The reality is that we have no choice, but to trust the government for its process to establish legitimate business entities - we, the people, made it the law as part of our civil code. Funnily, it does work. Every jurisdiction is responsible for legitimizing the creation, or existence, of a real business entity, following its own rules.
It is the disjointed trust model created by private CA's, that introduces the cracks in the model. This is not to say that the government can be trusted to do the right thing - but they already have the authority (by law), the infra- structure (people and process) and the information (the database of all legitimate businesses in their jurisdiction) to make the trust model more uniform. The ICANN analogy is not appropriate in this context, because ICANN - even though a private non-profit entity - is beholden to the US Dept. of Commerce by contract - the MOU they signed many years ago requires them to meet goals established by this US agency, thus allowing the US to influence what it does, however small that influence might be: (http://www.ntia.doc.gov/ntiahome/congress/2004/ICANNhearing_09302004.htm). On the other hand, the scheme outlined in my e-mail allows every country to retain its own rules and processes for legitimizing businesses, simply extending that model to now include the self-signed CA's of the authorized businesses. No US control over anything other than that businesses incorporated in the US would have to work through their local Secretary of State office to get theis self-signed CA certs validated as part of their incorporation process. Arshad Noor StrongAuth, Inc. Duane wrote: >
Nice idea in theory, but everything works in theory, however the icann issue at present is the crux of the internet trust debate, other governments don't trust the US govt to screw them, and vice versa, I don't think I'd be willing to trust most governments on the matter of being CAs... or any for that matter...
_______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto