[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Private keys and the emperor's clothes -Reply



Bob Jueneman <bjueneman@novell.com>:
  [>100-column message I won't quote here (you must use a *very* tiny font)...]

You raise issues that only an attorney can answer, and maybe not even yet.
I can only hope that the old common-law principle about burden of proof
will hold, though I have seen lots of cases, mostly involving the IRS, where
it seemed that it didn't.  I wouldn't say that it argued in favor of trusting
your own CA, though.  In fact, it would seem to argue against your point, because
that CA was granted some degree of legal credibility through the processes we
discussed and yet was rotten.  Clearly he couldn't get away with much of that
before the legal safeguards took him down, so it would not be in his interest
to do that unless in so doing he stood to get very rich very quickly.  I don't
know.

Clearly, legally binding naming has got to come from legally authorised sources,
and I don't think that we have any major disagreement here, but it's mostly
off topic where we are considering general-purpose certificates, since it doesn't
really argue for or against them, or for how they should be composed, as I see it.


Brian Thomas - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                             bthomas@cdmnet.com(or primary.net)
One Bell Center,  Room 23Q1                   Tel: 314 235 3141
St. Louis, MO 63101                           Fax: 314 331 2755