[tlug] cacert question

[Raymond Wan <rwan.kyoto@example.com>]

Hi all,

I thought I start a new thread rather than continue the other one...

Thank you to the speakers for the talks on Saturday!  About cacert,
after returning home, I was thinking about it.  Do we expect it to be
a replacement for CA root some day?

Perhaps I am missing something, but this kind of community-based
system is only as strong as its weakest link.  Once someone is slack,
then the problem propagates and it is difficult to correct the
problem.  I can see the system being used to authenticate something
unimportant like verifying an e-mail sender's identity.  But, I might
be worried about authenticating a company that receives my credit card
number -- seems there isn't any accountability?

As an aside, one interesting story I read was about the USA and Canada
border.  In the pre-9/11 days, you could cross the land border using a
birth certificate or a driver's license.  Both were error prone since
a birth certificate has no photo and each of the states/provinces have
different driver license styles [unlike Japan which seems standardized
nation-wide?].  So, immigration on both sides really just did their
best.  So government identity cards aren't foolproof...actually, in a
way, nothing is.  But maybe with a central authority that is use to
seeing real identity cards, it will be harder to get fakes through?

Anyway...have I missed something?  Or it's just that both sides have
its advantages and disadvantages and neither is truly better?

Ray