In order for the individual to be certified, there has to be some
certifying agency that
(1) knows the person well enough to vouch for him/her
(2) is knowledgeable enough about the technology to operate a
trustworthy notary function.
It has been suggested that this would be a worthwhile function that the
Internet Society could perform for its members.
--
/ Lars Poulsen, SMTS Software Engineer
CMC Rockwell lars(_at_)CMC(_dot_)COM
Lars,
The current plan is for the Internet Society to play the role of the
ICA. The ICA will issue certificates to PCAs. PCAs in turn will
issue certificates to CAs, and CAs will issue certificates to users.
Why so many levels? Let's take it from the bottom. CAs know the
people, so they issue the certificates to individuals. CAs need to be
authorized by some other group. In principle, this could be done by a
single top level certification authority, but there is strong feeling
that some diversity is needed. Hence, there will be multiple
authorities that can issue certificates to CAs. These multiple
authorities are the PCAs, and the ICA serves as an administrative
focal point to tie them all together.
In principle, the Internet Society could also be a CA (and/or a PCA),
and maybe it will choose to do so. However, it is not immediately
obvious that the Internet Society will know a member "well enough to
vouch for him/her." If the Internet Society hands out certificates,
it probably can't provide more than a token level of assurance that
the identity is legitimate. It may be useful for the Internet Society
to do this, but it will only be part of a much larger picture.
Steve