Improving Authentication on the Internet

An announcement came through on the mozilla security newsgroup by Gervase Markham, who is a developer with the mozilla foundation, that there will be a meeting on the 17th of this month in NYC, with most of the major CAs, browser vendors and other interested parties (note at no point was an invitation ever extended to myself or CAcert as an organisation).

Now I have no reason to believe there is anything sinister about Gervase’s motives, however I long since worked out, most vested interests in better protecting people’s security and privacy only stem from what they stand to gain from it, or in some cases what they stand to not loose such as their freedom from being sent to jail for corporate corruption and scandals.

So we must ask ourselves what does a bunch of CAs and browser vendors stand to gain from better identifying users on the internet? In mozilla’s case they stand to potentially increase the browsing experience for their users, but why would a commercial CA instigate these proceedings?

In any case, Gervase’s post to his website on his thoughts are worth the read.

2 thoughts on “Improving Authentication on the Internet

  1. ArgoNavis


    I’ve read Gervase’s comments with great interest. I’d be interested into your perspective on what he wrote.


  2. Duane Post author

    I think Gerv’s has some very valid points, but on the other hand depending on the exactly implementation could benefit us, or cause us greif, so I’m much more interested in the specifics then the overview.

Leave a Reply