[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anonymous Auth Certificates [was: Re: Blinded Identities]



>I don't see how authorization certificates solve this problem.  How
>would you determine if someone was qualified to receive an authorization
>certificate?  And what would you do to make them stop using the service
>if they abuse it, and to stop them from getting new authorization
>certificates?
>
>Thanks,
>Hal

I guess I was mistaken about how rigorous identification checking was
performed at various CAs.  Verisign used to advertise three levels of CA
checking, although I can only find two on their Web site at this time.  The
lowest, Class 1, is simply tied to your email address and is inadequate for
my purposes.  Class 2 Digital IDs provide identity assurance by requiring
third-party confirmation of your name, mailing address, and other personal
information.  Although by no means bullet-proof dependence on Class 2 might
be a workable alternative to a substantial, up-front, money escrow (as
suggested) which I believe would make my service unworkable.

-- Steve