[Previous] [Next] [Index]
[Thread]
EuroCert
1. FYI we are establishing EuroCert a Certification Authority
for the continent of Europe.
2. Considering Digital Signatures
At the moment the Web operates on a Caveat Emptor principle.
Certain organisations may or may not be regulated by their
central government, but if you take four examples in the
UK
Insurance - Government Regulation
Investment - SFA/SIB
Banking - Bank of England
Legal - Law Society
There are systems of regulation to protect the purchaser
of services. Eg capital requirements and other such issues.
Some sites and servers cover more than one of those business
areas.
Clearly, given that the domain name does not really indicate
the country, people looking for services on the net need to
know whether or not the organisation they are trading with
is regulated.
Certification Authorities generally check the identity of
the entity being certified.
It seems clear that in the medium to long term an additional
signature (s) may be needed for regulatory areas.
This clearly is a problem for the X509 certificate, but not
so much of a problem for PGP type signatures.
John Hemming
Follow-Ups: