Policy-Discussion

[LDSTech <tech AT litigationdataservices.com>]

I've just joined the list, so forgive me it this has already been 
proposed, but I think there are several legal issues that are going to 
get in the way of making this fly.

First, as Peter has already pointed out, the U.S. is really a stickler 
about access to encryption,--or to put it more relevantly,--to anything 
that smells like encryption, technomlogy. This is serious business and 
to get American companies on board, they simply have to be able to 
certify that their vendors are on board. Thus, in dealing with American 
companies, this is a reality that has to be explored. The actually 
location of the founding company doesn't matter, as has already been 
noted. Assuring American companies that the technical service provided 
by CACert falls within their supplier qualifications is something the 
tech side has to be prepared to explain.

Second, I believe that a country-specific assurance scheme might help 
deal with the various distinctions between what notaries can do and how 
to best ensure that people are who they claim to be. Frankly, 
indentity-theft shouldn't be an issue if individuals are assured. This 
falls under the title of "due diligence." Obviously, the big companies 
do minimal due diligence, but that doesn't mean that CACert consumers 
understand that. They can hire the lawyers to withstand any onslaught 
that comes,--the goal is not to get sued in the first place. The way to 
do that is to create a clear consumer-contract with clear outcomes. Most 
of that is acomplished, but there are some areas where confusion is sure 
to come in. Outlook doesn't make it easy to accept certificates, even 
though it's a snap with Firefox. Education is key, but that's hard to do 
without a serious advertising budget.

Maybe, it would be helpful to create a To Do list of legal issues and 
then start to figure out how to deal with them and the timelines on a 
global basis??

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature