This arguement doesn't hold up under scrutiny. We could increase the number of certs out there to 100 % by having every browser automatically generate their own self-signed certificates, and trusting any certificate which is self-signed. Now you have encryption without identity. You know your credit card transation was sent on a secure channel, you just don't know to whom it was sent! Suddenly you can proxy SSL sites without the user knowing.
And what about sites not using SSL, plenty of their owners are sued etc without the need to point the finger using any sort of SSL... I don't know if I should be shocked or not, but a reasonably large electricity company in Australia is collecting credit card details without using SSL, I don't know if this was a badly pointed URL or what I haven't really looked into it terribly hard yet... Who gets the blame then?
I think the bigger question is, any form with any personally identifiable information should be protected, after all a lot of countries are building up privacy laws and such and I'm pretty sure a finger can be easily pointed if when they stuff up and get dragged through court without needing SSL to identify the company in question...
In order for PKI to work certs must have some value (or we may as well just exchange public keys -- and let the governments of the world read all our SSL traffic through their proxied firewalls).
Lets face it, if some government body really wanted to do that they could already, they setup a Public Certificate Authority, get audited, get included in all browsers and such, then issue dual certificates and boom what good is PKI then? Well the easier option would be to get an existing CA to issue them certificates and we're all back to square one that SSL isn't going to protect from man in the middle attacks of that kind. For all we know they already are employing either or a combination of both methods already.
Anyone from Verisign/Thawte want to comment at this time? :)
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
