as discussed in the rest of this thread and the side thread http://www.garlic.com/~lynn/aepay10.htm#78 ssl certs http://www.garlic.com/~lynn/aepay10.htm#79 ssl certs
is that the whole SSL certificate infrastructure is already based on domain name infrastructure .... w/o any real contractual warrant. The domain name infrastructure is the authoritative agency for domain name infrastructure. You can either contact the domain name infrastructure directly w/o contractual warranty and get the information directly or You can have an SSL certificate containing information where the certification authority has contacted the domain name infrastructure directly w/o any contractual warranty. There is the possibility that there is a contractual warranty by the certification authority that it has reliably contacted the domain name infrastructure with regard to validating the information. So that is the merchant comfort certificates ... that certification authorities will possibly warrant that they have contacted the domain name infrastructure. from http://www.garlic.com/~lynn/subtopic.html#sslcerts some past merchant comfort certificate threads: ttp://www.garlic.com/~lynn/aadsm2.htm#mcomfort Human Nature http://www.garlic.com/~lynn/aadsm2.htm#mcomf3 Human Nature http://www.garlic.com/~lynn/aadsm2.htm#useire2 U.S. & Ireland use digital signature http://www.garlic.com/~lynn/aadsm3.htm#kiss5 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsm3.htm#kiss7 KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt)) http://www.garlic.com/~lynn/aadsmail.htm#comfort AADS & X9.59 performance and algorithm key sizes http://www.garlic.com/~lynn/aadsmore.htm#pkiart2 Public Key Infrastructure: An Artifact... http://www.garlic.com/~lynn/aepay4.htm#comcert Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert2 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert3 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert4 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert5 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert6 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert7 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert8 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert9 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert10 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert11 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert12 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert13 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert14 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert15 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert16 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert17 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay6.htm#dspki use of digital signatures and PKI http://www.garlic.com/~lynn/2000c.html#32 Request for review of "secure" storage scheme http://www.garlic.com/~lynn/2001c.html#62 SSL weaknesses einar stefferud <[EMAIL PROTECTED]> on 12/28/2002 9:50 pm wrote: Unfortunately, from my long experience with the DNS and ICANN travails, I must report that your trust in the contents of a DNS query response is unwarranted. We only trust it now because monetary transaction security considerations are not involved in DNS resolver code. As soon as you load the DNS with some required monetary trustworthiness, it is subject to severe compromise. Note that in essence you are back to trusting VERISIGN without benefit of any contractual warranty of any kind regarding an ability to rely on the response delivered by the DNS Resolution service. I seriously doubt that you really want to go there!...\Stef
