On Mon, 16 Aug 2004 14:17:07 -0400 (EDT), Stuart D. Gathman wrote
I got your point. Running your own CA - as we do - is free. I
could also see a non-profit issuing certificates for free. What I
am trying to say is that the idea of getting a cert is not bad - as
long as a no-name CA (such as an individual or small business might
set up) is free to build up a reputation from scratch.
Sure. But the proposal from a few days ago that I was reacting to was a
suggestion that we *specifically* use Verisign's database as a "reputable
sender list" of sorts.