[Discuss] free certs everywhere
Richard Pieri
richard.pieri at gmail.com
Wed Dec 24 12:54:36 EST 2014
On 12/23/2014 9:20 PM, Tom Metro wrote:
> The point stands that in the beginning, there weren't choices for cert
> levels. And as you point out, there were significant labor costs
> involved for what they did provide. So it would be illogical for someone
> to mandate that they give away that service.
That's because what you call "basic" and "extended verification" are the
same thing as far as X.509 PKI as designed is concerned. X.509 is an
identity management specification. A CA issues you a certificate only
after it has verified that you are who you say you are. In a government
or commercial agency this would be tied to the hiring process. In an
education setting it would be tied to the enrollment process. Issuing
X.509 certificates without performing these so-called extended
verifications is a failure to correctly implement X.509 PKI.
--
Rich P.
More information about the Discuss
mailing list