From: azur@netcom.com (Steve Schear)
Date: Fri, 25 Oct 1996 23:37:12 -0700 (PDT)
To: hal@rain.org (Hal Finney)
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <v02130500ae96306f12a0@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>I don't see how authorization certificates solve this problem.  How
>would you determine if someone was qualified to receive an authorization
>certificate?  And what would you do to make them stop using the service
>if they abuse it, and to stop them from getting new authorization
>certificates?
>
>Thanks,
>Hal

I guess I was mistaken about how rigorous identification checking was
performed at various CAs.  Verisign used to advertise three levels of CA
checking, although I can only find two on their Web site at this time.  The
lowest, Class 1, is simply tied to your email address and is inadequate for
my purposes.  Class 2 Digital IDs provide identity assurance by requiring
third-party confirmation of your name, mailing address, and other personal
information.  Although by no means bullet-proof dependence on Class 2 might
be a workable alternative to a substantial, up-front, money escrow (as
suggested) which I believe would make my service unworkable.

-- Steve