No, I'm afraid you got that wrong. Any site is free to do what they want. Consumers are also free to do what they want.
However, the outlined scheme provides for a uniform way for a consumer to trust a company's digital certificate, based on the laws of the jurisdiction that established that company in the real world. As a consumer, I still get to choose whether I trust that company or not - but the legitimacy of the company or its digital certificate is not in question. There is a corollary benefit to the outlined scheme: today, as long as your credit card is good, you can get a server SSL certificate from most CA's in the browser, regardless of who you are. Thus, the existing scheme, benefits attackers. The outlined scheme has an underlying paper-trail by default, potentially leading to officers of the business entity who can be held responsible for illegal activities. Arshad Noor StrongAuth, Inc. cdr wrote:
Did I get that right...? Do you seriously propose that only government-sanctioned sites should be capable of conducting secure transactions? cdr
_______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
