>somewhere over the yrs the term "certification authority" was truncated >to "certificate authority" ... along with some impression that >certificates are being sold (as opposed to certification processes).
When I pay $14.95 for a certificate, with the investigation of my bona fides limited to clicking through a link in an e-mail, and answering the phone*, entering a short code, and responding to a request to state your name**, it sure seems to me like I'm buying a certificate. The only reason I do it is that for that price it's cheaper than explaining to people why the threat that web certs defend against is stupid. > getting totally rid of the need for domain name certificates ... DNS > serving up both ip-addresses and public keys in single operation. DKIM does that, you can get the MX and verification key for a domain. But I wouldn't say that was a security improvement except insofar as it makes the process easy enough that people are more likely to use it than they are the more cumbersome systems like S/MIME. R's, John * - any old phone, I've had them call random VoIP numbers in other continents that I was experimenting with ** - so of course I say "your name". --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]