> >What I was hoping to determine from this thread was whether or not by
> >using a verified cert one could determine in a trusted manner who the
> >user is.
>
> You really think X509 certs should be a global ID
> mechanism? You think it's a step backwards that
> they're not?
I wouldn't describe it as a step backwards. But I wouldn't consider
it a step forward either. What is the purpose of global CAs such as
Verisign if I can't trust the certificates to identify an end user?
If I must require that all users register their certs in my own local
database than I might as well be my own CA. So much for
interoperability.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
