[plug] Alternatives to Verisign/Thawte

James Devenish devenish at guild.uwa.edu.au
Thu Sep 18 20:40:44 WST 2003


In message <1063887981.1692.74.camel at latte.internal.itmaze.com.au>
on Thu, Sep 18, 2003 at 08:26:22PM +0800, Onno Benschop wrote:
> Ok, back to the original discussion, which was (if I paraphrased it
> correctly) about authorities you can recommend.
[...]
> What I was trying to get across is that one CA is no better than any
> other CA, we're really only comparing their level of trust in the

Yep, I had thought you were suggesting that people need not bother with
an of the well-known authorities and could just self-sign (ie. be their
own CA). I am trying to say that "no", the well-known CAs are better for
many applications and thus the most helpful answers to the original
question might come from the set of well-known CAs.

> Most IE users have (conciously or otherwise) trusted MS when they say
> that a CA is a trustworthy entity.

Agreed.

> I'd *much* rather go and visit Matt, who visited Kimberly, who visited
> Leon, who shook hands with Linus,

Yes, I was hoping to prompt you to consider that this is possible not
practical for the purposes of the original poster.

> So, if this E-commerce thing is ever going to work for real

I saw some good discussion about problems with existing PKI but I don't
have time to dig up the reference ATM.


_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list