Ben Bucksch wrote:
> I still have problem to find a CA which I trust and which doesn't reveal
> my cert data. I don't want my name and email-address in a huge,
> (semi-)public database. Either there's a standard to check the validity
> of the cert only if it is prooven that the one asking for the check does
> already have my public cert or I don't want to allow these checks at
> all. Unfortunately, most (if not all) CAs give me neither of these choices.
I'm sorry, Ben, but I don't completely understand your point here. You
seem to be objecting primarily to the practices of Certificate
Authorities, and not necessarily to the implementation of certificates
in the client application (e.g., Communicator 4.x or whatever). One way
to solve the CA problem is to eliminate the need for CAs, i.e., to
support self-signed certificates. I myself believe it is a good idea to
support self-signed certificates in addition to CA-signed certificates.
But assuming that the user is using a third-party CA (and is not
creating a self-signed certificate), then do you have any
recommendations for PSM/NSS to address your concerns about privacy and
CAs?
Frank
--
Frank Hecker work: http://www.collab.net/
[EMAIL PROTECTED] home: http://www.hecker.org/
