Hello Marco, MKC> The idea is to use the Verified Identity (IV) CA to get credibility to MKC> the name. This will become clear when we put the VI CA online in a few MKC> days -- then you'll see what it is capable of. I'll let you know when MKC> it's online. Meanwhile, its main ideas are described in the paper. But MKC> the idea is this: only the VI certs should be widely trusted. The EL MKC> certificates should be only a initial jumpstart to get a first certifi- MKC> cate. The user's aim should be to "upgrade" it to VI status.
Make sense I guess, however I think it would be too confusing for most joe public's out there to comprehend beyond the warnings the browsers spew at them... MKC> I saw your CA site. Quite cool. What's the underlying platform? Front end is PHP based, with all operations feeding a MySQL table, which is then crontab'd to trigger a c programmer to interact with openssl, hoping to get a 2nd box and pipe data via a serial cable so that the worst that can happen is fraudulent certificates are issued, rather then the private key nabbed... (ie only interfaces into the box are via serial cable and physical console access...) well unless anyone has a better suggestion? -- Best regards, evilbunny mailto:evilbunny@;sydneywireless.com http://www.cacert.org - Free Security Certificates http://www.sydneywireless.com - Telecommunications Freedom
smime.p7s
Description: S/MIME Cryptographic Signature