Re: CAcert Root Certificate

[Duane]

Gervase Markham wrote:
Frank Hecker wrote:
IMO the issue of authenticating the identity of certificate applicants 
is to a large degree orthogonal to the issue of preventing phishing 
attacks based on misleading domain names. 

It is. My point is not that CAs should be refusing certificates to 
people with "similar" domains, but that they should be keeping info to 
allow the people to be tracked down if they are nefarious. This is not 
just about phishing - it's also about dodgy web shops etc.

So it's about retribution, not prevention.
You're making some pretty big assumptions here, especially if dealing 
with countries outside of the US, etc that don't keep very good records, 
or don't make them very accessible to others... After all a piece of 
paper with some official looking symbol from some US university can be 
sent to me for only $500, saying I have a degree in whatever I want...

Further more I don't believe it will be possible for similar name 
searches, how do you expect a company in South America with xyz name and 
a similar name of a company in Africa to be even found, let alone 
compared or evaluated for being justified?

Not to mention most open source projects will never become official 
entities under their respective governing laws, so it will be impossible 
for them to get SSL certs from traditional CAs...

So while forcing phising scams into using SSL and forcing the labour 
onto others, I don't see how it will do anything then hurt people that 
are already being discriminated against, after all the SSL market verse 
the web server market is becoming exponentially worlds apart, forcing 
people to setup websites with encryption due to cost and or lack of 
opportunity is worst then the stupid tax...

--
Best regards,
 Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
    but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto