-- On 7 Sep 2003 at 9:48, Eric Rescorla wrote: > It seems to me that your issue is with the authentication > model enforced by browsers in the HTTPS context, not with SSL > proper.
To the extent that trust information is centrally handled, as it is handled by browsers, it will tend to be applied in ways that benefit the state and the central authority. Observe for example that today all individual certificates must be linked to one's true name and social security number if it is to receive default acceptance, and analogously for corporate certificates. To the extent that trust information is decentralized in end user databases, as it is handled by SSH clients it will tend to be applied in ways that benefit the end user. Unsurprisingly, we observe greater end user utilization of SSH public keys. The vast majority of people encounter the concept of a public key when they log on to an SSH server. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG +VOl3Vqd/2KPdwuRgmR7CoTexKy84DdSChLXr3rS 4WcxJQwYP0cvPgTXK3Xq5OaTtELGHKXqra0DHd90x --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]