<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

  <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">

</head>

<body text="#000000" bgcolor="#ffffff">

On 11/04/2008 06:07 PM, Ben Laurie:

<blockquote

 cite="mid:1b587cab0811040807q1a7ac31ajd5ed04dba4095432@mail.gmail.com"

 type="cite">

  <pre wrap=""><!---->

<a class="moz-txt-link-freetext" href="http://openid.net/pipermail/general/2008-November/006352.html">http://openid.net/pipermail/general/2008-November/006352.html</a>

  </pre>

</blockquote>

<br>

If you read what I wrote there, you'd understand that it wasn't about

email validation at all, but about phishing resistance. It was the

point from the beginning:<br>

<br>

"The only exchange is really the public key submitted to the CA and the

issuance of the certificate. There is no need to exchange any other

information, none of it is a secret either."<br>

<br>

<blockquote

 cite="mid:1b587cab0811040807q1a7ac31ajd5ed04dba4095432@mail.gmail.com"

 type="cite">

  <blockquote type="cite">

    <pre wrap="">

What would they sign it with, or indicate with, that would convince you?

Validated S/MIME certificate.

    </pre>

  </blockquote>

  <pre wrap=""><!---->

Validated how?

  </pre>

</blockquote>

<br>

...by validating and confirming the identity of the subscribers. There

are common procedures for doing that, however I think it's not the

scope of this list to discuss this issue further here. It was an

example to show that email addresses don't provide any proof about the

identity or employer of a subscriber.<br>

<br>

<br>

<div class="moz-signature">

<table border="0" cellpadding="0" cellspacing="0">

  <tbody>

    <tr>

      <td colspan="2">Regards </td>

    </tr>

    <tr>

      <td colspan="2"> </td>

    </tr>

    <tr>

      <td>Signer: </td>

      <td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>

    </tr>

    <tr>

      <td>Jabber: </td>

      <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>

    </tr>

    <tr>

      <td>Blog: </td>

      <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>

    </tr>

    <tr>

      <td>Phone: </td>

      <td>+1.213.341.0390</td>

    </tr>

    <tr>

      <td colspan="2"> </td>

    </tr>

  </tbody>

</table>

</div>

<br>

</body>

</html>