Wednesday, Wednesday, August 22, 2001, 4:06:50 PM, Peter Kiem wrote:
>> You will note that all of the CAs specifically disclaim any
>> legal responsibility for verifying the identity of the certificate
>> holder. Not a single one backs up their certificates with any kind of
>> a guarantee on the identity of the certificate holder.
> Then why is it that we have to provide letters of authorisation, proof of
> organisational name and proof of right to use the domain name if they dont
> guarantee on the identity. Your statement is ludicrous!
It's all for show. They check your identity, but disclaim any
responsibility for it :)
You can say it is ludicrous, but it's a fact.
> The whole idea of the SSL certificate is that the consumer knows it is the
> correct server they are talking to and not someone who is faking it, and
> encryption of the details.
> It is the CAs that check out your identity and issue the certificates. Just
> try getting one without proving who you are!
> Even from the Tucows site https://certs.tucows.com/about.html the
> certificates are to prove the identity of the website.
> Are you telling us that not even Tucows will guarantee the identity of people
> they issue certificates to?
Tucows is not the issuing authority, Entrust is, and Entrust accepts
no liability for that at all.
Find 1000 "consumer" level users, and you may find 1 or 2 that know
that there is anything more than encryption involved rather than
identity verification.
As I say all the time, perception is the only reality.
--
Best regards,
William X Walsh <[EMAIL PROTECTED]>
Userfriendly.com Domains
The most advanced domain lookup tool on the net
DNS Services from $1.65/mo
