Gervase Markham wrote:
Juergen Nieveler wrote:
Domain registrars seem to accept just about any fake name provided
you pay on time.
CAs however earn their living by confirming the identity of people -
therefore they HAVE to check the identity - apart from the Class1-
certificates issued for free, they have to check your identity
personally or by using a process that cannot be circumvented (in
Germany, one such process is "PostIdent").
My point exactly.
Germany is ... Germany! You cannot rely on this
situation existing anywhere else. Many parts of
the world do not deal in hard identity, including
the US.
So in a sense there is a choice offered here:
Either browsers work with the whole world, and
deal with the fact that identity is just too soft a
metric to rely on,
Or, browsers require hard identity in order to
deliver security, and discriminate against those
parts of the world not able to meet the requirements.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
