User: Password:
|
|
Subscribe / Log in / New account

Extended validation certificates

Extended validation certificates

Posted Nov 2, 2006 3:08 UTC (Thu) by jamienk (guest, #1144)
Parent article: Extended validation certificates

How about: when you see that a cert has been issued, you can click it, and see all the documentation that was provided to "prove" the identity of the site in question. Next to each piece of documentation, there can be a "verified by Verisign [or whoever]" stamp.

So it could read:
```
Bob Smith's website:
Bob Smith NYS Driver's License << VERIFIED
Bob Smith USA SS# << VERIFIED
Bob Smith USA Passport << VERIFIED
Bob Smith's notarized statement of his address, signature, and regarding his intentions for this website << VERIFIED
```
By verifying, Verisign is providing liability insurance -- if Bob Smith's website rips you off, you can sue Verisign. In turn, they can sue the party who they granted the cert to...


(Log in to post comments)

Extended validation certificates

Posted Nov 2, 2006 10:17 UTC (Thu) by gyles (guest, #1600) [Link]

That would be meaningful, and useful. It therefore won't happen.

Extended validation certificates

Posted Nov 4, 2006 0:32 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

There's actually two parts to that: the identification and the authentication. Before you can talk about what proves Bob's social security number, you have have to say what that number is in the first place, and the current system doesn't even do that. It identifies someone by a name alone, and that tells you very little. Is this web site run by THE Bob Smith?

Useful identification could be a SSN or passport number, and it could also include place of residence, occupation, and various other soft things.

As long as Verisign provides the actual identification, it probably doesn't help me a lot to see how Verisign authenticated it. If I don't trust Verisign to authenticate, I really can't trust it to tell me accurately that it did.

The guarantee (insurance) is what really matters. Of course, I would expect and demand to pay for that.

if Bob Smith's website rips you off, you can sue Verisign.

And that's a third thing. Neither the identification nor the authentication tells you that Bob Smith is an honest person; you have no basis to sue. For that, you need a voucher. Verisign says, "never mind who the person is; whoever he is, he's not going to defraud you." To protect itself, Verisign would want to ascertain the person's identity, plus probably get references or a bond or such.

For a web site, a voucher would probably be much more useful than a signature guarantee.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds