At 10:27 AM 6/11/2003 -0700, bear wrote:
I don't particularly like the commercial certs, but the thousand
bucks or so ought to serve as a "bond", in that if people untrust
the keys, there is real value that will be lost.  That makes it
require some expenditure of resources to grab a new nym.  However,
even when provoked - even when root certs have been **SOLD** -
people still don't untrust them, because the news of the compromise
doesn't propagate around triggering revokes on individual systems.

i've been told of the things that form the basis of contract/obligation is providing something in return for consideration. the certificate is sold to key owner, to the extent there is some obligation it is tetween the certificate issuer and the owner of the key.


there tends to not be any relationship between the relying party and the certification authority. i believe the federal gov. got around this by having GSA(?) be the certification authority .... with the certificate manufactures/issuers performing as agents of GSA .... and all the possible relying parties had some sort of contract with GSA.

That of course is a little awkward in the case of domain name server certificates .... having all the consumer relying parties in the world sign contracts with the major certificate vendors .... so it would establish some sort of obligation for relying on a certificate.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm



--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to