Certificates for SSL and stuff

Stewart Stremler bofh at stremler.net
Thu Jun 3 08:44:12 PDT 2004


begin  quoting Andrew P. Lentvorski, Jr. as of Wed, Jun 02, 2004 at 10:10:43PM -0700:
> 
[snip]
> Given Verisign's normal levels of thoroughness, I find that hard to 
> believe.
> However, I am willing to concede the point, nonetheless.

:)

> >Presumably a nominal fee?
> >
> >And then there's the ones who want to pay with cash. Cash is legal
> >tender, but it doesn't do much for proving anyone's identity.
> 
> Yup.  The fee should be set based upon the facts that 1) this stuff
> does require the involvement of humans and may in fact require
> a *lot* of involvement and 2) some amount of money is required
> to prevent registering for "excessive" numbers of keys.
 
We're certifying identity? We can just decide what's excessive and not
do it... 

> BTW, in case you hadn't noticed, most of my price quotations are
> about basic 40-bit keys.  128-bit keys tend to be close to $1000
> a shot from the big guys.

I haven't actually gone pricing keys.

> I would simply refuse to take cash for the same reason that the IRS
> doesn't want you sending them cash.  It is too easy to perpetrate
> fraud at the receiving end.

I don't think you can refuse to take cash. It's _ALL_ debts, public and
private.  Requiring a credit-card transaction to help prove identity is
one thing, requiring *payment* by credit-card is probably indefensible.
 
> >I'd prefer to require two forms of photo ID, three if one of 'em is
> >out-of-state or otherwise somewhat unfamiliar. Birth certificates are
> >basically worthless for identification purposes, AFAIC.
> 
> However, it can be used to get that extra photo ID.  For example,
> a driver's license, social security card, and birth certificate gets
> you a US passport.  There's your extra photo ID, and it is no
> stronger than the basis documents.

Except that penalty for fraudulently obtaining a passport is a significant
deterrent, and if there's a situation where person X gets a certificate from
us using forged documents, we can turn over the information to the proper
authorities with something more than "person X lied to us".
 
> In addition, most people don't have 3 forms of picture ID.  Most
> people don't even have 2 for that matter.  That's why having the
> credit card transaction or check clearing transaction is important.

Are one of your forms of ID out-of-state?

And if you don't have a passport, you're jumping the gun on this obtaining
and electronic form of proof-of-identity, so I don't see any worries there.

-Stewart "Nothing wrong with being anonymous" Stremler



More information about the KPLUG-List mailing list