Vulnerability Development: Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI

["Timothy J. Miller" <cerebus () SACKHEADS ORG>]

Dener Martins <dener () SERPRO GOV BR> writes:

> There are other types of a certificate that have to be considered. For
> instance, the Brazilian Federal Government will issue a certificate that
> will force the subscriber (or tax contributor) to present himself to a
> notary, in order to be elegible to get such a e-certificate. This is one
> way to make harder to impersonate someone through an web certificate.
I think it needs to be made clear that what the initial paper was
discussing was commercial certification authorities.  Government-run
CAs have alternate stronger personal authentication methods available
to them that businesses (by US law at least) are prohibited from
accessing.

However, some proposed legislation would make such commercial
certificates binding just as well as a government-issued certificate--
and therein lies the real risk.