well true passports/ID cards are intresting although there's alayes the problem about the access structure and so on. German ID cards for example can only be read with a certificate from a "permission certificate authority", which are most probably selected by the gov and I wouldnt expect those permission certs to come cheap, they also require documentation about how the company handles privacy and so on and so on, add some more countries with their own respective systems into the mix and we have pure chaos. I doubt a non-profit CA like LE could do that well.
2017-12-01 15:21 GMT+01:00 Sebastian Nielsen <[email protected]>: > Also could be done by having a interface where you scan your passport with > a NFC compatible reader (both mobile phone and desktop NFC reader could be > supported) and the government-signed data is uploaded. > > > > So automated validation for private IV certs could be done too (IV = > Individual certs). So free code signing and IV validated certs. > > > > https://community.letsencrypt.org/t/iv-certificates-both- > server-and-code-via-automated-nfc-passport-id-validation/44838 > > > > *Från:* Acme [mailto:[email protected]] *För *Philipp Junghannß > *Skickat:* den 1 december 2017 14:57 > *Till:* Matthias Merkel <[email protected]> > *Kopia:* IETF ACME <[email protected]> > *Ämne:* Re: [Acme] Idea about automated OV validation > > > > if that's what other CAs do that's not a bad Idea although there's of > course the question whether there are some other manual checks needed. > > > > but cheap to almost free OVs/code signing certs would be great although > that sadly doesnt make it easier for normal people without a company to get > IVs or code signing certs, but the Idea is certainly not bad. > > > > 2017-12-01 14:53 GMT+01:00 Matthias Merkel <[email protected]>: > > I had the following idea about automating verification and issuance of OV > SSL certificates: Couldn't a CA in theory use the D&B API to check the > company name, address and phone number and then place an automatic call? > That's basically what most CAs do anyways so is there any reason why they > couldn't do it? That would also be a way for Let's Encrypt to issue OV > certificates and code signing certificates. > > > > > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > > > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
