. There shall be no difference from when I walk into their
shop or buy from the web site.
Ah, but there is, that is the point.
Well, for the legal system there is very little difference, it's your
ability to pursue which is limited.
The point is: do CAs require this so-called "legal identity"?
Obviously that's the way to reach an entity, being it a private person
or company.
Let's call it for sake of discussion a privacy issue. If so, then it
should not be required unless needed.
I think that's correct and is also applied today (i.e. your web log
doesn't require to disclose your identity, hence DV would be perfectly
fine).
If the answer is, so relying party can take the subscriber to court,
then we have a problem: it won't work that easily, indeed it is
bordering on useless, because the more borders we cross, the more the
transaction costs go up.
And everything should be with reason.
Nope, just eliminating an assumption or two: identity required for
court. Once these are eliminated, life becomes much easier.
Real identity is required for court, why eliminate it? According to my
preference I may freely decide in order to give somebody access to
certain resources which are truly under my control, I may require a
verified identity too. It's about the risk assessment of each of us,
being it private or corporate.
And, for a dispute, you do not need the verified identity. You need to
find some way to get the person into court.
...and how do you get the person into court if you don't know who the
entity is? I don't understand what exactly you discovered?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
