David Stutzman wrote:
This means I can't start getting amazon.com ssl certs unless I have control over one of the administrative email boxes of amazon.com and if *that* is the case then either I work for Amazon and this is valid or Amazon has other things to worry about than rogue sites such as their email system's security. CAcert's policy with SSL certs is just that you have to have control of the domain to get certs for it.
As to their email certs, they don't put your real name on the cert until your identity is verified by at least 2 people in their "web of trust" PGP style. It just says "CAcert User Cert".
Hmmmm re-reading these emails I think I'd just like to point our for the record I've stated for a very long time that I'd like to see the people not-assured be severely limited in terms of certificates being issued, however this is a chicken an egg problem for us, how does a community effort with limited resources (time and money, although in this case money buys you time) verify the identity of the world.
So from the beginning this was a trade off to gain enough people that were identified by others to help the system grow, especially in light that we (lack money) to do a world tour and personally inspect the ID of more people.
So basically I agree with what is being said about identifying people, note here that I don't think identifying companies only, as this discriminates and has lead to the current system of something like 100,000,000 websites and about 50,000 to 100,000 valid ssl certificates.
Basically some compromise has to be reached or only those that register companies will be "eligible" to have the privilege of not getting a warning box pop-up on people hitting their website, after all it's not just credit card information people should be protecting, how many webservers out there collect passwords with no ssl because they didn't want to scare users away and didn't want to get ssl certs because of cost or eligibility?
--
Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
