> You will note that all of the CAs specifically disclaim any
> legal responsibility for verifying the identity of the certificate
> holder. Not a single one backs up their certificates with any kind of
> a guarantee on the identity of the certificate holder.
Then why is it that we have to provide letters of authorisation, proof of
organisational name and proof of right to use the domain name if they dont
guarantee on the identity. Your statement is ludicrous!
The whole idea of the SSL certificate is that the consumer knows it is the
correct server they are talking to and not someone who is faking it, and
encryption of the details.
It is the CAs that check out your identity and issue the certificates. Just
try getting one without proving who you are!
Even from the Tucows site https://certs.tucows.com/about.html the
certificates are to prove the identity of the website.
Are you telling us that not even Tucows will guarantee the identity of people
they issue certificates to?
--
Regards,
+-----------------------+---------------------------------+
| Peter Kiem | E-Mail : <[EMAIL PROTECTED]> |
| Zordah IT | Mobile : +61 0414 724 766 |
| IT Consultancy & | WWW : www.zordah.net |
| Internet Hosting | ICQ : "Zordah" 866661 |
+-----------------------+---------------------------------+
