Showing messages 1 through 2 of 2.

• Personal Certificates
  2005-12-29 12:44:25  cpruitt [View]
  
  
  Yeah honestly I think I'd rather have my entire hard disk hijacked and deleted than risk the government getting involved with it all. Government involvement inherently means regualtion. Standardization is good, regulation is not.
  
  It makes more sense to do it as a private industry. Competition keeps cost down and incourages innovation. It'd be like buying a domain name. This is who I am, here's my $15, now give me a certificate...
  
  As long as a standard is in place you caould have any number of companies issuing the certs. They'd just have to be compelled to keep up with the standards. You cant have some issuer drag behind and not patch a discovered security problem for six months.
• Personal Certificates already exist
  2005-12-29 20:46:56  JensAlfke [View]
  
  
  "It makes more sense to do it as a private industry."
  
  It already is. You can buy certificates from VeriSign, Thawte and others. It's rather a pain, though — you have to verify your identity to them (otherwise they can't certify it) which means using a notary or something similar. Also, certificates are expensive due to a chicken-and-egg situation, since they're currently mostly used by businesses, not consumers.
  
  The whole business of Public Key Infrastructure (PKI) is pretty convoluted. I recommend reading Schneier's "Practical Cryptography" for a good overview. It's one of those areas, like AI or the "Semantic Web" that's prone to utopian ideals that collide against messy realities.