[OpenID] Fwd: [OpenID Foundation] New Poll Opened

[SitG Admin]

>>I think - with or without costs - this is what's expected from 
>>certification authorities.
>>
>>Why?
>
>Well, we have been through this already, don't we...

Not on this list. I seem to recall someone posting an advisory 
against doing so, lest the flamewar raging across Firefox 3's list 
spread to ours as well. (Apparently, the issue of self-signed certs 
vs. centralized authorities is argued with religious zeal.)

>Neither is an identity disclosing requirement a cost - as long as 
>the CA in question doesn't profit from it. At least that's my 
>opinion. If it's required in order to govern a policy, it addresses 
>a legitimate concern, and compliance on part of the recipient of a 
>free service.

I can see how the CA (service 'provider', then, if we can't call it a 
service 'seller' because it's not charging any money) would see it as 
not a cost - but, to the user, it's still a cost.

(CA's trying to convince the user otherwise should be suspected of 
trying to pull a "fast one"; they don't take users to court to change 
their minds, so legal proofs wouldn't be relevant. The user would 
likely respond poorly to being told they must proceed as if they 
believed a cost wasn't - a judge may be able to enforce this in a 
courtroom, but doing so in the real world all the time is much more 
difficult.)

>Further to your analogy:

Which, again, was not intended to be an analogy to certs :)

>This is the correct analogy, not doing favors.

Several other ways of wording this came to mind, I hadn't realized 
that "favors" would be treated so significantly. If you'd like, I can 
endeavor to come up with an analogy to certs specifically (I hadn't 
taken the time to do that, since I just wanted to illustrate the 
point about costs that seemingly aren't), which by design will be 
much more correct ;)

-Shade