For something like that, I have always thought they should be disseminating their cert via some other means besides an untrusted computer network (i.e., the internet). Or at least give customers another option.
Perhaps making their cert available at branches (e.g., printed on business cards), mailing it to customers with an expository cover letter, or even publishing it in a newspaper or some publicly available printed source.
Maybe these printed copies would be OCR-friendly, maybe not. I think two blobs of text can be compared to each other for differences without using a computer, and I can think of a few ways to make that easier. In any event, this does not seem an insurmoutable problem by any stretch of the imagination, at least for me, and in my mind the benefit outweighs the cost.
Not sure about others, but I still get plenty of "official" notifications via postal mail. And with increasing frequency they relate to computer issues.
This makes me wonder why certs "must" to be obtained and verified using (a) an untrusted computer network (the internet) and (b) why we need the aid of untrusted third parties often with obvious conflicts of interest to decide for us who else we can trust.
Are these not the two things that that "SSL" authentication and encryption is designed to protect against?
For something like that, I have always thought they should be disseminating their cert via some other means besides an untrusted computer network (i.e., the internet). Or at least give customers another option.
Perhaps making their cert available at branches (e.g., printed on business cards), mailing it to customers with an expository cover letter, or even publishing it in a newspaper or some publicly available printed source.
Maybe these printed copies would be OCR-friendly, maybe not. I think two blobs of text can be compared to each other for differences without using a computer, and I can think of a few ways to make that easier. In any event, this does not seem an insurmoutable problem by any stretch of the imagination, at least for me, and in my mind the benefit outweighs the cost.
Not sure about others, but I still get plenty of "official" notifications via postal mail. And with increasing frequency they relate to computer issues.
This makes me wonder why certs "must" to be obtained and verified using (a) an untrusted computer network (the internet) and (b) why we need the aid of untrusted third parties often with obvious conflicts of interest to decide for us who else we can trust.
Are these not the two things that that "SSL" authentication and encryption is designed to protect against?