Dennis Glatting wrote:
> > The problem is the liability... anyway if you want to get a free
> > certificate, go to
> >
> > https://secure.openca.org
> >
> > C'you,
> >
>
> I don't understand that response. Please explain. Verisign, for
> example, assumes no liability. In fact, they are teflon coated.
You are right: to operate like Verisign do there is no problem. What I
am always thinking about CAs is the fact that them are not to be considered
only for the e-commerce, in fact e-commerce works perfectly without the
need of complex CAs structures...
Liability is concerned with digital ID and legally binding signatures: this
is what, to me, complex CAs structures are for. Indeed I see certificates to
be like ID cards: you can sign contracts, get merried or vote using a digital
ID certificate.
I admit it is too early for this kind of vision, but think about it for a moment.
We are in the same situation where Internet Service Providers were some years
ago: now Internet access is almost free... you know why ??? Because the real
business is not related to the selling of Internet access, but to the providing
of services.
The same, I think, could be applied to certificates. The real business is not
selling certificates (them only are an instrument enhancing our abilities on
identification an signing using digital means) but giving services related to
certificates. An example could be secure home banking, signing modules on-line
with Public Administrations, signing contracts with people all over the net ...
good policies and free software can bring even little communities (Municipalities
and/or other non governative organization) to provide certification services
for free (and for everyone).
This applies only if we consider legally binding signatures. In europe there
are many projects on how the legal value of digital signature can be determined
and/or denied and some countries developed laws (or directive) about it...
GUIDeS is an example...
> For an interesting paper on PKI myths see
> http://www.counterpane.com/pki-risks.html
I've read it. But I am not sure it got the real problems related to CAs and Policies.
I do really think BS to be a real God (!!!) anyway he talks mostly on the current
situation avoiding the real decisions that are to be taken in the next few years
about PKIs (it is a sort of fast-faq-watch-out and big-brother style guide rather
then a good reading for people who currently are working on CAs legal aspects
definitions).
Obviously this is only my vision of the problems related to CAs and digital
certificates
and I know many are not shared (not yet at least....) I know the problem is far from a
solution, anyway.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
S/MIME Cryptographic Signature
