Women in Technology

Hear us Roar


Weblog:   Where am I? Who am I? Am I? I
Subject:   Personal Certificates
Date:   2005-12-29 12:44:25
From:   cpruitt
Response to: Personal Certificates

Yeah honestly I think I'd rather have my entire hard disk hijacked and deleted than risk the government getting involved with it all. Government involvement inherently means regualtion. Standardization is good, regulation is not.


It makes more sense to do it as a private industry. Competition keeps cost down and incourages innovation. It'd be like buying a domain name. This is who I am, here's my $15, now give me a certificate...


As long as a standard is in place you caould have any number of companies issuing the certs. They'd just have to be compelled to keep up with the standards. You cant have some issuer drag behind and not patch a discovered security problem for six months.
Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Personal Certificates already exist
    2005-12-29 20:46:56  JensAlfke [View]

    "It makes more sense to do it as a private industry."

    It already is. You can buy certificates from VeriSign, Thawte and others. It's rather a pain, though — you have to verify your identity to them (otherwise they can't certify it) which means using a notary or something similar. Also, certificates are expensive due to a chicken-and-egg situation, since they're currently mostly used by businesses, not consumers.

    The whole business of Public Key Infrastructure (PKI) is pretty convoluted. I recommend reading Schneier's "Practical Cryptography" for a good overview. It's one of those areas, like AI or the "Semantic Web" that's prone to utopian ideals that collide against messy realities.
Showing messages 1 through 1 of 1.

Recommended for You
 
Sign up today to receive special discounts,
product alerts, and news from O'Reilly.
Privacy Policy >
View Sample Newsletter >