<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Martin Paljak wrote:
<blockquote
cite="mid:7B655BF6-7464-4188-831F-05AF7ECF2773@paljak.pri.ee"
type="cite">EV certs seem to me like a 'moneymaking patchwork to fix
web PKI'.<br>
</blockquote>
Yes<br>
<br>
<blockquote
cite="mid:7B655BF6-7464-4188-831F-05AF7ECF2773@paljak.pri.ee"
type="cite"><br>
Lets say you trust OpenID.ee to do the right thing. </blockquote>
The problem is, that I might trust your OpenID provider today, however
I don't know how you are performing in the future. Additionally,
supposed there will be OPs as there are mail servers today (i.e. many),
how do I have the slightest chance to even monitor these? And then, I
haven't seen any policy like statements of any OpenID provider which
would let me KNOW about what's implemented nor has any provider been
confirmed by a third party attestation about its implementations.
Please correct me if I'm wrong.<br>
<br>
In that sense, PAPE is the standard providing us with a vehicle how to
provide such informations upon request, the actual "trust" issue still
has to be resolved.<br>
<blockquote
cite="mid:7B655BF6-7464-4188-831F-05AF7ECF2773@paljak.pri.ee"
type="cite"><br>
<br>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>