Duane, I'd like to know your answer to this question, too. You are, after all, trying to get into the trusted CA list. If you succeed, why would you champion a UI policy that obviates your service?
My comments have been to the effect the system is broken but nothing better is being suggested... I don't think self signed or pgp styled systems would even work large scale as well as the current CA based system. For example I don't see how some person in the middle of Africa would be able to build up a trust network that would extend to the middle of South America, yet based on the sheer number of people that exist I'm sure this very situation is happening at present... Even if it is only the Nigerians trying to get 20 or whatever your site says you sell and are more then happy to provide credit card details for the purchase...
My only other comment on this was the fact I wouldn't risk my life based on PKI, don't get me wrong here it's not the technology I have doubts about. Happy to use it to protect my credit card transactions, my pop3 connections hiding my password, my smtp connections and even my webmail, however I wouldn't be happy to be a martyr for companies getting rich from selling certificates who could be coerced into breaching trust, or solely setup for the purpose of breaching if/when it was needed...
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
