Ram0502 wrote:
I agree, I would like to see an indication of the representation being made.
Even something simple like a red open lock for no encryption or class 0 (ie test cert with no verification), amber coloured lock for entry level encryption, yellow for medium grade and green for high trust and a tank for class 4/military grade certificates if people want to get carried away with it... :)
As far as I am aware, most CAs only issue class 1 to 3 certificates only...
That seems to be a defacto standard - public roots tend to be specified with a policy (aka class).
I meant for CAcert specifically to issue certs differently in future :)
Currently these is only 3 classes we issue from, email verified only which to me doesn't seem good enough for credit card transactions, but is fine for other things like web mail, smtp, pop3, imap etc, that is simply for protecting passwords from people sniffing packets, which is where CAcert kicked off and that was to protect wifi connections from snooping, but not necessarily for protecting financial information.
The next class up is ID verified, by at least 2 others which we can request copies of paper work from at any time. Dates of birth, names, and govt issued photo IDs are checked in person etc...
Final class is those that want code signing, not only do they need at least 2 others to verify their ID, but they need to have a copy of their govt issued ID on file with CAcert...
--
Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
