- From: Geoffrey Keating <geoffk@geoffk.org>
- Date: 30 Apr 2012 20:03:14 -0700
- To: Henry Story <henry.story@bblfish.net>
- Cc: "tls@ietf.org List" <tls@ietf.org>, public-webid <public-webid@w3.org>
Henry Story <henry.story@bblfish.net> writes: > TLS currently helps one know that when opens a connection to a > service (domain:port pair) one is actually connected to the machine > that officially owns that domain. It does not give one the big > picture of what kind of entity one is actually connected to: ie. it > does not answer the following questions: > > - is this a legal entity? > - which country is it based in (or which legal framework is it responsible to) > - who are the owners > - what kind of organisation is it? (individual, bank, commerce, school, university, charity...) Isn't this mostly covered by EV certificates? - The 'is this a legal entity' part is answered with 'yes'. - The country/legal framework part is the jurisdictionOfIncorporationCountryName field and similar. - It doesn't describe the owners, but of course that information could change between the time the connection is opened and the packets reach the other end; except in the case where a certificate is issued to a sole proprietor, in which case that individual is named in the certificate. In the case of a company it does provide sufficient information to track down the company and find its owners if they are publicly available. - The kind of organisation is covered by the businessCategory field. The presentation seemed interesting.
Received on Wednesday, 2 May 2012 15:07:14 UTC