evilbunny wrote:
I was thinking about cross-certification last night, but I'm not sure if it makes business sense. On the other hand there's a lot to be said for having multiple cert stores, so if one site is down the cert can be verified at another site.Be interesting to have a standard cross verification scheme/policy between free efforts where the data is sent and then some rules applied against it if it's 98% the same or something ok it...
That's the problem with cross-certification. If you trust one site that fully, you're trusting every other site they trust. The "web of trust" sounds great in theory, but in practice trust isn't transitive. Otherwise we would all be using rsh instead of ssh.May not be practical *shrug* and also 1 site may not agree with how another treats the policy of it's certificates etc...
(Okay, there were a number of other problems with rsh. But the transitive nature of trust assumed in the model was one of its most intractable problems.)
Bear
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
