1. It's a chain of trust: it's hard for Bob to verify Alice's signature directly
-Not impossible to fix
CAcert.org's whole purpose is cheap, easily obtainable security... It employs a web of trust in the website frame work to build up and distribute face to face identification checks...
2. A central registry must be created that's free and open for providers to use but secure enough to verify members.
Again CAcert.org fulfils this criteria...
-Think about the global IP address distribution agencies 3. Phones must get private keys securely.
Last one is as much a technical issue as a people issue, although PIX firewalls implement (forget the acronym) where they send a request to a CA and the CA sends back a certificate, I keep meaning to implement it for CAcert but I lack a PIX for dev & testing...
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
