I think you have put your finger right on the problem. Certificates, https, and the entire PKI structure were designed for an accountless world, but the problem is accounts.
or slightly more accurately doing authentication for accounts. the other is frequently confusing identification with authentication. the internet registries (both domain and ip-address) haven't been doing authentication ... but just some simple identification. there are situations where identification may quite orthogonal to whether or not you are the owner of the account in question. also, identification also tends to open up the whole can of worms around protecting privacy. as periodically stated (in reference to x9.59) thick blanket of encryption protecting privacy information is good, the information not being there at all is even better.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
